For http://code.google.com/p/chromium/issues/detail?id=4510

Extract some UI SSL test code into new class SSLTestUtil to avoid duplication.
Point nss at root certs so test_shell can talk to mail.google.com without warnings.
Support ciphers needed to talk to testserver.py.
Load temporary testing cert needed to run unit tests.
Implement part of GetSSLInfo.
Change URL in developer error message to point to chromium.org.
Re-enable url_request_unittest.cc, which seems to have been disabled by mistake.

Later changesets will implement x509 certificates for nss,
finish GetSSLInfo support, and update chrome/browser/ssl_uitest.cc to use SSLTestUtil.

Earlier version was committed as r6063, but was rolled back.

Review URL: http://codereview.chromium.org/11249

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6233 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 144 insertions, 0 deletions

diff --git a/net/base/ssl_test_util.cc b/net/base/ssl_test_util.cc
index e69de29..199bbbd 100644
--- a/net/base/ssl_test_util.cc
+++ b/net/base/ssl_test_util.cc
@@ -0,0 +1,144 @@
+// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+#include <algorithm>
+
+#include "build/build_config.h"
+
+#if defined(OS_WIN)
+#include <windows.h>
+#include <wincrypt.h>
+#elif defined(OS_LINUX)
+
+#include <nspr.h>
+#include <nss.h>
+#include <secerr.h>
+// Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424
+// until NSS 3.12.2 comes out and we update to it.
+#define Lock FOO_NSS_Lock
+#include <ssl.h>
+#include <sslerr.h>
+#include <pk11pub.h>
+#undef Lock
+#include "base/nss_init.h"
+#endif
+
+#include "base/file_util.h"
+#include "base/logging.h"
+#include "base/path_service.h"
+
+#include "net/base/ssl_test_util.h"
+
+// static
+const wchar_t SSLTestUtil::kDocRoot[] = L"chrome/test/data";
+const char SSLTestUtil::kHostName[] = "127.0.0.1";
+const int SSLTestUtil::kOKHTTPSPort = 9443;
+
+// The issuer name of the cert that should be trusted for the test to work.
+const wchar_t SSLTestUtil::kCertIssuerName[] = L"Test CA";
+
+#if defined(OS_LINUX)
+static CERTCertificate* LoadTemporaryCert(const FilePath& filename) {
+  base::EnsureNSSInit();
+
+  std::string rawcert;
+  if (!file_util::ReadFileToString(filename.ToWStringHack(), &rawcert)) {
+    LOG(ERROR) << "Can't load certificate " << filename.ToWStringHack();
+    return NULL;
+  }
+
+  CERTCertificate *cert;
+  cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
+                                    rawcert.length());
+  if (!cert) {
+    LOG(ERROR) << "Can't convert certificate " << filename.ToWStringHack();
+    return NULL;
+  }
+
+  // TODO(port): remove this const_cast after NSS 3.12.3 is released
+  CERTCertTrust trust;
+  int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
+  if (rv != SECSuccess) {
+    LOG(ERROR) << "Can't decode trust string";
+    CERT_DestroyCertificate(cert);
+    return NULL;
+  }
+
+  rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
+  if (rv != SECSuccess) {
+    LOG(ERROR) << "Can't change trust for certificate " << filename.ToWStringHack();
+    CERT_DestroyCertificate(cert);
+    return NULL;
+  }
+
+  LOG(INFO) << "Loaded temporary certificate " << filename.ToWStringHack();
+  return cert;
+}
+#endif
+
+SSLTestUtil::SSLTestUtil() {
+  PathService::Get(base::DIR_SOURCE_ROOT, &cert_dir_);
+  cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("chrome"));
+  cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("test"));
+  cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("data"));
+  cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("ssl"));
+  cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("certificates"));
+
+#if defined(OS_LINUX)
+  cert_ = reinterpret_cast<PrivateCERTCertificate*>(
+            LoadTemporaryCert(GetRootCertPath()));
+  if (!cert_)
+    NOTREACHED();
+#endif
+}
+
+SSLTestUtil::~SSLTestUtil() {
+#if defined(OS_LINUX)
+  if (cert_)
+    CERT_DestroyCertificate(reinterpret_cast<CERTCertificate*>(cert_));
+#endif
+}
+
+FilePath SSLTestUtil::GetRootCertPath() {
+  FilePath path(cert_dir_);
+  path = path.Append(FILE_PATH_LITERAL("root_ca_cert.crt"));
+  return path;
+}
+
+FilePath SSLTestUtil::GetOKCertPath() {
+  FilePath path(cert_dir_);
+  path = path.Append(FILE_PATH_LITERAL("ok_cert.pem"));
+  return path;
+}
+
+bool SSLTestUtil::CheckCATrusted() {
+// TODO(port): Port either this or LoadTemporaryCert to MacOSX.
+#if defined(OS_WIN)
+  HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT");
+  if (!cert_store) {
+    LOG(ERROR) << " could not open trusted root CA store";
+    return false;
+  }
+  PCCERT_CONTEXT cert =
+      CertFindCertificateInStore(cert_store,
+                                   X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                                   0,
+                                   CERT_FIND_ISSUER_STR,
+                                   kCertIssuerName,
+                                   NULL);
+  if (cert)
+    CertFreeCertificateContext(cert);
+  CertCloseStore(cert_store, 0);
+
+  if (!cert) {
+    LOG(ERROR) << " TEST CONFIGURATION ERROR: you need to import the test ca "
+      "certificate to your trusted roots for this test to work. For more "
+      "info visit:\n"
+      "http://dev.chromium.org/developers/testing\n";
+	return false;
+  }
+#endif
+  return true;
+}