Implement LoadTemporaryRoot for Windows

net/base/cert_test_util.cc

Index: net/base/cert_test_util.cc
diff --git a/net/base/cert_test_util.cc b/net/base/cert_test_util.cc
index d5c678e593a0eafd9c060b04ac91532be3afd866..fb0c0f8355b604ed3056cac71e09deb27beee4da 100644
--- a/net/base/cert_test_util.cc
+++ b/net/base/cert_test_util.cc
@@ -4,153 +4,37 @@
 
 #include "net/base/cert_test_util.h"
 
-#include "build/build_config.h"
-
-#if defined(USE_OPENSSL)
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
-#include "base/openssl_util.h"
-#elif defined(USE_NSS)
-#include <cert.h>
-#include "base/nss_util.h"
-#elif defined(OS_MACOSX)
-#include <Security/Security.h>
-#include "base/mac/scoped_cftyperef.h"
-#endif
-
+#include "base/file_path.h"
 #include "base/file_util.h"
-#include "base/logging.h"
 #include "base/path_service.h"
 #include "net/base/x509_certificate.h"
 
 namespace net {
 
-#if defined(USE_OPENSSL)
-X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) {
-  if (!X509_STORE_add_cert(X509Certificate::cert_store(), x509_cert)) {
-    unsigned long error_code = ERR_get_error();
-    if (ERR_GET_LIB(error_code) != ERR_LIB_X509 ||
-        ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
-      base::ClearOpenSSLERRStack();
-      return NULL;
-    }
-  }
-  return X509Certificate::CreateFromHandle(
-      x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,
-      X509Certificate::OSCertHandles());
-}
-
-X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
-  base::EnsureOpenSSLInit();
-
-  std::string rawcert;
-  if (!file_util::ReadFileToString(filename, &rawcert)) {
-    LOG(ERROR) << "Can't load certificate " << filename.value();
-    return NULL;
-  }
-
-  base::ScopedOpenSSL<BIO, BIO_free_all> cert_bio(
-      BIO_new_mem_buf(const_cast<char*>(rawcert.c_str()),
-                      rawcert.length()));
-  if (!cert_bio.get()) {
-    LOG(ERROR) << "Can't create read-only BIO " << filename.value();
-    return NULL;
-  }
-
-  base::ScopedOpenSSL<X509, X509_free> pem_cert(PEM_read_bio_X509(
-      cert_bio.get(), NULL, NULL, NULL));
-  if (pem_cert.get())
-    return AddTemporaryRootCertToStore(pem_cert.get());
-
-  // File does not contain PEM data, let's try DER.
-  const unsigned char* der_data =
-      reinterpret_cast<const unsigned char*>(rawcert.c_str());
-  int der_length = rawcert.length();
-  base::ScopedOpenSSL<X509, X509_free> der_cert(d2i_X509(
-      NULL, &der_data, der_length));
-  if (der_cert.get())
-    return AddTemporaryRootCertToStore(der_cert.get());
-
-  LOG(ERROR) << "Can't parse certificate " << filename.value();
-  return NULL;
+FilePath GetTestCertsDirectory() {
+  FilePath certs_dir;
+  PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir);
+  certs_dir = certs_dir.AppendASCII("net");
+  certs_dir = certs_dir.AppendASCII("data");
+  certs_dir = certs_dir.AppendASCII("ssl");
+  certs_dir = certs_dir.AppendASCII("certificates");
+  return certs_dir;
 }
-#elif defined(USE_NSS)
-X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
-  base::EnsureNSSInit();
 
-  std::string rawcert;
-  if (!file_util::ReadFileToString(filename, &rawcert)) {
-    LOG(ERROR) << "Can't load certificate " << filename.value();
+scoped_refptr<X509Certificate> ImportCertFromFile(
+    const FilePath& certs_dir,
+    const std::string& cert_file) {
+  FilePath cert_path = certs_dir.AppendASCII(cert_file);
+  std::string cert_data;
+  if (!file_util::ReadFileToString(cert_path, &cert_data))
     return NULL;
-  }
 
-  CERTCertificate *cert;
-  cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
-                                    rawcert.length());
-  if (!cert) {
-    LOG(ERROR) << "Can't convert certificate " << filename.value();
+  CertificateList certs_in_file =
+      X509Certificate::CreateCertificateListFromBytes(
+          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  if (certs_in_file.empty())
     return NULL;
-  }
-
-  // TODO(port): remove this const_cast after NSS 3.12.3 is released
-  CERTCertTrust trust;
-  int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
-  if (rv != SECSuccess) {
-    LOG(ERROR) << "Can't decode trust string";
-    CERT_DestroyCertificate(cert);
-    return NULL;
-  }
-
-  rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
-  if (rv != SECSuccess) {
-    LOG(ERROR) << "Can't change trust for certificate " << filename.value();
-    CERT_DestroyCertificate(cert);
-    return NULL;
-  }
-
-  X509Certificate* result = X509Certificate::CreateFromHandle(
-      cert,
-      X509Certificate::SOURCE_LONE_CERT_IMPORT,
-      X509Certificate::OSCertHandles());
-  CERT_DestroyCertificate(cert);
-  return result;
-}
-#endif
-
-#if defined(OS_MACOSX)
-X509Certificate* LoadTemporaryRootCert(const FilePath& filename) {
-  std::string rawcert;
-  if (!file_util::ReadFileToString(filename, &rawcert)) {
-    LOG(ERROR) << "Can't load certificate " << filename.value();
-    return NULL;
-  }
-
-  CFDataRef pem = CFDataCreate(kCFAllocatorDefault,
-                               reinterpret_cast<const UInt8*>(rawcert.data()),
-                               static_cast<CFIndex>(rawcert.size()));
-  if (!pem)
-    return NULL;
-  base::mac::ScopedCFTypeRef<CFDataRef> scoped_pem(pem);
-
-  SecExternalFormat input_format = kSecFormatUnknown;
-  SecExternalItemType item_type = kSecItemTypeUnknown;
-  CFArrayRef cert_array = NULL;
-  if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL,
-                            &cert_array))
-    return NULL;
-  base::mac::ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array);
-
-  if (!CFArrayGetCount(cert_array))
-    return NULL;
-
-  SecCertificateRef cert_ref = static_cast<SecCertificateRef>(
-      const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0)));
-
-  return X509Certificate::CreateFromHandle(cert_ref,
-      X509Certificate::SOURCE_LONE_CERT_IMPORT,
-      X509Certificate::OSCertHandles());
+  return certs_in_file[0];
 }
-#endif
 
 }  // namespace net