ssl_config_service_manager_pref_unittest.cc revision 90dce4d38c5ff5333bea97d859d4e484e27edf0c
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/net/ssl_config_service_manager.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/command_line.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/ref_counted.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/message_loop.h" 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/prefs/pref_registry_simple.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/prefs/testing_pref_store.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/values.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/content_settings/host_content_settings_map.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/prefs/pref_service_mock_builder.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/chrome_switches.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/content_settings.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/pref_names.h" 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/test/base/testing_pref_service_syncable.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/test/base/testing_profile.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/test/test_browser_thread.h" 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/ssl/ssl_config_service.h" 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using base::ListValue; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using base::Value; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using content::BrowserThread; 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using net::SSLConfig; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using net::SSLConfigService; 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SetCookiePref(TestingProfile* profile, ContentSetting setting) { 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HostContentSettingsMap* host_content_settings_map = 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) profile->GetHostContentSettingsMap(); 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) host_content_settings_map->SetDefaultContentSetting( 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CONTENT_SETTINGS_TYPE_COOKIES, setting); 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SSLConfigServiceManagerPrefTest : public testing::Test { 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfigServiceManagerPrefTest() 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : ui_thread_(BrowserThread::UI, &message_loop_), 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) io_thread_(BrowserThread::IO, &message_loop_) {} 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protected: 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool IsChannelIdEnabled(SSLConfigService* config_service) { 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return config.channel_id_enabled; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop message_loop_; 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) content::TestBrowserThread ui_thread_; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) content::TestBrowserThread io_thread_; 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test channel id with no user prefs. 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { 642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TestingPrefServiceSimple local_state; 652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Value::CreateBooleanValue(false)); 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 7090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(&local_state)); 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(config.channel_id_enabled); 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Value::CreateBooleanValue(true)); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 832a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(config.channel_id_enabled); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test that cipher suites can be disabled. "Good" refers to the fact that 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// every value is expected to be successfully parsed into a cipher suite. 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { 912a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TestingPrefServiceSimple local_state; 922a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 9590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(&local_state)); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig old_config; 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&old_config); 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ListValue* list_value = new ListValue(); 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) list_value->Append(Value::CreateStringValue("0x0004")); 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) list_value->Append(Value::CreateStringValue("0x0005")); 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 1112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test that cipher suites can be disabled. "Bad" refers to the fact that 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// there are one or more non-cipher suite strings in the preference. They 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// should be ignored. 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { 1262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TestingPrefServiceSimple local_state; 1272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 13090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(&local_state)); 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig old_config; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&old_config); 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ListValue* list_value = new ListValue(); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) list_value->Append(Value::CreateStringValue("0x0004")); 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) list_value->Append(Value::CreateStringValue("0x0005")); 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) list_value->Append(Value::CreateStringValue("0xBEEFY")); 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 1482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 159c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Test that 160c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// * without command-line settings for minimum and maximum SSL versions, 161c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// SSL 3.0 ~ default_version_max() are enabled; 162c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// * without --enable-unrestricted-ssl3-fallback, 163c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// |unrestricted_ssl3_fallback_enabled| is false. 164b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// TODO(thaidn): |unrestricted_ssl3_fallback_enabled| is true by default 165b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// temporarily until we have fixed deployment issues. 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PrefServiceMockBuilder builder; 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) builder.WithUserPrefs(local_state_store.get()); 1712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 1722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_ptr<PrefService> local_state(builder.Create(registry)); 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1742a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(registry); 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 17790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(local_state.get())); 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig ssl_config; 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&ssl_config); 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The default value in the absence of command-line options is that 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SSL 3.0 ~ default_version_max() are enabled. 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSLConfigService::default_version_max(), 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config.version_max); 189b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The settings should not be added to the local_state. 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); 194c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(local_state->HasPrefPath( 195c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) prefs::kEnableUnrestrictedSSL3Fallback)); 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Explicitly double-check the settings are not in the preference store. 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_min_str; 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_max_str; 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_min_str)); 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_max_str)); 204c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool unrestricted_ssl3_fallback_enabled; 205c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(local_state_store->GetBoolean( 206c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) prefs::kEnableUnrestrictedSSL3Fallback, 207c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) &unrestricted_ssl3_fallback_enabled)); 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test that command-line settings for minimum and maximum SSL versions are 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// respected and that they do not persist to the preferences files. 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CommandLine command_line(CommandLine::NO_PROGRAM); 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); 218c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback); 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PrefServiceMockBuilder builder; 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) builder.WithUserPrefs(local_state_store.get()); 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) builder.WithCommandLine(&command_line); 2232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 2242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_ptr<PrefService> local_state(builder.Create(registry)); 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(registry); 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 22990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(local_state.get())); 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig ssl_config; 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&ssl_config); 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Command-line flags should be respected. 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); 239c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Explicitly double-check the settings are not in the preference store. 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const PrefService::Preference* version_min_pref = 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state->FindPreference(prefs::kSSLVersionMin); 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(version_min_pref->IsUserModifiable()); 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const PrefService::Preference* version_max_pref = 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state->FindPreference(prefs::kSSLVersionMax); 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(version_max_pref->IsUserModifiable()); 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 250c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const PrefService::Preference* ssl3_fallback_pref = 251c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback); 252c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable()); 253c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_min_str; 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_max_str; 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_min_str)); 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_max_str)); 260c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool unrestricted_ssl3_fallback_enabled; 261c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(local_state_store->GetBoolean( 262c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) prefs::kEnableUnrestrictedSSL3Fallback, 263c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) &unrestricted_ssl3_fallback_enabled)); 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 265