ssl_config_service_manager_pref_unittest.cc revision 5821806d5e7f356e8fa4b058a389a808ea183019 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/ssl_config_service_manager.h"
6
7#include "base/command_line.h"
8#include "base/memory/ref_counted.h"
9#include "base/message_loop.h"
10#include "base/prefs/testing_pref_store.h"
11#include "base/values.h"
12#include "chrome/browser/content_settings/host_content_settings_map.h"
13#include "chrome/browser/prefs/pref_service_mock_builder.h"
14#include "chrome/common/chrome_switches.h"
15#include "chrome/common/content_settings.h"
16#include "chrome/common/pref_names.h"
17#include "chrome/test/base/testing_pref_service.h"
18#include "chrome/test/base/testing_profile.h"
19#include "content/public/test/test_browser_thread.h"
20#include "net/base/ssl_config_service.h"
21#include "testing/gtest/include/gtest/gtest.h"
22
23using base::ListValue;
24using base::Value;
25using content::BrowserThread;
26using net::SSLConfig;
27using net::SSLConfigService;
28
29namespace {
30
31void SetCookiePref(TestingProfile* profile, ContentSetting setting) {
32  HostContentSettingsMap* host_content_settings_map =
33      profile->GetHostContentSettingsMap();
34  host_content_settings_map->SetDefaultContentSetting(
35      CONTENT_SETTINGS_TYPE_COOKIES, setting);
36}
37
38}  // namespace
39
40class SSLConfigServiceManagerPrefTest : public testing::Test {
41 public:
42  SSLConfigServiceManagerPrefTest()
43      : ui_thread_(BrowserThread::UI, &message_loop_),
44        io_thread_(BrowserThread::IO, &message_loop_) {}
45
46 protected:
47  bool IsChannelIdEnabled(SSLConfigService* config_service) {
48    // Pump the message loop to notify the SSLConfigServiceManagerPref that the
49    // preferences changed.
50    message_loop_.RunAllPending();
51    SSLConfig config;
52    config_service->GetSSLConfig(&config);
53    return config.channel_id_enabled;
54  }
55
56  MessageLoop message_loop_;
57  content::TestBrowserThread ui_thread_;
58  content::TestBrowserThread io_thread_;
59};
60
61// Test channel id with no user prefs.
62TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
63  TestingPrefService local_state;
64  SSLConfigServiceManager::RegisterPrefs(&local_state);
65  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
66                          Value::CreateBooleanValue(false));
67
68  scoped_ptr<SSLConfigServiceManager> config_manager(
69      SSLConfigServiceManager::CreateDefaultManager(&local_state, NULL));
70  ASSERT_TRUE(config_manager.get());
71  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
72  ASSERT_TRUE(config_service.get());
73
74  SSLConfig config;
75  config_service->GetSSLConfig(&config);
76  EXPECT_FALSE(config.channel_id_enabled);
77
78  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
79                          Value::CreateBooleanValue(true));
80  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
81  // preferences changed.
82  message_loop_.RunAllPending();
83  config_service->GetSSLConfig(&config);
84  EXPECT_TRUE(config.channel_id_enabled);
85}
86
87// Test channel id with user prefs.
88TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithUserPrefs) {
89  TestingPrefService local_state;
90  SSLConfigServiceManager::RegisterPrefs(&local_state);
91  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
92                          Value::CreateBooleanValue(false));
93
94  TestingProfile testing_profile;
95  TestingPrefService* user_prefs = testing_profile.GetTestingPrefService();
96  SetCookiePref(&testing_profile, CONTENT_SETTING_BLOCK);
97  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
98                          Value::CreateBooleanValue(true));
99
100  scoped_ptr<SSLConfigServiceManager> config_manager(
101      SSLConfigServiceManager::CreateDefaultManager(&local_state, user_prefs));
102  ASSERT_TRUE(config_manager.get());
103  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
104  ASSERT_TRUE(config_service.get());
105
106  // channelid=false, cookies=block, 3rdpartycookies=block
107  EXPECT_FALSE(IsChannelIdEnabled(config_service));
108
109  // channelid=false, cookies=block, 3rdpartycookies=allow
110  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
111                          Value::CreateBooleanValue(false));
112  EXPECT_FALSE(IsChannelIdEnabled(config_service));
113
114  // channelid=false, cookies=allow, 3rdpartycookies=block
115  SetCookiePref(&testing_profile, CONTENT_SETTING_ALLOW);
116  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
117                          Value::CreateBooleanValue(true));
118  EXPECT_FALSE(IsChannelIdEnabled(config_service));
119
120  // channelid=false, cookies=allow, 3rdpartycookies=allow
121  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
122                          Value::CreateBooleanValue(false));
123  EXPECT_FALSE(IsChannelIdEnabled(config_service));
124
125  // channelid=true, cookies=block, 3rdpartycookies=block
126  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
127                          Value::CreateBooleanValue(true));
128  SetCookiePref(&testing_profile, CONTENT_SETTING_BLOCK);
129  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
130                          Value::CreateBooleanValue(true));
131  EXPECT_FALSE(IsChannelIdEnabled(config_service));
132
133  // channelid=true, cookies=block, 3rdpartycookies=allow
134  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
135                          Value::CreateBooleanValue(false));
136  EXPECT_FALSE(IsChannelIdEnabled(config_service));
137
138  // channelid=true, cookies=allow, 3rdpartycookies=block
139  SetCookiePref(&testing_profile, CONTENT_SETTING_ALLOW);
140  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
141                          Value::CreateBooleanValue(true));
142  EXPECT_FALSE(IsChannelIdEnabled(config_service));
143
144  // channelid=true, cookies=allow, 3rdpartycookies=allow
145  user_prefs->SetUserPref(prefs::kBlockThirdPartyCookies,
146                          Value::CreateBooleanValue(false));
147  EXPECT_TRUE(IsChannelIdEnabled(config_service));
148}
149
150// Test that cipher suites can be disabled. "Good" refers to the fact that
151// every value is expected to be successfully parsed into a cipher suite.
152TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
153  TestingPrefService local_state;
154  SSLConfigServiceManager::RegisterPrefs(&local_state);
155
156  scoped_ptr<SSLConfigServiceManager> config_manager(
157      SSLConfigServiceManager::CreateDefaultManager(&local_state, NULL));
158  ASSERT_TRUE(config_manager.get());
159  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
160  ASSERT_TRUE(config_service.get());
161
162  SSLConfig old_config;
163  config_service->GetSSLConfig(&old_config);
164  EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
165
166  ListValue* list_value = new ListValue();
167  list_value->Append(Value::CreateStringValue("0x0004"));
168  list_value->Append(Value::CreateStringValue("0x0005"));
169  local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
170
171  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
172  // preferences changed.
173  message_loop_.RunAllPending();
174
175  SSLConfig config;
176  config_service->GetSSLConfig(&config);
177
178  EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
179  ASSERT_EQ(2u, config.disabled_cipher_suites.size());
180  EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
181  EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
182}
183
184// Test that cipher suites can be disabled. "Bad" refers to the fact that
185// there are one or more non-cipher suite strings in the preference. They
186// should be ignored.
187TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
188  TestingPrefService local_state;
189  SSLConfigServiceManager::RegisterPrefs(&local_state);
190
191  scoped_ptr<SSLConfigServiceManager> config_manager(
192      SSLConfigServiceManager::CreateDefaultManager(&local_state, NULL));
193  ASSERT_TRUE(config_manager.get());
194  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
195  ASSERT_TRUE(config_service.get());
196
197  SSLConfig old_config;
198  config_service->GetSSLConfig(&old_config);
199  EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
200
201  ListValue* list_value = new ListValue();
202  list_value->Append(Value::CreateStringValue("0x0004"));
203  list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
204  list_value->Append(Value::CreateStringValue("0x0005"));
205  list_value->Append(Value::CreateStringValue("0xBEEFY"));
206  local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
207
208  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
209  // preferences changed.
210  message_loop_.RunAllPending();
211
212  SSLConfig config;
213  config_service->GetSSLConfig(&config);
214
215  EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
216  ASSERT_EQ(2u, config.disabled_cipher_suites.size());
217  EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
218  EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
219}
220
221// Test that without command-line settings for minimum and maximum SSL
222// versions, SSL 3.0 ~ default_version_max() are enabled.
223TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
224  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
225
226  PrefServiceMockBuilder builder;
227  builder.WithUserPrefs(local_state_store.get());
228  scoped_ptr<PrefService> local_state(builder.Create());
229
230  SSLConfigServiceManager::RegisterPrefs(local_state.get());
231
232  scoped_ptr<SSLConfigServiceManager> config_manager(
233      SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL));
234  ASSERT_TRUE(config_manager.get());
235  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
236  ASSERT_TRUE(config_service.get());
237
238  SSLConfig ssl_config;
239  config_service->GetSSLConfig(&ssl_config);
240  // The default value in the absence of command-line options is that
241  // SSL 3.0 ~ default_version_max() are enabled.
242  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
243  EXPECT_EQ(net::SSLConfigService::default_version_max(),
244            ssl_config.version_max);
245
246  // The settings should not be added to the local_state.
247  EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
248  EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
249
250  // Explicitly double-check the settings are not in the preference store.
251  std::string version_min_str;
252  std::string version_max_str;
253  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
254                                            &version_min_str));
255  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
256                                            &version_max_str));
257}
258
259// Test that command-line settings for minimum and maximum SSL versions are
260// respected and that they do not persist to the preferences files.
261TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
262  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
263
264  CommandLine command_line(CommandLine::NO_PROGRAM);
265  command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
266  command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
267
268  PrefServiceMockBuilder builder;
269  builder.WithUserPrefs(local_state_store.get());
270  builder.WithCommandLine(&command_line);
271  scoped_ptr<PrefService> local_state(builder.Create());
272
273  SSLConfigServiceManager::RegisterPrefs(local_state.get());
274
275  scoped_ptr<SSLConfigServiceManager> config_manager(
276      SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL));
277  ASSERT_TRUE(config_manager.get());
278  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
279  ASSERT_TRUE(config_service.get());
280
281  SSLConfig ssl_config;
282  config_service->GetSSLConfig(&ssl_config);
283  // Command-line flags should be respected.
284  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
285  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
286
287  // Explicitly double-check the settings are not in the preference store.
288  const PrefService::Preference* version_min_pref =
289      local_state->FindPreference(prefs::kSSLVersionMin);
290  EXPECT_FALSE(version_min_pref->IsUserModifiable());
291
292  const PrefService::Preference* version_max_pref =
293      local_state->FindPreference(prefs::kSSLVersionMax);
294  EXPECT_FALSE(version_max_pref->IsUserModifiable());
295
296  std::string version_min_str;
297  std::string version_max_str;
298  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
299                                            &version_min_str));
300  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
301                                            &version_max_str));
302}
303