ssl_config_service_manager_pref_unittest.cc revision f2477e01787aa58f445919b809d89e252beef54f
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/net/ssl_config_service_manager.h" 6 7#include "base/command_line.h" 8#include "base/memory/ref_counted.h" 9#include "base/message_loop/message_loop.h" 10#include "base/prefs/pref_registry_simple.h" 11#include "base/prefs/testing_pref_store.h" 12#include "base/values.h" 13#include "chrome/browser/content_settings/host_content_settings_map.h" 14#include "chrome/browser/prefs/pref_service_mock_factory.h" 15#include "chrome/common/chrome_switches.h" 16#include "chrome/common/content_settings.h" 17#include "chrome/common/pref_names.h" 18#include "chrome/test/base/testing_pref_service_syncable.h" 19#include "chrome/test/base/testing_profile.h" 20#include "content/public/test/test_browser_thread.h" 21#include "net/ssl/ssl_config_service.h" 22#include "testing/gtest/include/gtest/gtest.h" 23 24using base::ListValue; 25using base::Value; 26using content::BrowserThread; 27using net::SSLConfig; 28using net::SSLConfigService; 29 30class SSLConfigServiceManagerPrefTest : public testing::Test { 31 public: 32 SSLConfigServiceManagerPrefTest() 33 : ui_thread_(BrowserThread::UI, &message_loop_), 34 io_thread_(BrowserThread::IO, &message_loop_) {} 35 36 protected: 37 bool IsChannelIdEnabled(SSLConfigService* config_service) { 38 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 39 // preferences changed. 40 message_loop_.RunUntilIdle(); 41 SSLConfig config; 42 config_service->GetSSLConfig(&config); 43 return config.channel_id_enabled; 44 } 45 46 base::MessageLoop message_loop_; 47 content::TestBrowserThread ui_thread_; 48 content::TestBrowserThread io_thread_; 49}; 50 51// Test channel id with no user prefs. 52TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { 53 TestingPrefServiceSimple local_state; 54 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 55 local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 56 Value::CreateBooleanValue(false)); 57 58 scoped_ptr<SSLConfigServiceManager> config_manager( 59 SSLConfigServiceManager::CreateDefaultManager(&local_state)); 60 ASSERT_TRUE(config_manager.get()); 61 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 62 ASSERT_TRUE(config_service.get()); 63 64 SSLConfig config; 65 config_service->GetSSLConfig(&config); 66 EXPECT_FALSE(config.channel_id_enabled); 67 68 local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 69 Value::CreateBooleanValue(true)); 70 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 71 // preferences changed. 72 message_loop_.RunUntilIdle(); 73 config_service->GetSSLConfig(&config); 74 EXPECT_TRUE(config.channel_id_enabled); 75} 76 77// Test that cipher suites can be disabled. "Good" refers to the fact that 78// every value is expected to be successfully parsed into a cipher suite. 79TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { 80 TestingPrefServiceSimple local_state; 81 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 82 83 scoped_ptr<SSLConfigServiceManager> config_manager( 84 SSLConfigServiceManager::CreateDefaultManager(&local_state)); 85 ASSERT_TRUE(config_manager.get()); 86 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 87 ASSERT_TRUE(config_service.get()); 88 89 SSLConfig old_config; 90 config_service->GetSSLConfig(&old_config); 91 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 92 93 ListValue* list_value = new ListValue(); 94 list_value->Append(Value::CreateStringValue("0x0004")); 95 list_value->Append(Value::CreateStringValue("0x0005")); 96 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 97 98 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 99 // preferences changed. 100 message_loop_.RunUntilIdle(); 101 102 SSLConfig config; 103 config_service->GetSSLConfig(&config); 104 105 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 106 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 107 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 108 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 109} 110 111// Test that cipher suites can be disabled. "Bad" refers to the fact that 112// there are one or more non-cipher suite strings in the preference. They 113// should be ignored. 114TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { 115 TestingPrefServiceSimple local_state; 116 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 117 118 scoped_ptr<SSLConfigServiceManager> config_manager( 119 SSLConfigServiceManager::CreateDefaultManager(&local_state)); 120 ASSERT_TRUE(config_manager.get()); 121 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 122 ASSERT_TRUE(config_service.get()); 123 124 SSLConfig old_config; 125 config_service->GetSSLConfig(&old_config); 126 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 127 128 ListValue* list_value = new ListValue(); 129 list_value->Append(Value::CreateStringValue("0x0004")); 130 list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); 131 list_value->Append(Value::CreateStringValue("0x0005")); 132 list_value->Append(Value::CreateStringValue("0xBEEFY")); 133 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 134 135 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 136 // preferences changed. 137 message_loop_.RunUntilIdle(); 138 139 SSLConfig config; 140 config_service->GetSSLConfig(&config); 141 142 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 143 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 144 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 145 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 146} 147 148// Test that 149// * without command-line settings for minimum and maximum SSL versions, 150// SSL 3.0 ~ default_version_max() are enabled; 151// * without --enable-unrestricted-ssl3-fallback, 152// |unrestricted_ssl3_fallback_enabled| is false. 153// TODO(thaidn): |unrestricted_ssl3_fallback_enabled| is true by default 154// temporarily until we have fixed deployment issues. 155TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { 156 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 157 158 PrefServiceMockFactory factory; 159 factory.set_user_prefs(local_state_store); 160 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 161 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); 162 163 SSLConfigServiceManager::RegisterPrefs(registry.get()); 164 165 scoped_ptr<SSLConfigServiceManager> config_manager( 166 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); 167 ASSERT_TRUE(config_manager.get()); 168 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 169 ASSERT_TRUE(config_service.get()); 170 171 SSLConfig ssl_config; 172 config_service->GetSSLConfig(&ssl_config); 173 // The default value in the absence of command-line options is that 174 // SSL 3.0 ~ default_version_max() are enabled. 175 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); 176 EXPECT_EQ(net::SSLConfigService::default_version_max(), 177 ssl_config.version_max); 178 EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); 179 180 // The settings should not be added to the local_state. 181 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); 182 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); 183 EXPECT_FALSE(local_state->HasPrefPath( 184 prefs::kEnableUnrestrictedSSL3Fallback)); 185 186 // Explicitly double-check the settings are not in the preference store. 187 std::string version_min_str; 188 std::string version_max_str; 189 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 190 &version_min_str)); 191 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 192 &version_max_str)); 193 bool unrestricted_ssl3_fallback_enabled; 194 EXPECT_FALSE(local_state_store->GetBoolean( 195 prefs::kEnableUnrestrictedSSL3Fallback, 196 &unrestricted_ssl3_fallback_enabled)); 197} 198 199// Test that command-line settings for minimum and maximum SSL versions are 200// respected and that they do not persist to the preferences files. 201TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { 202 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 203 204 CommandLine command_line(CommandLine::NO_PROGRAM); 205 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); 206 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); 207 command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback); 208 209 PrefServiceMockFactory factory; 210 factory.set_user_prefs(local_state_store); 211 factory.SetCommandLine(&command_line); 212 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 213 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); 214 215 SSLConfigServiceManager::RegisterPrefs(registry.get()); 216 217 scoped_ptr<SSLConfigServiceManager> config_manager( 218 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); 219 ASSERT_TRUE(config_manager.get()); 220 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 221 ASSERT_TRUE(config_service.get()); 222 223 SSLConfig ssl_config; 224 config_service->GetSSLConfig(&ssl_config); 225 // Command-line flags should be respected. 226 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); 227 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); 228 EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); 229 230 // Explicitly double-check the settings are not in the preference store. 231 const PrefService::Preference* version_min_pref = 232 local_state->FindPreference(prefs::kSSLVersionMin); 233 EXPECT_FALSE(version_min_pref->IsUserModifiable()); 234 235 const PrefService::Preference* version_max_pref = 236 local_state->FindPreference(prefs::kSSLVersionMax); 237 EXPECT_FALSE(version_max_pref->IsUserModifiable()); 238 239 const PrefService::Preference* ssl3_fallback_pref = 240 local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback); 241 EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable()); 242 243 std::string version_min_str; 244 std::string version_max_str; 245 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 246 &version_min_str)); 247 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 248 &version_max_str)); 249 bool unrestricted_ssl3_fallback_enabled; 250 EXPECT_FALSE(local_state_store->GetBoolean( 251 prefs::kEnableUnrestrictedSSL3Fallback, 252 &unrestricted_ssl3_fallback_enabled)); 253} 254