Chromium Code Reviews Chromium Code Reviews
Issue 1320533007:
Componentize ssl_config_service_manager_pref.cc (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/ssl_config_service_manager.h" | 5 #include "components/ssl_config/ssl_config_service_manager.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| 11 #include "base/prefs/testing_pref_store.h" | 11 #include "base/prefs/testing_pref_store.h" |
| 12 #include "base/thread_task_runner_handle.h" | |
| 12 #include "base/values.h" | 13 #include "base/values.h" |
| 13 #include "chrome/browser/prefs/command_line_pref_store.h" | |
| 14 #include "chrome/common/chrome_switches.h" | |
| 15 #include "chrome/common/pref_names.h" | |
| 16 #include "chrome/test/base/testing_profile.h" | |
| 17 #include "components/content_settings/core/browser/host_content_settings_map.h" | 14 #include "components/content_settings/core/browser/host_content_settings_map.h" |
| 18 #include "components/content_settings/core/common/content_settings.h" | 15 #include "components/content_settings/core/common/content_settings.h" |
| 16 #include "components/ssl_config/ssl_config_prefs.h" | |
| 17 #include "components/ssl_config/ssl_config_switches.h" | |
| 19 #include "components/syncable_prefs/pref_service_mock_factory.h" | 18 #include "components/syncable_prefs/pref_service_mock_factory.h" |
| 20 #include "components/syncable_prefs/testing_pref_service_syncable.h" | 19 #include "components/syncable_prefs/testing_pref_service_syncable.h" |
|
droger
2015/10/09 12:59:47
You can remove the includes of components/syncable
Abhishek
2015/10/12 08:40:14
Done.
| |
| 21 #include "content/public/test/test_browser_thread.h" | |
| 22 #include "net/ssl/ssl_config.h" | 20 #include "net/ssl/ssl_config.h" |
| 23 #include "net/ssl/ssl_config_service.h" | 21 #include "net/ssl/ssl_config_service.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
| 25 | 23 |
| 26 using base::ListValue; | 24 using base::ListValue; |
| 27 using base::Value; | 25 using base::Value; |
| 28 using content::BrowserThread; | |
| 29 using net::SSLConfig; | 26 using net::SSLConfig; |
| 30 using net::SSLConfigService; | 27 using net::SSLConfigService; |
| 28 using ssl_config::SSLConfigServiceManager; | |
| 31 | 29 |
| 32 class SSLConfigServiceManagerPrefTest : public testing::Test { | 30 class SSLConfigServiceManagerPrefTest : public testing::Test { |
| 33 public: | 31 public: |
| 34 SSLConfigServiceManagerPrefTest() | 32 SSLConfigServiceManagerPrefTest() {} |
| 35 : ui_thread_(BrowserThread::UI, &message_loop_), | |
| 36 io_thread_(BrowserThread::IO, &message_loop_) {} | |
| 37 | 33 |
| 38 protected: | 34 protected: |
| 39 base::MessageLoop message_loop_; | 35 base::MessageLoop message_loop_; |
| 40 content::TestBrowserThread ui_thread_; | |
| 41 content::TestBrowserThread io_thread_; | |
| 42 }; | 36 }; |
| 43 | 37 |
| 44 // Test channel id with no user prefs. | 38 // Test channel id with no user prefs. |
| 45 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { | 39 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { |
| 46 TestingPrefServiceSimple local_state; | 40 TestingPrefServiceSimple local_state; |
| 47 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 41 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 48 | 42 |
| 49 scoped_ptr<SSLConfigServiceManager> config_manager( | 43 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 50 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | 44 SSLConfigServiceManager::CreateDefaultManager( |
| 45 &local_state, base::ThreadTaskRunnerHandle::Get())); | |
| 51 ASSERT_TRUE(config_manager.get()); | 46 ASSERT_TRUE(config_manager.get()); |
| 52 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 47 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 53 ASSERT_TRUE(config_service.get()); | 48 ASSERT_TRUE(config_service.get()); |
| 54 | 49 |
| 55 SSLConfig config; | 50 SSLConfig config; |
| 56 config_service->GetSSLConfig(&config); | 51 config_service->GetSSLConfig(&config); |
| 57 EXPECT_TRUE(config.channel_id_enabled); | 52 EXPECT_TRUE(config.channel_id_enabled); |
| 58 } | 53 } |
| 59 | 54 |
| 60 // Test that cipher suites can be disabled. "Good" refers to the fact that | 55 // Test that cipher suites can be disabled. "Good" refers to the fact that |
| 61 // every value is expected to be successfully parsed into a cipher suite. | 56 // every value is expected to be successfully parsed into a cipher suite. |
| 62 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { | 57 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { |
| 63 TestingPrefServiceSimple local_state; | 58 TestingPrefServiceSimple local_state; |
| 64 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 59 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 65 | 60 |
| 66 scoped_ptr<SSLConfigServiceManager> config_manager( | 61 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 67 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | 62 SSLConfigServiceManager::CreateDefaultManager( |
| 63 &local_state, base::ThreadTaskRunnerHandle::Get())); | |
| 68 ASSERT_TRUE(config_manager.get()); | 64 ASSERT_TRUE(config_manager.get()); |
| 69 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 65 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 70 ASSERT_TRUE(config_service.get()); | 66 ASSERT_TRUE(config_service.get()); |
| 71 | 67 |
| 72 SSLConfig old_config; | 68 SSLConfig old_config; |
| 73 config_service->GetSSLConfig(&old_config); | 69 config_service->GetSSLConfig(&old_config); |
| 74 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | 70 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); |
| 75 | 71 |
| 76 base::ListValue* list_value = new base::ListValue(); | 72 base::ListValue* list_value = new base::ListValue(); |
| 77 list_value->Append(new base::StringValue("0x0004")); | 73 list_value->Append(new base::StringValue("0x0004")); |
| 78 list_value->Append(new base::StringValue("0x0005")); | 74 list_value->Append(new base::StringValue("0x0005")); |
| 79 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | 75 local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value); |
| 80 | 76 |
| 81 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | 77 // Pump the message loop to notify the SSLConfigServiceManagerPref that the |
| 82 // preferences changed. | 78 // preferences changed. |
| 83 message_loop_.RunUntilIdle(); | 79 message_loop_.RunUntilIdle(); |
| 84 | 80 |
| 85 SSLConfig config; | 81 SSLConfig config; |
| 86 config_service->GetSSLConfig(&config); | 82 config_service->GetSSLConfig(&config); |
| 87 | 83 |
| 88 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | 84 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); |
| 89 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | 85 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); |
| 90 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | 86 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); |
| 91 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 87 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
| 92 } | 88 } |
| 93 | 89 |
| 94 // Test that cipher suites can be disabled. "Bad" refers to the fact that | 90 // Test that cipher suites can be disabled. "Bad" refers to the fact that |
| 95 // there are one or more non-cipher suite strings in the preference. They | 91 // there are one or more non-cipher suite strings in the preference. They |
| 96 // should be ignored. | 92 // should be ignored. |
| 97 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { | 93 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { |
| 98 TestingPrefServiceSimple local_state; | 94 TestingPrefServiceSimple local_state; |
| 99 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 95 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 100 | 96 |
| 101 scoped_ptr<SSLConfigServiceManager> config_manager( | 97 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 102 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | 98 SSLConfigServiceManager::CreateDefaultManager( |
| 99 &local_state, base::ThreadTaskRunnerHandle::Get())); | |
| 103 ASSERT_TRUE(config_manager.get()); | 100 ASSERT_TRUE(config_manager.get()); |
| 104 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 101 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 105 ASSERT_TRUE(config_service.get()); | 102 ASSERT_TRUE(config_service.get()); |
| 106 | 103 |
| 107 SSLConfig old_config; | 104 SSLConfig old_config; |
| 108 config_service->GetSSLConfig(&old_config); | 105 config_service->GetSSLConfig(&old_config); |
| 109 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | 106 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); |
| 110 | 107 |
| 111 base::ListValue* list_value = new base::ListValue(); | 108 base::ListValue* list_value = new base::ListValue(); |
| 112 list_value->Append(new base::StringValue("0x0004")); | 109 list_value->Append(new base::StringValue("0x0004")); |
| 113 list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); | 110 list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); |
| 114 list_value->Append(new base::StringValue("0x0005")); | 111 list_value->Append(new base::StringValue("0x0005")); |
| 115 list_value->Append(new base::StringValue("0xBEEFY")); | 112 list_value->Append(new base::StringValue("0xBEEFY")); |
| 116 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | 113 local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value); |
| 117 | 114 |
| 118 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | 115 // Pump the message loop to notify the SSLConfigServiceManagerPref that the |
| 119 // preferences changed. | 116 // preferences changed. |
| 120 message_loop_.RunUntilIdle(); | 117 message_loop_.RunUntilIdle(); |
| 121 | 118 |
| 122 SSLConfig config; | 119 SSLConfig config; |
| 123 config_service->GetSSLConfig(&config); | 120 config_service->GetSSLConfig(&config); |
| 124 | 121 |
| 125 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | 122 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); |
| 126 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | 123 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); |
| 127 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | 124 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); |
| 128 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 125 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
| 129 } | 126 } |
| 130 | 127 |
| 131 // Test that without command-line settings for minimum and maximum SSL versions, | 128 // Test that without command-line settings for minimum and maximum SSL versions, |
| 132 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. | 129 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. |
| 133 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { | 130 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { |
| 134 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 131 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 135 | 132 TestingPrefServiceSimple local_state; |
| 136 syncable_prefs::PrefServiceMockFactory factory; | 133 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 137 factory.set_user_prefs(local_state_store); | |
| 138 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 139 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 140 | |
| 141 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 142 | 134 |
| 143 scoped_ptr<SSLConfigServiceManager> config_manager( | 135 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 144 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | 136 SSLConfigServiceManager::CreateDefaultManager( |
| 137 &local_state, base::ThreadTaskRunnerHandle::Get())); | |
| 145 ASSERT_TRUE(config_manager.get()); | 138 ASSERT_TRUE(config_manager.get()); |
| 146 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 139 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 147 ASSERT_TRUE(config_service.get()); | 140 ASSERT_TRUE(config_service.get()); |
| 148 | 141 |
| 149 SSLConfig ssl_config; | 142 SSLConfig ssl_config; |
| 150 config_service->GetSSLConfig(&ssl_config); | 143 config_service->GetSSLConfig(&ssl_config); |
| 151 // In the absence of command-line options, the default TLS version range is | 144 // In the absence of command-line options, the default TLS version range is |
| 152 // enabled. | 145 // enabled. |
| 153 EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min); | 146 EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min); |
| 154 EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max); | 147 EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max); |
| 155 | 148 |
| 156 // The settings should not be added to the local_state. | 149 // The settings should not be added to the local_state. |
| 157 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); | 150 EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMin)); |
| 158 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); | 151 EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMax)); |
| 159 | 152 |
| 160 // Explicitly double-check the settings are not in the preference store. | 153 // Explicitly double-check the settings are not in the preference store. |
| 161 std::string version_min_str; | 154 std::string version_min_str; |
| 162 std::string version_max_str; | 155 std::string version_max_str; |
| 163 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | 156 EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMin, |
| 164 &version_min_str)); | 157 &version_min_str)); |
| 165 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | 158 EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMax, |
| 166 &version_max_str)); | 159 &version_max_str)); |
| 167 } | 160 } |
| 168 | 161 |
| 169 // Test that command-line settings for minimum and maximum SSL versions are | |
| 170 // respected and that they do not persist to the preferences files. | |
| 171 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { | |
| 172 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | |
| 173 | |
| 174 base::CommandLine command_line(base::CommandLine::NO_PROGRAM); | |
| 175 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1"); | |
| 176 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1"); | |
| 177 | |
| 178 syncable_prefs::PrefServiceMockFactory factory; | |
| 179 factory.set_user_prefs(local_state_store); | |
| 180 factory.set_command_line_prefs(new CommandLinePrefStore(&command_line)); | |
| 181 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 182 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 183 | |
| 184 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 185 | |
| 186 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 187 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | |
| 188 ASSERT_TRUE(config_manager.get()); | |
| 189 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 190 ASSERT_TRUE(config_service.get()); | |
| 191 | |
| 192 SSLConfig ssl_config; | |
| 193 config_service->GetSSLConfig(&ssl_config); | |
| 194 // Command-line flags should be respected. | |
| 195 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min); | |
| 196 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); | |
| 197 | |
| 198 // Explicitly double-check the settings are not in the preference store. | |
| 199 const PrefService::Preference* version_min_pref = | |
| 200 local_state->FindPreference(prefs::kSSLVersionMin); | |
| 201 EXPECT_FALSE(version_min_pref->IsUserModifiable()); | |
| 202 | |
| 203 const PrefService::Preference* version_max_pref = | |
| 204 local_state->FindPreference(prefs::kSSLVersionMax); | |
| 205 EXPECT_FALSE(version_max_pref->IsUserModifiable()); | |
| 206 | |
| 207 std::string version_min_str; | |
| 208 std::string version_max_str; | |
| 209 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | |
| 210 &version_min_str)); | |
| 211 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | |
| 212 &version_max_str)); | |
| 213 } | |
| 214 | |
| 215 // Tests that "ssl3" is not treated as a valid minimum version. | 162 // Tests that "ssl3" is not treated as a valid minimum version. |
| 216 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { | 163 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { |
| 217 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 164 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 218 | 165 |
| 219 base::CommandLine command_line(base::CommandLine::NO_PROGRAM); | 166 TestingPrefServiceSimple local_state; |
| 220 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "ssl3"); | 167 local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin, |
| 221 | 168 new base::StringValue("ssl3")); |
| 222 syncable_prefs::PrefServiceMockFactory factory; | 169 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 223 factory.set_user_prefs(local_state_store); | |
| 224 factory.set_command_line_prefs(new CommandLinePrefStore(&command_line)); | |
| 225 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 226 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 227 | |
| 228 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 229 | 170 |
| 230 scoped_ptr<SSLConfigServiceManager> config_manager( | 171 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 231 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | 172 SSLConfigServiceManager::CreateDefaultManager( |
| 173 &local_state, base::ThreadTaskRunnerHandle::Get())); | |
| 232 ASSERT_TRUE(config_manager.get()); | 174 ASSERT_TRUE(config_manager.get()); |
| 233 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 175 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 234 ASSERT_TRUE(config_service.get()); | 176 ASSERT_TRUE(config_service.get()); |
| 235 | 177 |
| 236 SSLConfig ssl_config; | 178 SSLConfig ssl_config; |
| 237 config_service->GetSSLConfig(&ssl_config); | 179 config_service->GetSSLConfig(&ssl_config); |
| 238 // The command-line option must not have been honored. | 180 // The command-line option must not have been honored. |
| 239 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); | 181 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); |
| 240 } | 182 } |
| OLD | NEW |
