ssl_config_service_manager_pref_unittest.cc revision 5821806d5e7f356e8fa4b058a389a808ea183019
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/net/ssl_config_service_manager.h" 6 7#include "base/command_line.h" 8#include "base/memory/ref_counted.h" 9#include "base/message_loop.h" 10#include "base/prefs/testing_pref_store.h" 11#include "base/values.h" 12#include "chrome/browser/content_settings/host_content_settings_map.h" 13#include "chrome/browser/prefs/pref_service_mock_builder.h" 14#include "chrome/common/chrome_switches.h" 15#include "chrome/common/content_settings.h" 16#include "chrome/common/pref_names.h" 17#include "chrome/test/base/testing_pref_service.h" 18#include "chrome/test/base/testing_profile.h" 19#include "content/public/test/test_browser_thread.h" 20#include "net/base/ssl_config_service.h" 21#include "testing/gtest/include/gtest/gtest.h" 22 23using base::ListValue; 24using base::Value; 25using content::BrowserThread; 26using net::SSLConfig; 27using net::SSLConfigService; 28 29namespace { 30 31void SetCookiePref(TestingProfile* profile, ContentSetting setting) { 32 HostContentSettingsMap* host_content_settings_map = 33 profile->GetHostContentSettingsMap(); 34 host_content_settings_map->SetDefaultContentSetting( 35 CONTENT_SETTINGS_TYPE_COOKIES, setting); 36} 37 38} // namespace 39 40class SSLConfigServiceManagerPrefTest : public testing::Test { 41 public: 42 SSLConfigServiceManagerPrefTest() 43 : ui_thread_(BrowserThread::UI, &message_loop_), 44 io_thread_(BrowserThread::IO, &message_loop_) {} 45 46 protected: 47 bool IsChannelIdEnabled(SSLConfigService* config_service) { 48 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 49 // preferences changed. 50 message_loop_.RunAllPending(); 51 SSLConfig config; 52 config_service->GetSSLConfig(&config); 53 return config.channel_id_enabled; 54 } 55 56 MessageLoop message_loop_; 57 content::TestBrowserThread ui_thread_; 58 content::TestBrowserThread io_thread_; 59}; 60 61// Test channel id with no user prefs. 62TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { 63 TestingPrefService local_state; 64 SSLConfigServiceManager::RegisterPrefs(&local_state); 65 local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 66 Value::CreateBooleanValue(false)); 67 68 scoped_ptr<SSLConfigServiceManager> config_manager( 69 SSLConfigServiceManager::CreateDefaultManager(&local_state, NULL)); 70 ASSERT_TRUE(config_manager.get()); 71 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 72 ASSERT_TRUE(config_service.get()); 73 74 SSLConfig config; 75 config_service->GetSSLConfig(&config); 76 EXPECT_FALSE(config.channel_id_enabled); 77 78 local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 79 Value::CreateBooleanValue(true)); 80 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 81 // preferences changed. 82 message_loop_.RunAllPending(); 83 config_service->GetSSLConfig(&config); 84 EXPECT_TRUE(config.channel_id_enabled); 85} 86 87// Test channel id with user prefs. 88TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithUserPrefs) { 89 TestingPrefService local_state; 90 SSLConfigServiceManager::RegisterPrefs(&local_state); 91 local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 92 Value::CreateBooleanValue(false)); 93 94 TestingProfile testing_profile; 95 TestingPrefService* user_prefs = testing_profile.GetTestingPrefService(); 96 SetCookiePref(&testing_profile, CONTENT_SETTING_BLOCK); 97 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 98 Value::CreateBooleanValue(true)); 99 100 scoped_ptr<SSLConfigServiceManager> config_manager( 101 SSLConfigServiceManager::CreateDefaultManager(&local_state, user_prefs)); 102 ASSERT_TRUE(config_manager.get()); 103 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 104 ASSERT_TRUE(config_service.get()); 105 106 // channelid=false, cookies=block, 3rdpartycookies=block 107 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 108 109 // channelid=false, cookies=block, 3rdpartycookies=allow 110 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 111 Value::CreateBooleanValue(false)); 112 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 113 114 // channelid=false, cookies=allow, 3rdpartycookies=block 115 SetCookiePref(&testing_profile, CONTENT_SETTING_ALLOW); 116 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 117 Value::CreateBooleanValue(true)); 118 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 119 120 // channelid=false, cookies=allow, 3rdpartycookies=allow 121 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 122 Value::CreateBooleanValue(false)); 123 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 124 125 // channelid=true, cookies=block, 3rdpartycookies=block 126 local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 127 Value::CreateBooleanValue(true)); 128 SetCookiePref(&testing_profile, CONTENT_SETTING_BLOCK); 129 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 130 Value::CreateBooleanValue(true)); 131 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 132 133 // channelid=true, cookies=block, 3rdpartycookies=allow 134 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 135 Value::CreateBooleanValue(false)); 136 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 137 138 // channelid=true, cookies=allow, 3rdpartycookies=block 139 SetCookiePref(&testing_profile, CONTENT_SETTING_ALLOW); 140 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 141 Value::CreateBooleanValue(true)); 142 EXPECT_FALSE(IsChannelIdEnabled(config_service)); 143 144 // channelid=true, cookies=allow, 3rdpartycookies=allow 145 user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies, 146 Value::CreateBooleanValue(false)); 147 EXPECT_TRUE(IsChannelIdEnabled(config_service)); 148} 149 150// Test that cipher suites can be disabled. "Good" refers to the fact that 151// every value is expected to be successfully parsed into a cipher suite. 152TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { 153 TestingPrefService local_state; 154 SSLConfigServiceManager::RegisterPrefs(&local_state); 155 156 scoped_ptr<SSLConfigServiceManager> config_manager( 157 SSLConfigServiceManager::CreateDefaultManager(&local_state, NULL)); 158 ASSERT_TRUE(config_manager.get()); 159 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 160 ASSERT_TRUE(config_service.get()); 161 162 SSLConfig old_config; 163 config_service->GetSSLConfig(&old_config); 164 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 165 166 ListValue* list_value = new ListValue(); 167 list_value->Append(Value::CreateStringValue("0x0004")); 168 list_value->Append(Value::CreateStringValue("0x0005")); 169 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 170 171 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 172 // preferences changed. 173 message_loop_.RunAllPending(); 174 175 SSLConfig config; 176 config_service->GetSSLConfig(&config); 177 178 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 179 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 180 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 181 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 182} 183 184// Test that cipher suites can be disabled. "Bad" refers to the fact that 185// there are one or more non-cipher suite strings in the preference. They 186// should be ignored. 187TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { 188 TestingPrefService local_state; 189 SSLConfigServiceManager::RegisterPrefs(&local_state); 190 191 scoped_ptr<SSLConfigServiceManager> config_manager( 192 SSLConfigServiceManager::CreateDefaultManager(&local_state, NULL)); 193 ASSERT_TRUE(config_manager.get()); 194 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 195 ASSERT_TRUE(config_service.get()); 196 197 SSLConfig old_config; 198 config_service->GetSSLConfig(&old_config); 199 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 200 201 ListValue* list_value = new ListValue(); 202 list_value->Append(Value::CreateStringValue("0x0004")); 203 list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); 204 list_value->Append(Value::CreateStringValue("0x0005")); 205 list_value->Append(Value::CreateStringValue("0xBEEFY")); 206 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 207 208 // Pump the message loop to notify the SSLConfigServiceManagerPref that the 209 // preferences changed. 210 message_loop_.RunAllPending(); 211 212 SSLConfig config; 213 config_service->GetSSLConfig(&config); 214 215 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 216 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 217 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 218 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 219} 220 221// Test that without command-line settings for minimum and maximum SSL 222// versions, SSL 3.0 ~ default_version_max() are enabled. 223TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { 224 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 225 226 PrefServiceMockBuilder builder; 227 builder.WithUserPrefs(local_state_store.get()); 228 scoped_ptr<PrefService> local_state(builder.Create()); 229 230 SSLConfigServiceManager::RegisterPrefs(local_state.get()); 231 232 scoped_ptr<SSLConfigServiceManager> config_manager( 233 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); 234 ASSERT_TRUE(config_manager.get()); 235 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 236 ASSERT_TRUE(config_service.get()); 237 238 SSLConfig ssl_config; 239 config_service->GetSSLConfig(&ssl_config); 240 // The default value in the absence of command-line options is that 241 // SSL 3.0 ~ default_version_max() are enabled. 242 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); 243 EXPECT_EQ(net::SSLConfigService::default_version_max(), 244 ssl_config.version_max); 245 246 // The settings should not be added to the local_state. 247 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); 248 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); 249 250 // Explicitly double-check the settings are not in the preference store. 251 std::string version_min_str; 252 std::string version_max_str; 253 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 254 &version_min_str)); 255 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 256 &version_max_str)); 257} 258 259// Test that command-line settings for minimum and maximum SSL versions are 260// respected and that they do not persist to the preferences files. 261TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { 262 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 263 264 CommandLine command_line(CommandLine::NO_PROGRAM); 265 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); 266 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); 267 268 PrefServiceMockBuilder builder; 269 builder.WithUserPrefs(local_state_store.get()); 270 builder.WithCommandLine(&command_line); 271 scoped_ptr<PrefService> local_state(builder.Create()); 272 273 SSLConfigServiceManager::RegisterPrefs(local_state.get()); 274 275 scoped_ptr<SSLConfigServiceManager> config_manager( 276 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); 277 ASSERT_TRUE(config_manager.get()); 278 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 279 ASSERT_TRUE(config_service.get()); 280 281 SSLConfig ssl_config; 282 config_service->GetSSLConfig(&ssl_config); 283 // Command-line flags should be respected. 284 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); 285 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); 286 287 // Explicitly double-check the settings are not in the preference store. 288 const PrefService::Preference* version_min_pref = 289 local_state->FindPreference(prefs::kSSLVersionMin); 290 EXPECT_FALSE(version_min_pref->IsUserModifiable()); 291 292 const PrefService::Preference* version_max_pref = 293 local_state->FindPreference(prefs::kSSLVersionMax); 294 EXPECT_FALSE(version_max_pref->IsUserModifiable()); 295 296 std::string version_min_str; 297 std::string version_max_str; 298 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 299 &version_min_str)); 300 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 301 &version_max_str)); 302} 303