| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/ssl_config_service_manager.h" | 5 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 139 | 139 |
| 140 SSLConfig config; | 140 SSLConfig config; |
| 141 config_service->GetSSLConfig(&config); | 141 config_service->GetSSLConfig(&config); |
| 142 | 142 |
| 143 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | 143 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); |
| 144 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | 144 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); |
| 145 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | 145 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); |
| 146 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 146 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
| 147 } | 147 } |
| 148 | 148 |
| 149 // Test that | 149 // Test that without command-line settings for minimum and maximum SSL versions, |
| 150 // * without command-line settings for minimum and maximum SSL versions, | 150 // SSL 3.0 ~ default_version_max() are enabled. |
| 151 // SSL 3.0 ~ default_version_max() are enabled; | |
| 152 // * without --enable-unrestricted-ssl3-fallback, | |
| 153 // |unrestricted_ssl3_fallback_enabled| is false. | |
| 154 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { | 151 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { |
| 155 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 152 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 156 | 153 |
| 157 PrefServiceMockFactory factory; | 154 PrefServiceMockFactory factory; |
| 158 factory.set_user_prefs(local_state_store); | 155 factory.set_user_prefs(local_state_store); |
| 159 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | 156 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; |
| 160 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | 157 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); |
| 161 | 158 |
| 162 SSLConfigServiceManager::RegisterPrefs(registry.get()); | 159 SSLConfigServiceManager::RegisterPrefs(registry.get()); |
| 163 | 160 |
| 164 scoped_ptr<SSLConfigServiceManager> config_manager( | 161 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 165 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | 162 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); |
| 166 ASSERT_TRUE(config_manager.get()); | 163 ASSERT_TRUE(config_manager.get()); |
| 167 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 164 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 168 ASSERT_TRUE(config_service.get()); | 165 ASSERT_TRUE(config_service.get()); |
| 169 | 166 |
| 170 SSLConfig ssl_config; | 167 SSLConfig ssl_config; |
| 171 config_service->GetSSLConfig(&ssl_config); | 168 config_service->GetSSLConfig(&ssl_config); |
| 172 // The default value in the absence of command-line options is that | 169 // The default value in the absence of command-line options is that |
| 173 // SSL 3.0 ~ default_version_max() are enabled. | 170 // SSL 3.0 ~ default_version_max() are enabled. |
| 174 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); | 171 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); |
| 175 EXPECT_EQ(net::SSLConfigService::default_version_max(), | 172 EXPECT_EQ(net::SSLConfigService::default_version_max(), |
| 176 ssl_config.version_max); | 173 ssl_config.version_max); |
| 177 EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled); | |
| 178 | 174 |
| 179 // The settings should not be added to the local_state. | 175 // The settings should not be added to the local_state. |
| 180 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); | 176 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); |
| 181 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); | 177 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); |
| 182 EXPECT_FALSE(local_state->HasPrefPath( | |
| 183 prefs::kEnableUnrestrictedSSL3Fallback)); | |
| 184 | 178 |
| 185 // Explicitly double-check the settings are not in the preference store. | 179 // Explicitly double-check the settings are not in the preference store. |
| 186 std::string version_min_str; | 180 std::string version_min_str; |
| 187 std::string version_max_str; | 181 std::string version_max_str; |
| 188 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | 182 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, |
| 189 &version_min_str)); | 183 &version_min_str)); |
| 190 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | 184 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, |
| 191 &version_max_str)); | 185 &version_max_str)); |
| 192 bool unrestricted_ssl3_fallback_enabled; | |
| 193 EXPECT_FALSE(local_state_store->GetBoolean( | |
| 194 prefs::kEnableUnrestrictedSSL3Fallback, | |
| 195 &unrestricted_ssl3_fallback_enabled)); | |
| 196 } | 186 } |
| 197 | 187 |
| 198 // Test that command-line settings for minimum and maximum SSL versions are | 188 // Test that command-line settings for minimum and maximum SSL versions are |
| 199 // respected and that they do not persist to the preferences files. | 189 // respected and that they do not persist to the preferences files. |
| 200 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { | 190 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { |
| 201 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 191 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 202 | 192 |
| 203 CommandLine command_line(CommandLine::NO_PROGRAM); | 193 CommandLine command_line(CommandLine::NO_PROGRAM); |
| 204 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); | 194 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); |
| 205 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); | 195 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); |
| 206 command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback); | |
| 207 | 196 |
| 208 PrefServiceMockFactory factory; | 197 PrefServiceMockFactory factory; |
| 209 factory.set_user_prefs(local_state_store); | 198 factory.set_user_prefs(local_state_store); |
| 210 factory.SetCommandLine(&command_line); | 199 factory.SetCommandLine(&command_line); |
| 211 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | 200 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; |
| 212 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); | 201 scoped_ptr<PrefService> local_state(factory.Create(registry.get())); |
| 213 | 202 |
| 214 SSLConfigServiceManager::RegisterPrefs(registry.get()); | 203 SSLConfigServiceManager::RegisterPrefs(registry.get()); |
| 215 | 204 |
| 216 scoped_ptr<SSLConfigServiceManager> config_manager( | 205 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 217 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); | 206 SSLConfigServiceManager::CreateDefaultManager(local_state.get())); |
| 218 ASSERT_TRUE(config_manager.get()); | 207 ASSERT_TRUE(config_manager.get()); |
| 219 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 208 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 220 ASSERT_TRUE(config_service.get()); | 209 ASSERT_TRUE(config_service.get()); |
| 221 | 210 |
| 222 SSLConfig ssl_config; | 211 SSLConfig ssl_config; |
| 223 config_service->GetSSLConfig(&ssl_config); | 212 config_service->GetSSLConfig(&ssl_config); |
| 224 // Command-line flags should be respected. | 213 // Command-line flags should be respected. |
| 225 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); | 214 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); |
| 226 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); | 215 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); |
| 227 EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); | |
| 228 | 216 |
| 229 // Explicitly double-check the settings are not in the preference store. | 217 // Explicitly double-check the settings are not in the preference store. |
| 230 const PrefService::Preference* version_min_pref = | 218 const PrefService::Preference* version_min_pref = |
| 231 local_state->FindPreference(prefs::kSSLVersionMin); | 219 local_state->FindPreference(prefs::kSSLVersionMin); |
| 232 EXPECT_FALSE(version_min_pref->IsUserModifiable()); | 220 EXPECT_FALSE(version_min_pref->IsUserModifiable()); |
| 233 | 221 |
| 234 const PrefService::Preference* version_max_pref = | 222 const PrefService::Preference* version_max_pref = |
| 235 local_state->FindPreference(prefs::kSSLVersionMax); | 223 local_state->FindPreference(prefs::kSSLVersionMax); |
| 236 EXPECT_FALSE(version_max_pref->IsUserModifiable()); | 224 EXPECT_FALSE(version_max_pref->IsUserModifiable()); |
| 237 | 225 |
| 238 const PrefService::Preference* ssl3_fallback_pref = | |
| 239 local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback); | |
| 240 EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable()); | |
| 241 | |
| 242 std::string version_min_str; | 226 std::string version_min_str; |
| 243 std::string version_max_str; | 227 std::string version_max_str; |
| 244 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | 228 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, |
| 245 &version_min_str)); | 229 &version_min_str)); |
| 246 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | 230 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, |
| 247 &version_max_str)); | 231 &version_max_str)); |
| 248 bool unrestricted_ssl3_fallback_enabled; | |
| 249 EXPECT_FALSE(local_state_store->GetBoolean( | |
| 250 prefs::kEnableUnrestrictedSSL3Fallback, | |
| 251 &unrestricted_ssl3_fallback_enabled)); | |
| 252 } | 232 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 200693006:
Remove --enable-unrestricted-ssl3-fallback. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/