Upstream: Build net_unittests for Android.

BUG=
TEST=


Review URL: http://codereview.chromium.org/8429034

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110902 0039d316-1c4b-4281-b951-d872f2087c98

13 files changed, 165 insertions, 94 deletions

diff --git a/net/base/dns_reloader.cc b/net/base/dns_reloader.cc
index 276d1a0..d29ae6ac 100644
--- a/net/base/dns_reloader.cc
+++ b/net/base/dns_reloader.cc
@@ -4,7 +4,8 @@
 
 #include "net/base/dns_reloader.h"
 
-#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD)
+#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) && \
+    !defined(OS_ANDROID)
 
 #include <resolv.h>
 
@@ -34,6 +35,9 @@ namespace {
 // the same trick there and most *BSD's don't yet have support for
 // FilePathWatcher (but perhaps the new kqueue mac code just needs to be
 // ported to *BSD to support that).
+//
+// Android does not have /etc/resolv.conf. The system takes care of nameserver
+// changes, so none of this is needed.
 
 class DnsReloader : public net::NetworkChangeNotifier::DNSObserver {
  public:
@@ -119,4 +123,5 @@ void DnsReloaderMaybeReload() {
 
 }  // namespace net
 
-#endif  // defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD)
+#endif  // defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) &&
+        // !defined(OS_ANDROID)
diff --git a/net/base/dnsrr_resolver.cc b/net/base/dnsrr_resolver.cc
index 1d09566..65ea8b6 100644
--- a/net/base/dnsrr_resolver.cc
+++ b/net/base/dnsrr_resolver.cc
@@ -176,7 +176,13 @@ class RRResolverWorker {
 
  private:
 
-#if defined(OS_POSIX)
+#if defined(OS_ANDROID)
+
+  void Run() {
+    NOTIMPLEMENTED();
+  }
+
+#elif defined(OS_POSIX)
 
   void Run() {
     // Runs on a worker thread.
@@ -404,9 +410,9 @@ bool RRResponse::HasExpired(const base::Time current_time) const {
   return current_time >= expiry;
 }
 
+#if defined(OS_POSIX) && !defined(OS_ANDROID)
 bool RRResponse::ParseFromResponse(const uint8* p, unsigned len,
                                    uint16 rrtype_requested) {
-#if defined(OS_POSIX)
   name.clear();
   ttl = 0;
   dnssec = false;
@@ -485,10 +491,10 @@ bool RRResponse::ParseFromResponse(const uint8* p, unsigned len,
       signatures.push_back(std::string(rrdata.data(), rrdata.size()));
     }
   }
-#endif  // defined(OS_POSIX)
 
   return true;
 }
+#endif  // defined(OS_POSIX) && !defined(OS_ANDROID)
 
 
 // An RRResolverJob is a one-to-one counterpart of an RRResolverWorker. It
diff --git a/net/base/dnsrr_resolver.h b/net/base/dnsrr_resolver.h
index b64fe86..297fc43 100644
--- a/net/base/dnsrr_resolver.h
+++ b/net/base/dnsrr_resolver.h
@@ -31,9 +31,11 @@ struct NET_EXPORT_PRIVATE RRResponse {
   // |current_time|.
   bool HasExpired(base::Time current_time) const;
 
+#if defined(OS_POSIX) && !defined(OS_ANDROID)
   // For testing only
   bool ParseFromResponse(const uint8* data, unsigned len,
                          uint16 rrtype_requested);
+#endif
 
   // name contains the canonical name of the resulting domain. If the queried
   // name was a CNAME then this can differ.
diff --git a/net/base/dnsrr_resolver_unittest.cc b/net/base/dnsrr_resolver_unittest.cc
index ed5f2c5..cc6e80b 100644
--- a/net/base/dnsrr_resolver_unittest.cc
+++ b/net/base/dnsrr_resolver_unittest.cc
@@ -119,7 +119,7 @@ TEST(DnsRRResolverTest, Resolve) {
   ASSERT_EQ(1u, resolver.inflight_joins());
 }
 
-#if defined(OS_POSIX)
+#if defined(OS_POSIX) && !defined(OS_ANDROID)
 // This is a DNS packet resulting from querying a recursive resolver for a TXT
 // record for agl._pka.imperialviolet.org. You should be able to get a
 // replacement from a packet capture should it ever be needed.
diff --git a/net/base/host_resolver_impl.cc b/net/base/host_resolver_impl.cc
index d01820b..334695c 100644
--- a/net/base/host_resolver_impl.cc
+++ b/net/base/host_resolver_impl.cc
@@ -1082,7 +1082,9 @@ HostResolverImpl::HostResolverImpl(
 #endif
   NetworkChangeNotifier::AddIPAddressObserver(this);
 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD)
+#if !defined(OS_ANDROID)
   EnsureDnsReloaderInit();
+#endif
   NetworkChangeNotifier::AddDNSObserver(this);
 #endif
 }
diff --git a/net/base/net_util_unittest.cc b/net/base/net_util_unittest.cc
index 9138f83..7fe39ed 100644
--- a/net/base/net_util_unittest.cc
+++ b/net/base/net_util_unittest.cc
@@ -1215,7 +1215,7 @@ TEST(NetUtilTest, GenerateSafeFileName) {
 }
 
 TEST(NetUtilTest, GenerateFileName) {
-#if defined(OS_POSIX) && !defined(OS_MACOSX)
+#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
   // This test doesn't run when the locale is not UTF-8 because some of the
   // string conversions fail. This is OK (we have the default value) but they
   // don't match our expectations.
diff --git a/net/base/platform_mime_util_linux.cc b/net/base/platform_mime_util_linux.cc
index 5aba0e3..564dc31 100644
--- a/net/base/platform_mime_util_linux.cc
+++ b/net/base/platform_mime_util_linux.cc
@@ -20,12 +20,18 @@ namespace net {
 #if defined(OS_ANDROID)
 bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension(
     const FilePath::StringType& ext, std::string* result) const {
+  // TODO(jingzhao): Recover the original implementation once we support JNI.
+#if 0
   return android::GetMimeTypeFromExtension(ext, result);
+#else
+  NOTIMPLEMENTED();
+  return false;
+#endif
 }
 #else
 bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension(
     const FilePath::StringType& ext, std::string* result) const {
-  // TODO(thestig) This is a temporary hack until we can fix this
+  // TODO(thestig): This is a temporary hack until we can fix this
   // properly in test shell / webkit.
   // We have to play dumb and not return application/x-perl here
   // to make the reload-subframe-object layout test happy.
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
index 8b48fc6..e1cbdb1 100644
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -25,6 +25,11 @@
 #include "net/base/net_errors.h"
 #include "net/base/x509_util_openssl.h"
 
+#if defined(OS_ANDROID)
+#include "base/logging.h"
+#include "net/android/network_library.h"
+#endif
+
 namespace net {
 
 namespace {
@@ -511,8 +516,46 @@ X509_STORE* X509Certificate::cert_store() {
   return X509InitSingleton::GetInstance()->store();
 }
 
-#if !defined(OS_ANDROID)
+#if defined(OS_ANDROID)
+int X509Certificate::VerifyInternal(const std::string& hostname,
+                                    int flags,
+                                    CRLSet* crl_set,
+                                    CertVerifyResult* verify_result) const {
+  if (!VerifyNameMatch(hostname))
+    verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
+
+  std::vector<std::string> cert_bytes;
+  GetChainDEREncodedBytes(&cert_bytes);
 
+  // TODO(joth): Fetch the authentication type from SSL rather than hardcode.
+  // TODO(jingzhao): Recover the original implementation once we support JNI.
+#if 0
+  android::VerifyResult result =
+      android::VerifyX509CertChain(cert_bytes, hostname, "RSA");
+#else
+  android::VerifyResult result = android::VERIFY_INVOCATION_ERROR;
+  NOTIMPLEMENTED();
+#endif
+  switch (result) {
+    case android::VERIFY_OK:
+      break;
+    case android::VERIFY_BAD_HOSTNAME:
+      verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
+      break;
+    case android::VERIFY_NO_TRUSTED_ROOT:
+      verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
+      break;
+    case android::VERIFY_INVOCATION_ERROR:
+    default:
+      verify_result->cert_status |= ERR_CERT_INVALID;
+      break;
+  }
+  if (IsCertStatusError(verify_result->cert_status))
+    return MapCertStatusToNetError(verify_result->cert_status);
+  return OK;
+}
+
+#else
 int X509Certificate::VerifyInternal(const std::string& hostname,
                                     int flags,
                                     CRLSet* crl_set,
@@ -564,7 +607,7 @@ int X509Certificate::VerifyInternal(const std::string& hostname,
   return OK;
 }
 
-#endif  // !defined(OS_ANDROID)
+#endif  // defined(OS_ANDROID)
 
 // static
 bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle,
@@ -619,4 +662,23 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
       der_cache.data_length);
 }
 
+#if defined(OS_ANDROID)
+void X509Certificate::GetChainDEREncodedBytes(
+    std::vector<std::string>* chain_bytes) const {
+  OSCertHandles cert_handles(intermediate_ca_certs_);
+  // Make sure the peer's own cert is the first in the chain, if it's not
+  // already there.
+  if (cert_handles.empty() || cert_handles[0] != cert_handle_)
+    cert_handles.insert(cert_handles.begin(), cert_handle_);
+
+  chain_bytes->reserve(cert_handles.size());
+  for (OSCertHandles::const_iterator it = cert_handles.begin();
+       it != cert_handles.end(); ++it) {
+    std::string cert_bytes;
+    GetDEREncoded(*it, &cert_bytes);
+    chain_bytes->push_back(cert_bytes);
+  }
+}
+#endif
+
 }  // namespace net
diff --git a/net/base/x509_certificate_openssl_android.cc b/net/base/x509_certificate_openssl_android.cc
deleted file mode 100644
index fa01c57..0000000
--- a/net/base/x509_certificate_openssl_android.cc
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/base/x509_certificate.h"
-
-#include "base/logging.h"
-#include "net/android/network_library.h"
-#include "net/base/cert_status_flags.h"
-#include "net/base/cert_verify_result.h"
-#include "net/base/net_errors.h"
-
-namespace net {
-
-int X509Certificate::VerifyInternal(const std::string& hostname,
-                                    int flags,
-                                    CRLSet* crl_set,
-                                    CertVerifyResult* verify_result) const {
-  if (!VerifyNameMatch(hostname))
-    verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
-
-  std::vector<std::string> cert_bytes;
-  GetChainDEREncodedBytes(&cert_bytes);
-
-  // TODO(joth): Fetch the authentication type from SSL rather than hardcode.
-  android::VerifyResult result =
-      android::VerifyX509CertChain(cert_bytes, hostname, "RSA");
-  switch (result) {
-    case android::VERIFY_OK:
-      return OK;
-    case android::VERIFY_BAD_HOSTNAME:
-      verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
-      break;
-    case android::VERIFY_NO_TRUSTED_ROOT:
-      verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
-      break;
-    case android::VERIFY_INVOCATION_ERROR:
-    default:
-      verify_result->cert_status |= ERR_CERT_INVALID;
-      break;
-  }
-  return MapCertStatusToNetError(verify_result->cert_status);
-}
-
-void X509Certificate::GetChainDEREncodedBytes(
-    std::vector<std::string>* chain_bytes) const {
-  OSCertHandles cert_handles(intermediate_ca_certs_);
-  // Make sure the peer's own cert is the first in the chain, if it's not
-  // already there.
-  if (cert_handles.empty())
-    cert_handles.insert(cert_handles.begin(), cert_handle_);
-
-  chain_bytes->reserve(cert_handles.size());
-  for (OSCertHandles::const_iterator it = cert_handles.begin();
-       it != cert_handles.end(); ++it) {
-    DERCache der_cache = {0};
-    GetDERAndCacheIfNeeded(*it, &der_cache);
-    std::string cert_bytes (
-        reinterpret_cast<const char*>(der_cache.data), der_cache.data_length);
-    chain_bytes->push_back(cert_bytes);
-  }
-}
-
-}  // namespace net
diff --git a/net/dns/dns_config_service_posix.cc b/net/dns/dns_config_service_posix.cc
index 3385c52..f7833bc 100644
--- a/net/dns/dns_config_service_posix.cc
+++ b/net/dns/dns_config_service_posix.cc
@@ -30,24 +30,28 @@ class DnsConfigServicePosix::ConfigReader : public SerialWorker {
       success_(false) {}
 
   void DoWork() OVERRIDE {
+    success_ = false;
+#if defined(OS_ANDROID)
+    NOTIMPLEMENTED();
+#else
 #if defined(OS_OPENBSD)
+    // Note: res_ninit in glibc always returns 0 and sets RES_INIT.
+    // res_init behaves the same way.
     if ((res_init() == 0) && (_res.options & RES_INIT)) {
       success_ = ConvertResToConfig(_res, &dns_config_);
+    }
 #else
     struct __res_state res;
     if ((res_ninit(&res) == 0) && (res.options & RES_INIT)) {
       success_ = ConvertResToConfig(res, &dns_config_);
-#endif
-    } else {
-      // Note: res_ninit in glibc always returns 0 and sets RES_INIT.
-      // res_init behaves the same way.
-      success_ = false;
     }
+#endif
 #if defined(OS_MACOSX)
     res_ndestroy(&res);
 #elif !defined(OS_OPENBSD)
     res_nclose(&res);
 #endif
+#endif  // defined(OS_ANDROID)
   }
 
   void OnWorkFinished() OVERRIDE {
@@ -84,6 +88,7 @@ DnsConfigService* DnsConfigService::CreateSystemService() {
   return new DnsConfigServicePosix();
 }
 
+#if !defined(OS_ANDROID)
 bool ConvertResToConfig(const struct __res_state& res, DnsConfig* dns_config) {
   CHECK(dns_config != NULL);
   DCHECK(res.options & RES_INIT);
@@ -136,5 +141,6 @@ bool ConvertResToConfig(const struct __res_state& res, DnsConfig* dns_config) {
 
   return true;
 }
+#endif  // !defined(OS_ANDROID)
 
 }  // namespace net
diff --git a/net/net.gyp b/net/net.gyp
index a81d467..432b558 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -8,8 +8,8 @@
 
     'linux_link_kerberos%': 0,
     'conditions': [
-      ['chromeos==1', {
-        # Disable Kerberos on ChromeOS, at least for now.
+      ['chromeos==1 or OS=="android"', {
+        # Disable Kerberos on ChromeOS and Android, at least for now.
         # It needs configuration (krb5.conf and so on).
         'use_kerberos%': 0,
       }, {  # chromeos == 0
@@ -40,6 +40,8 @@
         'ssl_false_start_blacklist_process#host',
       ],
       'sources': [
+        'android/network_library.cc',
+        'android/network_library.h',
         'base/address_family.h',
         'base/address_list.cc',
         'base/address_list.h',
@@ -185,6 +187,7 @@
         'base/nss_memio.h',
         'base/openssl_memory_private_key_store.cc',
         'base/openssl_private_key_store.h',
+        'base/openssl_private_key_store_android.cc',
         'base/origin_bound_cert_service.cc',
         'base/origin_bound_cert_service.h',
         'base/origin_bound_cert_store.h',
@@ -935,6 +938,14 @@
               # Android can shut down our app at any time, so we persist session cookies.
               'ENABLE_PERSISTENT_SESSION_COOKIES'
             ],
+            'dependencies': [
+              '../build/android/system.gyp:ssl',
+            ],
+            'sources/': [
+              # TODO(jingzhao): The below files are excluded because of the
+              # missing JNI, add them back when JNI is ready.
+              ['exclude', '^android/'],
+            ],
           }, {  # else OS! = "android"
             'defines': [
               # These are the features Android doesn't support.
@@ -951,6 +962,13 @@
           },
         ],
       ],
+      'target_conditions': [
+        ['OS == "android"', {
+          'sources/': [
+            ['include', '^base/platform_mime_util_linux\\.cc$'],
+          ],
+        }],
+      ],
     },
     {
       'target_name': 'net_unittests',
@@ -1179,7 +1197,7 @@
             ],
           },
         ],
-        [ 'os_posix == 1 and OS != "mac"', {
+        [ 'os_posix == 1 and OS != "mac" and OS != "android"', {
           'conditions': [
             ['linux_use_tcmalloc==1', {
               'dependencies': [
@@ -1245,6 +1263,15 @@
             ],
           },
         ],
+        [ 'OS == "android"', {
+            'dependencies': [
+              '../build/android/system.gyp:ssl',
+            ],
+            'sources!': [
+              'dns/dns_config_service_posix_unittest.cc',
+            ],
+          },
+        ],
       ],
     },
     {
@@ -1381,7 +1408,7 @@
             '../third_party/protobuf/protobuf.gyp:py_proto',
           ],
         }],
-        ['os_posix == 1 and OS != "mac"', {
+        ['os_posix == 1 and OS != "mac" and OS != "android"', {
           'conditions': [
             ['use_openssl==1', {
               'dependencies': [
@@ -1394,7 +1421,7 @@
             }],
           ],
         }],
-        ['os_posix == 1 and OS != "mac"', {
+        ['os_posix == 1 and OS != "mac" and OS != "android"', {
           'conditions': [
             ['linux_use_tcmalloc==1', {
               'dependencies': [
@@ -1510,7 +1537,7 @@
     },
   ],
   'conditions': [
-     ['os_posix == 1 and OS != "mac"', {
+     ['os_posix == 1 and OS != "mac" and OS != "android"', {
        'targets': [
          {
            'target_name': 'flip_in_mem_edsm_server',
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index a2e3a19..14b5790 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -786,6 +786,10 @@ int SSLClientSocketOpenSSL::DoHandshake() {
   return net_error;
 }
 
+// SelectNextProtoCallback is called by OpenSSL during the handshake. If the
+// server supports NPN, selects a protocol from the list that the server
+// provides. According to third_party/openssl/openssl/ssl/ssl_lib.c, the
+// callback can assume that |in| is syntactically valid.
 int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
                                                     unsigned char* outlen,
                                                     const unsigned char* in,
@@ -798,16 +802,31 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
     return SSL_TLSEXT_ERR_OK;
   }
 
-  int status = SSL_select_next_proto(
-      out, outlen, in, inlen,
-      reinterpret_cast<const unsigned char*>(ssl_config_.next_protos.data()),
-      ssl_config_.next_protos.size());
+  // Assume there's no overlap between our protocols and the server's list.
+  int status = OPENSSL_NPN_NO_OVERLAP;
+  *out = const_cast<unsigned char*>(in) + 1;
+  *outlen = in[0];
+
+  // For each protocol in server preference order, see if we support it.
+  for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
+    for (std::vector<std::string>::const_iterator
+             j = ssl_config_.next_protos.begin();
+         j != ssl_config_.next_protos.end(); ++j) {
+      if (in[i] == j->size() &&
+          memcmp(&in[i + 1], j->data(), in[i]) == 0) {
+        // We find a match.
+        *out = const_cast<unsigned char*>(in) + i + 1;
+        *outlen = in[i];
+        status = OPENSSL_NPN_NEGOTIATED;
+        break;
+      }
+    }
+    if (status == OPENSSL_NPN_NEGOTIATED)
+      break;
+  }
 
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   switch (status) {
-    case OPENSSL_NPN_UNSUPPORTED:
-      npn_status_ = SSLClientSocket::kNextProtoUnsupported;
-      break;
     case OPENSSL_NPN_NEGOTIATED:
       npn_status_ = SSLClientSocket::kNextProtoNegotiated;
       break;
diff --git a/net/spdy/spdy_protocol_test.cc b/net/spdy/spdy_protocol_test.cc
index e6e378f..dbc00db 100644
--- a/net/spdy/spdy_protocol_test.cc
+++ b/net/spdy/spdy_protocol_test.cc
@@ -238,7 +238,7 @@ TEST(SpdyProtocolDeathTest, TestDataFrame) {
 
   frame.set_stream_id(0);
   // TODO(mbelshe):  implement EXPECT_DEBUG_DEATH on windows.
-#ifndef WIN32
+#if !defined(WIN32) && defined(GTEST_HAS_DEATH_TEST)
 #if !defined(DCHECK_ALWAYS_ON)
   EXPECT_DEBUG_DEATH(frame.set_stream_id(~0), "");
 #else
@@ -248,7 +248,7 @@ TEST(SpdyProtocolDeathTest, TestDataFrame) {
   EXPECT_FALSE(frame.is_control_frame());
 
   frame.set_flags(0);
-#ifndef WIN32
+#if !defined(WIN32) && defined(GTEST_HAS_DEATH_TEST)
 #if !defined(DCHECK_ALWAYS_ON)
   EXPECT_DEBUG_DEATH(frame.set_length(~0), "");
 #else