chrome/browser/net/ssl_config_service_manager_pref_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/net/ssl_config_service_manager.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/memory/ref_counted.h"
   9 #include "base/message_loop/message_loop.h"
  10 #include "base/prefs/pref_registry_simple.h"
  11 #include "base/prefs/testing_pref_store.h"
  12 #include "base/values.h"
  13 #include "chrome/browser/prefs/pref_service_mock_factory.h"
  14 #include "chrome/common/chrome_switches.h"
  15 #include "chrome/common/pref_names.h"
  16 #include "chrome/test/base/testing_pref_service_syncable.h"
  17 #include "chrome/test/base/testing_profile.h"
  18 #include "components/content_settings/core/browser/host_content_settings_map.h"
  19 #include "components/content_settings/core/common/content_settings.h"
  20 #include "content/public/test/test_browser_thread.h"
  21 #include "net/socket/ssl_client_socket.h"
  22 #include "net/ssl/ssl_config_service.h"
  23 #include "testing/gtest/include/gtest/gtest.h"
  24
  25 using base::ListValue;
  26 using base::Value;
  27 using content::BrowserThread;
  28 using net::SSLConfig;
  29 using net::SSLConfigService;
  30
  31 class SSLConfigServiceManagerPrefTest : public testing::Test {
  32  public:
  33   SSLConfigServiceManagerPrefTest()
  34       : ui_thread_(BrowserThread::UI, &message_loop_),
  35         io_thread_(BrowserThread::IO, &message_loop_) {}
  36
  37  protected:
  38   base::MessageLoop message_loop_;
  39   content::TestBrowserThread ui_thread_;
  40   content::TestBrowserThread io_thread_;
  41 };
  42
  43 // Test channel id with no user prefs.
  44 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
  45   TestingPrefServiceSimple local_state;
  46   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  47
  48   scoped_ptr<SSLConfigServiceManager> config_manager(
  49       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  50   ASSERT_TRUE(config_manager.get());
  51   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  52   ASSERT_TRUE(config_service.get());
  53
  54   SSLConfig config;
  55   config_service->GetSSLConfig(&config);
  56   EXPECT_TRUE(config.channel_id_enabled);
  57 }
  58
  59 // Test that cipher suites can be disabled. "Good" refers to the fact that
  60 // every value is expected to be successfully parsed into a cipher suite.
  61 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
  62   TestingPrefServiceSimple local_state;
  63   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  64
  65   scoped_ptr<SSLConfigServiceManager> config_manager(
  66       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  67   ASSERT_TRUE(config_manager.get());
  68   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  69   ASSERT_TRUE(config_service.get());
  70
  71   SSLConfig old_config;
  72   config_service->GetSSLConfig(&old_config);
  73   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
  74
  75   base::ListValue* list_value = new base::ListValue();
  76   list_value->Append(new base::StringValue("0x0004"));
  77   list_value->Append(new base::StringValue("0x0005"));
  78   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
  79
  80   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
  81   // preferences changed.
  82   message_loop_.RunUntilIdle();
  83
  84   SSLConfig config;
  85   config_service->GetSSLConfig(&config);
  86
  87   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
  88   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
  89   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
  90   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
  91 }
  92
  93 // Test that cipher suites can be disabled. "Bad" refers to the fact that
  94 // there are one or more non-cipher suite strings in the preference. They
  95 // should be ignored.
  96 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
  97   TestingPrefServiceSimple local_state;
  98   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  99
 100   scoped_ptr<SSLConfigServiceManager> config_manager(
 101       SSLConfigServiceManager::CreateDefaultManager(&local_state));
 102   ASSERT_TRUE(config_manager.get());
 103   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 104   ASSERT_TRUE(config_service.get());
 105
 106   SSLConfig old_config;
 107   config_service->GetSSLConfig(&old_config);
 108   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
 109
 110   base::ListValue* list_value = new base::ListValue();
 111   list_value->Append(new base::StringValue("0x0004"));
 112   list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
 113   list_value->Append(new base::StringValue("0x0005"));
 114   list_value->Append(new base::StringValue("0xBEEFY"));
 115   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
 116
 117   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
 118   // preferences changed.
 119   message_loop_.RunUntilIdle();
 120
 121   SSLConfig config;
 122   config_service->GetSSLConfig(&config);
 123
 124   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
 125   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
 126   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
 127   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 128 }
 129
 130 // Test that without command-line settings for minimum and maximum SSL versions,
 131 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled.
 132 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
 133   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 134
 135   PrefServiceMockFactory factory;
 136   factory.set_user_prefs(local_state_store);
 137   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 138   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 139
 140   SSLConfigServiceManager::RegisterPrefs(registry.get());
 141
 142   scoped_ptr<SSLConfigServiceManager> config_manager(
 143       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 144   ASSERT_TRUE(config_manager.get());
 145   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 146   ASSERT_TRUE(config_service.get());
 147
 148   SSLConfig ssl_config;
 149   config_service->GetSSLConfig(&ssl_config);
 150   // In the absence of command-line options, TLS versions from 1.0 up to 1.1 or
 151   // 1.2 (depending on the underlying library and cryptographic implementation)
 152   // are enabled.
 153   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 154   EXPECT_EQ(net::SSLClientSocket::GetMaxSupportedSSLVersion(),
 155             ssl_config.version_max);
 156
 157   // The settings should not be added to the local_state.
 158   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
 159   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
 160
 161   // Explicitly double-check the settings are not in the preference store.
 162   std::string version_min_str;
 163   std::string version_max_str;
 164   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 165                                             &version_min_str));
 166   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 167                                             &version_max_str));
 168 }
 169
 170 // Test that command-line settings for minimum and maximum SSL versions are
 171 // respected and that they do not persist to the preferences files.
 172 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
 173   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 174
 175   base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
 176   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
 177   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
 178
 179   PrefServiceMockFactory factory;
 180   factory.set_user_prefs(local_state_store);
 181   factory.SetCommandLine(&command_line);
 182   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 183   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 184
 185   SSLConfigServiceManager::RegisterPrefs(registry.get());
 186
 187   scoped_ptr<SSLConfigServiceManager> config_manager(
 188       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 189   ASSERT_TRUE(config_manager.get());
 190   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 191   ASSERT_TRUE(config_service.get());
 192
 193   SSLConfig ssl_config;
 194   config_service->GetSSLConfig(&ssl_config);
 195   // Command-line flags should be respected.
 196   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 197   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
 198
 199   // Explicitly double-check the settings are not in the preference store.
 200   const PrefService::Preference* version_min_pref =
 201       local_state->FindPreference(prefs::kSSLVersionMin);
 202   EXPECT_FALSE(version_min_pref->IsUserModifiable());
 203
 204   const PrefService::Preference* version_max_pref =
 205       local_state->FindPreference(prefs::kSSLVersionMax);
 206   EXPECT_FALSE(version_max_pref->IsUserModifiable());
 207
 208   std::string version_min_str;
 209   std::string version_max_str;
 210   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 211                                             &version_min_str));
 212   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 213                                             &version_max_str));
 214 }