ssl_config_service_manager_pref_unittest.cc revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/net/ssl_config_service_manager.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/command_line.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/ref_counted.h" 99ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/prefs/pref_registry_simple.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/prefs/testing_pref_store.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/values.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/content_settings/host_content_settings_map.h" 14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chrome/browser/prefs/pref_service_mock_factory.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/chrome_switches.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/content_settings.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/pref_names.h" 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/test/base/testing_pref_service_syncable.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/test/base/testing_profile.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/test/test_browser_thread.h" 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/ssl/ssl_config_service.h" 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using base::ListValue; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using base::Value; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using content::BrowserThread; 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using net::SSLConfig; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using net::SSLConfigService; 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SSLConfigServiceManagerPrefTest : public testing::Test { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfigServiceManagerPrefTest() 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : ui_thread_(BrowserThread::UI, &message_loop_), 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) io_thread_(BrowserThread::IO, &message_loop_) {} 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protected: 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool IsChannelIdEnabled(SSLConfigService* config_service) { 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return config.channel_id_enabled; 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop message_loop_; 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) content::TestBrowserThread ui_thread_; 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) content::TestBrowserThread io_thread_; 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test channel id with no user prefs. 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { 532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TestingPrefServiceSimple local_state; 542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Value::CreateBooleanValue(false)); 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 5990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(&local_state)); 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(config.channel_id_enabled); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kEnableOriginBoundCerts, 695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Value::CreateBooleanValue(true)); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(config.channel_id_enabled); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test that cipher suites can be disabled. "Good" refers to the fact that 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// every value is expected to be successfully parsed into a cipher suite. 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { 802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TestingPrefServiceSimple local_state; 812a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 8490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(&local_state)); 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig old_config; 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&old_config); 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::ListValue* list_value = new base::ListValue(); 945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) list_value->Append(base::Value::CreateStringValue("0x0004")); 955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) list_value->Append(base::Value::CreateStringValue("0x0005")); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 1002a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test that cipher suites can be disabled. "Bad" refers to the fact that 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// there are one or more non-cipher suite strings in the preference. They 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// should be ignored. 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { 1152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TestingPrefServiceSimple local_state; 1162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(local_state.registry()); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 11990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(&local_state)); 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig old_config; 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&old_config); 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::ListValue* list_value = new base::ListValue(); 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) list_value->Append(base::Value::CreateStringValue("0x0004")); 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) list_value->Append( 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) list_value->Append(base::Value::CreateStringValue("0x0005")); 1335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) list_value->Append(base::Value::CreateStringValue("0xBEEFY")); 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Pump the message loop to notify the SSLConfigServiceManagerPref that the 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preferences changed. 1382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) message_loop_.RunUntilIdle(); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig config; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&config); 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 149c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Test that 150c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// * without command-line settings for minimum and maximum SSL versions, 151c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// SSL 3.0 ~ default_version_max() are enabled; 152c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// * without --enable-unrestricted-ssl3-fallback, 153c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// |unrestricted_ssl3_fallback_enabled| is false. 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 157f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) PrefServiceMockFactory factory; 158f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) factory.set_user_prefs(local_state_store); 1592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 160f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<PrefService> local_state(factory.Create(registry.get())); 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 162868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(registry.get()); 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 16590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(local_state.get())); 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig ssl_config; 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&ssl_config); 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The default value in the absence of command-line options is that 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SSL 3.0 ~ default_version_max() are enabled. 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSLConfigService::default_version_max(), 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config.version_max); 177a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled); 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The settings should not be added to the local_state. 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); 182c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(local_state->HasPrefPath( 183c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) prefs::kEnableUnrestrictedSSL3Fallback)); 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Explicitly double-check the settings are not in the preference store. 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_min_str; 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_max_str; 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_min_str)); 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_max_str)); 192c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool unrestricted_ssl3_fallback_enabled; 193c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(local_state_store->GetBoolean( 194c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) prefs::kEnableUnrestrictedSSL3Fallback, 195c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) &unrestricted_ssl3_fallback_enabled)); 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Test that command-line settings for minimum and maximum SSL versions are 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// respected and that they do not persist to the preferences files. 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CommandLine command_line(CommandLine::NO_PROGRAM); 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); 206c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback); 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 208f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) PrefServiceMockFactory factory; 209f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) factory.set_user_prefs(local_state_store); 210f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) factory.SetCommandLine(&command_line); 2112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 212f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<PrefService> local_state(factory.Create(registry.get())); 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 214868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSLConfigServiceManager::RegisterPrefs(registry.get()); 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SSLConfigServiceManager> config_manager( 21790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SSLConfigServiceManager::CreateDefaultManager(local_state.get())); 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_manager.get()); 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(config_service.get()); 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig ssl_config; 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) config_service->GetSSLConfig(&ssl_config); 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Command-line flags should be respected. 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); 227c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Explicitly double-check the settings are not in the preference store. 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const PrefService::Preference* version_min_pref = 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state->FindPreference(prefs::kSSLVersionMin); 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(version_min_pref->IsUserModifiable()); 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const PrefService::Preference* version_max_pref = 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) local_state->FindPreference(prefs::kSSLVersionMax); 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(version_max_pref->IsUserModifiable()); 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 238c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const PrefService::Preference* ssl3_fallback_pref = 239c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback); 240c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable()); 241c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_min_str; 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string version_max_str; 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_min_str)); 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &version_max_str)); 248c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool unrestricted_ssl3_fallback_enabled; 249c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_FALSE(local_state_store->GetBoolean( 250c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) prefs::kEnableUnrestrictedSSL3Fallback, 251c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) &unrestricted_ssl3_fallback_enabled)); 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 253