diff options
| -rw-r--r-- | net/base/ssl_config_service_mac.cc | 147 | ||||
| -rw-r--r-- | net/base/ssl_config_service_mac.h | 54 | ||||
| -rw-r--r-- | net/base/ssl_config_service_mac_unittest.cc | 154 | ||||
| -rw-r--r-- | net/base/ssl_config_service_win.cc | 142 | ||||
| -rw-r--r-- | net/base/ssl_config_service_win.h | 63 | ||||
| -rw-r--r-- | net/base/ssl_config_service_win_unittest.cc | 154 |
6 files changed, 0 insertions, 714 deletions
diff --git a/net/base/ssl_config_service_mac.cc b/net/base/ssl_config_service_mac.cc deleted file mode 100644 index e8a8ab8..0000000 --- a/net/base/ssl_config_service_mac.cc +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ssl_config_service_mac.h" - -#include <CoreFoundation/CoreFoundation.h> - -#include "base/mac/scoped_cftyperef.h" - -using base::TimeDelta; -using base::TimeTicks; - -namespace net { - -namespace { - -static const int kConfigUpdateInterval = 10; // seconds - -static const bool kSSL3EnabledDefaultValue = true; -static const bool kTLS1EnabledDefaultValue = true; - -static CFStringRef kRevocationPreferencesIdentifier = - CFSTR("com.apple.security.revocation"); -static CFStringRef kOCSPStyleKey = CFSTR("OCSPStyle"); -static CFStringRef kCRLStyleKey = CFSTR("CRLStyle"); -static CFStringRef kNoneRevocationValue = CFSTR("None"); -static CFStringRef kBestAttemptRevocationValue = CFSTR("BestAttempt"); -static CFStringRef kSSL3EnabledKey = CFSTR("org.chromium.ssl.ssl3"); -static CFStringRef kTLS1EnabledKey = CFSTR("org.chromium.ssl.tls1"); - -bool RevocationStyleIsEnabled(CFStringRef key) { - CFPropertyListRef plist_ref = CFPreferencesCopyValue(key, - kRevocationPreferencesIdentifier, kCFPreferencesCurrentUser, - kCFPreferencesAnyHost); - if (plist_ref) { - base::mac::ScopedCFTypeRef<CFPropertyListRef> scoped_plist_ref(plist_ref); - if (CFGetTypeID(plist_ref) == CFStringGetTypeID()) { - CFStringRef style = reinterpret_cast<CFStringRef>(plist_ref); - if (CFStringCompare(kNoneRevocationValue, style, - kCFCompareCaseInsensitive)) - return true; - } - } - return false; -} - -inline bool SSLVersionIsEnabled(CFStringRef key, bool default_value) { - Boolean exists_and_valid; - Boolean rv = CFPreferencesGetAppBooleanValue(key, - kCFPreferencesCurrentApplication, - &exists_and_valid); - if (!exists_and_valid) - return default_value; - return rv; -} - -} // namespace - -SSLConfigServiceMac::SSLConfigServiceMac() : ever_updated_(false) { - // We defer retrieving the settings until the first call to GetSSLConfig, to - // avoid an expensive call on the UI thread, which could affect startup time. -} - -SSLConfigServiceMac::SSLConfigServiceMac(TimeTicks now) : ever_updated_(false) { - UpdateConfig(now); -} - -void SSLConfigServiceMac::GetSSLConfig(SSLConfig* config) { - GetSSLConfigAt(config, base::TimeTicks::Now()); -} - -void SSLConfigServiceMac::GetSSLConfigAt(SSLConfig* config, TimeTicks now) { - if (!ever_updated_ || - now - config_time_ > TimeDelta::FromSeconds(kConfigUpdateInterval)) - UpdateConfig(now); - *config = config_info_; -} - -SSLConfigServiceMac::~SSLConfigServiceMac() {} - -// static -bool SSLConfigServiceMac::GetSSLConfigNow(SSLConfig* config) { - // Our own revocation checking flag is a binary value, but Mac OS X uses - // several shades of revocation checking: - // - None (i.e., disabled, the default) - // - BestAttempt - // - RequireIfPresent - // - RequireForall - // Mac OS X also breaks down revocation check for both CRLs and OCSP. We - // set our revocation flag if the system-wide settings for either OCSP - // or CRLs is anything other than None. - config->rev_checking_enabled = (RevocationStyleIsEnabled(kOCSPStyleKey) || - RevocationStyleIsEnabled(kCRLStyleKey)); - - config->ssl3_enabled = SSLVersionIsEnabled(kSSL3EnabledKey, - kSSL3EnabledDefaultValue); - config->tls1_enabled = SSLVersionIsEnabled(kTLS1EnabledKey, - kTLS1EnabledDefaultValue); - SSLConfigService::SetSSLConfigFlags(config); - - // TODO(rsleevi): http://crbug.com/58831 - Implement preferences for - // disabling cipher suites. - return true; -} - -// static -void SSLConfigServiceMac::SetSSL3Enabled(bool enabled) { - CFPreferencesSetAppValue(kSSL3EnabledKey, - enabled ? kCFBooleanTrue : kCFBooleanFalse, - kCFPreferencesCurrentApplication); - CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication); -} - -// static -void SSLConfigServiceMac::SetTLS1Enabled(bool enabled) { - CFPreferencesSetAppValue(kTLS1EnabledKey, - enabled ? kCFBooleanTrue : kCFBooleanFalse, - kCFPreferencesCurrentApplication); - CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication); -} - -// static -void SSLConfigServiceMac::SetRevCheckingEnabled(bool enabled) { - // This method is provided for use by the unit tests. These settings - // are normally changed via the Keychain Access application's preferences - // dialog. - CFPreferencesSetValue(kOCSPStyleKey, - enabled ? kBestAttemptRevocationValue : kNoneRevocationValue, - kRevocationPreferencesIdentifier, kCFPreferencesCurrentUser, - kCFPreferencesAnyHost); - CFPreferencesSetValue(kCRLStyleKey, - enabled ? kBestAttemptRevocationValue : kNoneRevocationValue, - kRevocationPreferencesIdentifier, kCFPreferencesCurrentUser, - kCFPreferencesAnyHost); -} - -void SSLConfigServiceMac::UpdateConfig(TimeTicks now) { - SSLConfig orig_config = config_info_; - GetSSLConfigNow(&config_info_); - if (ever_updated_) - ProcessConfigUpdate(orig_config, config_info_); - config_time_ = now; - ever_updated_ = true; -} - -} // namespace net diff --git a/net/base/ssl_config_service_mac.h b/net/base/ssl_config_service_mac.h deleted file mode 100644 index b550517..0000000 --- a/net/base/ssl_config_service_mac.h +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_BASE_SSL_CONFIG_SERVICE_MAC_H_ -#define NET_BASE_SSL_CONFIG_SERVICE_MAC_H_ -#pragma once - -#include "base/time.h" -#include "net/base/ssl_config_service.h" - -namespace net { - -// This class is responsible for getting and setting the SSL configuration on -// Mac OS X. -class SSLConfigServiceMac : public SSLConfigService { - public: - SSLConfigServiceMac(); - explicit SSLConfigServiceMac(base::TimeTicks now); // Used for testing. - - // Get the current SSL configuration settings. Can be called on any - // thread. - static bool GetSSLConfigNow(SSLConfig* config); - - // Setters. Can be called on any thread. - static void SetRevCheckingEnabled(bool enabled); - static void SetSSL3Enabled(bool enabled); - static void SetTLS1Enabled(bool enabled); - - // Get the (cached) SSL configuration settings that are fresh within 10 - // seconds. This is cheaper than GetSSLConfigNow and is suitable when - // we don't need the absolutely current configuration settings. This - // method is not thread-safe, so it must be called on the same thread. - virtual void GetSSLConfig(SSLConfig* config); - - // Used for testing. - void GetSSLConfigAt(SSLConfig* config, base::TimeTicks now); - - private: - virtual ~SSLConfigServiceMac(); - - void UpdateConfig(base::TimeTicks now); - - // We store the system SSL config and the time that we fetched it. - SSLConfig config_info_; - base::TimeTicks config_time_; - bool ever_updated_; - - DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceMac); -}; - -} // namespace net - -#endif // NET_BASE_SSL_CONFIG_SERVICE_MAC_H_ diff --git a/net/base/ssl_config_service_mac_unittest.cc b/net/base/ssl_config_service_mac_unittest.cc deleted file mode 100644 index a22f044..0000000 --- a/net/base/ssl_config_service_mac_unittest.cc +++ /dev/null @@ -1,154 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ssl_config_service_mac.h" -#include "testing/gtest/include/gtest/gtest.h" - -using base::TimeDelta; -using base::TimeTicks; - -namespace net { - -namespace { - -// SSLClientConfig service caches settings for 10 seconds for performance. -// So we use synthetic time values along with the 'GetSSLConfigAt' method -// to ensure that the current settings are re-read. By incrementing the time -// value by 11 seconds, we ensure fresh config settings. -const int kSSLConfigNextTimeInternal = 11; - -class SSLConfigServiceMacObserver : public SSLConfigService::Observer { - public: - SSLConfigServiceMacObserver() : change_was_observed_(false) { - } - bool change_was_observed() const { - return change_was_observed_; - } - protected: - virtual void OnSSLConfigChanged() { - change_was_observed_ = true; - } - bool change_was_observed_; -}; - -} // namespace - -TEST(SSLConfigServiceMacTest, GetNowTest) { - // Verify that the constructor sets the correct default values. - SSLConfig config; - EXPECT_TRUE(config.rev_checking_enabled); - EXPECT_TRUE(config.ssl3_enabled); - EXPECT_TRUE(config.tls1_enabled); - - bool rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); -} - -TEST(SSLConfigServiceMacTest, SetTest) { - // Save the current settings so we can restore them after the tests. - SSLConfig config_save; - bool rv = SSLConfigServiceMac::GetSSLConfigNow(&config_save); - EXPECT_TRUE(rv); - - SSLConfig config; - - // Test SetRevCheckingEnabled. - SSLConfigServiceMac::SetRevCheckingEnabled(true); - rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_TRUE(config.rev_checking_enabled); - - SSLConfigServiceMac::SetRevCheckingEnabled(false); - rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_FALSE(config.rev_checking_enabled); - - SSLConfigServiceMac::SetRevCheckingEnabled( - config_save.rev_checking_enabled); - - // Test SetSSL3Enabled. - SSLConfigServiceMac::SetSSL3Enabled(true); - rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_TRUE(config.ssl3_enabled); - - SSLConfigServiceMac::SetSSL3Enabled(false); - rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_FALSE(config.ssl3_enabled); - - SSLConfigServiceMac::SetSSL3Enabled(config_save.ssl3_enabled); - - // Test SetTLS1Enabled. - SSLConfigServiceMac::SetTLS1Enabled(true); - rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_TRUE(config.tls1_enabled); - - SSLConfigServiceMac::SetTLS1Enabled(false); - rv = SSLConfigServiceMac::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_FALSE(config.tls1_enabled); - - SSLConfigServiceMac::SetTLS1Enabled(config_save.tls1_enabled); -} - -TEST(SSLConfigServiceMacTest, GetTest) { - TimeTicks now = TimeTicks::Now(); - TimeTicks now_1 = now + TimeDelta::FromSeconds(1); - TimeTicks later = now + TimeDelta::FromSeconds(kSSLConfigNextTimeInternal); - - SSLConfig config, config_1, config_later; - scoped_refptr<SSLConfigServiceMac> config_service( - new SSLConfigServiceMac(now)); - config_service->GetSSLConfigAt(&config, now); - - // Flip rev_checking_enabled. - SSLConfigServiceMac::SetRevCheckingEnabled( - !config.rev_checking_enabled); - - config_service->GetSSLConfigAt(&config_1, now_1); - EXPECT_EQ(config.rev_checking_enabled, config_1.rev_checking_enabled); - - config_service->GetSSLConfigAt(&config_later, later); - EXPECT_EQ(!config.rev_checking_enabled, config_later.rev_checking_enabled); - - // Restore the original value. - SSLConfigServiceMac::SetRevCheckingEnabled( - config.rev_checking_enabled); -} - -TEST(SSLConfigServiceMacTest, ObserverTest) { - TimeTicks now = TimeTicks::Now(); - TimeTicks later = now + TimeDelta::FromSeconds(kSSLConfigNextTimeInternal); - - scoped_refptr<SSLConfigServiceMac> config_service( - new SSLConfigServiceMac(now)); - - // Save the current settings so we can restore them after the tests. - SSLConfig config_save; - bool rv = SSLConfigServiceMac::GetSSLConfigNow(&config_save); - EXPECT_TRUE(rv); - - SSLConfig config; - - // Add an observer. - SSLConfigServiceMacObserver observer; - config_service->AddObserver(&observer); - - // Toggle SSL3. - SSLConfigServiceMac::SetSSL3Enabled(!config_save.ssl3_enabled); - config_service->GetSSLConfigAt(&config, later); - - // Verify that the observer was notified. - EXPECT_TRUE(observer.change_was_observed()); - - // Remove the observer. - config_service->RemoveObserver(&observer); - - // Restore the original SSL3 setting. - SSLConfigServiceMac::SetSSL3Enabled(config_save.ssl3_enabled); -} - -} // namespace net diff --git a/net/base/ssl_config_service_win.cc b/net/base/ssl_config_service_win.cc deleted file mode 100644 index cc81801..0000000 --- a/net/base/ssl_config_service_win.cc +++ /dev/null @@ -1,142 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ssl_config_service_win.h" - -#include "base/threading/thread_restrictions.h" -#include "base/win/registry.h" - -using base::TimeDelta; -using base::TimeTicks; -using base::win::RegKey; - -namespace net { - -static const int kConfigUpdateInterval = 10; // seconds - -static const wchar_t kInternetSettingsSubKeyName[] = - L"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"; - -static const wchar_t kRevocationValueName[] = L"CertificateRevocation"; - -static const wchar_t kProtocolsValueName[] = L"SecureProtocols"; - -// In SecureProtocols, each SSL version is represented by a bit: -// SSL 2.0: 0x08 -// SSL 3.0: 0x20 -// TLS 1.0: 0x80 -// The bits are OR'ed to form the DWORD value. So 0xa0 means SSL 3.0 and -// TLS 1.0. -enum { - SSL3 = 0x20, - TLS1 = 0x80 -}; - -// If CertificateRevocation or SecureProtocols is missing, IE uses a default -// value. Unfortunately the default is IE version specific. We use WinHTTP's -// default. -enum { - REVOCATION_DEFAULT = 0, - PROTOCOLS_DEFAULT = SSL3 | TLS1 -}; - -SSLConfigServiceWin::SSLConfigServiceWin() : ever_updated_(false) { - // We defer retrieving the settings until the first call to GetSSLConfig, to - // avoid an expensive call on the UI thread, which could affect startup time. -} - -SSLConfigServiceWin::SSLConfigServiceWin(TimeTicks now) : ever_updated_(false) { - UpdateConfig(now); -} - -void SSLConfigServiceWin::GetSSLConfigAt(SSLConfig* config, TimeTicks now) { - if (!ever_updated_ || - now - config_time_ > TimeDelta::FromSeconds(kConfigUpdateInterval)) - UpdateConfig(now); - *config = config_info_; -} - -// static -bool SSLConfigServiceWin::GetSSLConfigNow(SSLConfig* config) { - // This registry access goes to disk and will slow down the IO thread. - // http://crbug.com/61455 - base::ThreadRestrictions::ScopedAllowIO allow_io; - RegKey internet_settings; - if (internet_settings.Open(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, - KEY_READ) != ERROR_SUCCESS) - return false; - - DWORD revocation = REVOCATION_DEFAULT; - internet_settings.ReadValueDW(kRevocationValueName, &revocation); - - DWORD protocols = PROTOCOLS_DEFAULT; - internet_settings.ReadValueDW(kProtocolsValueName, &protocols); - - config->rev_checking_enabled = (revocation != 0); - config->ssl3_enabled = ((protocols & SSL3) != 0); - config->tls1_enabled = ((protocols & TLS1) != 0); - SSLConfigService::SetSSLConfigFlags(config); - - // TODO(rsleevi): Possibly respect the registry keys defined in - // http://support.microsoft.com/kb/245030 (pre-Vista) or - // http://msdn.microsoft.com/en-us/library/bb870930(VS.85).aspx (post-Vista). - // Currently, these values are respected implicitly when using - // SSLClientSocketWin, but they do not propagate to SSLClientSocketNSS - // because we're not currently translating the keys. - - return true; -} - -// static -void SSLConfigServiceWin::SetRevCheckingEnabled(bool enabled) { - // This registry access goes to disk and will slow down the IO thread. - // http://crbug.com/61455 - base::ThreadRestrictions::ScopedAllowIO allow_io; - DWORD value = enabled; - RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, - KEY_WRITE); - internet_settings.WriteValue(kRevocationValueName, value); - // TODO(mattm): We should call UpdateConfig after updating settings, but these - // methods are static. -} - -// static -void SSLConfigServiceWin::SetSSL3Enabled(bool enabled) { - SetSSLVersionEnabled(SSL3, enabled); -} - -// static -void SSLConfigServiceWin::SetTLS1Enabled(bool enabled) { - SetSSLVersionEnabled(TLS1, enabled); -} - -// static -void SSLConfigServiceWin::SetSSLVersionEnabled(int version, bool enabled) { - // This registry access goes to disk and will slow down the IO thread. - // http://crbug.com/61455 - base::ThreadRestrictions::ScopedAllowIO allow_io; - RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, - KEY_READ | KEY_WRITE); - DWORD value = PROTOCOLS_DEFAULT; - internet_settings.ReadValueDW(kProtocolsValueName, &value); - - if (enabled) - value |= version; - else - value &= ~version; - internet_settings.WriteValue(kProtocolsValueName, value); - // TODO(mattm): We should call UpdateConfig after updating settings, but these - // methods are static. -} - -void SSLConfigServiceWin::UpdateConfig(TimeTicks now) { - SSLConfig orig_config = config_info_; - GetSSLConfigNow(&config_info_); - if (ever_updated_) - ProcessConfigUpdate(orig_config, config_info_); - config_time_ = now; - ever_updated_ = true; -} - -} // namespace net diff --git a/net/base/ssl_config_service_win.h b/net/base/ssl_config_service_win.h deleted file mode 100644 index 6d5b29f..0000000 --- a/net/base/ssl_config_service_win.h +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_BASE_SSL_CONFIG_SERVICE_WIN_H_ -#define NET_BASE_SSL_CONFIG_SERVICE_WIN_H_ -#pragma once - -#include "base/time.h" -#include "net/base/ssl_config_service.h" - -namespace net { - -// This class is responsible for getting and setting the SSL configuration on -// Windows. -// -// We think the SSL configuration settings should apply to all applications -// used by the user. We consider IE's Internet Options as the de facto -// system-wide network configuration settings, so we just use the values -// from IE's Internet Settings registry key. -class SSLConfigServiceWin : public SSLConfigService { - public: - SSLConfigServiceWin(); - explicit SSLConfigServiceWin(base::TimeTicks now); // Used for testing. - - // Get the current SSL configuration settings. Can be called on any - // thread. - static bool GetSSLConfigNow(SSLConfig* config); - - // Setters. Can be called on any thread. - static void SetRevCheckingEnabled(bool enabled); - static void SetSSL3Enabled(bool enabled); - static void SetTLS1Enabled(bool enabled); - - // Get the (cached) SSL configuration settings that are fresh within 10 - // seconds. This is cheaper than GetSSLConfigNow and is suitable when - // we don't need the absolutely current configuration settings. This - // method is not thread-safe, so it must be called on the same thread. - void GetSSLConfig(SSLConfig* config) { - GetSSLConfigAt(config, base::TimeTicks::Now()); - } - - // Used for testing. - void GetSSLConfigAt(SSLConfig* config, base::TimeTicks now); - - private: - virtual ~SSLConfigServiceWin() {} - - static void SetSSLVersionEnabled(int version, bool enabled); - - void UpdateConfig(base::TimeTicks now); - - // We store the IE SSL config and the time that we fetched it. - SSLConfig config_info_; - base::TimeTicks config_time_; - bool ever_updated_; - - DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceWin); -}; - -} // namespace net - -#endif // NET_BASE_SSL_CONFIG_SERVICE_WIN_H_ diff --git a/net/base/ssl_config_service_win_unittest.cc b/net/base/ssl_config_service_win_unittest.cc deleted file mode 100644 index 1959be7..0000000 --- a/net/base/ssl_config_service_win_unittest.cc +++ /dev/null @@ -1,154 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ssl_config_service_win.h" -#include "testing/gtest/include/gtest/gtest.h" - -using base::TimeDelta; -using base::TimeTicks; - -namespace net { - -namespace { - -// SSLClientConfig service caches settings for 10 seconds for performance. -// So we use synthetic time values along with the 'GetSSLConfigAt' method -// to ensure that the current settings are re-read. By incrementing the time -// value by 11 seconds, we ensure fresh config settings. -const int kSSLConfigNextTimeInternal = 11; - -class SSLConfigServiceWinObserver : public SSLConfigService::Observer { - public: - SSLConfigServiceWinObserver() : change_was_observed_(false) { - } - bool change_was_observed() const { - return change_was_observed_; - } - protected: - virtual void OnSSLConfigChanged() { - change_was_observed_ = true; - } - bool change_was_observed_; -}; - -} // namespace - -TEST(SSLConfigServiceWinTest, GetNowTest) { - // Verify that the constructor sets the correct default values. - SSLConfig config; - EXPECT_TRUE(config.rev_checking_enabled); - EXPECT_TRUE(config.ssl3_enabled); - EXPECT_TRUE(config.tls1_enabled); - - bool rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); -} - -TEST(SSLConfigServiceWinTest, SetTest) { - // Save the current settings so we can restore them after the tests. - SSLConfig config_save; - bool rv = SSLConfigServiceWin::GetSSLConfigNow(&config_save); - EXPECT_TRUE(rv); - - SSLConfig config; - - // Test SetRevCheckingEnabled. - SSLConfigServiceWin::SetRevCheckingEnabled(true); - rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_TRUE(config.rev_checking_enabled); - - SSLConfigServiceWin::SetRevCheckingEnabled(false); - rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_FALSE(config.rev_checking_enabled); - - SSLConfigServiceWin::SetRevCheckingEnabled( - config_save.rev_checking_enabled); - - // Test SetSSL3Enabled. - SSLConfigServiceWin::SetSSL3Enabled(true); - rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_TRUE(config.ssl3_enabled); - - SSLConfigServiceWin::SetSSL3Enabled(false); - rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_FALSE(config.ssl3_enabled); - - SSLConfigServiceWin::SetSSL3Enabled(config_save.ssl3_enabled); - - // Test SetTLS1Enabled. - SSLConfigServiceWin::SetTLS1Enabled(true); - rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_TRUE(config.tls1_enabled); - - SSLConfigServiceWin::SetTLS1Enabled(false); - rv = SSLConfigServiceWin::GetSSLConfigNow(&config); - EXPECT_TRUE(rv); - EXPECT_FALSE(config.tls1_enabled); - - SSLConfigServiceWin::SetTLS1Enabled(config_save.tls1_enabled); -} - -TEST(SSLConfigServiceWinTest, GetTest) { - TimeTicks now = TimeTicks::Now(); - TimeTicks now_1 = now + TimeDelta::FromSeconds(1); - TimeTicks later = now + TimeDelta::FromSeconds(kSSLConfigNextTimeInternal); - - SSLConfig config, config_1, config_later; - scoped_refptr<SSLConfigServiceWin> config_service( - new SSLConfigServiceWin(now)); - config_service->GetSSLConfigAt(&config, now); - - // Flip rev_checking_enabled. - SSLConfigServiceWin::SetRevCheckingEnabled( - !config.rev_checking_enabled); - - config_service->GetSSLConfigAt(&config_1, now_1); - EXPECT_EQ(config.rev_checking_enabled, config_1.rev_checking_enabled); - - config_service->GetSSLConfigAt(&config_later, later); - EXPECT_EQ(!config.rev_checking_enabled, config_later.rev_checking_enabled); - - // Restore the original value. - SSLConfigServiceWin::SetRevCheckingEnabled( - config.rev_checking_enabled); -} - -TEST(SSLConfigServiceWinTest, ObserverTest) { - TimeTicks now = TimeTicks::Now(); - TimeTicks later = now + TimeDelta::FromSeconds(kSSLConfigNextTimeInternal); - - scoped_refptr<SSLConfigServiceWin> config_service( - new SSLConfigServiceWin(now)); - - // Save the current settings so we can restore them after the tests. - SSLConfig config_save; - bool rv = SSLConfigServiceWin::GetSSLConfigNow(&config_save); - EXPECT_TRUE(rv); - - SSLConfig config; - - // Add an observer. - SSLConfigServiceWinObserver observer; - config_service->AddObserver(&observer); - - // Toggle SSL3. - SSLConfigServiceWin::SetSSL3Enabled(!config_save.ssl3_enabled); - config_service->GetSSLConfigAt(&config, later); - - // Verify that the observer was notified. - EXPECT_TRUE(observer.change_was_observed()); - - // Remove the observer. - config_service->RemoveObserver(&observer); - - // Restore the original SSL3 setting. - SSLConfigServiceWin::SetSSL3Enabled(config_save.ssl3_enabled); -} - -} // namespace net |