ssl_config_service_manager_pref_unittest.cc revision 90dce4d38c5ff5333bea97d859d4e484e27edf0c 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/ssl_config_service_manager.h"
6
7#include "base/command_line.h"
8#include "base/memory/ref_counted.h"
9#include "base/message_loop.h"
10#include "base/prefs/pref_registry_simple.h"
11#include "base/prefs/testing_pref_store.h"
12#include "base/values.h"
13#include "chrome/browser/content_settings/host_content_settings_map.h"
14#include "chrome/browser/prefs/pref_service_mock_builder.h"
15#include "chrome/common/chrome_switches.h"
16#include "chrome/common/content_settings.h"
17#include "chrome/common/pref_names.h"
18#include "chrome/test/base/testing_pref_service_syncable.h"
19#include "chrome/test/base/testing_profile.h"
20#include "content/public/test/test_browser_thread.h"
21#include "net/ssl/ssl_config_service.h"
22#include "testing/gtest/include/gtest/gtest.h"
23
24using base::ListValue;
25using base::Value;
26using content::BrowserThread;
27using net::SSLConfig;
28using net::SSLConfigService;
29
30namespace {
31
32void SetCookiePref(TestingProfile* profile, ContentSetting setting) {
33  HostContentSettingsMap* host_content_settings_map =
34      profile->GetHostContentSettingsMap();
35  host_content_settings_map->SetDefaultContentSetting(
36      CONTENT_SETTINGS_TYPE_COOKIES, setting);
37}
38
39}  // namespace
40
41class SSLConfigServiceManagerPrefTest : public testing::Test {
42 public:
43  SSLConfigServiceManagerPrefTest()
44      : ui_thread_(BrowserThread::UI, &message_loop_),
45        io_thread_(BrowserThread::IO, &message_loop_) {}
46
47 protected:
48  bool IsChannelIdEnabled(SSLConfigService* config_service) {
49    // Pump the message loop to notify the SSLConfigServiceManagerPref that the
50    // preferences changed.
51    message_loop_.RunUntilIdle();
52    SSLConfig config;
53    config_service->GetSSLConfig(&config);
54    return config.channel_id_enabled;
55  }
56
57  base::MessageLoop message_loop_;
58  content::TestBrowserThread ui_thread_;
59  content::TestBrowserThread io_thread_;
60};
61
62// Test channel id with no user prefs.
63TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
64  TestingPrefServiceSimple local_state;
65  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
66  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
67                          Value::CreateBooleanValue(false));
68
69  scoped_ptr<SSLConfigServiceManager> config_manager(
70      SSLConfigServiceManager::CreateDefaultManager(&local_state));
71  ASSERT_TRUE(config_manager.get());
72  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
73  ASSERT_TRUE(config_service.get());
74
75  SSLConfig config;
76  config_service->GetSSLConfig(&config);
77  EXPECT_FALSE(config.channel_id_enabled);
78
79  local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
80                          Value::CreateBooleanValue(true));
81  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
82  // preferences changed.
83  message_loop_.RunUntilIdle();
84  config_service->GetSSLConfig(&config);
85  EXPECT_TRUE(config.channel_id_enabled);
86}
87
88// Test that cipher suites can be disabled. "Good" refers to the fact that
89// every value is expected to be successfully parsed into a cipher suite.
90TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
91  TestingPrefServiceSimple local_state;
92  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
93
94  scoped_ptr<SSLConfigServiceManager> config_manager(
95      SSLConfigServiceManager::CreateDefaultManager(&local_state));
96  ASSERT_TRUE(config_manager.get());
97  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
98  ASSERT_TRUE(config_service.get());
99
100  SSLConfig old_config;
101  config_service->GetSSLConfig(&old_config);
102  EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
103
104  ListValue* list_value = new ListValue();
105  list_value->Append(Value::CreateStringValue("0x0004"));
106  list_value->Append(Value::CreateStringValue("0x0005"));
107  local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
108
109  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
110  // preferences changed.
111  message_loop_.RunUntilIdle();
112
113  SSLConfig config;
114  config_service->GetSSLConfig(&config);
115
116  EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
117  ASSERT_EQ(2u, config.disabled_cipher_suites.size());
118  EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
119  EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
120}
121
122// Test that cipher suites can be disabled. "Bad" refers to the fact that
123// there are one or more non-cipher suite strings in the preference. They
124// should be ignored.
125TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
126  TestingPrefServiceSimple local_state;
127  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
128
129  scoped_ptr<SSLConfigServiceManager> config_manager(
130      SSLConfigServiceManager::CreateDefaultManager(&local_state));
131  ASSERT_TRUE(config_manager.get());
132  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
133  ASSERT_TRUE(config_service.get());
134
135  SSLConfig old_config;
136  config_service->GetSSLConfig(&old_config);
137  EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
138
139  ListValue* list_value = new ListValue();
140  list_value->Append(Value::CreateStringValue("0x0004"));
141  list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
142  list_value->Append(Value::CreateStringValue("0x0005"));
143  list_value->Append(Value::CreateStringValue("0xBEEFY"));
144  local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
145
146  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
147  // preferences changed.
148  message_loop_.RunUntilIdle();
149
150  SSLConfig config;
151  config_service->GetSSLConfig(&config);
152
153  EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
154  ASSERT_EQ(2u, config.disabled_cipher_suites.size());
155  EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
156  EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
157}
158
159// Test that
160// * without command-line settings for minimum and maximum SSL versions,
161//   SSL 3.0 ~ default_version_max() are enabled;
162// * without --enable-unrestricted-ssl3-fallback,
163//   |unrestricted_ssl3_fallback_enabled| is false.
164// TODO(thaidn): |unrestricted_ssl3_fallback_enabled| is true by default
165// temporarily until we have fixed deployment issues.
166TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
167  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
168
169  PrefServiceMockBuilder builder;
170  builder.WithUserPrefs(local_state_store.get());
171  scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
172  scoped_ptr<PrefService> local_state(builder.Create(registry));
173
174  SSLConfigServiceManager::RegisterPrefs(registry);
175
176  scoped_ptr<SSLConfigServiceManager> config_manager(
177      SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
178  ASSERT_TRUE(config_manager.get());
179  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
180  ASSERT_TRUE(config_service.get());
181
182  SSLConfig ssl_config;
183  config_service->GetSSLConfig(&ssl_config);
184  // The default value in the absence of command-line options is that
185  // SSL 3.0 ~ default_version_max() are enabled.
186  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
187  EXPECT_EQ(net::SSLConfigService::default_version_max(),
188            ssl_config.version_max);
189  EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
190
191  // The settings should not be added to the local_state.
192  EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
193  EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
194  EXPECT_FALSE(local_state->HasPrefPath(
195      prefs::kEnableUnrestrictedSSL3Fallback));
196
197  // Explicitly double-check the settings are not in the preference store.
198  std::string version_min_str;
199  std::string version_max_str;
200  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
201                                            &version_min_str));
202  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
203                                            &version_max_str));
204  bool unrestricted_ssl3_fallback_enabled;
205  EXPECT_FALSE(local_state_store->GetBoolean(
206      prefs::kEnableUnrestrictedSSL3Fallback,
207      &unrestricted_ssl3_fallback_enabled));
208}
209
210// Test that command-line settings for minimum and maximum SSL versions are
211// respected and that they do not persist to the preferences files.
212TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
213  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
214
215  CommandLine command_line(CommandLine::NO_PROGRAM);
216  command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
217  command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
218  command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback);
219
220  PrefServiceMockBuilder builder;
221  builder.WithUserPrefs(local_state_store.get());
222  builder.WithCommandLine(&command_line);
223  scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
224  scoped_ptr<PrefService> local_state(builder.Create(registry));
225
226  SSLConfigServiceManager::RegisterPrefs(registry);
227
228  scoped_ptr<SSLConfigServiceManager> config_manager(
229      SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
230  ASSERT_TRUE(config_manager.get());
231  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
232  ASSERT_TRUE(config_service.get());
233
234  SSLConfig ssl_config;
235  config_service->GetSSLConfig(&ssl_config);
236  // Command-line flags should be respected.
237  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
238  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
239  EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
240
241  // Explicitly double-check the settings are not in the preference store.
242  const PrefService::Preference* version_min_pref =
243      local_state->FindPreference(prefs::kSSLVersionMin);
244  EXPECT_FALSE(version_min_pref->IsUserModifiable());
245
246  const PrefService::Preference* version_max_pref =
247      local_state->FindPreference(prefs::kSSLVersionMax);
248  EXPECT_FALSE(version_max_pref->IsUserModifiable());
249
250  const PrefService::Preference* ssl3_fallback_pref =
251      local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback);
252  EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable());
253
254  std::string version_min_str;
255  std::string version_max_str;
256  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
257                                            &version_min_str));
258  EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
259                                            &version_max_str));
260  bool unrestricted_ssl3_fallback_enabled;
261  EXPECT_FALSE(local_state_store->GetBoolean(
262      prefs::kEnableUnrestrictedSSL3Fallback,
263      &unrestricted_ssl3_fallback_enabled));
264}
265