| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/ssl_config_service_manager.h" | 5 #include "components/ssl_config/ssl_config_service_manager.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | |
| 8 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 9 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 9 #include "base/prefs/testing_pref_service.h" |
| 11 #include "base/prefs/testing_pref_store.h" | 10 #include "base/thread_task_runner_handle.h" |
| 12 #include "base/values.h" | 11 #include "base/values.h" |
| 13 #include "chrome/browser/prefs/command_line_pref_store.h" | 12 #include "components/ssl_config/ssl_config_prefs.h" |
| 14 #include "chrome/common/chrome_switches.h" | 13 #include "components/ssl_config/ssl_config_switches.h" |
| 15 #include "chrome/common/pref_names.h" | |
| 16 #include "chrome/test/base/testing_profile.h" | |
| 17 #include "components/content_settings/core/browser/host_content_settings_map.h" | |
| 18 #include "components/content_settings/core/common/content_settings.h" | |
| 19 #include "components/syncable_prefs/pref_service_mock_factory.h" | |
| 20 #include "components/syncable_prefs/testing_pref_service_syncable.h" | |
| 21 #include "content/public/test/test_browser_thread.h" | |
| 22 #include "net/ssl/ssl_config.h" | 14 #include "net/ssl/ssl_config.h" |
| 23 #include "net/ssl/ssl_config_service.h" | 15 #include "net/ssl/ssl_config_service.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 25 | 17 |
| 26 using base::ListValue; | 18 using base::ListValue; |
| 27 using base::Value; | |
| 28 using content::BrowserThread; | |
| 29 using net::SSLConfig; | 19 using net::SSLConfig; |
| 30 using net::SSLConfigService; | 20 using net::SSLConfigService; |
| 21 using ssl_config::SSLConfigServiceManager; |
| 31 | 22 |
| 32 class SSLConfigServiceManagerPrefTest : public testing::Test { | 23 class SSLConfigServiceManagerPrefTest : public testing::Test { |
| 33 public: | 24 public: |
| 34 SSLConfigServiceManagerPrefTest() | 25 SSLConfigServiceManagerPrefTest() {} |
| 35 : ui_thread_(BrowserThread::UI, &message_loop_), | |
| 36 io_thread_(BrowserThread::IO, &message_loop_) {} | |
| 37 | 26 |
| 38 protected: | 27 protected: |
| 39 base::MessageLoop message_loop_; | 28 base::MessageLoop message_loop_; |
| 40 content::TestBrowserThread ui_thread_; | |
| 41 content::TestBrowserThread io_thread_; | |
| 42 }; | 29 }; |
| 43 | 30 |
| 44 // Test channel id with no user prefs. | 31 // Test channel id with no user prefs. |
| 45 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { | 32 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { |
| 46 TestingPrefServiceSimple local_state; | 33 TestingPrefServiceSimple local_state; |
| 47 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 34 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 48 | 35 |
| 49 scoped_ptr<SSLConfigServiceManager> config_manager( | 36 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 50 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | 37 SSLConfigServiceManager::CreateDefaultManager( |
| 38 &local_state, base::ThreadTaskRunnerHandle::Get())); |
| 51 ASSERT_TRUE(config_manager.get()); | 39 ASSERT_TRUE(config_manager.get()); |
| 52 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 40 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 53 ASSERT_TRUE(config_service.get()); | 41 ASSERT_TRUE(config_service.get()); |
| 54 | 42 |
| 55 SSLConfig config; | 43 SSLConfig config; |
| 56 config_service->GetSSLConfig(&config); | 44 config_service->GetSSLConfig(&config); |
| 57 EXPECT_TRUE(config.channel_id_enabled); | 45 EXPECT_TRUE(config.channel_id_enabled); |
| 58 } | 46 } |
| 59 | 47 |
| 60 // Test that cipher suites can be disabled. "Good" refers to the fact that | 48 // Test that cipher suites can be disabled. "Good" refers to the fact that |
| 61 // every value is expected to be successfully parsed into a cipher suite. | 49 // every value is expected to be successfully parsed into a cipher suite. |
| 62 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { | 50 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { |
| 63 TestingPrefServiceSimple local_state; | 51 TestingPrefServiceSimple local_state; |
| 64 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 52 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 65 | 53 |
| 66 scoped_ptr<SSLConfigServiceManager> config_manager( | 54 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 67 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | 55 SSLConfigServiceManager::CreateDefaultManager( |
| 56 &local_state, base::ThreadTaskRunnerHandle::Get())); |
| 68 ASSERT_TRUE(config_manager.get()); | 57 ASSERT_TRUE(config_manager.get()); |
| 69 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 58 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 70 ASSERT_TRUE(config_service.get()); | 59 ASSERT_TRUE(config_service.get()); |
| 71 | 60 |
| 72 SSLConfig old_config; | 61 SSLConfig old_config; |
| 73 config_service->GetSSLConfig(&old_config); | 62 config_service->GetSSLConfig(&old_config); |
| 74 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | 63 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); |
| 75 | 64 |
| 76 base::ListValue* list_value = new base::ListValue(); | 65 base::ListValue* list_value = new base::ListValue(); |
| 77 list_value->Append(new base::StringValue("0x0004")); | 66 list_value->Append(new base::StringValue("0x0004")); |
| 78 list_value->Append(new base::StringValue("0x0005")); | 67 list_value->Append(new base::StringValue("0x0005")); |
| 79 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | 68 local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value); |
| 80 | 69 |
| 81 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | 70 // Pump the message loop to notify the SSLConfigServiceManagerPref that the |
| 82 // preferences changed. | 71 // preferences changed. |
| 83 message_loop_.RunUntilIdle(); | 72 message_loop_.RunUntilIdle(); |
| 84 | 73 |
| 85 SSLConfig config; | 74 SSLConfig config; |
| 86 config_service->GetSSLConfig(&config); | 75 config_service->GetSSLConfig(&config); |
| 87 | 76 |
| 88 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | 77 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); |
| 89 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | 78 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); |
| 90 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | 79 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); |
| 91 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 80 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
| 92 } | 81 } |
| 93 | 82 |
| 94 // Test that cipher suites can be disabled. "Bad" refers to the fact that | 83 // Test that cipher suites can be disabled. "Bad" refers to the fact that |
| 95 // there are one or more non-cipher suite strings in the preference. They | 84 // there are one or more non-cipher suite strings in the preference. They |
| 96 // should be ignored. | 85 // should be ignored. |
| 97 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { | 86 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { |
| 98 TestingPrefServiceSimple local_state; | 87 TestingPrefServiceSimple local_state; |
| 99 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 88 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 100 | 89 |
| 101 scoped_ptr<SSLConfigServiceManager> config_manager( | 90 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 102 SSLConfigServiceManager::CreateDefaultManager(&local_state)); | 91 SSLConfigServiceManager::CreateDefaultManager( |
| 92 &local_state, base::ThreadTaskRunnerHandle::Get())); |
| 103 ASSERT_TRUE(config_manager.get()); | 93 ASSERT_TRUE(config_manager.get()); |
| 104 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 94 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 105 ASSERT_TRUE(config_service.get()); | 95 ASSERT_TRUE(config_service.get()); |
| 106 | 96 |
| 107 SSLConfig old_config; | 97 SSLConfig old_config; |
| 108 config_service->GetSSLConfig(&old_config); | 98 config_service->GetSSLConfig(&old_config); |
| 109 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | 99 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); |
| 110 | 100 |
| 111 base::ListValue* list_value = new base::ListValue(); | 101 base::ListValue* list_value = new base::ListValue(); |
| 112 list_value->Append(new base::StringValue("0x0004")); | 102 list_value->Append(new base::StringValue("0x0004")); |
| 113 list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); | 103 list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); |
| 114 list_value->Append(new base::StringValue("0x0005")); | 104 list_value->Append(new base::StringValue("0x0005")); |
| 115 list_value->Append(new base::StringValue("0xBEEFY")); | 105 list_value->Append(new base::StringValue("0xBEEFY")); |
| 116 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); | 106 local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value); |
| 117 | 107 |
| 118 // Pump the message loop to notify the SSLConfigServiceManagerPref that the | 108 // Pump the message loop to notify the SSLConfigServiceManagerPref that the |
| 119 // preferences changed. | 109 // preferences changed. |
| 120 message_loop_.RunUntilIdle(); | 110 message_loop_.RunUntilIdle(); |
| 121 | 111 |
| 122 SSLConfig config; | 112 SSLConfig config; |
| 123 config_service->GetSSLConfig(&config); | 113 config_service->GetSSLConfig(&config); |
| 124 | 114 |
| 125 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | 115 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); |
| 126 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | 116 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); |
| 127 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | 117 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); |
| 128 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 118 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
| 129 } | 119 } |
| 130 | 120 |
| 131 // Test that without command-line settings for minimum and maximum SSL versions, | 121 // Test that without command-line settings for minimum and maximum SSL versions, |
| 132 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. | 122 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. |
| 133 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { | 123 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { |
| 134 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 124 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 135 | 125 TestingPrefServiceSimple local_state; |
| 136 syncable_prefs::PrefServiceMockFactory factory; | 126 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 137 factory.set_user_prefs(local_state_store); | |
| 138 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 139 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 140 | |
| 141 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 142 | 127 |
| 143 scoped_ptr<SSLConfigServiceManager> config_manager( | 128 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 144 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | 129 SSLConfigServiceManager::CreateDefaultManager( |
| 130 &local_state, base::ThreadTaskRunnerHandle::Get())); |
| 145 ASSERT_TRUE(config_manager.get()); | 131 ASSERT_TRUE(config_manager.get()); |
| 146 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 132 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 147 ASSERT_TRUE(config_service.get()); | 133 ASSERT_TRUE(config_service.get()); |
| 148 | 134 |
| 149 SSLConfig ssl_config; | 135 SSLConfig ssl_config; |
| 150 config_service->GetSSLConfig(&ssl_config); | 136 config_service->GetSSLConfig(&ssl_config); |
| 151 // In the absence of command-line options, the default TLS version range is | 137 // In the absence of command-line options, the default TLS version range is |
| 152 // enabled. | 138 // enabled. |
| 153 EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min); | 139 EXPECT_EQ(net::kDefaultSSLVersionMin, ssl_config.version_min); |
| 154 EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max); | 140 EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max); |
| 155 | 141 |
| 156 // The settings should not be added to the local_state. | 142 // The settings should not be added to the local_state. |
| 157 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); | 143 EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMin)); |
| 158 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); | 144 EXPECT_FALSE(local_state.HasPrefPath(ssl_config::prefs::kSSLVersionMax)); |
| 159 | 145 |
| 160 // Explicitly double-check the settings are not in the preference store. | 146 // Explicitly double-check the settings are not in the preference store. |
| 161 std::string version_min_str; | 147 std::string version_min_str; |
| 162 std::string version_max_str; | 148 std::string version_max_str; |
| 163 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | 149 EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMin, |
| 164 &version_min_str)); | 150 &version_min_str)); |
| 165 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | 151 EXPECT_FALSE(local_state_store->GetString(ssl_config::prefs::kSSLVersionMax, |
| 166 &version_max_str)); | 152 &version_max_str)); |
| 167 } | 153 } |
| 168 | 154 |
| 169 // Test that command-line settings for minimum and maximum SSL versions are | |
| 170 // respected and that they do not persist to the preferences files. | |
| 171 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { | |
| 172 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | |
| 173 | |
| 174 base::CommandLine command_line(base::CommandLine::NO_PROGRAM); | |
| 175 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1"); | |
| 176 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1"); | |
| 177 | |
| 178 syncable_prefs::PrefServiceMockFactory factory; | |
| 179 factory.set_user_prefs(local_state_store); | |
| 180 factory.set_command_line_prefs(new CommandLinePrefStore(&command_line)); | |
| 181 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 182 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 183 | |
| 184 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 185 | |
| 186 scoped_ptr<SSLConfigServiceManager> config_manager( | |
| 187 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | |
| 188 ASSERT_TRUE(config_manager.get()); | |
| 189 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | |
| 190 ASSERT_TRUE(config_service.get()); | |
| 191 | |
| 192 SSLConfig ssl_config; | |
| 193 config_service->GetSSLConfig(&ssl_config); | |
| 194 // Command-line flags should be respected. | |
| 195 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min); | |
| 196 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); | |
| 197 | |
| 198 // Explicitly double-check the settings are not in the preference store. | |
| 199 const PrefService::Preference* version_min_pref = | |
| 200 local_state->FindPreference(prefs::kSSLVersionMin); | |
| 201 EXPECT_FALSE(version_min_pref->IsUserModifiable()); | |
| 202 | |
| 203 const PrefService::Preference* version_max_pref = | |
| 204 local_state->FindPreference(prefs::kSSLVersionMax); | |
| 205 EXPECT_FALSE(version_max_pref->IsUserModifiable()); | |
| 206 | |
| 207 std::string version_min_str; | |
| 208 std::string version_max_str; | |
| 209 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | |
| 210 &version_min_str)); | |
| 211 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | |
| 212 &version_max_str)); | |
| 213 } | |
| 214 | |
| 215 // Tests that "ssl3" is not treated as a valid minimum version. | 155 // Tests that "ssl3" is not treated as a valid minimum version. |
| 216 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { | 156 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { |
| 217 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 157 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 218 | 158 |
| 219 base::CommandLine command_line(base::CommandLine::NO_PROGRAM); | 159 TestingPrefServiceSimple local_state; |
| 220 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "ssl3"); | 160 local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin, |
| 221 | 161 new base::StringValue("ssl3")); |
| 222 syncable_prefs::PrefServiceMockFactory factory; | 162 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
| 223 factory.set_user_prefs(local_state_store); | |
| 224 factory.set_command_line_prefs(new CommandLinePrefStore(&command_line)); | |
| 225 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | |
| 226 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | |
| 227 | |
| 228 SSLConfigServiceManager::RegisterPrefs(registry.get()); | |
| 229 | 163 |
| 230 scoped_ptr<SSLConfigServiceManager> config_manager( | 164 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 231 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | 165 SSLConfigServiceManager::CreateDefaultManager( |
| 166 &local_state, base::ThreadTaskRunnerHandle::Get())); |
| 232 ASSERT_TRUE(config_manager.get()); | 167 ASSERT_TRUE(config_manager.get()); |
| 233 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 168 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 234 ASSERT_TRUE(config_service.get()); | 169 ASSERT_TRUE(config_service.get()); |
| 235 | 170 |
| 236 SSLConfig ssl_config; | 171 SSLConfig ssl_config; |
| 237 config_service->GetSSLConfig(&ssl_config); | 172 config_service->GetSSLConfig(&ssl_config); |
| 238 // The command-line option must not have been honored. | 173 // The command-line option must not have been honored. |
| 239 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); | 174 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); |
| 240 } | 175 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1320533007:
Componentize ssl_config_service_manager_pref.cc (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master