Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / chrome / browser / net / ssl_config_service_manager_pref_unittest.cc
blobe3afe0c8c8fa5f3d53c6339341a3a17b3fdc0240
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/net/ssl_config_service_manager.h"
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/message_loop/message_loop.h"
10 #include "base/prefs/pref_registry_simple.h"
11 #include "base/prefs/testing_pref_store.h"
12 #include "base/values.h"
13 #include "chrome/browser/prefs/pref_service_mock_factory.h"
14 #include "chrome/common/chrome_switches.h"
15 #include "chrome/common/pref_names.h"
16 #include "chrome/test/base/testing_pref_service_syncable.h"
17 #include "chrome/test/base/testing_profile.h"
18 #include "components/content_settings/core/browser/host_content_settings_map.h"
19 #include "components/content_settings/core/common/content_settings.h"
20 #include "content/public/test/test_browser_thread.h"
21 #include "net/socket/ssl_client_socket.h"
22 #include "net/ssl/ssl_config_service.h"
23 #include "testing/gtest/include/gtest/gtest.h"
25 using base::ListValue;
26 using base::Value;
27 using content::BrowserThread;
28 using net::SSLConfig;
29 using net::SSLConfigService;
31 class SSLConfigServiceManagerPrefTest : public testing::Test {
32 public:
33 SSLConfigServiceManagerPrefTest()
34 : ui_thread_(BrowserThread::UI, &message_loop_),
35 io_thread_(BrowserThread::IO, &message_loop_) {}
37 protected:
38 base::MessageLoop message_loop_;
39 content::TestBrowserThread ui_thread_;
40 content::TestBrowserThread io_thread_;
43 // Test channel id with no user prefs.
44 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
45 TestingPrefServiceSimple local_state;
46 SSLConfigServiceManager::RegisterPrefs(local_state.registry());
48 scoped_ptr<SSLConfigServiceManager> config_manager(
49 SSLConfigServiceManager::CreateDefaultManager(&local_state));
50 ASSERT_TRUE(config_manager.get());
51 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
52 ASSERT_TRUE(config_service.get());
54 SSLConfig config;
55 config_service->GetSSLConfig(&config);
56 EXPECT_TRUE(config.channel_id_enabled);
59 // Test that cipher suites can be disabled. "Good" refers to the fact that
60 // every value is expected to be successfully parsed into a cipher suite.
61 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
62 TestingPrefServiceSimple local_state;
63 SSLConfigServiceManager::RegisterPrefs(local_state.registry());
65 scoped_ptr<SSLConfigServiceManager> config_manager(
66 SSLConfigServiceManager::CreateDefaultManager(&local_state));
67 ASSERT_TRUE(config_manager.get());
68 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
69 ASSERT_TRUE(config_service.get());
71 SSLConfig old_config;
72 config_service->GetSSLConfig(&old_config);
73 EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
75 base::ListValue* list_value = new base::ListValue();
76 list_value->Append(new base::StringValue("0x0004"));
77 list_value->Append(new base::StringValue("0x0005"));
78 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
80 // Pump the message loop to notify the SSLConfigServiceManagerPref that the
81 // preferences changed.
82 message_loop_.RunUntilIdle();
84 SSLConfig config;
85 config_service->GetSSLConfig(&config);
87 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
88 ASSERT_EQ(2u, config.disabled_cipher_suites.size());
89 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
90 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
93 // Test that cipher suites can be disabled. "Bad" refers to the fact that
94 // there are one or more non-cipher suite strings in the preference. They
95 // should be ignored.
96 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
97 TestingPrefServiceSimple local_state;
98 SSLConfigServiceManager::RegisterPrefs(local_state.registry());
100 scoped_ptr<SSLConfigServiceManager> config_manager(
101 SSLConfigServiceManager::CreateDefaultManager(&local_state));
102 ASSERT_TRUE(config_manager.get());
103 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
104 ASSERT_TRUE(config_service.get());
106 SSLConfig old_config;
107 config_service->GetSSLConfig(&old_config);
108 EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
110 base::ListValue* list_value = new base::ListValue();
111 list_value->Append(new base::StringValue("0x0004"));
112 list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
113 list_value->Append(new base::StringValue("0x0005"));
114 list_value->Append(new base::StringValue("0xBEEFY"));
115 local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
117 // Pump the message loop to notify the SSLConfigServiceManagerPref that the
118 // preferences changed.
119 message_loop_.RunUntilIdle();
121 SSLConfig config;
122 config_service->GetSSLConfig(&config);
124 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
125 ASSERT_EQ(2u, config.disabled_cipher_suites.size());
126 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
127 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
130 // Test that without command-line settings for minimum and maximum SSL versions,
131 // TLS versions from 1.0 up to 1.1 or 1.2 are enabled.
132 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
133 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
135 PrefServiceMockFactory factory;
136 factory.set_user_prefs(local_state_store);
137 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
138 scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
140 SSLConfigServiceManager::RegisterPrefs(registry.get());
142 scoped_ptr<SSLConfigServiceManager> config_manager(
143 SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
144 ASSERT_TRUE(config_manager.get());
145 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
146 ASSERT_TRUE(config_service.get());
148 SSLConfig ssl_config;
149 config_service->GetSSLConfig(&ssl_config);
150 // In the absence of command-line options, TLS versions from 1.0 up to 1.1 or
151 // 1.2 (depending on the underlying library and cryptographic implementation)
152 // are enabled.
153 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
154 EXPECT_EQ(net::SSLClientSocket::GetMaxSupportedSSLVersion(),
155 ssl_config.version_max);
157 // The settings should not be added to the local_state.
158 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
159 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
161 // Explicitly double-check the settings are not in the preference store.
162 std::string version_min_str;
163 std::string version_max_str;
164 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
165 &version_min_str));
166 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
167 &version_max_str));
170 // Test that command-line settings for minimum and maximum SSL versions are
171 // respected and that they do not persist to the preferences files.
172 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
173 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
175 base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
176 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1.1");
177 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "tls1");
179 PrefServiceMockFactory factory;
180 factory.set_user_prefs(local_state_store);
181 factory.SetCommandLine(&command_line);
182 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
183 scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
185 SSLConfigServiceManager::RegisterPrefs(registry.get());
187 scoped_ptr<SSLConfigServiceManager> config_manager(
188 SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
189 ASSERT_TRUE(config_manager.get());
190 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
191 ASSERT_TRUE(config_service.get());
193 SSLConfig ssl_config;
194 config_service->GetSSLConfig(&ssl_config);
195 // Command-line flags should be respected.
196 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_min);
197 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max);
199 // Explicitly double-check the settings are not in the preference store.
200 const PrefService::Preference* version_min_pref =
201 local_state->FindPreference(prefs::kSSLVersionMin);
202 EXPECT_FALSE(version_min_pref->IsUserModifiable());
204 const PrefService::Preference* version_max_pref =
205 local_state->FindPreference(prefs::kSSLVersionMax);
206 EXPECT_FALSE(version_max_pref->IsUserModifiable());
208 std::string version_min_str;
209 std::string version_max_str;
210 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
211 &version_min_str));
212 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
213 &version_max_str));
216 // Tests that "ssl3" is not treated as a valid minimum version.
217 TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
218 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
220 base::CommandLine command_line(base::CommandLine::NO_PROGRAM);
221 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "ssl3");
223 PrefServiceMockFactory factory;
224 factory.set_user_prefs(local_state_store);
225 factory.SetCommandLine(&command_line);
226 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
227 scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
229 SSLConfigServiceManager::RegisterPrefs(registry.get());
231 scoped_ptr<SSLConfigServiceManager> config_manager(
232 SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
233 ASSERT_TRUE(config_manager.get());
234 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
235 ASSERT_TRUE(config_service.get());
237 SSLConfig ssl_config;
238 config_service->GetSSLConfig(&ssl_config);
239 // The command-line option must not have been honored.
240 EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);