OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/ssl_config/ssl_config_service_manager.h" | 5 #include <memory> |
6 | |
7 #include <utility> | 6 #include <utility> |
8 | 7 |
9 #include "base/feature_list.h" | 8 #include "base/feature_list.h" |
10 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
11 #include "base/memory/scoped_ptr.h" | |
12 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
13 #include "base/thread_task_runner_handle.h" | 11 #include "base/thread_task_runner_handle.h" |
14 #include "base/values.h" | 12 #include "base/values.h" |
15 #include "components/prefs/testing_pref_service.h" | 13 #include "components/prefs/testing_pref_service.h" |
16 #include "components/ssl_config/ssl_config_prefs.h" | 14 #include "components/ssl_config/ssl_config_prefs.h" |
| 15 #include "components/ssl_config/ssl_config_service_manager.h" |
17 #include "components/ssl_config/ssl_config_switches.h" | 16 #include "components/ssl_config/ssl_config_switches.h" |
18 #include "net/ssl/ssl_config.h" | 17 #include "net/ssl/ssl_config.h" |
19 #include "net/ssl/ssl_config_service.h" | 18 #include "net/ssl/ssl_config_service.h" |
20 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
21 | 20 |
22 using base::ListValue; | 21 using base::ListValue; |
23 using net::SSLConfig; | 22 using net::SSLConfig; |
24 using net::SSLConfigService; | 23 using net::SSLConfigService; |
25 using ssl_config::SSLConfigServiceManager; | 24 using ssl_config::SSLConfigServiceManager; |
26 | 25 |
27 class SSLConfigServiceManagerPrefTest : public testing::Test { | 26 class SSLConfigServiceManagerPrefTest : public testing::Test { |
28 public: | 27 public: |
29 SSLConfigServiceManagerPrefTest() {} | 28 SSLConfigServiceManagerPrefTest() {} |
30 | 29 |
31 protected: | 30 protected: |
32 base::MessageLoop message_loop_; | 31 base::MessageLoop message_loop_; |
33 }; | 32 }; |
34 | 33 |
35 // Test channel id with no user prefs. | 34 // Test channel id with no user prefs. |
36 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { | 35 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) { |
37 TestingPrefServiceSimple local_state; | 36 TestingPrefServiceSimple local_state; |
38 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 37 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
39 | 38 |
40 scoped_ptr<SSLConfigServiceManager> config_manager( | 39 std::unique_ptr<SSLConfigServiceManager> config_manager( |
41 SSLConfigServiceManager::CreateDefaultManager( | 40 SSLConfigServiceManager::CreateDefaultManager( |
42 &local_state, base::ThreadTaskRunnerHandle::Get())); | 41 &local_state, base::ThreadTaskRunnerHandle::Get())); |
43 ASSERT_TRUE(config_manager.get()); | 42 ASSERT_TRUE(config_manager.get()); |
44 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 43 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
45 ASSERT_TRUE(config_service.get()); | 44 ASSERT_TRUE(config_service.get()); |
46 | 45 |
47 SSLConfig config; | 46 SSLConfig config; |
48 config_service->GetSSLConfig(&config); | 47 config_service->GetSSLConfig(&config); |
49 EXPECT_TRUE(config.channel_id_enabled); | 48 EXPECT_TRUE(config.channel_id_enabled); |
50 } | 49 } |
51 | 50 |
52 // Test that cipher suites can be disabled. "Good" refers to the fact that | 51 // Test that cipher suites can be disabled. "Good" refers to the fact that |
53 // every value is expected to be successfully parsed into a cipher suite. | 52 // every value is expected to be successfully parsed into a cipher suite. |
54 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { | 53 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { |
55 TestingPrefServiceSimple local_state; | 54 TestingPrefServiceSimple local_state; |
56 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 55 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
57 | 56 |
58 scoped_ptr<SSLConfigServiceManager> config_manager( | 57 std::unique_ptr<SSLConfigServiceManager> config_manager( |
59 SSLConfigServiceManager::CreateDefaultManager( | 58 SSLConfigServiceManager::CreateDefaultManager( |
60 &local_state, base::ThreadTaskRunnerHandle::Get())); | 59 &local_state, base::ThreadTaskRunnerHandle::Get())); |
61 ASSERT_TRUE(config_manager.get()); | 60 ASSERT_TRUE(config_manager.get()); |
62 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 61 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
63 ASSERT_TRUE(config_service.get()); | 62 ASSERT_TRUE(config_service.get()); |
64 | 63 |
65 SSLConfig old_config; | 64 SSLConfig old_config; |
66 config_service->GetSSLConfig(&old_config); | 65 config_service->GetSSLConfig(&old_config); |
67 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | 66 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); |
68 | 67 |
(...skipping 15 matching lines...) Expand all Loading... |
84 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 83 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
85 } | 84 } |
86 | 85 |
87 // Test that cipher suites can be disabled. "Bad" refers to the fact that | 86 // Test that cipher suites can be disabled. "Bad" refers to the fact that |
88 // there are one or more non-cipher suite strings in the preference. They | 87 // there are one or more non-cipher suite strings in the preference. They |
89 // should be ignored. | 88 // should be ignored. |
90 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { | 89 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { |
91 TestingPrefServiceSimple local_state; | 90 TestingPrefServiceSimple local_state; |
92 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 91 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
93 | 92 |
94 scoped_ptr<SSLConfigServiceManager> config_manager( | 93 std::unique_ptr<SSLConfigServiceManager> config_manager( |
95 SSLConfigServiceManager::CreateDefaultManager( | 94 SSLConfigServiceManager::CreateDefaultManager( |
96 &local_state, base::ThreadTaskRunnerHandle::Get())); | 95 &local_state, base::ThreadTaskRunnerHandle::Get())); |
97 ASSERT_TRUE(config_manager.get()); | 96 ASSERT_TRUE(config_manager.get()); |
98 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 97 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
99 ASSERT_TRUE(config_service.get()); | 98 ASSERT_TRUE(config_service.get()); |
100 | 99 |
101 SSLConfig old_config; | 100 SSLConfig old_config; |
102 config_service->GetSSLConfig(&old_config); | 101 config_service->GetSSLConfig(&old_config); |
103 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); | 102 EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); |
104 | 103 |
(...skipping 17 matching lines...) Expand all Loading... |
122 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 121 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
123 } | 122 } |
124 | 123 |
125 // Test that without command-line settings for minimum and maximum SSL versions, | 124 // Test that without command-line settings for minimum and maximum SSL versions, |
126 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. | 125 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled. |
127 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { | 126 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { |
128 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 127 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
129 TestingPrefServiceSimple local_state; | 128 TestingPrefServiceSimple local_state; |
130 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 129 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
131 | 130 |
132 scoped_ptr<SSLConfigServiceManager> config_manager( | 131 std::unique_ptr<SSLConfigServiceManager> config_manager( |
133 SSLConfigServiceManager::CreateDefaultManager( | 132 SSLConfigServiceManager::CreateDefaultManager( |
134 &local_state, base::ThreadTaskRunnerHandle::Get())); | 133 &local_state, base::ThreadTaskRunnerHandle::Get())); |
135 ASSERT_TRUE(config_manager.get()); | 134 ASSERT_TRUE(config_manager.get()); |
136 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 135 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
137 ASSERT_TRUE(config_service.get()); | 136 ASSERT_TRUE(config_service.get()); |
138 | 137 |
139 SSLConfig ssl_config; | 138 SSLConfig ssl_config; |
140 config_service->GetSSLConfig(&ssl_config); | 139 config_service->GetSSLConfig(&ssl_config); |
141 // In the absence of command-line options, the default TLS version range is | 140 // In the absence of command-line options, the default TLS version range is |
142 // enabled. | 141 // enabled. |
(...skipping 15 matching lines...) Expand all Loading... |
158 | 157 |
159 // Tests that "ssl3" is not treated as a valid minimum version. | 158 // Tests that "ssl3" is not treated as a valid minimum version. |
160 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { | 159 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { |
161 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 160 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
162 | 161 |
163 TestingPrefServiceSimple local_state; | 162 TestingPrefServiceSimple local_state; |
164 local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin, | 163 local_state.SetUserPref(ssl_config::prefs::kSSLVersionMin, |
165 new base::StringValue("ssl3")); | 164 new base::StringValue("ssl3")); |
166 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 165 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
167 | 166 |
168 scoped_ptr<SSLConfigServiceManager> config_manager( | 167 std::unique_ptr<SSLConfigServiceManager> config_manager( |
169 SSLConfigServiceManager::CreateDefaultManager( | 168 SSLConfigServiceManager::CreateDefaultManager( |
170 &local_state, base::ThreadTaskRunnerHandle::Get())); | 169 &local_state, base::ThreadTaskRunnerHandle::Get())); |
171 ASSERT_TRUE(config_manager.get()); | 170 ASSERT_TRUE(config_manager.get()); |
172 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 171 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
173 ASSERT_TRUE(config_service.get()); | 172 ASSERT_TRUE(config_service.get()); |
174 | 173 |
175 SSLConfig ssl_config; | 174 SSLConfig ssl_config; |
176 config_service->GetSSLConfig(&ssl_config); | 175 config_service->GetSSLConfig(&ssl_config); |
177 // The command-line option must not have been honored. | 176 // The command-line option must not have been honored. |
178 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); | 177 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); |
179 } | 178 } |
180 | 179 |
181 // Tests that fallback beyond TLS 1.0 cannot be re-enabled. | 180 // Tests that fallback beyond TLS 1.0 cannot be re-enabled. |
182 TEST_F(SSLConfigServiceManagerPrefTest, NoTLS1Fallback) { | 181 TEST_F(SSLConfigServiceManagerPrefTest, NoTLS1Fallback) { |
183 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 182 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
184 | 183 |
185 TestingPrefServiceSimple local_state; | 184 TestingPrefServiceSimple local_state; |
186 local_state.SetUserPref(ssl_config::prefs::kSSLVersionFallbackMin, | 185 local_state.SetUserPref(ssl_config::prefs::kSSLVersionFallbackMin, |
187 new base::StringValue("tls1")); | 186 new base::StringValue("tls1")); |
188 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 187 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
189 | 188 |
190 scoped_ptr<SSLConfigServiceManager> config_manager( | 189 std::unique_ptr<SSLConfigServiceManager> config_manager( |
191 SSLConfigServiceManager::CreateDefaultManager( | 190 SSLConfigServiceManager::CreateDefaultManager( |
192 &local_state, base::ThreadTaskRunnerHandle::Get())); | 191 &local_state, base::ThreadTaskRunnerHandle::Get())); |
193 ASSERT_TRUE(config_manager.get()); | 192 ASSERT_TRUE(config_manager.get()); |
194 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 193 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
195 ASSERT_TRUE(config_service.get()); | 194 ASSERT_TRUE(config_service.get()); |
196 | 195 |
197 SSLConfig ssl_config; | 196 SSLConfig ssl_config; |
198 config_service->GetSSLConfig(&ssl_config); | 197 config_service->GetSSLConfig(&ssl_config); |
199 // The command-line option must not have been honored. | 198 // The command-line option must not have been honored. |
200 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_fallback_min); | 199 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_fallback_min); |
201 } | 200 } |
202 | 201 |
203 // Tests that the TLS 1.1 fallback may be re-enabled via features. | 202 // Tests that the TLS 1.1 fallback may be re-enabled via features. |
204 TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) { | 203 TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) { |
205 // Toggle the feature. | 204 // Toggle the feature. |
206 base::FeatureList::ClearInstanceForTesting(); | 205 base::FeatureList::ClearInstanceForTesting(); |
207 scoped_ptr<base::FeatureList> feature_list(new base::FeatureList); | 206 std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList); |
208 feature_list->InitializeFromCommandLine("SSLVersionFallbackTLSv1.1", | 207 feature_list->InitializeFromCommandLine("SSLVersionFallbackTLSv1.1", |
209 std::string()); | 208 std::string()); |
210 base::FeatureList::SetInstance(std::move(feature_list)); | 209 base::FeatureList::SetInstance(std::move(feature_list)); |
211 | 210 |
212 TestingPrefServiceSimple local_state; | 211 TestingPrefServiceSimple local_state; |
213 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); | 212 SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
214 | 213 |
215 scoped_ptr<SSLConfigServiceManager> config_manager( | 214 std::unique_ptr<SSLConfigServiceManager> config_manager( |
216 SSLConfigServiceManager::CreateDefaultManager( | 215 SSLConfigServiceManager::CreateDefaultManager( |
217 &local_state, base::ThreadTaskRunnerHandle::Get())); | 216 &local_state, base::ThreadTaskRunnerHandle::Get())); |
218 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 217 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
219 ASSERT_TRUE(config_service.get()); | 218 ASSERT_TRUE(config_service.get()); |
220 | 219 |
221 // The feature should have switched the default version_fallback_min value. | 220 // The feature should have switched the default version_fallback_min value. |
222 SSLConfig ssl_config; | 221 SSLConfig ssl_config; |
223 config_service->GetSSLConfig(&ssl_config); | 222 config_service->GetSSLConfig(&ssl_config); |
224 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_fallback_min); | 223 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_fallback_min); |
225 } | 224 } |
OLD | NEW |