Fix PEM parsing on Linux when using X509Certificate::FORMAT_AUTO

Fix PEM parsing on Linux when using X509Certificate::FORMAT_AUTO

When using X509Certificate::FORMAT_AUTO, parsing is attempted optimistically first by seeing if the data decodes as any of the supported binary formats. The NSS routine used to handle PKCS#7 data is actually a generic routine, capable of supporting multiple formats. 

When a PEM encoded certificate is decoded using PKCS#7, as is the case with FORMAT_AUTO, NSS will, upon encountering a failure to parse as PKCS#7, attempt to PEM decode the data and parse as either a certificate or a PKCS#7 structure. The problem with NSS's implementation is that it only decodes a single certificate, rather than all of the certificates in the file, preventing a full PEM chain from being read in.

The solution is to no longer optimistically try to decode the data as binary prior to trying to decode as PEM, and instead unconditionally attempt decoding as PEM-wrapped data before falling back to binary. This allows our handling routines to properly parse all of the supported PEM types, before the underlying crypto library is exposed to the data.

BUG=37142
TEST=X509CertificateParseTest.CanParseFormat

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=60023

[Ryan Sleevi, 2010-08-22 10:04:29]

David,
  
  Would you mind taking a look at this? This is a similar problem as was
encountered on http://crbug.com/49887 , where the underlying crypto library
decides to be helpful and try it's hand at PEM parsing.

  Because the various libraries each take various liberties, resulting in
inconsistent results, we have our own routines for PEM parsing. This CL ensures
that, for NSS, our routines are always treated with priority.

[davidben, 2010-08-23 22:31:35]

LGTM.

(By the way, my internship has ended. I still intend to contribute to Chromium,
but you may want to avoid sending code reviews to only me as I may not always be
able to get to them timely.)