Support restriction the TLS cipher selection in test_server.py

net/test/test_server.h

Index: net/test/test_server.h
diff --git a/net/test/test_server.h b/net/test/test_server.h
index 4e68fd938954e2e00828cb1ff7f01f40d476f3e2..2bada0b9b83a4f5834dc3a23c355912d90cd8db0 100644
--- a/net/test/test_server.h
+++ b/net/test/test_server.h
@@ -6,9 +6,10 @@
 #define NET_TEST_TEST_SERVER_H_
 #pragma once
 
-#include "build/build_config.h"
-
 #include <string>
+#include <vector>
+
+#include "build/build_config.h"
 
 #include "base/compiler_specific.h"
 #include "base/file_path.h"
@@ -25,6 +26,7 @@
 #include "net/base/x509_certificate.h"
 #endif
 
+class CommandLine;
 class GURL;
 
 namespace net {
@@ -39,12 +41,70 @@ class TestServer {
     TYPE_FTP,
     TYPE_HTTP,
     TYPE_HTTPS,
-    TYPE_HTTPS_CLIENT_AUTH,
-    TYPE_HTTPS_MISMATCHED_HOSTNAME,
-    TYPE_HTTPS_EXPIRED_CERTIFICATE,
+  };
+
+  // Container for various options to control how the HTTPS server is
+  // initialized.
+  struct HTTPSOptions {
+    enum ServerCertificate {
+      CERT_OK,
+      CERT_MISMATCHED_NAME,
+      CERT_EXPIRED,
+    };
+
+    // Bitmask of bulk encryption algorithms that the test server supports
+    // and that can be selectively enabled or disabled.
+    enum BulkCipher {
+      // Special value used to indicate that any algorithm the server supports
+      // is acceptable. Preferred over explicitly OR-ing all ciphers.
+      BULK_CIPHER_ANY    = 0,
+
+      BULK_CIPHER_RC4    = (1 << 0),
+      BULK_CIPHER_AES128 = (1 << 1),
+      BULK_CIPHER_AES256 = (1 << 2),
+
+      // NOTE: 3DES support in the Python test server has external
+      // dependencies and not be available on all machines. Clients may not
+      // be able to connect if only 3DES is specified.
+      BULK_CIPHER_3DES   = (1 << 3),
+    };
+
+    // Initialize a new HTTPSOptions using CERT_OK as the certificate.
+    HTTPSOptions();
+
+    // Initialize a new HTTPSOptions that will use the specified certificate.
+    explicit HTTPSOptions(ServerCertificate cert);
+    ~HTTPSOptions();
+
+    // Returns the relative filename of the file that contains the
+    // |server_certificate|.
+    FilePath GetCertificateFile() const;
+
+    // The certificate to use when serving requests.
+    ServerCertificate server_certificate;
+
+    // True if a CertificateRequest should be sent to the client during
+    // handshaking.
+    bool request_client_certificate;
+
+    // If |request_client_certificate| is true, an optional list of files,
+    // each containing a single, PEM-encoded X.509 certificates. The subject
+    // from each certificate will be added to the certificate_authorities
+    // field of the CertificateRequest.
+    std::vector<FilePath> client_authorities;
+
+    // A bitwise-OR of BulkCipher that should be used by the
+    // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
+    // ciphers are acceptable.
+    int bulk_ciphers;
   };
 
   TestServer(Type type, const FilePath& document_root);
+
+  // Initialize a HTTPS TestServer with a specific set of HTTPSOptions.
+  TestServer(const HTTPSOptions& https_options,
+             const FilePath& document_root);
+
   ~TestServer();
 
   bool Start() WARN_UNUSED_RESULT;
@@ -67,6 +127,8 @@ class TestServer {
                                  const std::string& password);
 
  private:
+  void Init(const FilePath& document_root);
+
   // Modify PYTHONPATH to contain libraries we need.
   bool SetPythonPath() WARN_UNUSED_RESULT;
 
@@ -85,9 +147,9 @@ class TestServer {
   // Load the test root cert, if it hasn't been loaded yet.
   bool LoadTestRootCert() WARN_UNUSED_RESULT;
 
-  // Returns path to the SSL certificate we should use, or empty path
-  // if not applicable.
-  FilePath GetCertificatePath();
+  // Add the command line arguments for the Python test server to
+  // |command_line|. Return true on success.
+  bool AddCommandLineArguments(CommandLine* command_line) const;
 
   // Document root of the test server.
   FilePath document_root_;
@@ -115,6 +177,9 @@ class TestServer {
   file_util::ScopedFD child_fd_closer_;
 #endif
 
+  // If |type_| is TYPE_HTTPS, the TLS settings to use for the test server.
+  HTTPSOptions https_options_;
+
 #if defined(USE_NSS)
   scoped_refptr<X509Certificate> cert_;
 #endif