diff options
author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-01 04:02:21 +0000 |
---|---|---|
committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-01 04:02:21 +0000 |
commit | a415335c3b2fbeb9580b9d0ea774adc31d883132 (patch) | |
tree | b402226ee5137845731c708dfda175d484a437c2 /chrome/browser/net/ssl_config_service_manager_pref_unittest.cc | |
parent | 31b04d71f05924ee6ef914be7b7802bef73d5bf6 (diff) | |
download | chromium_src-a415335c3b2fbeb9580b9d0ea774adc31d883132.zip chromium_src-a415335c3b2fbeb9580b9d0ea774adc31d883132.tar.gz chromium_src-a415335c3b2fbeb9580b9d0ea774adc31d883132.tar.bz2 |
Add back prefs::kSSL3Enabled and prefs::kTLS1Enabled, but control
the preferences with the command-line options via the
CommandLinePrefStore. This allows us to control the preferences
via the PolicyPrefStores or any other pref store in the future.
Patch originally by wtc@chromium.org at http://codereview.chromium.org/7776002
R=wtc@chromium.org
BUG=102019
TEST=none
Review URL: http://codereview.chromium.org/8402019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108073 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/net/ssl_config_service_manager_pref_unittest.cc')
-rw-r--r-- | chrome/browser/net/ssl_config_service_manager_pref_unittest.cc | 158 |
1 files changed, 130 insertions, 28 deletions
diff --git a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc index 0d3e906..525335b 100644 --- a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc +++ b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc @@ -4,9 +4,14 @@ #include "chrome/browser/net/pref_proxy_config_service.h" +#include "base/command_line.h" +#include "base/memory/ref_counted.h" #include "base/message_loop.h" #include "base/values.h" #include "chrome/browser/net/ssl_config_service_manager.h" +#include "chrome/browser/prefs/pref_service_mock_builder.h" +#include "chrome/browser/prefs/testing_pref_store.h" +#include "chrome/common/chrome_switches.h" #include "chrome/common/pref_names.h" #include "chrome/test/base/testing_pref_service.h" #include "content/test/test_browser_thread.h" @@ -20,37 +25,24 @@ using net::SSLConfigService; class SSLConfigServiceManagerPrefTest : public testing::Test { public: - SSLConfigServiceManagerPrefTest() {} - - virtual void SetUp() { - message_loop_.reset(new MessageLoop()); - ui_thread_.reset( - new content::TestBrowserThread(BrowserThread::UI, message_loop_.get())); - io_thread_.reset( - new content::TestBrowserThread(BrowserThread::IO, message_loop_.get())); - pref_service_.reset(new TestingPrefService()); - SSLConfigServiceManager::RegisterPrefs(pref_service_.get()); - } - - virtual void TearDown() { - pref_service_.reset(); - io_thread_.reset(); - ui_thread_.reset(); - message_loop_.reset(); - } + SSLConfigServiceManagerPrefTest() + : ui_thread_(BrowserThread::UI, &message_loop_), + io_thread_(BrowserThread::IO, &message_loop_) {} protected: - scoped_ptr<MessageLoop> message_loop_; - scoped_ptr<content::TestBrowserThread> ui_thread_; - scoped_ptr<content::TestBrowserThread> io_thread_; - scoped_ptr<TestingPrefService> pref_service_; + MessageLoop message_loop_; + content::TestBrowserThread ui_thread_; + content::TestBrowserThread io_thread_; }; // Test that cipher suites can be disabled. "Good" refers to the fact that // every value is expected to be successfully parsed into a cipher suite. TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { + TestingPrefService pref_service; + SSLConfigServiceManager::RegisterPrefs(&pref_service); + scoped_ptr<SSLConfigServiceManager> config_manager( - SSLConfigServiceManager::CreateDefaultManager(pref_service_.get())); + SSLConfigServiceManager::CreateDefaultManager(&pref_service)); ASSERT_TRUE(config_manager.get()); scoped_refptr<SSLConfigService> config_service(config_manager->Get()); ASSERT_TRUE(config_service.get()); @@ -62,11 +54,11 @@ TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { ListValue* list_value = new ListValue(); list_value->Append(Value::CreateStringValue("0x0004")); list_value->Append(Value::CreateStringValue("0x0005")); - pref_service_->SetUserPref(prefs::kCipherSuiteBlacklist, list_value); + pref_service.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); // Pump the message loop to notify the SSLConfigServiceManagerPref that the // preferences changed. - message_loop_->RunAllPending(); + message_loop_.RunAllPending(); SSLConfig config; config_service->GetSSLConfig(&config); @@ -81,8 +73,11 @@ TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { // there are one or more non-cipher suite strings in the preference. They // should be ignored. TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { + TestingPrefService pref_service; + SSLConfigServiceManager::RegisterPrefs(&pref_service); + scoped_ptr<SSLConfigServiceManager> config_manager( - SSLConfigServiceManager::CreateDefaultManager(pref_service_.get())); + SSLConfigServiceManager::CreateDefaultManager(&pref_service)); ASSERT_TRUE(config_manager.get()); scoped_refptr<SSLConfigService> config_service(config_manager->Get()); ASSERT_TRUE(config_service.get()); @@ -96,11 +91,11 @@ TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { list_value->Append(Value::CreateStringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); list_value->Append(Value::CreateStringValue("0x0005")); list_value->Append(Value::CreateStringValue("0xBEEFY")); - pref_service_->SetUserPref(prefs::kCipherSuiteBlacklist, list_value); + pref_service.SetUserPref(prefs::kCipherSuiteBlacklist, list_value); // Pump the message loop to notify the SSLConfigServiceManagerPref that the // preferences changed. - message_loop_->RunAllPending(); + message_loop_.RunAllPending(); SSLConfig config; config_service->GetSSLConfig(&config); @@ -110,3 +105,110 @@ TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); } + +// Test that existing user settings for TLS1.0/SSL3.0 are both ignored and +// cleared from user preferences. +TEST_F(SSLConfigServiceManagerPrefTest, IgnoreLegacySSLSettings) { + scoped_refptr<TestingPrefStore> user_prefs(new TestingPrefStore()); + + // SSL3.0 and TLS1.0 used to be user-definable prefs. They are now used as + // command-line options. Ensure any existing user prefs are ignored in + // favour of the command-line flags. + user_prefs->SetBoolean(prefs::kSSL3Enabled, false); + user_prefs->SetBoolean(prefs::kTLS1Enabled, false); + + // Ensure the preferences exist initially. + bool is_ssl3_enabled = true; + EXPECT_TRUE(user_prefs->GetBoolean(prefs::kSSL3Enabled, &is_ssl3_enabled)); + EXPECT_FALSE(is_ssl3_enabled); + + bool is_tls1_enabled = true; + EXPECT_TRUE(user_prefs->GetBoolean(prefs::kTLS1Enabled, &is_tls1_enabled)); + EXPECT_FALSE(is_tls1_enabled); + + PrefServiceMockBuilder builder; + builder.WithUserPrefs(user_prefs.get()); + scoped_ptr<PrefService> pref_service(builder.Create()); + + SSLConfigServiceManager::RegisterPrefs(pref_service.get()); + + scoped_ptr<SSLConfigServiceManager> config_manager( + SSLConfigServiceManager::CreateDefaultManager(pref_service.get())); + ASSERT_TRUE(config_manager.get()); + scoped_refptr<SSLConfigService> config_service(config_manager->Get()); + ASSERT_TRUE(config_service.get()); + + SSLConfig ssl_config; + config_service->GetSSLConfig(&ssl_config); + // The default value in the absence of command-line options is that both + // protocols are enabled. + EXPECT_TRUE(ssl_config.ssl3_enabled); + EXPECT_TRUE(ssl_config.tls1_enabled); + + // The existing user settings should be removed from the pref_service. + EXPECT_FALSE(pref_service->HasPrefPath(prefs::kSSL3Enabled)); + EXPECT_FALSE(pref_service->HasPrefPath(prefs::kTLS1Enabled)); + + // Explicitly double-check the settings are not in the user preference + // store. + EXPECT_FALSE(user_prefs->GetBoolean(prefs::kSSL3Enabled, &is_ssl3_enabled)); + EXPECT_FALSE(user_prefs->GetBoolean(prefs::kTLS1Enabled, &is_tls1_enabled)); +} + +// Test that command-line settings for TLS1.0/SSL3.0 are respected, that they +// disregard any existing user preferences, and that they do not persist to +// the user preferences files. +TEST_F(SSLConfigServiceManagerPrefTest, CommandLineOverridesUserPrefs) { + scoped_refptr<TestingPrefStore> user_prefs(new TestingPrefStore()); + + // Explicitly enable SSL3.0/TLS1.0 in the user preferences, to mirror the + // more common legacy file. + user_prefs->SetBoolean(prefs::kSSL3Enabled, true); + user_prefs->SetBoolean(prefs::kTLS1Enabled, true); + + // Ensure the preferences exist initially. + bool is_ssl3_enabled = false; + EXPECT_TRUE(user_prefs->GetBoolean(prefs::kSSL3Enabled, &is_ssl3_enabled)); + EXPECT_TRUE(is_ssl3_enabled); + + bool is_tls1_enabled = false; + EXPECT_TRUE(user_prefs->GetBoolean(prefs::kTLS1Enabled, &is_tls1_enabled)); + EXPECT_TRUE(is_tls1_enabled); + + CommandLine command_line(CommandLine::NO_PROGRAM); + command_line.AppendSwitch(switches::kDisableSSL3); + command_line.AppendSwitch(switches::kDisableTLS1); + + PrefServiceMockBuilder builder; + builder.WithUserPrefs(user_prefs.get()); + builder.WithCommandLine(&command_line); + scoped_ptr<PrefService> pref_service(builder.Create()); + + SSLConfigServiceManager::RegisterPrefs(pref_service.get()); + + scoped_ptr<SSLConfigServiceManager> config_manager( + SSLConfigServiceManager::CreateDefaultManager(pref_service.get())); + ASSERT_TRUE(config_manager.get()); + scoped_refptr<SSLConfigService> config_service(config_manager->Get()); + ASSERT_TRUE(config_service.get()); + + SSLConfig ssl_config; + config_service->GetSSLConfig(&ssl_config); + // Command-line flags to disable should override the user preferences to + // enable. + EXPECT_FALSE(ssl_config.ssl3_enabled); + EXPECT_FALSE(ssl_config.tls1_enabled); + + // Explicitly double-check the settings are not in the user preference + // store. + const PrefService::Preference* ssl3_enabled_pref = + pref_service->FindPreference(prefs::kSSL3Enabled); + EXPECT_FALSE(ssl3_enabled_pref->IsUserModifiable()); + + const PrefService::Preference* tls1_enabled_pref = + pref_service->FindPreference(prefs::kTLS1Enabled); + EXPECT_FALSE(tls1_enabled_pref->IsUserModifiable()); + + EXPECT_FALSE(user_prefs->GetBoolean(prefs::kSSL3Enabled, &is_ssl3_enabled)); + EXPECT_FALSE(user_prefs->GetBoolean(prefs::kTLS1Enabled, &is_tls1_enabled)); +} |