Move LoadTemporaryCert to the new files cert_test_util.{h,cc} and

rename it LoadTemporaryRootCert, so that it can be used by
x509_certificate_unittest.cc.

R=eroman
BUG=none
TEST=No compilation and test failures.
Review URL: http://codereview.chromium.org/997006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41794 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 135 insertions, 105 deletions

diff --git a/net/base/cert_test_util.cc b/net/base/cert_test_util.cc
new file mode 100644
index 0000000..372c256
--- /dev/null
+++ b/net/base/cert_test_util.cc
@@ -0,0 +1,99 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/cert_test_util.h"
+
+#include "build/build_config.h"
+
+#if defined(USE_NSS)
+#include <cert.h>
+#include "base/nss_util.h"
+#elif defined(OS_MACOSX)
+#include <Security/Security.h>
+#include "base/scoped_cftyperef.h"
+#endif
+
+#include "base/file_util.h"
+#include "base/logging.h"
+#include "base/path_service.h"
+#include "net/base/x509_certificate.h"
+
+namespace net {
+
+#if defined(USE_NSS)
+X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
+  base::EnsureNSSInit();
+
+  std::string rawcert;
+  if (!file_util::ReadFileToString(filename, &rawcert)) {
+    LOG(ERROR) << "Can't load certificate " << filename.value();
+    return NULL;
+  }
+
+  CERTCertificate *cert;
+  cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
+                                    rawcert.length());
+  if (!cert) {
+    LOG(ERROR) << "Can't convert certificate " << filename.value();
+    return NULL;
+  }
+
+  // TODO(port): remove this const_cast after NSS 3.12.3 is released
+  CERTCertTrust trust;
+  int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
+  if (rv != SECSuccess) {
+    LOG(ERROR) << "Can't decode trust string";
+    CERT_DestroyCertificate(cert);
+    return NULL;
+  }
+
+  rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
+  if (rv != SECSuccess) {
+    LOG(ERROR) << "Can't change trust for certificate " << filename.value();
+    CERT_DestroyCertificate(cert);
+    return NULL;
+  }
+
+  return X509Certificate::CreateFromHandle(cert,
+      X509Certificate::SOURCE_LONE_CERT_IMPORT,
+      X509Certificate::OSCertHandles());
+}
+#endif
+
+#if defined(OS_MACOSX)
+X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
+  std::string rawcert;
+  if (!file_util::ReadFileToString(filename, &rawcert)) {
+    LOG(ERROR) << "Can't load certificate " << filename.value();
+    return NULL;
+  }
+
+  CFDataRef pem = CFDataCreate(kCFAllocatorDefault,
+                               reinterpret_cast<const UInt8*>(rawcert.data()),
+                               static_cast<CFIndex>(rawcert.size()));
+  if (!pem)
+    return NULL;
+  scoped_cftyperef<CFDataRef> scoped_pem(pem);
+
+  SecExternalFormat input_format = kSecFormatUnknown;
+  SecExternalItemType item_type = kSecItemTypeUnknown;
+  CFArrayRef cert_array = NULL;
+  if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL,
+                            &cert_array))
+    return NULL;
+  scoped_cftyperef<CFArrayRef> scoped_cert_array(cert_array);
+
+  if (!CFArrayGetCount(cert_array))
+    return NULL;
+
+  SecCertificateRef cert_ref = static_cast<SecCertificateRef>(
+      const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0)));
+  CFRetain(cert_ref);
+  return X509Certificate::CreateFromHandle(cert_ref,
+      X509Certificate::SOURCE_LONE_CERT_IMPORT,
+      X509Certificate::OSCertHandles());
+}
+#endif
+
+}  // namespace net
diff --git a/net/base/cert_test_util.h b/net/base/cert_test_util.h
new file mode 100644
index 0000000..a288774
--- /dev/null
+++ b/net/base/cert_test_util.h
@@ -0,0 +1,23 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_CERT_TEST_UTIL_H_
+#define NET_BASE_CERT_TEST_UTIL_H_
+
+#include "base/file_path.h"
+#include "build/build_config.h"
+
+namespace net {
+
+class X509Certificate;
+
+#if defined(USE_NSS) || defined(OS_MACOSX)
+// Loads and trusts a root CA certificate (stored in a file) temporarily.
+// TODO(wtc): Implement this function on Windows (http://crbug.com/8470).
+X509Certificate* LoadTemporaryRootCert(const FilePath& filename);
+#endif
+
+}  // namespace net
+
+#endif  // NET_BASE_CERT_TEST_UTIL_H_
diff --git a/net/net.gyp b/net/net.gyp
index ce7ffed..04e6470 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -32,6 +32,8 @@
         'base/cert_database_win.cc',
         'base/cert_status_flags.cc',
         'base/cert_status_flags.h',
+        'base/cert_test_util.cc',
+        'base/cert_test_util.h',
         'base/cert_verifier.cc',
         'base/cert_verifier.h',
         'base/cert_verify_result.h',
diff --git a/net/socket/ssl_test_util.cc b/net/socket/ssl_test_util.cc
index e02c71f..c3fe625ea 100644
--- a/net/socket/ssl_test_util.cc
+++ b/net/socket/ssl_test_util.cc
@@ -13,17 +13,7 @@
 #if defined(OS_WIN)
 #include <windows.h>
 #include <wincrypt.h>
-#elif defined(USE_NSS)
-#include <nspr.h>
-#include <nss.h>
-#include <secerr.h>
-#include <ssl.h>
-#include <sslerr.h>
-#include <pk11pub.h>
-#include "base/nss_util.h"
 #elif defined(OS_MACOSX)
-#include <Security/Security.h>
-#include "base/scoped_cftyperef.h"
 #include "net/base/x509_certificate.h"
 #endif
 
@@ -31,6 +21,7 @@
 #include "base/logging.h"
 #include "base/path_service.h"
 #include "base/utf_string_conversions.h"
+#include "net/base/cert_test_util.h"
 #include "net/base/host_resolver.h"
 #include "net/base/net_test_constants.h"
 #include "net/base/test_completion_callback.h"
@@ -42,83 +33,6 @@
 #pragma comment(lib, "crypt32.lib")
 #endif
 
-namespace {
-
-#if defined(USE_NSS)
-static CERTCertificate* LoadTemporaryCert(const FilePath& filename) {
-  base::EnsureNSSInit();
-
-  std::string rawcert;
-  if (!file_util::ReadFileToString(filename, &rawcert)) {
-    LOG(ERROR) << "Can't load certificate " << filename.value();
-    return NULL;
-  }
-
-  CERTCertificate *cert;
-  cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
-                                    rawcert.length());
-  if (!cert) {
-    LOG(ERROR) << "Can't convert certificate " << filename.value();
-    return NULL;
-  }
-
-  // TODO(port): remove this const_cast after NSS 3.12.3 is released
-  CERTCertTrust trust;
-  int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
-  if (rv != SECSuccess) {
-    LOG(ERROR) << "Can't decode trust string";
-    CERT_DestroyCertificate(cert);
-    return NULL;
-  }
-
-  rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
-  if (rv != SECSuccess) {
-    LOG(ERROR) << "Can't change trust for certificate " << filename.value();
-    CERT_DestroyCertificate(cert);
-    return NULL;
-  }
-
-  return cert;
-}
-#endif
-
-#if defined(OS_MACOSX)
-static net::X509Certificate* LoadTemporaryCert(const FilePath& filename) {
-  std::string rawcert;
-  if (!file_util::ReadFileToString(filename, &rawcert)) {
-    LOG(ERROR) << "Can't load certificate " << filename.value();
-    return NULL;
-  }
-
-  CFDataRef pem = CFDataCreate(kCFAllocatorDefault,
-                               reinterpret_cast<const UInt8*>(rawcert.data()),
-                               static_cast<CFIndex>(rawcert.size()));
-  if (!pem)
-    return NULL;
-  scoped_cftyperef<CFDataRef> scoped_pem(pem);
-
-  SecExternalFormat input_format = kSecFormatUnknown;
-  SecExternalItemType item_type = kSecItemTypeUnknown;
-  CFArrayRef cert_array = NULL;
-  if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL,
-                            &cert_array))
-    return NULL;
-  scoped_cftyperef<CFArrayRef> scoped_cert_array(cert_array);
-
-  if (!CFArrayGetCount(cert_array))
-    return NULL;
-
-  SecCertificateRef cert_ref = static_cast<SecCertificateRef>(
-      const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0)));
-  CFRetain(cert_ref);
-  return net::X509Certificate::CreateFromHandle(cert_ref,
-      net::X509Certificate::SOURCE_LONE_CERT_IMPORT,
-      net::X509Certificate::OSCertHandles());
-}
-#endif
-
-}  // namespace
-
 namespace net {
 
 #if defined(OS_MACOSX)
@@ -139,9 +53,6 @@ TestServerLauncher::TestServerLauncher() : process_handle_(
     forking_(false),
     connection_attempts_(kDefaultTestConnectionAttempts),
     connection_timeout_(kDefaultTestConnectionTimeout)
-#if defined(USE_NSS)
-, cert_(NULL)
-#endif
 {
   InitCertPath();
 }
@@ -152,9 +63,6 @@ TestServerLauncher::TestServerLauncher(int connection_attempts,
                           forking_(false),
                           connection_attempts_(connection_attempts),
                           connection_timeout_(connection_timeout)
-#if defined(USE_NSS)
-, cert_(NULL)
-#endif
 {
   InitCertPath();
 }
@@ -174,7 +82,7 @@ void AppendToPythonPath(const FilePath& dir) {
 
 #if defined(OS_WIN)
   const wchar_t kPythonPath[] = L"PYTHONPATH";
-  // FIXME(dkegel): handle longer PYTHONPATH variables
+  // TODO(dkegel): handle longer PYTHONPATH variables
   wchar_t oldpath[4096];
   if (GetEnvironmentVariable(kPythonPath, oldpath, arraysize(oldpath)) == 0) {
     SetEnvironmentVariableW(kPythonPath, dir.value().c_str());
@@ -359,10 +267,7 @@ bool TestServerLauncher::Stop() {
 }
 
 TestServerLauncher::~TestServerLauncher() {
-#if defined(USE_NSS)
-  if (cert_)
-    CERT_DestroyCertificate(reinterpret_cast<CERTCertificate*>(cert_));
-#elif defined(OS_MACOSX)
+#if defined(OS_MACOSX)
   SetMacTestCertificate(NULL);
 #endif
   Stop();
@@ -395,13 +300,12 @@ bool TestServerLauncher::LoadTestRootCert() {
 
   // This currently leaks a little memory.
   // TODO(dkegel): fix the leak and remove the entry in
-  // tools/valgrind/suppressions.txt
-  cert_ = reinterpret_cast<PrivateCERTCertificate*>(
-          LoadTemporaryCert(GetRootCertPath()));
+  // tools/valgrind/memcheck/suppressions.txt
+  cert_ = LoadTemporaryRootCert(GetRootCertPath());
   DCHECK(cert_);
   return (cert_ != NULL);
 #elif defined(OS_MACOSX)
-  X509Certificate* cert = LoadTemporaryCert(GetRootCertPath());
+  X509Certificate* cert = LoadTemporaryRootCert(GetRootCertPath());
   if (!cert)
     return false;
   SetMacTestCertificate(cert);
@@ -412,7 +316,6 @@ bool TestServerLauncher::LoadTestRootCert() {
 }
 
 bool TestServerLauncher::CheckCATrusted() {
-// TODO(port): Port either this or LoadTemporaryCert to MacOSX.
 #if defined(OS_WIN)
   HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT");
   if (!cert_store) {
diff --git a/net/socket/ssl_test_util.h b/net/socket/ssl_test_util.h
index cf24ee5..e9a6afc 100644
--- a/net/socket/ssl_test_util.h
+++ b/net/socket/ssl_test_util.h
@@ -11,6 +11,10 @@
 
 #include "base/file_path.h"
 #include "base/process_util.h"
+#if defined(USE_NSS)
+#include "base/ref_counted.h"
+#include "net/base/x509_certificate.h"
+#endif
 
 // TODO(dkegel): share this between net/base and
 // chrome/browser without putting it in net.lib
@@ -118,8 +122,7 @@ class TestServerLauncher {
   int connection_timeout_;
 
 #if defined(USE_NSS)
-  struct PrivateCERTCertificate;
-  PrivateCERTCertificate *cert_;
+  scoped_refptr<X509Certificate> cert_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(TestServerLauncher);