Only disable SHA-1 for local trust anchors if there's a PrefService

components/ssl_config/ssl_config_service_manager_pref_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 #include <utility>
 
 #include "base/feature_list.h"
 #include "base/memory/ref_counted.h"
 #include "base/message_loop/message_loop.h"
@@ skipping 181 matching lines @@
       SSLConfigServiceManager::CreateDefaultManager(
           &local_state, base::ThreadTaskRunnerHandle::Get()));
   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
   ASSERT_TRUE(config_service.get());
 
   // The feature should have switched the default version_fallback_min value.
   SSLConfig ssl_config;
   config_service->GetSSLConfig(&ssl_config);
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_3, ssl_config.version_max);
 }
+
+// Tests that SHA-1 signatures for local trust anchors can be enabled.
+TEST_F(SSLConfigServiceManagerPrefTest, SHA1ForLocalAnchors) {
+  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
+
+  TestingPrefServiceSimple local_state;
+  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+  std::unique_ptr<SSLConfigServiceManager> config_manager(
+      SSLConfigServiceManager::CreateDefaultManager(
+          &local_state, base::ThreadTaskRunnerHandle::Get()));
+  ASSERT_TRUE(config_manager);
+  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+  ASSERT_TRUE(config_service);
+
+  // By default, SHA-1 local trust anchors should be enabled when not
+  // using any pref service.
+  SSLConfig config1;
+  EXPECT_TRUE(config1.sha1_local_anchors_enabled);
+
+  // Using a pref service without any preference set should result in
+  // SHA-1 local trust anchors being disabled.
+  SSLConfig config2;
+  config_service->GetSSLConfig(&config2);
+  EXPECT_FALSE(config2.sha1_local_anchors_enabled);
+
+  // Enabling the local preference should result in SHA-1 local trust anchors
+  // being enabled.
+  local_state.SetUserPref(ssl_config::prefs::kCertEnableSha1LocalAnchors,
+                          new base::FundamentalValue(true));
+  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
+  // preferences changed.
+  base::RunLoop().RunUntilIdle();
+
+  SSLConfig config3;
+  config_service->GetSSLConfig(&config3);
+  EXPECT_TRUE(config3.sha1_local_anchors_enabled);
+
+  // Disabling the local preference should result in SHA-1 local trust
+  // anchors being disabled.
+  local_state.SetUserPref(ssl_config::prefs::kCertEnableSha1LocalAnchors,
+                          new base::FundamentalValue(false));
+  // Pump the message loop to notify the SSLConfigServiceManagerPref that the
+  // preferences changed.
+  base::RunLoop().RunUntilIdle();
+
+  SSLConfig config4;
+  config_service->GetSSLConfig(&config4);
+  EXPECT_FALSE(config4.sha1_local_anchors_enabled);
+}