Changes to SSLConfigServicePref to use preferences from

Local State rather than user preferences on linux. SSL
settings will apply to all profiles. This change impacts
SSL3, TLS1 and Cert revocation enabled check boxes.

BUG=67622
TEST=Options UI for security settings on all platforms.
R=wtc,mattm

Review URL: http://codereview.chromium.org/6646023

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78272 0039d316-1c4b-4281-b951-d872f2087c98

10 files changed, 193 insertions, 55 deletions

diff --git a/chrome/browser/net/ssl_config_service_manager.h b/chrome/browser/net/ssl_config_service_manager.h
index 750c5d8..2d734d4 100644
--- a/chrome/browser/net/ssl_config_service_manager.h
+++ b/chrome/browser/net/ssl_config_service_manager.h
@@ -10,15 +10,20 @@ namespace net {
 class SSLConfigService;
 }  // namespace net
 
-class Profile;
+class PrefService;
 
 // An interface for creating SSLConfigService objects for the current platform.
 class SSLConfigServiceManager {
  public:
   // Create an instance of the default SSLConfigServiceManager for the current
-  // platform. The lifetime of the profile must be longer than that of the
-  // manager.
-  static SSLConfigServiceManager* CreateDefaultManager(Profile* profile);
+  // platform. The lifetime of the PrefService objects must be longer than that
+  // of the manager. On Linux, get SSL preferences from local_state object. If
+  // SSL preferences don't exist in local_state object, then get the data from
+  // user_prefs object and migrate it to local_state object and then delete the
+  // data from user_prefs object.
+  static SSLConfigServiceManager* CreateDefaultManager(
+      PrefService* user_prefs,
+      PrefService* local_state);
 
   virtual ~SSLConfigServiceManager() {}
 
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index 2883085..71e385b 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -9,7 +9,6 @@
 #include "chrome/browser/net/ssl_config_service_manager.h"
 #include "chrome/browser/prefs/pref_member.h"
 #include "chrome/browser/prefs/pref_service.h"
-#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "content/common/notification_details.h"
 #include "content/common/notification_source.h"
@@ -63,13 +62,21 @@ class SSLConfigServiceManagerPref
     : public SSLConfigServiceManager,
       public NotificationObserver {
  public:
-  explicit SSLConfigServiceManagerPref(Profile* profile);
+  SSLConfigServiceManagerPref(PrefService* user_prefs,
+                              PrefService* local_state);
   virtual ~SSLConfigServiceManagerPref() {}
 
   virtual net::SSLConfigService* Get();
 
  private:
-  static void RegisterUserPrefs(PrefService* user_prefs);
+  // Register user_prefs and local_state SSL preferences.
+  static void RegisterPrefs(PrefService* prefs);
+
+  // Copy pref values to local_state from user_prefs if local_state doesn't have
+  // the pref value and user_prefs has the pref value. Remove them from
+  // user_prefs.
+  static void MigrateUserPrefs(PrefService* local_state,
+                               PrefService* user_prefs);
 
   // Callback for preference changes.  This will post the changes to the IO
   // thread with SetNewSSLConfig.
@@ -91,14 +98,22 @@ class SSLConfigServiceManagerPref
   DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
 };
 
-SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(Profile* profile)
+SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
+    PrefService* user_prefs, PrefService* local_state)
     : ssl_config_service_(new SSLConfigServicePref()) {
-  RegisterUserPrefs(profile->GetPrefs());
+  DCHECK(user_prefs);
+  DCHECK(local_state);
+
+  RegisterPrefs(user_prefs);
+  RegisterPrefs(local_state);
+
+  // TODO(rtenneti): remove migration code after 6 months.
+  MigrateUserPrefs(local_state, user_prefs);
 
   rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled,
-                             profile->GetPrefs(), this);
-  ssl3_enabled_.Init(prefs::kSSL3Enabled, profile->GetPrefs(), this);
-  tls1_enabled_.Init(prefs::kTLS1Enabled, profile->GetPrefs(), this);
+                             local_state, this);
+  ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this);
+  tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this);
 
   // Initialize from UI thread.  This is okay as there shouldn't be anything on
   // the IO thread trying to access it yet.
@@ -106,14 +121,49 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(Profile* profile)
 }
 
 // static
-void SSLConfigServiceManagerPref::RegisterUserPrefs(PrefService* user_prefs) {
+void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) {
   net::SSLConfig default_config;
-  user_prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
-                                  default_config.rev_checking_enabled);
-  user_prefs->RegisterBooleanPref(prefs::kSSL3Enabled,
-                                  default_config.ssl3_enabled);
-  user_prefs->RegisterBooleanPref(prefs::kTLS1Enabled,
-                                  default_config.tls1_enabled);
+  if (!prefs->FindPreference(prefs::kCertRevocationCheckingEnabled)) {
+    prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
+                               default_config.rev_checking_enabled);
+  }
+  if (!prefs->FindPreference(prefs::kSSL3Enabled)) {
+    prefs->RegisterBooleanPref(prefs::kSSL3Enabled,
+                               default_config.ssl3_enabled);
+  }
+  if (!prefs->FindPreference(prefs::kTLS1Enabled)) {
+    prefs->RegisterBooleanPref(prefs::kTLS1Enabled,
+                               default_config.tls1_enabled);
+  }
+}
+
+// static
+void SSLConfigServiceManagerPref::MigrateUserPrefs(PrefService* local_state,
+                                                   PrefService* user_prefs) {
+  if (user_prefs->HasPrefPath(prefs::kCertRevocationCheckingEnabled)) {
+    if (!local_state->HasPrefPath(prefs::kCertRevocationCheckingEnabled)) {
+      // Migrate the kCertRevocationCheckingEnabled preference.
+      local_state->SetBoolean(prefs::kCertRevocationCheckingEnabled,
+          user_prefs->GetBoolean(prefs::kCertRevocationCheckingEnabled));
+    }
+    user_prefs->ClearPref(prefs::kCertRevocationCheckingEnabled);
+  }
+  if (user_prefs->HasPrefPath(prefs::kSSL3Enabled)) {
+    if (!local_state->HasPrefPath(prefs::kSSL3Enabled)) {
+      // Migrate the kSSL3Enabled preference.
+      local_state->SetBoolean(prefs::kSSL3Enabled,
+          user_prefs->GetBoolean(prefs::kSSL3Enabled));
+    }
+    user_prefs->ClearPref(prefs::kSSL3Enabled);
+  }
+  if (user_prefs->HasPrefPath(prefs::kTLS1Enabled)) {
+    if (!local_state->HasPrefPath(prefs::kTLS1Enabled)) {
+      // Migrate the kTLS1Enabled preference.
+      local_state->SetBoolean(prefs::kTLS1Enabled,
+          user_prefs->GetBoolean(prefs::kTLS1Enabled));
+    }
+    user_prefs->ClearPref(prefs::kTLS1Enabled);
+  }
 }
 
 net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
@@ -152,6 +202,7 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
 
 // static
 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
-    Profile* profile) {
-  return new SSLConfigServiceManagerPref(profile);
+    PrefService* user_prefs,
+    PrefService* local_state) {
+  return new SSLConfigServiceManagerPref(user_prefs, local_state);
 }
diff --git a/chrome/browser/net/ssl_config_service_manager_system.cc b/chrome/browser/net/ssl_config_service_manager_system.cc
index 15ac023..20b4252 100644
--- a/chrome/browser/net/ssl_config_service_manager_system.cc
+++ b/chrome/browser/net/ssl_config_service_manager_system.cc
@@ -5,8 +5,6 @@
 #include "chrome/browser/net/ssl_config_service_manager.h"
 #include "net/base/ssl_config_service.h"
 
-class Profile;
-
 ////////////////////////////////////////////////////////////////////////////////
 //  SSLConfigServiceManagerSystem
 
@@ -36,6 +34,7 @@ class SSLConfigServiceManagerSystem
 
 // static
 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
-    Profile* profile) {
+    PrefService* user_prefs,
+    PrefService* local_state) {
   return new SSLConfigServiceManagerSystem();
 }
diff --git a/chrome/browser/profiles/profile_impl.cc b/chrome/browser/profiles/profile_impl.cc
index d973c1f..d6ea416 100644
--- a/chrome/browser/profiles/profile_impl.cc
+++ b/chrome/browser/profiles/profile_impl.cc
@@ -295,8 +295,9 @@ ProfileImpl::ProfileImpl(const FilePath& path)
                  Source<Profile>(this));
 #endif
 
+  PrefService* local_state = g_browser_process->local_state();
   ssl_config_service_manager_.reset(
-      SSLConfigServiceManager::CreateDefaultManager(this));
+      SSLConfigServiceManager::CreateDefaultManager(GetPrefs(), local_state));
 
   pinned_tab_service_.reset(new PinnedTabService(this));
 
diff --git a/chrome/browser/profiles/profile_manager_unittest.cc b/chrome/browser/profiles/profile_manager_unittest.cc
index 42cd9c2..1ae59f3 100644
--- a/chrome/browser/profiles/profile_manager_unittest.cc
+++ b/chrome/browser/profiles/profile_manager_unittest.cc
@@ -8,11 +8,14 @@
 #include "base/file_util.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
+#include "chrome/browser/prefs/browser_prefs.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/test/testing_browser_process.h"
+#include "chrome/test/testing_pref_service.h"
 #include "content/browser/browser_thread.h"
 #include "content/common/notification_service.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -33,11 +36,22 @@ class ProfileManagerTest : public testing::Test {
     // Create a fresh, empty copy of this directory.
     file_util::Delete(test_dir_, true);
     file_util::CreateDirectory(test_dir_);
+
+    // Create a local_state PrefService.
+    browser::RegisterLocalState(&test_local_state_);
+    TestingBrowserProcess* testing_browser_process =
+        static_cast<TestingBrowserProcess*>(g_browser_process);
+    testing_browser_process->SetPrefService(&test_local_state_);
   }
+
   virtual void TearDown() {
     // Clean up test directory
     ASSERT_TRUE(file_util::Delete(test_dir_, true));
     ASSERT_FALSE(file_util::PathExists(test_dir_));
+
+    TestingBrowserProcess* testing_browser_process =
+        static_cast<TestingBrowserProcess*>(g_browser_process);
+    testing_browser_process->SetPrefService(NULL);
   }
 
   MessageLoopForUI message_loop_;
@@ -46,6 +60,8 @@ class ProfileManagerTest : public testing::Test {
 
   // the path to temporary directory used to contain the test operations
   FilePath test_dir_;
+
+  TestingPrefService test_local_state_;
 };
 
 TEST_F(ProfileManagerTest, CreateProfile) {
diff --git a/chrome/browser/resources/options/advanced_options.html b/chrome/browser/resources/options/advanced_options.html
index 5f1030d..6507261 100644
--- a/chrome/browser/resources/options/advanced_options.html
+++ b/chrome/browser/resources/options/advanced_options.html
@@ -175,8 +175,8 @@
     <div>
       <div><button id="certificatesManageButton"
           i18n-content="certificatesManageButton"></button></div>
-<if expr="os == 'win32'">
-      <!-- Configure these options for manual handling on windows -->
+<if expr="os == 'win32' or os == 'linux2' or os.find('bsd') != -1">
+      <!-- Configure these options for manual handling on windows/Linux/CrOS/BSD -->
       <div class="checkbox">
         <label>
           <input id="sslCheckRevocation" type="checkbox">
@@ -196,30 +196,6 @@
         </label>
       </div>
 </if>
-<if expr="os == 'linux2' or os.find('bsd') != -1">
-      <!-- Configure these options for CrOS/Linux/BSD as preference keys -->
-      <div class="checkbox">
-        <label>
-          <input id="sslCheckRevocation" pref="ssl.rev_checking.enabled"
-              metric="Options_CheckCertRevocation" type="checkbox">
-          <span i18n-content="sslCheckRevocation"></span>
-        </label>
-      </div>
-      <div class="checkbox">
-        <label>
-          <input id="sslUseSSL3" pref="ssl.ssl3.enabled" metric="Options_SSL3"
-              type="checkbox">
-          <span i18n-content="sslUseSSL3"></span>
-        </label>
-      </div>
-      <div class="checkbox">
-        <label>
-          <input id="sslUseTLS1" pref="ssl.tls1.enabled" metric="Options_TLS1"
-              type="checkbox">
-          <span i18n-content="sslUseTLS1"></span>
-        </label>
-      </div>
-</if>
     </div>
   </section>
 <if expr="not pp_ifdef('chromeos')">
diff --git a/chrome/browser/resources/options/advanced_options.js b/chrome/browser/resources/options/advanced_options.js
index 086a408..707a754 100644
--- a/chrome/browser/resources/options/advanced_options.js
+++ b/chrome/browser/resources/options/advanced_options.js
@@ -108,7 +108,7 @@ var OptionsPage = options.OptionsPage;
         };
       }
 
-      if (cr.isWindows) {
+      if (cr.isWindows || navigator.platform.match(/linux|BSD/i)) {
         $('sslCheckRevocation').onclick = function(event) {
           chrome.send('checkRevocationCheckboxAction',
               [String($('sslCheckRevocation').checked)]);
diff --git a/chrome/browser/ui/options/options_util.cc b/chrome/browser/ui/options/options_util.cc
index bb30f73..540b28e 100644
--- a/chrome/browser/ui/options/options_util.cc
+++ b/chrome/browser/ui/options/options_util.cc
@@ -96,6 +96,11 @@ void OptionsUtil::ResetToDefaults(Profile* profile) {
   // don't reset it.
   const char* kLocalStatePrefs[] = {
     prefs::kApplicationLocale,
+#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD)
+    prefs::kCertRevocationCheckingEnabled,
+    prefs::kSSL3Enabled,
+    prefs::kTLS1Enabled,
+#endif
   };
   for (size_t i = 0; i < arraysize(kLocalStatePrefs); ++i)
     local_state->ClearPref(kLocalStatePrefs[i]);
diff --git a/chrome/browser/ui/webui/options/advanced_options_handler.cc b/chrome/browser/ui/webui/options/advanced_options_handler.cc
index 3d71dfc..8059050 100644
--- a/chrome/browser/ui/webui/options/advanced_options_handler.cc
+++ b/chrome/browser/ui/webui/options/advanced_options_handler.cc
@@ -192,7 +192,8 @@ void AdvancedOptionsHandler::Initialize() {
   SetupPromptForDownload();
   SetupAutoOpenFileTypesDisabledAttribute();
   SetupProxySettingsSection();
-#if defined(OS_WIN)
+#if defined(OS_WIN) || defined(OS_LINUX) || defined(OS_FREEBSD) || \
+    defined(OS_OPENBSD)
   SetupSSLConfigSettings();
 #endif
 #if !defined(OS_CHROMEOS)
@@ -231,6 +232,16 @@ WebUIMessageHandler* AdvancedOptionsHandler::Attach(WebUI* web_ui) {
   cloud_print_proxy_email_.Init(prefs::kCloudPrintEmail, prefs, this);
   cloud_print_proxy_enabled_.Init(prefs::kCloudPrintProxyEnabled, prefs, this);
 #endif
+
+#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD)
+  rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled,
+                             g_browser_process->local_state(), this);
+  ssl3_enabled_.Init(prefs::kSSL3Enabled, g_browser_process->local_state(),
+                     this);
+  tls1_enabled_.Init(prefs::kTLS1Enabled, g_browser_process->local_state(),
+                     this);
+#endif
+
   default_download_location_.Init(prefs::kDownloadDefaultDirectory,
                                   prefs, this);
   ask_for_save_location_.Init(prefs::kPromptForDownload, prefs, this);
@@ -293,6 +304,18 @@ void AdvancedOptionsHandler::RegisterMessages() {
       NewCallback(this,
                   &AdvancedOptionsHandler::DisableRemoting));
 #endif
+#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD)
+  // Setup Linux specific callbacks.
+  web_ui_->RegisterMessageCallback("checkRevocationCheckboxAction",
+      NewCallback(this,
+                  &AdvancedOptionsHandler::HandleCheckRevocationCheckbox));
+  web_ui_->RegisterMessageCallback("useSSL3CheckboxAction",
+      NewCallback(this,
+                  &AdvancedOptionsHandler::HandleUseSSL3Checkbox));
+  web_ui_->RegisterMessageCallback("useTLS1CheckboxAction",
+      NewCallback(this,
+                  &AdvancedOptionsHandler::HandleUseTLS1Checkbox));
+#endif
 #if defined(OS_WIN)
   // Setup Windows specific callbacks.
   web_ui_->RegisterMessageCallback("checkRevocationCheckboxAction",
@@ -428,6 +451,36 @@ void AdvancedOptionsHandler::HandleUseTLS1Checkbox(const ListValue* args) {
   net::SSLConfigServiceWin::SetTLS1Enabled(enabled);
 }
 #endif
+#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD)
+void AdvancedOptionsHandler::HandleCheckRevocationCheckbox(
+    const ListValue* args) {
+  std::string checked_str = UTF16ToUTF8(ExtractStringValue(args));
+  bool enabled = checked_str == "true";
+  std::string metric =
+      (enabled ? "Options_CheckCertRevocation_Enable"
+               : "Options_CheckCertRevocation_Disable");
+  UserMetricsRecordAction(UserMetricsAction(metric.c_str()));
+  rev_checking_enabled_.SetValue(enabled);
+}
+
+void AdvancedOptionsHandler::HandleUseSSL3Checkbox(const ListValue* args) {
+  std::string checked_str = UTF16ToUTF8(ExtractStringValue(args));
+  bool enabled = checked_str == "true";
+  std::string metric =
+      (enabled ? "Options_SSL3_Enable" : "Options_SSL3_Disable");
+  UserMetricsRecordAction(UserMetricsAction(metric.c_str()));
+  ssl3_enabled_.SetValue(enabled);
+}
+
+void AdvancedOptionsHandler::HandleUseTLS1Checkbox(const ListValue* args) {
+  std::string checked_str = UTF16ToUTF8(ExtractStringValue(args));
+  bool enabled = checked_str == "true";
+  std::string metric =
+      (enabled ? "Options_TLS1_Enable" : "Options_TLS1_Disable");
+  UserMetricsRecordAction(UserMetricsAction(metric.c_str()));
+  tls1_enabled_.SetValue(enabled);
+}
+#endif
 
 #if !defined(OS_CHROMEOS)
 void AdvancedOptionsHandler::ShowNetworkProxySettings(const ListValue* args) {
@@ -615,6 +668,29 @@ void AdvancedOptionsHandler::SetupProxySettingsSection() {
       "options.AdvancedOptions.SetupProxySettingsSection", disabled, label);
 }
 
+#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD)
+void AdvancedOptionsHandler::SetupSSLConfigSettings() {
+  {
+    FundamentalValue checked(rev_checking_enabled_.GetValue());
+    FundamentalValue disabled(rev_checking_enabled_.IsManaged());
+    web_ui_->CallJavascriptFunction(
+        "options.AdvancedOptions.SetCheckRevocationCheckboxState", checked,
+        disabled);
+  }
+  {
+    FundamentalValue checked(ssl3_enabled_.GetValue());
+    FundamentalValue disabled(ssl3_enabled_.IsManaged());
+    web_ui_->CallJavascriptFunction(
+        "options.AdvancedOptions.SetUseSSL3CheckboxState", checked, disabled);
+  }
+  {
+    FundamentalValue checked(tls1_enabled_.GetValue());
+    FundamentalValue disabled(tls1_enabled_.IsManaged());
+    web_ui_->CallJavascriptFunction(
+        "options.AdvancedOptions.SetUseTLS1CheckboxState", checked, disabled);
+  }
+}
+#endif
 #if defined(OS_WIN)
 void AdvancedOptionsHandler::SetupSSLConfigSettings() {
   bool checkRevocationSetting = false;
diff --git a/chrome/browser/ui/webui/options/advanced_options_handler.h b/chrome/browser/ui/webui/options/advanced_options_handler.h
index defd295..d635705 100644
--- a/chrome/browser/ui/webui/options/advanced_options_handler.h
+++ b/chrome/browser/ui/webui/options/advanced_options_handler.h
@@ -66,7 +66,8 @@ class AdvancedOptionsHandler
   // one item, the font size as a numeric value.
   void HandleDefaultFontSize(const ListValue* args);
 
-#if defined(OS_WIN)
+#if defined(OS_WIN) || defined(OS_LINUX) || defined(OS_FREEBSD) || \
+    defined(OS_OPENBSD)
   // Callback for the "Check SSL Revocation" checkbox.  This is needed so we
   // can support manual handling on Windows.
   void HandleCheckRevocationCheckbox(const ListValue* args);
@@ -149,7 +150,8 @@ class AdvancedOptionsHandler
   // Setup the proxy settings section UI.
   void SetupProxySettingsSection();
 
-#if defined(OS_WIN)
+#if defined(OS_WIN) || defined(OS_LINUX) || defined(OS_FREEBSD) || \
+    defined(OS_OPENBSD)
   // Setup the checked state for SSL related checkboxes.
   void SetupSSLConfigSettings();
 #endif
@@ -164,6 +166,13 @@ class AdvancedOptionsHandler
   scoped_ptr<CloudPrintSetupHandler> cloud_print_setup_handler_;
 #endif
 
+#if defined(OS_LINUX) || defined(OS_FREEBSD) || defined(OS_OPENBSD)
+  // SSLConfigService prefs.
+  BooleanPrefMember rev_checking_enabled_;
+  BooleanPrefMember ssl3_enabled_;
+  BooleanPrefMember tls1_enabled_;
+#endif
+
 #if defined(ENABLE_REMOTING) && !defined(OS_CHROMEOS)
   remoting::RemotingOptionsHandler remoting_options_handler_;
 #endif