| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/net/ssl_config_service_manager.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/memory/ref_counted.h" | |
| 9 #include "base/message_loop/message_loop.h" | |
| 10 #include "base/prefs/pref_registry_simple.h" | |
| 11 #include "base/prefs/testing_pref_store.h" | |
| 12 #include "base/values.h" | |
| 13 #include "chrome/browser/prefs/command_line_pref_store.h" | |
| 14 #include "chrome/common/chrome_switches.h" | |
| 15 #include "chrome/common/pref_names.h" | |
| 16 #include "chrome/test/base/testing_profile.h" | |
| 17 #include "components/content_settings/core/browser/host_content_settings_map.h" | |
| 18 #include "components/content_settings/core/common/content_settings.h" | |
| 19 #include "components/syncable_prefs/pref_service_mock_factory.h" | |
| 20 #include "components/syncable_prefs/testing_pref_service_syncable.h" | |
| 21 #include "content/public/test/test_browser_thread.h" | |
| 22 #include "net/ssl/ssl_config.h" | |
| 23 #include "net/ssl/ssl_config_service.h" | |
| 24 #include "testing/gtest/include/gtest/gtest.h" | |
| 25 | |
| 26 using base::ListValue; | |
| 27 using base::Value; | |
| 28 using content::BrowserThread; | |
| 29 using net::SSLConfig; | |
| 30 using net::SSLConfigService; | |
| 31 | |
| 32 class SSLConfigServiceManagerPrefTest : public testing::Test { | |
| 33 public: | |
| 34 SSLConfigServiceManagerPrefTest() | |
| 35 : ui_thread_(BrowserThread::UI, &message_loop_), | |
| 36 io_thread_(BrowserThread::IO, &message_loop_) {} | |
| 37 | |
| 38 protected: | |
| 39 base::MessageLoop message_loop_; | |
| 40 content::TestBrowserThread ui_thread_; | |
| 41 content::TestBrowserThread io_thread_; | |
| 42 }; | |
| 43 | |
| 44 // Test channel id with no user prefs. | |
| 45 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { | |
| 46 TestingPrefServiceSimple local_state; | |
| 47 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | |
| 48 | |
| 49 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 50 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | |
| 51 ASSERT_TRUE(config_manager.get()); | |
| 52 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 53 ASSERT_TRUE(config_service.get()); | |
| 54 | |
| 55 SSLConfig config; | |
| 56 config_service->GetSSLConfig(&config); | |
| 57 EXPECT_TRUE(config.channel_id_enabled); | |
| 58 } | |
| 59 | |
| 60 // Test that cipher suites can be disabled. "Good" refers to the fact that | |
| 61 // every value is expected to be successfully parsed into a cipher suite. | |
| 62 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { | |
| 63 TestingPrefServiceSimple local_state; | |
| 64 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | |
| 65 | |
| 66 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 67 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | |
| 68 ASSERT_TRUE(config_manager.get()); | |
| 69 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 70 ASSERT_TRUE(config_service.get()); | |
| 71 | |
| 72 SSLConfig old_config; | |
| 73 config_service->GetSSLConfig(&old_config); | |
| 74 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | |
| 75 | |
| 76 base::ListValue* list_value = new base::ListValue(); | |
| 77 list_value->Append(new base::StringValue("0x0004")); | |
| 78 list_value->Append(new base::StringValue("0x0005")); | |
| 79 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | |
| 80 | |
| 81 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | |
| 82 // preferences changed. | |
| 83 message_loop_.RunUntilIdle(); | |
| 84 | |
| 85 SSLConfig config; | |
| 86 config_service->GetSSLConfig(&config); | |
| 87 | |
| 88 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | |
| 89 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | |
| 90 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | |
| 91 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | |
| 92 } | |
| 93 | |
| 94 // Test that cipher suites can be disabled. "Bad" refers to the fact that | |
| 95 // there are one or more non-cipher suite strings in the preference. They | |
| 96 // should be ignored. | |
| 97 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { | |
| 98 TestingPrefServiceSimple local_state; | |
| 99 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | |
| 100 | |
| 101 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 102 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | |
| 103 ASSERT_TRUE(config_manager.get()); | |
| 104 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 105 ASSERT_TRUE(config_service.get()); | |
| 106 | |
| 107 SSLConfig old_config; | |
| 108 config_service->GetSSLConfig(&old_config); | |
| 109 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | |
| 110 | |
| 111 base::ListValue* list_value = new base::ListValue(); | |
| 112 list_value->Append(new base::StringValue("0x0004")); | |
| 113 list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); | |
| 114 list_value->Append(new base::StringValue("0x0005")); | |
| 115 list_value->Append(new base::StringValue("0xBEEFY")); | |
| 116 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | |
| 117 | |
| 118 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | |
| 119 // preferences changed. | |
| 120 message_loop_.RunUntilIdle(); | |
| 121 | |
| 122 SSLConfig config; | |
| 123 config_service->GetSSLConfig(&config); | |
| 124 | |
| 125 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | |
| 126 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | |
| 127 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | |
| 128 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | |
| 129 } | |
| 130 | |
| 131 // Test that without command-line settings for minimum and maximum SSL versions, | |
| 132 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. | |
| 133 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { | |
| 134 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | |
| 135 | |
| 136 syncable_prefs::PrefServiceMockFactory factory; | |
| 137 factory.set_user_prefs(local_state_store); | |
| 138 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 139 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 140 | |
| 141 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 142 | |
| 143 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 144 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | |
| 145 ASSERT_TRUE(config_manager.get()); | |
| 146 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 147 ASSERT_TRUE(config_service.get()); | |
| 148 | |
| 149 SSLConfig ssl_config; | |
| 150 config_service->GetSSLConfig(&ssl_config); | |
| 151 // In the absence of command-line options, the default TLS version range is | |
| 152 // enabled. | |
| 153 EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min); | |
| 154 EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max); | |
| 155 | |
| 156 // The settings should not be added to the local_state. | |
| 157 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); | |
| 158 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); | |
| 159 | |
| 160 // Explicitly double-check the settings are not in the preference store. | |
| 161 std::string version_min_str; | |
| 162 std::string version_max_str; | |
| 163 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | |
| 164 &version_min_str)); | |
| 165 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | |
| 166 &version_max_str)); | |
| 167 } | |
| 168 | |
| 169 // Test that command-line settings for minimum and maximum SSL versions are | |
| 170 // respected and that they do not persist to the preferences files. | |
| 171 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { | |
| 172 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | |
| 173 | |
| 174 base::CommandLine command_line(base::CommandLine::NO_PROGRAM); | |
| 175 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1"); | |
| 176 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1"); | |
| 177 | |
| 178 syncable_prefs::PrefServiceMockFactory factory; | |
| 179 factory.set_user_prefs(local_state_store); | |
| 180 factory.set_command_line_prefs(new CommandLinePrefStore(&command_line)); | |
| 181 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 182 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 183 | |
| 184 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 185 | |
| 186 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 187 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | |
| 188 ASSERT_TRUE(config_manager.get()); | |
| 189 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 190 ASSERT_TRUE(config_service.get()); | |
| 191 | |
| 192 SSLConfig ssl_config; | |
| 193 config_service->GetSSLConfig(&ssl_config); | |
| 194 // Command-line flags should be respected. | |
| 195 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min); | |
| 196 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); | |
| 197 | |
| 198 // Explicitly double-check the settings are not in the preference store. | |
| 199 const PrefService::Preference* version_min_pref = | |
| 200 local_state->FindPreference(prefs::kSSLVersionMin); | |
| 201 EXPECT_FALSE(version_min_pref->IsUserModifiable()); | |
| 202 | |
| 203 const PrefService::Preference* version_max_pref = | |
| 204 local_state->FindPreference(prefs::kSSLVersionMax); | |
| 205 EXPECT_FALSE(version_max_pref->IsUserModifiable()); | |
| 206 | |
| 207 std::string version_min_str; | |
| 208 std::string version_max_str; | |
| 209 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | |
| 210 &version_min_str)); | |
| 211 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | |
| 212 &version_max_str)); | |
| 213 } | |
| 214 | |
| 215 // Tests that "ssl3" is not treated as a valid minimum version. | |
| 216 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { | |
| 217 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | |
| 218 | |
| 219 base::CommandLine command_line(base::CommandLine::NO_PROGRAM); | |
| 220 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "ssl3"); | |
| 221 | |
| 222 syncable_prefs::PrefServiceMockFactory factory; | |
| 223 factory.set_user_prefs(local_state_store); | |
| 224 factory.set_command_line_prefs(new CommandLinePrefStore(&command_line)); | |
| 225 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 226 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 227 | |
| 228 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 229 | |
| 230 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 231 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | |
| 232 ASSERT_TRUE(config_manager.get()); | |
| 233 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 234 ASSERT_TRUE(config_service.get()); | |
| 235 | |
| 236 SSLConfig ssl_config; | |
| 237 config_service->GetSSLConfig(&ssl_config); | |
| 238 // The command-line option must not have been honored. | |
| 239 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); | |
| 240 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1320533007:
Componentize ssl_config_service_manager_pref.cc (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master