Allow browser tests to use a MockCertVerifier

chrome/browser/profiles/profile_io_data.cc

Index: chrome/browser/profiles/profile_io_data.cc
diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
index a1493878f535560da8cb5027c6662032084c85ec..19469a35c1e5756f2629ecac09c9238a59cd641c 100644
--- a/chrome/browser/profiles/profile_io_data.cc
+++ b/chrome/browser/profiles/profile_io_data.cc
@@ -64,6 +64,7 @@
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/resource_context.h"
 #include "net/base/keygen_handler.h"
+#include "net/cert/cert_verifier.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/http/http_transaction_factory.h"
 #include "net/http/http_util.h"
@@ -156,6 +157,8 @@ using content::ResourceContext;
 
 namespace {
 
+net::CertVerifier* g_cert_verifier_for_testing = nullptr;
+
 #if defined(DEBUG_DEVTOOLS)
 bool IsSupportedDevToolsURL(const GURL& url, base::FilePath* path) {
   std::string bundled_path_prefix(chrome::kChromeUIDevToolsBundledPath);
@@ -748,6 +751,12 @@ void ProfileIOData::InstallProtocolHandlers(
   protocol_handlers->clear();
 }
 
+// static
+void ProfileIOData::SetCertVerifierForTesting(
+    net::CertVerifier* cert_verifier) {
+  g_cert_verifier_for_testing = cert_verifier;
+}
+
 content::ResourceContext* ProfileIOData::GetResourceContext() const {
   return resource_context_.get();
 }
@@ -1094,29 +1103,34 @@ void ProfileIOData::Init(
   supervised_user_url_filter_ = profile_params_->supervised_user_url_filter;
 #endif
 
-#if defined(OS_CHROMEOS)
-  username_hash_ = profile_params_->username_hash;
-  use_system_key_slot_ = profile_params_->use_system_key_slot;
-  if (use_system_key_slot_)
-    EnableNSSSystemKeySlotForResourceContext(resource_context_.get());
-
-  crypto::ScopedPK11Slot public_slot =
-      crypto::GetPublicSlotForChromeOSUser(username_hash_);
-  // The private slot won't be ready by this point. It shouldn't be necessary
-  // for cert trust purposes anyway.
-  scoped_refptr<net::CertVerifyProc> verify_proc(
-      new chromeos::CertVerifyProcChromeOS(public_slot.Pass()));
-  if (policy_cert_verifier_) {
-    DCHECK_EQ(policy_cert_verifier_, cert_verifier_.get());
-    policy_cert_verifier_->InitializeOnIOThread(verify_proc);
+  if (g_cert_verifier_for_testing) {
+    main_request_context_->set_cert_verifier(g_cert_verifier_for_testing);
   } else {
-    cert_verifier_.reset(new net::MultiThreadedCertVerifier(verify_proc.get()));
-  }
-  main_request_context_->set_cert_verifier(cert_verifier_.get());
+#if defined(OS_CHROMEOS)
+    username_hash_ = profile_params_->username_hash;

[mmenke, 2015/08/04 21:06:22]

Should all of this be gated on whether g_cert_verifier_for_testing is true or
not?  username_hash_, at least, is exposed publicly by the ProfileIOData, as is
use_system_key_slot_ for that matter.

[estark, 2015/08/04 21:14:23]

Ah, I missed that. I guess the choice then is two #ifdef pairs or a conditional
on either side of the #ifdef. I went with the latter, but using the same
conditional on both sides to hopefully address Ryan's earlier comment about the
confusing-ness of having `if (cert_verifier)` on one side and `if
(!cert_verifier)` on the other.

+    use_system_key_slot_ = profile_params_->use_system_key_slot;
+    if (use_system_key_slot_)
+      EnableNSSSystemKeySlotForResourceContext(resource_context_.get());
+
+    crypto::ScopedPK11Slot public_slot =
+        crypto::GetPublicSlotForChromeOSUser(username_hash_);
+    // The private slot won't be ready by this point. It shouldn't be necessary
+    // for cert trust purposes anyway.
+    scoped_refptr<net::CertVerifyProc> verify_proc(
+        new chromeos::CertVerifyProcChromeOS(public_slot.Pass()));
+    if (policy_cert_verifier_) {
+      DCHECK_EQ(policy_cert_verifier_, cert_verifier_.get());
+      policy_cert_verifier_->InitializeOnIOThread(verify_proc);
+    } else {
+      cert_verifier_.reset(
+          new net::MultiThreadedCertVerifier(verify_proc.get()));
+    }
+    main_request_context_->set_cert_verifier(cert_verifier_.get());
 #else
-  main_request_context_->set_cert_verifier(
-      io_thread_globals->cert_verifier.get());
+    main_request_context_->set_cert_verifier(
+        io_thread_globals->cert_verifier.get());
 #endif
+  }
 
   // Install the New Tab Page Interceptor.
   if (profile_params_->new_tab_page_interceptor.get()) {