2015-09-21 16:43:32 +00:00
|
|
|
// Copyright (c) 2015 GitHub, Inc.
|
|
|
|
// Use of this source code is governed by the MIT license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
|
|
#include "atom/browser/atom_ssl_config_service.h"
|
|
|
|
|
|
|
|
#include <string>
|
2015-10-19 20:56:01 +00:00
|
|
|
#include <vector>
|
2015-09-21 16:43:32 +00:00
|
|
|
|
|
|
|
#include "base/command_line.h"
|
2015-10-19 20:56:01 +00:00
|
|
|
#include "base/strings/string_split.h"
|
2015-09-21 16:43:32 +00:00
|
|
|
#include "atom/common/options_switches.h"
|
|
|
|
#include "content/public/browser/browser_thread.h"
|
|
|
|
#include "net/socket/ssl_client_socket.h"
|
2015-10-19 20:56:01 +00:00
|
|
|
#include "net/ssl/ssl_cipher_suite_names.h"
|
2015-09-21 16:43:32 +00:00
|
|
|
|
|
|
|
namespace atom {
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
uint16 GetSSLProtocolVersion(const std::string& version_string) {
|
|
|
|
uint16 version = 0; // Invalid
|
|
|
|
if (version_string == "tls1")
|
|
|
|
version = net::SSL_PROTOCOL_VERSION_TLS1;
|
|
|
|
else if (version_string == "tls1.1")
|
|
|
|
version = net::SSL_PROTOCOL_VERSION_TLS1_1;
|
|
|
|
else if (version_string == "tls1.2")
|
|
|
|
version = net::SSL_PROTOCOL_VERSION_TLS1_2;
|
|
|
|
return version;
|
|
|
|
}
|
|
|
|
|
2015-10-19 20:56:01 +00:00
|
|
|
std::vector<uint16> ParseCipherSuites(
|
|
|
|
const std::vector<std::string>& cipher_strings) {
|
|
|
|
std::vector<uint16> cipher_suites;
|
|
|
|
cipher_suites.reserve(cipher_strings.size());
|
|
|
|
|
|
|
|
for (auto& cipher_string : cipher_strings) {
|
|
|
|
uint16 cipher_suite = 0;
|
|
|
|
if (!net::ParseSSLCipherString(cipher_string, &cipher_suite)) {
|
|
|
|
LOG(ERROR) << "Ignoring unrecognised cipher suite : "
|
|
|
|
<< cipher_string;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
cipher_suites.push_back(cipher_suite);
|
|
|
|
}
|
|
|
|
return cipher_suites;
|
|
|
|
}
|
|
|
|
|
2015-09-21 16:43:32 +00:00
|
|
|
} // namespace
|
|
|
|
|
|
|
|
AtomSSLConfigService::AtomSSLConfigService() {
|
|
|
|
auto cmd_line = base::CommandLine::ForCurrentProcess();
|
|
|
|
if (cmd_line->HasSwitch(switches::kSSLVersionFallbackMin)) {
|
|
|
|
auto version_string =
|
|
|
|
cmd_line->GetSwitchValueASCII(switches::kSSLVersionFallbackMin);
|
|
|
|
config_.version_fallback_min = GetSSLProtocolVersion(version_string);
|
|
|
|
}
|
2015-10-19 20:56:01 +00:00
|
|
|
|
|
|
|
if (cmd_line->HasSwitch(switches::kCipherSuiteBlacklist)) {
|
|
|
|
auto cipher_strings = base::SplitString(
|
|
|
|
cmd_line->GetSwitchValueASCII(switches::kCipherSuiteBlacklist),
|
|
|
|
",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
|
|
|
|
config_.disabled_cipher_suites = ParseCipherSuites(cipher_strings);
|
|
|
|
}
|
2015-09-21 16:43:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
AtomSSLConfigService::~AtomSSLConfigService() {
|
|
|
|
}
|
|
|
|
|
|
|
|
void AtomSSLConfigService::GetSSLConfig(net::SSLConfig* config) {
|
|
|
|
*config = config_;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace atom
|