xref: /aosp_15_r20/external/cronet/net/ssl/ssl_config_service.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_
6 #define NET_SSL_SSL_CONFIG_SERVICE_H_
7 
8 #include <optional>
9 #include <string_view>
10 #include <vector>
11 
12 #include "base/observer_list.h"
13 #include "net/base/net_export.h"
14 #include "net/ssl/ssl_config.h"
15 
16 namespace net {
17 
18 struct NET_EXPORT SSLContextConfig {
19   SSLContextConfig();
20   SSLContextConfig(const SSLContextConfig&);
21   SSLContextConfig(SSLContextConfig&&);
22   ~SSLContextConfig();
23   SSLContextConfig& operator=(const SSLContextConfig&);
24   SSLContextConfig& operator=(SSLContextConfig&&);
25 
26   bool operator==(const SSLContextConfig&) const;
27 
28   // Returns whether post-quantum key agreement is enabled in TLS handshakes.
29   bool PostQuantumKeyAgreementEnabled() const;
30 
31   // The minimum and maximum protocol versions that are enabled.
32   // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h.)
33   // SSL 2.0/3.0 and TLS 1.0/1.1 are not supported. If version_max <
34   // version_min, it means no protocol versions are enabled.
35   uint16_t version_min = kDefaultSSLVersionMin;
36   uint16_t version_max = kDefaultSSLVersionMax;
37 
38   // A list of cipher suites which should be explicitly prevented from being
39   // used in addition to those disabled by the net built-in policy.
40   //
41   // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
42   // big-endian form, they should be declared in host byte order, with the
43   // first uint8_t occupying the most significant byte.
44   // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
45   // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
46   std::vector<uint16_t> disabled_cipher_suites;
47 
48   // If specified, controls whether post-quantum key agreement in TLS
49   // connections is allowed. If `std::nullopt`, this is determined by feature
50   // flags.
51   std::optional<bool> post_quantum_override;
52 
53   // Controls whether ECH is enabled.
54   bool ech_enabled = true;
55 };
56 
57 // The interface for retrieving global SSL configuration.  This interface
58 // does not cover setting the SSL configuration, as on some systems, the
59 // SSLConfigService objects may not have direct access to the configuration, or
60 // live longer than the configuration preferences.
61 class NET_EXPORT SSLConfigService {
62  public:
63   // Observer is notified when SSL config settings have changed.
64   class NET_EXPORT Observer {
65    public:
66     // Notify observers if SSL settings have changed.
67     virtual void OnSSLContextConfigChanged() = 0;
68 
69    protected:
70     virtual ~Observer() = default;
71   };
72 
73   SSLConfigService();
74   virtual ~SSLConfigService();
75 
76   // May not be thread-safe, should only be called on the IO thread.
77   virtual SSLContextConfig GetSSLContextConfig() = 0;
78 
79   // Returns true if connections to |hostname| can reuse, or are permitted to
80   // reuse, connections on which a client cert has been negotiated. Note that
81   // this must return true for both hostnames being pooled - that is to say this
82   // function must return true for both the hostname of the existing connection
83   // and the potential hostname to pool before allowing the connection to be
84   // reused.
85   //
86   // NOTE: Pooling connections with ambient authority can create security issues
87   // with that ambient authority and privacy issues in that embedders (and
88   // users) may not have been consulted to send a client cert to |hostname|.
89   // Implementations of this method should only return true if they have
90   // received affirmative consent (e.g. through preferences or Enterprise
91   // policy).
92   //
93   // NOTE: For Web Platform clients, this violates the Fetch Standard's policies
94   // around connection pools: https://fetch.spec.whatwg.org/#connections.
95   // Implementations that return true should take steps to limit the Web
96   // Platform visibility of this, such as only allowing it to be used for
97   // Enterprise or internal configurations.
98   //
99   // DEPRECATED: For the reasons above, this method is temporary and will be
100   // removed in a future release. Please leave a comment on
101   // https://crbug.com/855690 if you believe this is needed.
102   virtual bool CanShareConnectionWithClientCerts(
103       std::string_view hostname) const = 0;
104 
105   // Add an observer of this service.
106   void AddObserver(Observer* observer);
107 
108   // Remove an observer of this service.
109   void RemoveObserver(Observer* observer);
110 
111   // Calls the OnSSLContextConfigChanged method of registered observers. Should
112   // only be called on the IO thread.
113   void NotifySSLContextConfigChange();
114 
115  protected:
116   // Process before/after config update. If |force_notification| is true,
117   // NotifySSLContextConfigChange will be called regardless of whether
118   // |orig_config| and |new_config| are equal.
119   void ProcessConfigUpdate(const SSLContextConfig& orig_config,
120                            const SSLContextConfig& new_config,
121                            bool force_notification);
122 
123  private:
124   base::ObserverList<Observer>::Unchecked observer_list_;
125 };
126 
127 }  // namespace net
128 
129 #endif  // NET_SSL_SSL_CONFIG_SERVICE_H_
130