Chromium Code Reviews Chromium Code Reviews
Issue 7462008:
Add a preference and command-line option to disable SSL/TLS cipher suites (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/net/pref_proxy_config_service.h" | |
| 6 | |
| 7 #include "base/message_loop.h" | |
| 8 #include "base/values.h" | |
| 9 #include "chrome/browser/net/ssl_config_service_manager.h" | |
| 10 #include "chrome/common/pref_names.h" | |
| 11 #include "chrome/test/testing_pref_service.h" | |
| 12 #include "content/browser/browser_thread.h" | |
| 13 #include "net/base/ssl_config_service.h" | |
| 14 #include "testing/gtest/include/gtest/gtest.h" | |
| 15 | |
| 16 using base::ListValue; | |
| 17 using base::Value; | |
| 18 using net::SSLConfig; | |
| 19 using net::SSLConfigService; | |
| 20 | |
| 21 class SSLConfigServiceManagerPrefTest : public testing::Test { | |
| 22 public: | |
| 23 SSLConfigServiceManagerPrefTest() {} | |
| 24 | |
| 25 virtual void SetUp() { | |
| 26 message_loop_.reset(new MessageLoop()); | |
| 27 ui_thread_.reset( | |
| 28 new BrowserThread(BrowserThread::UI, message_loop_.get())); | |
|
battre
2011/07/22 08:44:04
nit: single line (also below)
Ryan Sleevi
2011/07/23 04:55:41
Single line is 81 characters, hence the wrapping.
| |
| 29 io_thread_.reset( | |
| 30 new BrowserThread(BrowserThread::IO, message_loop_.get())); | |
| 31 pref_service_.reset(new TestingPrefService()); | |
| 32 SSLConfigServiceManager::RegisterPrefs(pref_service_.get()); | |
| 33 } | |
| 34 | |
| 35 virtual void TearDown() { | |
| 36 pref_service_.reset(); | |
| 37 io_thread_.reset(); | |
| 38 ui_thread_.reset(); | |
| 39 message_loop_.reset(); | |
| 40 } | |
| 41 | |
| 42 protected: | |
| 43 scoped_ptr<MessageLoop> message_loop_; | |
| 44 scoped_ptr<BrowserThread> ui_thread_; | |
| 45 scoped_ptr<BrowserThread> io_thread_; | |
| 46 scoped_ptr<TestingPrefService> pref_service_; | |
| 47 }; | |
| 48 | |
| 49 // Test that cipher suites can be disabled. "Good" refers to the fact that | |
| 50 // every value is expected to be successfully parsed into a cipher suite. | |
| 51 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { | |
| 52 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 53 SSLConfigServiceManager::CreateDefaultManager(pref_service_.get())); | |
| 54 ASSERT_TRUE(config_manager.get()); | |
| 55 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 56 ASSERT_TRUE(config_service.get()); | |
| 57 | |
| 58 SSLConfig old_config; | |
| 59 config_service->GetSSLConfig(&old_config); | |
| 60 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | |
| 61 | |
| 62 ListValue* list_value = new ListValue(); | |
| 63 list_value->Append(Value::CreateStringValue("0x0004")); | |
| 64 list_value->Append(Value::CreateStringValue("0x0005")); | |
| 65 pref_service_->SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | |
| 66 | |
| 67 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | |
| 68 // preferences changed. | |
| 69 message_loop_->RunAllPending(); | |
| 70 | |
| 71 SSLConfig config; | |
| 72 config_service->GetSSLConfig(&config); | |
| 73 | |
| 74 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | |
| 75 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | |
| 76 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | |
| 77 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | |
| 78 } | |
| 79 | |
| 80 // Test that cipher suites can be disabled. "Bad" refers to the fact that | |
| 81 // there are one or more non-cipher suite strings in the preference. They | |
| 82 // should be ignored. | |
| 83 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { | |
| 84 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 85 SSLConfigServiceManager::CreateDefaultManager(pref_service_.get())); | |
| 86 ASSERT_TRUE(config_manager.get()); | |
| 87 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 88 ASSERT_TRUE(config_service.get()); | |
| 89 | |
| 90 SSLConfig old_config; | |
| 91 config_service->GetSSLConfig(&old_config); | |
| 92 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | |
| 93 | |
| 94 ListValue* list_value = new ListValue(); | |
| 95 list_value->Append(Value::CreateStringValue("0x0004")); | |
| 96 list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); | |
| 97 list_value->Append(Value::CreateStringValue("0x0005")); | |
| 98 list_value->Append(Value::CreateStringValue("0xBEEFY")); | |
| 99 pref_service_->SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | |
| 100 | |
| 101 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | |
| 102 // preferences changed. | |
| 103 message_loop_->RunAllPending(); | |
| 104 | |
| 105 SSLConfig config; | |
| 106 config_service->GetSSLConfig(&config); | |
| 107 | |
| 108 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | |
| 109 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | |
| 110 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | |
| 111 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | |
| 112 } | |
| OLD | NEW |
