Implement LoadTemporaryRoot for Windows

net/test/test_server.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/test/test_server.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "build/build_config.h"
 
 #if defined(OS_MACOSX)
 #include "net/base/x509_certificate.h"
 #endif
 
 #include "base/command_line.h"
 #include "base/debug/leak_annotations.h"
 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/path_service.h"
 #include "base/string_number_conversions.h"
 #include "base/utf_string_conversions.h"
 #include "googleurl/src/gurl.h"
-#include "net/base/cert_test_util.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/host_resolver.h"
+#include "net/base/temporary_root_certs.h"
 #include "net/base/test_completion_callback.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/test/python_utils.h"
 #include "testing/platform_test.h"
 
 namespace net {
 
 namespace {
 
 // Number of connection attempts for tests.
@@ skipping 62 matching lines @@
           TestServer::HTTPSOptions::CERT_MISMATCHED_NAME) {
     // Return a different hostname string that resolves to the same hostname.
     return "localhost";
   }
 
   return "127.0.0.1";
 }
 
 }  // namespace
 
-#if defined(OS_MACOSX)
-void SetMacTestCertificate(X509Certificate* cert);
-#endif
-
 TestServer::HTTPSOptions::HTTPSOptions()
     : server_certificate(CERT_OK),
       request_client_certificate(false),
       bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY) {}
 
 TestServer::HTTPSOptions::HTTPSOptions(
     TestServer::HTTPSOptions::ServerCertificate cert)
     : server_certificate(cert),
       request_client_certificate(false),
       bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY) {}
@@ skipping 18 matching lines @@
   Init(document_root);
 }
 
 TestServer::TestServer(const HTTPSOptions& https_options,
                        const FilePath& document_root)
     : https_options_(https_options), type_(TYPE_HTTPS) {
   Init(document_root);
 }
 
 TestServer::~TestServer() {
-#if defined(OS_MACOSX)
-  SetMacTestCertificate(NULL);
-#endif
+  TemporaryRootCerts* root_certs = TemporaryRootCerts::GetInstance();
+  root_certs->RemoveFromFile(GetRootCertificatePath());
   Stop();
 }
 
 void TestServer::Init(const FilePath& document_root) {
   host_port_pair_ = HostPortPair(GetHostname(type_, https_options_),
                                  GetPort(type_, https_options_));
   process_handle_ = base::kNullProcessHandle;
 
   FilePath src_dir;
   PathService::Get(base::DIR_SOURCE_ROOT, &src_dir);
 
   document_root_ = src_dir.Append(document_root);
 
   certificates_dir_ = src_dir.Append(FILE_PATH_LITERAL("net"))
                        .Append(FILE_PATH_LITERAL("data"))
                        .Append(FILE_PATH_LITERAL("ssl"))
                        .Append(FILE_PATH_LITERAL("certificates"));
 }
 
 bool TestServer::Start() {
   if (type_ == TYPE_HTTPS) {
     if (!LoadTestRootCert())
       return false;
-    if (!CheckCATrusted())
-      return false;
   }
 
   // Get path to python server script
   FilePath testserver_path;
   if (!PathService::Get(base::DIR_SOURCE_ROOT, &testserver_path)) {
     LOG(ERROR) << "Failed to get DIR_SOURCE_ROOT";
     return false;
   }
   testserver_path = testserver_path
       .Append(FILE_PATH_LITERAL("net"))
@@ skipping 123 matching lines @@
                      Append(FILE_PATH_LITERAL("sync_pb")));
 
   return true;
 }
 
 FilePath TestServer::GetRootCertificatePath() {
   return certificates_dir_.AppendASCII("root_ca_cert.crt");
 }
 
 bool TestServer::LoadTestRootCert() {
-#if defined(USE_NSS)
-  if (cert_)
-    return true;
-
   // TODO(dkegel): figure out how to get this to only happen once?

[bulach, 2010/11/09 16:21:09]

afaict, this is no longer necessary as TemporaryRootCerts already takes care of
being called multiple times?

-
-  // This currently leaks a little memory.
-  // TODO(dkegel): fix the leak and remove the entry in
-  // tools/valgrind/memcheck/suppressions.txt
-  ANNOTATE_SCOPED_MEMORY_LEAK;  // Tell heap checker about the leak.
-  cert_ = LoadTemporaryRootCert(GetRootCertificatePath());
-  return (cert_ != NULL);
-#elif defined(OS_MACOSX)
-  X509Certificate* cert = LoadTemporaryRootCert(GetRootCertificatePath());
-  if (!cert)
-    return false;
-  SetMacTestCertificate(cert);
-  return true;
-#else
-  return true;
-#endif
+  TemporaryRootCerts* root_certs = TemporaryRootCerts::GetInstance();
+  return root_certs->AddFromFile(GetRootCertificatePath());
 }
 
 bool TestServer::AddCommandLineArguments(CommandLine* command_line) const {
   command_line->AppendSwitchASCII("port",
                                   base::IntToString(host_port_pair_.port()));
   command_line->AppendSwitchPath("data-dir", document_root_);
 
   if (type_ == TYPE_FTP) {
     command_line->AppendArg("-f");
   } else if (type_ == TYPE_HTTPS) {
@@ skipping 30 matching lines @@
     if (https_options_.bulk_ciphers & HTTPSOptions::BULK_CIPHER_AES256)
       command_line->AppendSwitchASCII(kBulkCipherSwitch, "aes256");
     if (https_options_.bulk_ciphers & HTTPSOptions::BULK_CIPHER_3DES)
       command_line->AppendSwitchASCII(kBulkCipherSwitch, "3des");
   }
 
   return true;
 }
 
 }  // namespace net