chrome/browser/net/ssl_config_service_manager_pref_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/net/ssl_config_service_manager.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/memory/ref_counted.h"
   9 #include "base/message_loop/message_loop.h"
  10 #include "base/prefs/pref_registry_simple.h"
  11 #include "base/prefs/testing_pref_store.h"
  12 #include "base/values.h"
  13 #include "chrome/browser/prefs/command_line_pref_store.h"
  14 #include "chrome/common/chrome_switches.h"
  15 #include "chrome/common/pref_names.h"
  16 #include "chrome/test/base/testing_profile.h"
  17 #include "components/content_settings/core/browser/host_content_settings_map.h"
  18 #include "components/content_settings/core/common/content_settings.h"
  19 #include "components/syncable_prefs/pref_service_mock_factory.h"
  20 #include "components/syncable_prefs/testing_pref_service_syncable.h"
  21 #include "content/public/test/test_browser_thread.h"
  22 #include "net/socket/ssl_client_socket.h"
  23 #include "net/ssl/ssl_config_service.h"
  24 #include "testing/gtest/include/gtest/gtest.h"
  25
  26 using base::ListValue;
  27 using base::Value;
  28 using content::BrowserThread;
  29 using net::SSLConfig;
  30 using net::SSLConfigService;
  31
  32 class SSLConfigServiceManagerPrefTest : public testing::Test {
  33  public:
  34   SSLConfigServiceManagerPrefTest()
  35       : ui_thread_(BrowserThread::UI, &message_loop_),
  36         io_thread_(BrowserThread::IO, &message_loop_) {}
  37
  38  protected:
  39   base::MessageLoop message_loop_;
  40   content::TestBrowserThread ui_thread_;
  41   content::TestBrowserThread io_thread_;
  42 };
  43
  44 // Test channel id with no user prefs.
  45 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
  46   TestingPrefServiceSimple local_state;
  47   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  48
  49   scoped_ptr<SSLConfigServiceManager> config_manager(
  50       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  51   ASSERT_TRUE(config_manager.get());
  52   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  53   ASSERT_TRUE(config_service.get());
  54
  55   SSLConfig config;
  56   config_service->GetSSLConfig(&config);
  57   EXPECT_TRUE(config.channel_id_enabled);
  58 }
  59
  60 // Test that cipher suites can be disabled. "Good" refers to the fact that
  61 // every value is expected to be successfully parsed into a cipher suite.
  62 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
  63   TestingPrefServiceSimple local_state;
  64   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  65
  66   scoped_ptr<SSLConfigServiceManager> config_manager(
  67       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  68   ASSERT_TRUE(config_manager.get());
  69   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  70   ASSERT_TRUE(config_service.get());
  71
  72   SSLConfig old_config;
  73   config_service->GetSSLConfig(&old_config);
  74   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
  75
  76   base::ListValue* list_value = new base::ListValue();
  77   list_value->Append(new base::StringValue("0x0004"));
  78   list_value->Append(new base::StringValue("0x0005"));
  79   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
  80
  81   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
  82   // preferences changed.
  83   message_loop_.RunUntilIdle();
  84
  85   SSLConfig config;
  86   config_service->GetSSLConfig(&config);
  87
  88   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
  89   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
  90   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
  91   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
  92 }
  93
  94 // Test that cipher suites can be disabled. "Bad" refers to the fact that
  95 // there are one or more non-cipher suite strings in the preference. They
  96 // should be ignored.
  97 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
  98   TestingPrefServiceSimple local_state;
  99   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
 100
 101   scoped_ptr<SSLConfigServiceManager> config_manager(
 102       SSLConfigServiceManager::CreateDefaultManager(&local_state));
 103   ASSERT_TRUE(config_manager.get());
 104   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 105   ASSERT_TRUE(config_service.get());
 106
 107   SSLConfig old_config;
 108   config_service->GetSSLConfig(&old_config);
 109   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
 110
 111   base::ListValue* list_value = new base::ListValue();
 112   list_value->Append(new base::StringValue("0x0004"));
 113   list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
 114   list_value->Append(new base::StringValue("0x0005"));
 115   list_value->Append(new base::StringValue("0xBEEFY"));
 116   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
 117
 118   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
 119   // preferences changed.
 120   message_loop_.RunUntilIdle();
 121
 122   SSLConfig config;
 123   config_service->GetSSLConfig(&config);
 124
 125   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
 126   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
 127   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
 128   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 129 }
 130
 131 // Test that without command-line settings for minimum and maximum SSL versions,
 132 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled.
 133 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
 134   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 135
 136   syncable_prefs::PrefServiceMockFactory factory;
 137   factory.set_user_prefs(local_state_store);
 138   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 139   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 140
 141   SSLConfigServiceManager::RegisterPrefs(registry.get());
 142
 143   scoped_ptr<SSLConfigServiceManager> config_manager(
 144       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 145   ASSERT_TRUE(config_manager.get());
 146   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 147   ASSERT_TRUE(config_service.get());
 148
 149   SSLConfig ssl_config;
 150   config_service->GetSSLConfig(&ssl_config);
 151   // In the absence of command-line options, TLS versions from 1.0 up to 1.1 or
 152   // 1.2 (depending on the underlying library and cryptographic implementation)
 153   // are enabled.
 154   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 155   EXPECT_EQ(net::SSLClientSocket::GetMaxSupportedSSLVersion(),
 156             ssl_config.version_max);
 157
 158   // The settings should not be added to the local_state.
 159   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
 160   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
 161
 162   // Explicitly double-check the settings are not in the preference store.
 163   std::string version_min_str;
 164   std::string version_max_str;
 165   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 166                                             &version_min_str));
 167   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 168                                             &version_max_str));
 169 }
 170
 171 // Test that command-line settings for minimum and maximum SSL versions are
 172 // respected and that they do not persist to the preferences files.
 173 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
 174   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 175
 176   base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
 177   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1");
 178   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1");
 179
 180   syncable_prefs::PrefServiceMockFactory factory;
 181   factory.set_user_prefs(local_state_store);
 182   factory.set_command_line_prefs(new CommandLinePrefStore(&command_line));
 183   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 184   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 185
 186   SSLConfigServiceManager::RegisterPrefs(registry.get());
 187
 188   scoped_ptr<SSLConfigServiceManager> config_manager(
 189       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 190   ASSERT_TRUE(config_manager.get());
 191   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 192   ASSERT_TRUE(config_service.get());
 193
 194   SSLConfig ssl_config;
 195   config_service->GetSSLConfig(&ssl_config);
 196   // Command-line flags should be respected.
 197   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min);
 198   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max);
 199
 200   // Explicitly double-check the settings are not in the preference store.
 201   const PrefService::Preference* version_min_pref =
 202       local_state->FindPreference(prefs::kSSLVersionMin);
 203   EXPECT_FALSE(version_min_pref->IsUserModifiable());
 204
 205   const PrefService::Preference* version_max_pref =
 206       local_state->FindPreference(prefs::kSSLVersionMax);
 207   EXPECT_FALSE(version_max_pref->IsUserModifiable());
 208
 209   std::string version_min_str;
 210   std::string version_max_str;
 211   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 212                                             &version_min_str));
 213   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 214                                             &version_max_str));
 215 }
 216
 217 // Tests that "ssl3" is not treated as a valid minimum version.
 218 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
 219   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 220
 221   base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
 222   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "ssl3");
 223
 224   syncable_prefs::PrefServiceMockFactory factory;
 225   factory.set_user_prefs(local_state_store);
 226   factory.set_command_line_prefs(new CommandLinePrefStore(&command_line));
 227   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 228   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 229
 230   SSLConfigServiceManager::RegisterPrefs(registry.get());
 231
 232   scoped_ptr<SSLConfigServiceManager> config_manager(
 233       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 234   ASSERT_TRUE(config_manager.get());
 235   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 236   ASSERT_TRUE(config_service.get());
 237
 238   SSLConfig ssl_config;
 239   config_service->GetSSLConfig(&ssl_config);
 240   // The command-line option must not have been honored.
 241   EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 242 }