Home | History | Annotate | Download | only in net
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/net/ssl_config_service_manager.h"
      6 
      7 #include "base/command_line.h"
      8 #include "base/memory/ref_counted.h"
      9 #include "base/message_loop/message_loop.h"
     10 #include "base/prefs/pref_registry_simple.h"
     11 #include "base/prefs/testing_pref_store.h"
     12 #include "base/values.h"
     13 #include "chrome/browser/content_settings/host_content_settings_map.h"
     14 #include "chrome/browser/prefs/pref_service_mock_factory.h"
     15 #include "chrome/common/chrome_switches.h"
     16 #include "chrome/common/pref_names.h"
     17 #include "chrome/test/base/testing_pref_service_syncable.h"
     18 #include "chrome/test/base/testing_profile.h"
     19 #include "components/content_settings/core/common/content_settings.h"
     20 #include "content/public/test/test_browser_thread.h"
     21 #include "net/ssl/ssl_config_service.h"
     22 #include "testing/gtest/include/gtest/gtest.h"
     23 
     24 using base::ListValue;
     25 using base::Value;
     26 using content::BrowserThread;
     27 using net::SSLConfig;
     28 using net::SSLConfigService;
     29 
     30 class SSLConfigServiceManagerPrefTest : public testing::Test {
     31  public:
     32   SSLConfigServiceManagerPrefTest()
     33       : ui_thread_(BrowserThread::UI, &message_loop_),
     34         io_thread_(BrowserThread::IO, &message_loop_) {}
     35 
     36  protected:
     37   base::MessageLoop message_loop_;
     38   content::TestBrowserThread ui_thread_;
     39   content::TestBrowserThread io_thread_;
     40 };
     41 
     42 // Test channel id with no user prefs.
     43 TEST_F(SSLConfigServiceManagerPrefTest, ChannelIDWithoutUserPrefs) {
     44   TestingPrefServiceSimple local_state;
     45   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
     46 
     47   scoped_ptr<SSLConfigServiceManager> config_manager(
     48       SSLConfigServiceManager::CreateDefaultManager(&local_state));
     49   ASSERT_TRUE(config_manager.get());
     50   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
     51   ASSERT_TRUE(config_service.get());
     52 
     53   SSLConfig config;
     54   config_service->GetSSLConfig(&config);
     55   EXPECT_TRUE(config.channel_id_enabled);
     56 }
     57 
     58 // Test that cipher suites can be disabled. "Good" refers to the fact that
     59 // every value is expected to be successfully parsed into a cipher suite.
     60 TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) {
     61   TestingPrefServiceSimple local_state;
     62   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
     63 
     64   scoped_ptr<SSLConfigServiceManager> config_manager(
     65       SSLConfigServiceManager::CreateDefaultManager(&local_state));
     66   ASSERT_TRUE(config_manager.get());
     67   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
     68   ASSERT_TRUE(config_service.get());
     69 
     70   SSLConfig old_config;
     71   config_service->GetSSLConfig(&old_config);
     72   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
     73 
     74   base::ListValue* list_value = new base::ListValue();
     75   list_value->Append(new base::StringValue("0x0004"));
     76   list_value->Append(new base::StringValue("0x0005"));
     77   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
     78 
     79   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
     80   // preferences changed.
     81   message_loop_.RunUntilIdle();
     82 
     83   SSLConfig config;
     84   config_service->GetSSLConfig(&config);
     85 
     86   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
     87   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
     88   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
     89   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
     90 }
     91 
     92 // Test that cipher suites can be disabled. "Bad" refers to the fact that
     93 // there are one or more non-cipher suite strings in the preference. They
     94 // should be ignored.
     95 TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
     96   TestingPrefServiceSimple local_state;
     97   SSLConfigServiceManager::RegisterPrefs(local_state.registry());
     98 
     99   scoped_ptr<SSLConfigServiceManager> config_manager(
    100       SSLConfigServiceManager::CreateDefaultManager(&local_state));
    101   ASSERT_TRUE(config_manager.get());
    102   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
    103   ASSERT_TRUE(config_service.get());
    104 
    105   SSLConfig old_config;
    106   config_service->GetSSLConfig(&old_config);
    107   EXPECT_TRUE(old_config.disabled_cipher_suites.empty());
    108 
    109   base::ListValue* list_value = new base::ListValue();
    110   list_value->Append(new base::StringValue("0x0004"));
    111   list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE"));
    112   list_value->Append(new base::StringValue("0x0005"));
    113   list_value->Append(new base::StringValue("0xBEEFY"));
    114   local_state.SetUserPref(prefs::kCipherSuiteBlacklist, list_value);
    115 
    116   // Pump the message loop to notify the SSLConfigServiceManagerPref that the
    117   // preferences changed.
    118   message_loop_.RunUntilIdle();
    119 
    120   SSLConfig config;
    121   config_service->GetSSLConfig(&config);
    122 
    123   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
    124   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
    125   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
    126   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
    127 }
    128 
    129 // Test that without command-line settings for minimum and maximum SSL versions,
    130 // SSL 3.0 ~ kDefaultSSLVersionMax are enabled.
    131 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
    132   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
    133 
    134   PrefServiceMockFactory factory;
    135   factory.set_user_prefs(local_state_store);
    136   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
    137   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
    138 
    139   SSLConfigServiceManager::RegisterPrefs(registry.get());
    140 
    141   scoped_ptr<SSLConfigServiceManager> config_manager(
    142       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
    143   ASSERT_TRUE(config_manager.get());
    144   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
    145   ASSERT_TRUE(config_service.get());
    146 
    147   SSLConfig ssl_config;
    148   config_service->GetSSLConfig(&ssl_config);
    149   // The default value in the absence of command-line options is that
    150   // SSL 3.0 ~ kDefaultSSLVersionMax are enabled.
    151   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
    152   EXPECT_EQ(net::kDefaultSSLVersionMax, ssl_config.version_max);
    153 
    154   // The settings should not be added to the local_state.
    155   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
    156   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
    157 
    158   // Explicitly double-check the settings are not in the preference store.
    159   std::string version_min_str;
    160   std::string version_max_str;
    161   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
    162                                             &version_min_str));
    163   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
    164                                             &version_max_str));
    165 }
    166 
    167 // Test that command-line settings for minimum and maximum SSL versions are
    168 // respected and that they do not persist to the preferences files.
    169 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
    170   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
    171 
    172   CommandLine command_line(CommandLine::NO_PROGRAM);
    173   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
    174   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
    175 
    176   PrefServiceMockFactory factory;
    177   factory.set_user_prefs(local_state_store);
    178   factory.SetCommandLine(&command_line);
    179   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
    180   scoped_ptr<PrefService> local_state(factory.Create(registry.get()));
    181 
    182   SSLConfigServiceManager::RegisterPrefs(registry.get());
    183 
    184   scoped_ptr<SSLConfigServiceManager> config_manager(
    185       SSLConfigServiceManager::CreateDefaultManager(local_state.get()));
    186   ASSERT_TRUE(config_manager.get());
    187   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
    188   ASSERT_TRUE(config_service.get());
    189 
    190   SSLConfig ssl_config;
    191   config_service->GetSSLConfig(&ssl_config);
    192   // Command-line flags should be respected.
    193   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
    194   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
    195 
    196   // Explicitly double-check the settings are not in the preference store.
    197   const PrefService::Preference* version_min_pref =
    198       local_state->FindPreference(prefs::kSSLVersionMin);
    199   EXPECT_FALSE(version_min_pref->IsUserModifiable());
    200 
    201   const PrefService::Preference* version_max_pref =
    202       local_state->FindPreference(prefs::kSSLVersionMax);
    203   EXPECT_FALSE(version_max_pref->IsUserModifiable());
    204 
    205   std::string version_min_str;
    206   std::string version_max_str;
    207   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
    208                                             &version_min_str));
    209   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
    210                                             &version_max_str));
    211 }
    212