ssl_config_service_manager_pref_unittest.cc revision f2477e01787aa58f445919b809d89e252beef54f 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/ssl_config_service_manager.h"
6
7#include "base/command_line.h"
8#include "base/memory/ref_counted.h"
9#include "base/message_loop/message_loop.h"
10#include "base/prefs/pref_registry_simple.h"
11#include "base/prefs/testing_pref_store.h"
12#include "base/values.h"
13#include "chrome/browser/content_settings/host_content_settings_map.h"
14#include "chrome/browser/prefs/pref_service_mock_factory.h"
15#include "chrome/common/chrome_switches.h"
16#include "chrome/common/content_settings.h"
17#include "chrome/common/pref_names.h"
18#include "chrome/test/base/testing_pref_service_syncable.h"
19#include "chrome/test/base/testing_profile.h"
20#include "content/public/test/test_browser_thread.h"
21#include "net/ssl/ssl_config_service.h"
22#include "testing/gtest/include/gtest/gtest.h"
23
24using base::ListValue;
25using base::Value;
26using content::BrowserThread;
27using net::SSLConfig;
28using net::SSLConfigService;
29
30class SSLConfigServiceManagerPrefTest : public testing::Test {
31 public:
32  SSLConfigServiceManagerPrefTest()
33      : ui_thread_(BrowserThread::UI, &message_loop_),
34        io_thread_(BrowserThread::IO, &message_loop_) {}
35
36 protected:
37  bool IsChannelIdEnabled(SSLConfigService* config_service) {
38    // Pump the message loop to notify the SSLConfigServiceManagerPref that the
39    // preferences changed.
40    message_loop_.RunUntilIdle();
41    SSLConfig config;
42    config_service->GetSSLConfig(&config);
43    return config.channel_id_enabled;
44  }
45
46  base::MessageLoop message_loop_;
47  content::TestBrowserThread ui_thread_;
48  content::TestBrowserThread io_thread_;
49};
50
51// Test channel id with no user prefs.
52TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
53  TestingPrefServiceSimple local_state;
54  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
55  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
56                          Value::CreateBooleanValue(false));
57
58  scoped_ptr<SSLConfigServiceManager> config_manager(
59      SSLConfigServiceManager::CreateDefaultManager(&local_state));
60  ASSERT_TRUE(config_manager.get());
61  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
62  ASSERT_TRUE(config_service.get());
63
64  SSLConfig config;
65  config_service->GetSSLConfig(&config);
66  EXPECT_FALSE(config.channel_id_enabled);
67
68  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
69                          Value::CreateBooleanValue(true));
70  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
71  // preferences changed.
72  message_loop_.RunUntilIdle();
73  config_service->GetSSLConfig(&config);
74  EXPECT_TRUE(config.channel_id_enabled);
75}
76
77// Test that cipher suites can be disabled. "Good" refers to the fact that
78// every value is expected to be successfully parsed into a cipher suite.
79TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
80  TestingPrefServiceSimple local_state;
81  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
82
83  scoped_ptr<SSLConfigServiceManager> config_manager(
84      SSLConfigServiceManager::CreateDefaultManager(&local_state));
85  ASSERT_TRUE(config_manager.get());
86  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
87  ASSERT_TRUE(config_service.get());
88
89  SSLConfig old_config;
90  config_service->GetSSLConfig(&old_config);
91  EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
92
93  ListValue* list_value = new ListValue();
94  list_value->Append(Value::CreateStringValue("0x0004"));
95  list_value->Append(Value::CreateStringValue("0x0005"));
96  local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
97
98  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
99  // preferences changed.
100  message_loop_.RunUntilIdle();
101
102  SSLConfig config;
103  config_service->GetSSLConfig(&config);
104
105  EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
106  ASSERT_EQ(2u, config.disabled_cipher_suites.size());
107  EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
108  EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
109}
110
111// Test that cipher suites can be disabled. "Bad" refers to the fact that
112// there are one or more non-cipher suite strings in the preference. They
113// should be ignored.
114TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
115  TestingPrefServiceSimple local_state;
116  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
117
118  scoped_ptr<SSLConfigServiceManager> config_manager(
119      SSLConfigServiceManager::CreateDefaultManager(&local_state));
120  ASSERT_TRUE(config_manager.get());
121  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
122  ASSERT_TRUE(config_service.get());
123
124  SSLConfig old_config;
125  config_service->GetSSLConfig(&old_config);
126  EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
127
128  ListValue* list_value = new ListValue();
129  list_value->Append(Value::CreateStringValue("0x0004"));
130  list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
131  list_value->Append(Value::CreateStringValue("0x0005"));
132  list_value->Append(Value::CreateStringValue("0xBEEFY"));
133  local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
134
135  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
136  // preferences changed.
137  message_loop_.RunUntilIdle();
138
139  SSLConfig config;
140  config_service->GetSSLConfig(&config);
141
142  EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
143  ASSERT_EQ(2u, config.disabled_cipher_suites.size());
144  EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
145  EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
146}
147
148// Test that
149// * without command-line settings for minimum and maximum SSL versions,
150//   SSL 3.0 ~ default_version_max() are enabled;
151// * without --enable-unrestricted-ssl3-fallback,
152//   |unrestricted_ssl3_fallback_enabled| is false.
153// TODO(thaidn): |unrestricted_ssl3_fallback_enabled| is true by default
154// temporarily until we have fixed deployment issues.
155TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
156  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
157
158  PrefServiceMockFactory factory;
159  factory.set_user_prefs(local_state_store);
160  scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
161  scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
162
163  SSLConfigServiceManager::RegisterPrefs(registry.get());
164
165  scoped_ptr<SSLConfigServiceManager> config_manager(
166      SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
167  ASSERT_TRUE(config_manager.get());
168  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
169  ASSERT_TRUE(config_service.get());
170
171  SSLConfig ssl_config;
172  config_service->GetSSLConfig(&ssl_config);
173  // The default value in the absence of command-line options is that
174  // SSL 3.0 ~ default_version_max() are enabled.
175  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
176  EXPECT_EQ(net::SSLConfigService::default_version_max(),
177            ssl_config.version_max);
178  EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
179
180  // The settings should not be added to the local_state.
181  EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
182  EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
183  EXPECT_FALSE(local_state->HasPrefPath(
184      prefs::kEnableUnrestrictedSSL3Fallback));
185
186  // Explicitly double-check the settings are not in the preference store.
187  std::string version_min_str;
188  std::string version_max_str;
189  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
190                                            &version_min_str));
191  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
192                                            &version_max_str));
193  bool unrestricted_ssl3_fallback_enabled;
194  EXPECT_FALSE(local_state_store->GetBoolean(
195      prefs::kEnableUnrestrictedSSL3Fallback,
196      &unrestricted_ssl3_fallback_enabled));
197}
198
199// Test that command-line settings for minimum and maximum SSL versions are
200// respected and that they do not persist to the preferences files.
201TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
202  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
203
204  CommandLine command_line(CommandLine::NO_PROGRAM);
205  command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
206  command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
207  command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback);
208
209  PrefServiceMockFactory factory;
210  factory.set_user_prefs(local_state_store);
211  factory.SetCommandLine(&command_line);
212  scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
213  scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
214
215  SSLConfigServiceManager::RegisterPrefs(registry.get());
216
217  scoped_ptr<SSLConfigServiceManager> config_manager(
218      SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
219  ASSERT_TRUE(config_manager.get());
220  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
221  ASSERT_TRUE(config_service.get());
222
223  SSLConfig ssl_config;
224  config_service->GetSSLConfig(&ssl_config);
225  // Command-line flags should be respected.
226  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
227  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
228  EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
229
230  // Explicitly double-check the settings are not in the preference store.
231  const PrefService::Preference* version_min_pref =
232      local_state->FindPreference(prefs::kSSLVersionMin);
233  EXPECT_FALSE(version_min_pref->IsUserModifiable());
234
235  const PrefService::Preference* version_max_pref =
236      local_state->FindPreference(prefs::kSSLVersionMax);
237  EXPECT_FALSE(version_max_pref->IsUserModifiable());
238
239  const PrefService::Preference* ssl3_fallback_pref =
240      local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback);
241  EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable());
242
243  std::string version_min_str;
244  std::string version_max_str;
245  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
246                                            &version_min_str));
247  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
248                                            &version_max_str));
249  bool unrestricted_ssl3_fallback_enabled;
250  EXPECT_FALSE(local_state_store->GetBoolean(
251      prefs::kEnableUnrestrictedSSL3Fallback,
252      &unrestricted_ssl3_fallback_enabled));
253}
254