Implement LoadTemporaryRoot for Windows

net/base/x509_certificate_unittest.cc

-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
 #include "base/pickle.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cert_test_util.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_certificate_data.h"
+#include "net/base/test_root_certs.h"
 #include "net/base/x509_certificate.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 // Unit tests aren't allowed to access external resources. Unfortunately, to
 // properly verify the EV-ness of a cert, we need to check for its revocation
 // through online servers. If you're manually running unit tests, feel free to
 // turn this on to test EV certs. But leave it turned off for the automated
 // testing.
 #define ALLOW_EXTERNAL_ACCESS 0
 
@@ skipping 130 matching lines @@
   { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO,
     { google_parse_fingerprint,
       thawte_parse_fingerprint,
       NULL, } },
   { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO,
     { google_parse_fingerprint,
       thawte_parse_fingerprint,
       NULL, } },
 };
 
-// Returns a FilePath object representing the src/net/data/ssl/certificates
-// directory in the source tree.
-FilePath GetTestCertsDirectory() {
-  FilePath certs_dir;
-  PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir);
-  certs_dir = certs_dir.AppendASCII("net");
-  certs_dir = certs_dir.AppendASCII("data");
-  certs_dir = certs_dir.AppendASCII("ssl");
-  certs_dir = certs_dir.AppendASCII("certificates");
-  return certs_dir;
-}
-
-// Imports a certificate file in the src/net/data/ssl/certificates directory.
-// certs_dir represents the test certificates directory.  cert_file is the
-// name of the certificate file.
-X509Certificate* ImportCertFromFile(const FilePath& certs_dir,
-                                    const std::string& cert_file) {
-  FilePath cert_path = certs_dir.AppendASCII(cert_file);
-  std::string cert_data;
-  if (!file_util::ReadFileToString(cert_path, &cert_data))
-    return NULL;
-  return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size());
-}
-
 CertificateList CreateCertificateListFromFile(
     const FilePath& certs_dir,
     const std::string& cert_file,
     int format) {
   FilePath cert_path = certs_dir.AppendASCII(cert_file);
   std::string cert_data;
   if (!file_util::ReadFileToString(cert_path, &cert_data))
     return CertificateList();
   return X509Certificate::CreateCertificateListFromBytes(cert_data.data(),
                                                          cert_data.size(),
@@ skipping 222 matching lines @@
     EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]);
 
   int flags = 0;
   CertVerifyResult verify_result;
   int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags,
                                       &verify_result);
   EXPECT_NE(OK, error);
   EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
 }
 
-#if defined(USE_NSS) || defined(USE_OPENSSL)
 // A regression test for http://crbug.com/31497.
 // This certificate will expire on 2012-04-08.
-// TODO(wtc): we can't run this test on Mac because MacTrustedCertificates
-// can hold only one additional trusted root certificate for unit tests.
-// TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert
-// isn't implemented (http//crbug.com/8470).
 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
   FilePath certs_dir = GetTestCertsDirectory();
 
   scoped_refptr<X509Certificate> server_cert =
       ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der");
   ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
 
   // The intermediate CA certificate's policyConstraints extension has a
   // requireExplicitPolicy field with SkipCerts=0.
   scoped_refptr<X509Certificate> intermediate_cert =
       ImportCertFromFile(certs_dir, "dod_ca_17_cert.der");
   ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
 
   FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der");
-  scoped_refptr<X509Certificate> root_cert =
-      LoadTemporaryRootCert(root_cert_path);
-  ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);
+  TestRootCerts* root_certs = TestRootCerts::GetInstance();
+  ASSERT_TRUE(root_certs->AddFromFile(root_cert_path));
 
   X509Certificate::OSCertHandles intermediates;
   intermediates.push_back(intermediate_cert->os_cert_handle());
   scoped_refptr<X509Certificate> cert_chain =
       X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
                                         X509Certificate::SOURCE_FROM_NETWORK,
                                         intermediates);
 
   int flags = 0;
   CertVerifyResult verify_result;
   int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result);
   EXPECT_EQ(OK, error);
   EXPECT_EQ(0, verify_result.cert_status);
+  root_certs->Clear();
 }
-#endif
 
 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle.  We
 // call X509Certificate::CreateFromHandle several times and observe whether
 // it returns a cached or new X509Certificate object.
 //
 // All the OS certificate handles in this test are actually from the same
 // source (the bytes of a lone certificate), but we pretend that some of them
 // come from the network.
 TEST(X509CertificateTest, Cache) {
   X509Certificate::OSCertHandle google_cert_handle;
@@ skipping 250 matching lines @@
 
     for (size_t j = 0; j < 20; ++j)
       EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]);
   }
 }
 
 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest,
                         testing::ValuesIn(FormatTestData));
 
 }  // namespace net