chrome/browser/net/ssl_config_service_manager_pref_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/net/ssl_config_service_manager.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/memory/ref_counted.h"
   9 #include "base/message_loop/message_loop.h"
  10 #include "base/prefs/pref_registry_simple.h"
  11 #include "base/prefs/testing_pref_store.h"
  12 #include "base/values.h"
  13 #include "chrome/browser/content_settings/host_content_settings_map.h"
  14 #include "chrome/browser/prefs/pref_service_mock_factory.h"
  15 #include "chrome/common/chrome_switches.h"
  16 #include "chrome/common/content_settings.h"
  17 #include "chrome/common/pref_names.h"
  18 #include "chrome/test/base/testing_pref_service_syncable.h"
  19 #include "chrome/test/base/testing_profile.h"
  20 #include "content/public/test/test_browser_thread.h"
  21 #include "net/ssl/ssl_config_service.h"
  22 #include "testing/gtest/include/gtest/gtest.h"
  23
  24 using base::ListValue;
  25 using base::Value;
  26 using content::BrowserThread;
  27 using net::SSLConfig;
  28 using net::SSLConfigService;
  29
  30 class SSLConfigServiceManagerPrefTest : public testing::Test {
  31  public:
  32   SSLConfigServiceManagerPrefTest()
  33       : ui_thread_(BrowserThread::UI, &message_loop_),
  34         io_thread_(BrowserThread::IO, &message_loop_) {}
  35
  36  protected:
  37   bool IsChannelIdEnabled(SSLConfigService* config_service) {
  38     // Pump the message loop to notify the SSLConfigServiceManagerPref that the
  39     // preferences changed.
  40     message_loop_.RunUntilIdle();
  41     SSLConfig config;
  42     config_service->GetSSLConfig(&config);
  43     return config.channel_id_enabled;
  44   }
  45
  46   base::MessageLoop message_loop_;
  47   content::TestBrowserThread ui_thread_;
  48   content::TestBrowserThread io_thread_;
  49 };
  50
  51 // Test channel id with no user prefs.
  52 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
  53   TestingPrefServiceSimple local_state;
  54   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  55   local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
  56                           base::Value::CreateBooleanValue(false));
  57
  58   scoped_ptr<SSLConfigServiceManager> config_manager(
  59       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  60   ASSERT_TRUE(config_manager.get());
  61   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  62   ASSERT_TRUE(config_service.get());
  63
  64   SSLConfig config;
  65   config_service->GetSSLConfig(&config);
  66   EXPECT_FALSE(config.channel_id_enabled);
  67
  68   local_state.SetUserPref(prefs::kEnableOriginBoundCerts,
  69                           base::Value::CreateBooleanValue(true));
  70   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
  71   // preferences changed.
  72   message_loop_.RunUntilIdle();
  73   config_service->GetSSLConfig(&config);
  74   EXPECT_TRUE(config.channel_id_enabled);
  75 }
  76
  77 // Test that cipher suites can be disabled. "Good" refers to the fact that
  78 // every value is expected to be successfully parsed into a cipher suite.
  79 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
  80   TestingPrefServiceSimple local_state;
  81   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
  82
  83   scoped_ptr<SSLConfigServiceManager> config_manager(
  84       SSLConfigServiceManager::CreateDefaultManager(&local_state));
  85   ASSERT_TRUE(config_manager.get());
  86   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
  87   ASSERT_TRUE(config_service.get());
  88
  89   SSLConfig old_config;
  90   config_service->GetSSLConfig(&old_config);
  91   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
  92
  93   base::ListValue* list_value = new base::ListValue();
  94   list_value->Append(base::Value::CreateStringValue("0x0004"));
  95   list_value->Append(base::Value::CreateStringValue("0x0005"));
  96   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
  97
  98   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
  99   // preferences changed.
 100   message_loop_.RunUntilIdle();
 101
 102   SSLConfig config;
 103   config_service->GetSSLConfig(&config);
 104
 105   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
 106   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
 107   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
 108   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 109 }
 110
 111 // Test that cipher suites can be disabled. "Bad" refers to the fact that
 112 // there are one or more non-cipher suite strings in the preference. They
 113 // should be ignored.
 114 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
 115   TestingPrefServiceSimple local_state;
 116   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
 117
 118   scoped_ptr<SSLConfigServiceManager> config_manager(
 119       SSLConfigServiceManager::CreateDefaultManager(&local_state));
 120   ASSERT_TRUE(config_manager.get());
 121   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 122   ASSERT_TRUE(config_service.get());
 123
 124   SSLConfig old_config;
 125   config_service->GetSSLConfig(&old_config);
 126   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
 127
 128   base::ListValue* list_value = new base::ListValue();
 129   list_value->Append(base::Value::CreateStringValue("0x0004"));
 130   list_value->Append(
 131       base::Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
 132   list_value->Append(base::Value::CreateStringValue("0x0005"));
 133   list_value->Append(base::Value::CreateStringValue("0xBEEFY"));
 134   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
 135
 136   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
 137   // preferences changed.
 138   message_loop_.RunUntilIdle();
 139
 140   SSLConfig config;
 141   config_service->GetSSLConfig(&config);
 142
 143   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
 144   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
 145   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
 146   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 147 }
 148
 149 // Test that
 150 // * without command-line settings for minimum and maximum SSL versions,
 151 //   SSL 3.0 ~ default_version_max() are enabled;
 152 // * without --enable-unrestricted-ssl3-fallback,
 153 //   |unrestricted_ssl3_fallback_enabled| is false.
 154 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
 155   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 156
 157   PrefServiceMockFactory factory;
 158   factory.set_user_prefs(local_state_store);
 159   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 160   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 161
 162   SSLConfigServiceManager::RegisterPrefs(registry.get());
 163
 164   scoped_ptr<SSLConfigServiceManager> config_manager(
 165       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 166   ASSERT_TRUE(config_manager.get());
 167   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 168   ASSERT_TRUE(config_service.get());
 169
 170   SSLConfig ssl_config;
 171   config_service->GetSSLConfig(&ssl_config);
 172   // The default value in the absence of command-line options is that
 173   // SSL 3.0 ~ default_version_max() are enabled.
 174   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
 175   EXPECT_EQ(net::SSLConfigService::default_version_max(),
 176             ssl_config.version_max);
 177   EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled);
 178
 179   // The settings should not be added to the local_state.
 180   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
 181   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
 182   EXPECT_FALSE(local_state->HasPrefPath(
 183       prefs::kEnableUnrestrictedSSL3Fallback));
 184
 185   // Explicitly double-check the settings are not in the preference store.
 186   std::string version_min_str;
 187   std::string version_max_str;
 188   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 189                                             &version_min_str));
 190   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 191                                             &version_max_str));
 192   bool unrestricted_ssl3_fallback_enabled;
 193   EXPECT_FALSE(local_state_store->GetBoolean(
 194       prefs::kEnableUnrestrictedSSL3Fallback,
 195       &unrestricted_ssl3_fallback_enabled));
 196 }
 197
 198 // Test that command-line settings for minimum and maximum SSL versions are
 199 // respected and that they do not persist to the preferences files.
 200 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
 201   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 202
 203   CommandLine command_line(CommandLine::NO_PROGRAM);
 204   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
 205   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
 206   command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback);
 207
 208   PrefServiceMockFactory factory;
 209   factory.set_user_prefs(local_state_store);
 210   factory.SetCommandLine(&command_line);
 211   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
 212   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
 213
 214   SSLConfigServiceManager::RegisterPrefs(registry.get());
 215
 216   scoped_ptr<SSLConfigServiceManager> config_manager(
 217       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
 218   ASSERT_TRUE(config_manager.get());
 219   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
 220   ASSERT_TRUE(config_service.get());
 221
 222   SSLConfig ssl_config;
 223   config_service->GetSSLConfig(&ssl_config);
 224   // Command-line flags should be respected.
 225   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 226   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
 227   EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
 228
 229   // Explicitly double-check the settings are not in the preference store.
 230   const PrefService::Preference* version_min_pref =
 231       local_state->FindPreference(prefs::kSSLVersionMin);
 232   EXPECT_FALSE(version_min_pref->IsUserModifiable());
 233
 234   const PrefService::Preference* version_max_pref =
 235       local_state->FindPreference(prefs::kSSLVersionMax);
 236   EXPECT_FALSE(version_max_pref->IsUserModifiable());
 237
 238   const PrefService::Preference* ssl3_fallback_pref =
 239       local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback);
 240   EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable());
 241
 242   std::string version_min_str;
 243   std::string version_max_str;
 244   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
 245                                             &version_min_str));
 246   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
 247                                             &version_max_str));
 248   bool unrestricted_ssl3_fallback_enabled;
 249   EXPECT_FALSE(local_state_store->GetBoolean(
 250       prefs::kEnableUnrestrictedSSL3Fallback,
 251       &unrestricted_ssl3_fallback_enabled));
 252 }