Add a preference and command-line option to disable SSL/TLS cipher suites

R=battre
BUG=58831
TEST=unit_tests --gtest_filter=CommandLinePrefStoreTest.DisableSSLCipherSuites:SSLConfigServiceManagerPrefTest.*

Review URL: http://codereview.chromium.org/7462008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93778 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 76 insertions, 0 deletions

diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index c163edd..4275cc6 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -28,6 +28,7 @@
 #include "chrome/browser/metrics/metrics_log.h"
 #include "chrome/browser/metrics/metrics_service.h"
 #include "chrome/browser/net/net_pref_observer.h"
+#include "chrome/browser/net/ssl_config_service_manager.h"
 #include "chrome/browser/net/predictor_api.h"
 #include "chrome/browser/net/pref_proxy_config_service.h"
 #include "chrome/browser/net/ssl_config_service_manager.h"
diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc
index a475c45..021be74 100644
--- a/chrome/browser/prefs/command_line_pref_store.cc
+++ b/chrome/browser/prefs/command_line_pref_store.cc
@@ -5,6 +5,7 @@
 #include "chrome/browser/prefs/command_line_pref_store.h"
 
 #include "base/logging.h"
+#include "base/string_split.h"
 #include "base/values.h"
 #include "chrome/browser/prefs/proxy_config_dictionary.h"
 #include "chrome/common/chrome_switches.h"
@@ -48,6 +49,7 @@ CommandLinePrefStore::CommandLinePrefStore(const CommandLine* command_line)
   ApplySimpleSwitches();
   ApplyProxyMode();
   ValidateProxySwitches();
+  ApplySSLSwitches();
 }
 
 CommandLinePrefStore::~CommandLinePrefStore() {}
@@ -106,3 +108,18 @@ void CommandLinePrefStore::ApplyProxyMode() {
                                                        bypass_list));
   }
 }
+
+void CommandLinePrefStore::ApplySSLSwitches() {
+  if (command_line_->HasSwitch(switches::kCipherSuiteBlacklist)) {
+    std::string cipher_suites =
+        command_line_->GetSwitchValueASCII(switches::kCipherSuiteBlacklist);
+    std::vector<std::string> cipher_strings;
+    base::SplitString(cipher_suites, ',', &cipher_strings);
+    base::ListValue* list_value = new base::ListValue();
+    for (std::vector<std::string>::const_iterator it = cipher_strings.begin();
+         it != cipher_strings.end(); ++it) {
+      list_value->Append(base::Value::CreateStringValue(*it));
+    }
+    SetValue(prefs::kCipherSuiteBlacklist, list_value);
+  }
+}
diff --git a/chrome/browser/prefs/command_line_pref_store.h b/chrome/browser/prefs/command_line_pref_store.h
index 7bc3cc8..5555b18 100644
--- a/chrome/browser/prefs/command_line_pref_store.h
+++ b/chrome/browser/prefs/command_line_pref_store.h
@@ -46,6 +46,9 @@ class CommandLinePrefStore : public ValueMapPrefStore {
   // Determines the proxy mode preference from the given proxy switches.
   void ApplyProxyMode();
 
+  // Apply the SSL/TLS preferences from the given switches.
+  void ApplySSLSwitches();
+
   // Weak reference.
   const CommandLine* command_line_;
 
diff --git a/chrome/browser/prefs/command_line_pref_store_unittest.cc b/chrome/browser/prefs/command_line_pref_store_unittest.cc
index aa4eeb6..ecb81d2 100644
--- a/chrome/browser/prefs/command_line_pref_store_unittest.cc
+++ b/chrome/browser/prefs/command_line_pref_store_unittest.cc
@@ -34,6 +34,23 @@ class TestCommandLinePrefStore : public CommandLinePrefStore {
     ASSERT_TRUE(dict.GetMode(&actual_mode));
     EXPECT_EQ(expected_mode, actual_mode);
   }
+
+  void VerifySSLCipherSuites(const char* const* ciphers,
+                             size_t cipher_count) {
+    const Value* value = NULL;
+    ASSERT_EQ(PrefStore::READ_OK,
+              GetValue(prefs::kCipherSuiteBlacklist, &value));
+    ASSERT_EQ(Value::TYPE_LIST, value->GetType());
+    const ListValue* list_value = static_cast<const ListValue*>(value);
+    ASSERT_EQ(cipher_count, list_value->GetSize());
+
+    std::string cipher_string;
+    for (ListValue::const_iterator it = list_value->begin();
+         it != list_value->end(); ++it, ++ciphers) {
+      ASSERT_TRUE((*it)->GetAsString(&cipher_string));
+      EXPECT_EQ(*ciphers, cipher_string);
+    }
+  }
 };
 
 const char unknown_bool[] = "unknown_switch";
@@ -159,3 +176,41 @@ TEST(CommandLinePrefStoreTest, ManualProxyModeInference) {
         new TestCommandLinePrefStore(&cl3);
   store3->VerifyProxyMode(ProxyPrefs::MODE_DIRECT);
 }
+
+TEST(CommandLinePrefStoreTest, DisableSSLCipherSuites) {
+  CommandLine cl1(CommandLine::NO_PROGRAM);
+  cl1.AppendSwitchASCII(switches::kCipherSuiteBlacklist,
+                        "0x0004,0x0005");
+  scoped_refptr<TestCommandLinePrefStore> store1 =
+      new TestCommandLinePrefStore(&cl1);
+  const char* const expected_ciphers1[] = {
+    "0x0004",
+    "0x0005",
+  };
+  store1->VerifySSLCipherSuites(expected_ciphers1,
+                                arraysize(expected_ciphers1));
+
+  CommandLine cl2(CommandLine::NO_PROGRAM);
+  cl2.AppendSwitchASCII(switches::kCipherSuiteBlacklist,
+                        "0x0004, WHITESPACE_IGNORED TEST , 0x0005");
+  scoped_refptr<TestCommandLinePrefStore> store2 =
+      new TestCommandLinePrefStore(&cl2);
+  const char* const expected_ciphers2[] = {
+    "0x0004",
+    "WHITESPACE_IGNORED TEST",
+    "0x0005",
+  };
+  store2->VerifySSLCipherSuites(expected_ciphers2,
+                                arraysize(expected_ciphers2));
+
+  CommandLine cl3(CommandLine::NO_PROGRAM);
+  cl3.AppendSwitchASCII(switches::kCipherSuiteBlacklist,
+                        "0x0004;MOAR;0x0005");
+  scoped_refptr<TestCommandLinePrefStore> store3 =
+      new TestCommandLinePrefStore(&cl3);
+  const char* const expected_ciphers3[] = {
+    "0x0004;MOAR;0x0005"
+  };
+  store3->VerifySSLCipherSuites(expected_ciphers3,
+                                arraysize(expected_ciphers3));
+}