src/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/net/ssl_config_service_manager.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/memory/ref_counted.h"
   9 #include "base/message_loop/message_loop.h"
  10 #include "base/prefs/pref_registry_simple.h"
  11 #include "base/prefs/testing_pref_store.h"
  12 #include "base/values.h"
  13 #include "chrome/browser/content_settings/host_content_settings_map.h"
  14 #include "chrome/browser/prefs/pref_service_mock_factory.h"
  15 #include "chrome/common/chrome_switches.h"
  16 #include "chrome/common/pref_names.h"
  17 #include "chrome/test/base/testing_pref_service_syncable.h"
  18 #include "chrome/test/base/testing_profile.h"
  19 #include "components/content_settings/core/common/content_settings.h"
  20 #include "content/public/test/test_browser_thread.h"
  21 #include "net/ssl/ssl_config_service.h"
  22 #include "testing/gtest/include/gtest/gtest.h"
  23
  24 using base::ListValue;
  25 using base::Value;
  26 using content::BrowserThread;
  27 using net::SSLConfig;
  28 using net::SSLConfigService;
  29
  30 class SSLConfigServiceManagerPrefTest : public testing::Test {
  31  public:
  32   SSLConfigServiceManagerPrefTest()
  33       : ui_thread_(BrowserThread::UI, &message_loop_),
  34         io_thread_(BrowserThread::IO, &message_loop_) {}
  35
  36  protected:
  37   base::MessageLoop message_loop_;
  38   content::TestBrowserThread ui_thread_;
  39   content::TestBrowserThread io_thread_;
  40 };
  41
  42 // Test channel id with no user prefs.
  43 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
  44   TestingPrefServiceSimple local_state;
  45   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  46
  47   scoped_ptr<SSLConfigServiceManager> config_manager(
  48       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  49   ASSERT_TRUE(config_manager.get());
  50   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  51   ASSERT_TRUE(config_service.get());
  52
  53   SSLConfig config;
  54   config_service->GetSSLConfig(&config);
  55   EXPECT_TRUE(config.channel_id_enabled);
  56 }
  57
  58 // Test that cipher suites can be disabled. "Good" refers to the fact that
  59 // every value is expected to be successfully parsed into a cipher suite.
  60 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
  61   TestingPrefServiceSimple local_state;
  62   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  63
  64   scoped_ptr<SSLConfigServiceManager> config_manager(
  65       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  66   ASSERT_TRUE(config_manager.get());
  67   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  68   ASSERT_TRUE(config_service.get());
  69
  70   SSLConfig old_config;
  71   config_service->GetSSLConfig(&old_config);
  72   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
  73
  74   base::ListValue* list_value = new base::ListValue();
  75   list_value->Append(new base::StringValue("0x0004"));
  76   list_value->Append(new base::StringValue("0x0005"));
  77   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
  78
  79   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
  80   // preferences changed.
  81   message_loop_.RunUntilIdle();
  82
  83   SSLConfig config;
  84   config_service->GetSSLConfig(&config);
  85
  86   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
  87   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
  88   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
  89   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
  90 }
  91
  92 // Test that cipher suites can be disabled. "Bad" refers to the fact that
  93 // there are one or more non-cipher suite strings in the preference. They
  94 // should be ignored.
  95 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
  96   TestingPrefServiceSimple local_state;
  97   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  98
  99   scoped_ptr<SSLConfigServiceManager> config_manager(
 100       SSLConfigServiceManager::CreateDefaultManager(&local_state));
 101   ASSERT_TRUE(config_manager.get());
 102   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 103   ASSERT_TRUE(config_service.get());
 104
 105   SSLConfig old_config;
 106   config_service->GetSSLConfig(&old_config);
 107   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
 108
 109   base::ListValue* list_value = new base::ListValue();
 110   list_value->Append(new base::StringValue("0x0004"));
 111   list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
 112   list_value->Append(new base::StringValue("0x0005"));
 113   list_value->Append(new base::StringValue("0xBEEFY"));
 114   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
 115
 116   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
 117   // preferences changed.
 118   message_loop_.RunUntilIdle();
 119
 120   SSLConfig config;
 121   config_service->GetSSLConfig(&config);
 122
 123   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
 124   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
 125   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
 126   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 127 }
 128
 129 // Test that without command-line settings for minimum and maximum SSL versions,
 130 // SSL 3.0 ~ kDefaultSSLVersionMax are enabled.
 131 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
 132   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 133
 134   PrefServiceMockFactory factory;
 135   factory.set_user_prefs(local_state_store);
 136   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 137   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 138
 139   SSLConfigServiceManager::RegisterPrefs(registry.get());
 140
 141   scoped_ptr<SSLConfigServiceManager> config_manager(
 142       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 143   ASSERT_TRUE(config_manager.get());
 144   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 145   ASSERT_TRUE(config_service.get());
 146
 147   SSLConfig ssl_config;
 148   config_service->GetSSLConfig(&ssl_config);
 149   // The default value in the absence of command-line options is that
 150   // SSL 3.0 ~ kDefaultSSLVersionMax are enabled.
 151   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
 152   EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max);
 153
 154   // The settings should not be added to the local_state.
 155   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
 156   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
 157
 158   // Explicitly double-check the settings are not in the preference store.
 159   std::string version_min_str;
 160   std::string version_max_str;
 161   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 162                                             &version_min_str));
 163   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 164                                             &version_max_str));
 165 }
 166
 167 // Test that command-line settings for minimum and maximum SSL versions are
 168 // respected and that they do not persist to the preferences files.
 169 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
 170   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 171
 172   CommandLine command_line(CommandLine::NO_PROGRAM);
 173   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
 174   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
 175
 176   PrefServiceMockFactory factory;
 177   factory.set_user_prefs(local_state_store);
 178   factory.SetCommandLine(&command_line);
 179   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 180   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 181
 182   SSLConfigServiceManager::RegisterPrefs(registry.get());
 183
 184   scoped_ptr<SSLConfigServiceManager> config_manager(
 185       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 186   ASSERT_TRUE(config_manager.get());
 187   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 188   ASSERT_TRUE(config_service.get());
 189
 190   SSLConfig ssl_config;
 191   config_service->GetSSLConfig(&ssl_config);
 192   // Command-line flags should be respected.
 193   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 194   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
 195
 196   // Explicitly double-check the settings are not in the preference store.
 197   const PrefService::Preference* version_min_pref =
 198       local_state->FindPreference(prefs::kSSLVersionMin);
 199   EXPECT_FALSE(version_min_pref->IsUserModifiable());
 200
 201   const PrefService::Preference* version_max_pref =
 202       local_state->FindPreference(prefs::kSSLVersionMax);
 203   EXPECT_FALSE(version_max_pref->IsUserModifiable());
 204
 205   std::string version_min_str;
 206   std::string version_max_str;
 207   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 208                                             &version_min_str));
 209   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 210                                             &version_max_str));
 211 }