Make all the things use cert_test_util.h.

net/base/cert_database_nss_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <cert.h>
 #include <pk11pub.h>
 
 #include <algorithm>
 
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/lazy_instance.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
 #include "base/string16.h"
 #include "base/string_util.h"
 #include "base/utf_string_conversions.h"
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/base/cert_database.h"
 #include "net/base/cert_status_flags.h"
+#include "net/base/cert_test_util.h"
 #include "net/base/cert_verify_proc.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/base/x509_certificate.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace psm = mozilla_security_manager;
@@ skipping 37 matching lines @@
  protected:
   static std::string ReadTestFile(const std::string& name) {
     std::string result;
     FilePath cert_path = GetTestCertsDirectory().AppendASCII(name);
     EXPECT_TRUE(file_util::ReadFileToString(cert_path, &result));
     return result;
   }
 
   static bool ReadCertIntoList(const std::string& name,
                                CertificateList* certs) {
-    std::string cert_data = ReadTestFile(name);
-    if (cert_data.empty())
-      return false;
-
-    X509Certificate* cert = X509Certificate::CreateFromBytes(
-        cert_data.data(), cert_data.size());
-    if (!cert)
+    scoped_refptr<X509Certificate> cert(
+        ImportCertFromFile(GetTestCertsDirectory(), name));
+    if (!cert.get())
       return false;
 
     certs->push_back(cert);
     return true;
   }
 
   static CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
     CertificateList result;
     CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
     for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
          !CERT_LIST_END(node, cert_list);
          node = CERT_LIST_NEXT(node)) {
       result.push_back(X509Certificate::CreateFromHandle(
           node->cert, X509Certificate::OSCertHandles()));
     }
     CERT_DestroyCertList(cert_list);
 
     // Sort the result so that test comparisons can be deterministic.
     std::sort(result.begin(), result.end(), X509Certificate::LessThan());
     return result;
   }
 
   scoped_refptr<CryptoModule> slot_;
   CertDatabase cert_db_;
 
  private:
-  // Returns a FilePath object representing the src/net/data/ssl/certificates
-  // directory in the source tree.
-  static FilePath GetTestCertsDirectory() {
-    FilePath certs_dir;
-    PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir);
-    certs_dir = certs_dir.AppendASCII("net");
-    certs_dir = certs_dir.AppendASCII("data");
-    certs_dir = certs_dir.AppendASCII("ssl");
-    certs_dir = certs_dir.AppendASCII("certificates");
-    return certs_dir;
-  }
-
   static bool CleanupSlotContents(PK11SlotInfo* slot) {
     CertDatabase cert_db;
     bool ok = true;
     CertificateList certs = ListCertsInSlot(slot);
     for (size_t i = 0; i < certs.size(); ++i) {
       if (!cert_db.DeleteCertAndKey(certs[i]))
         ok = false;
     }
     return ok;
   }
@@ skipping 127 matching lines @@
                                       pkcs12_data,
                                       string16(),
                                       true,  // is_extractable
                                       NULL));
 
   // Test db should still be empty.
   EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size());
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) {
-  std::string cert_data = ReadTestFile("root_ca_cert.crt");
-
-  CertificateList certs =
-      X509Certificate::CreateCertificateListFromBytes(
-          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  CertificateList certs = CreateCertificateListFromFile(
+      GetTestCertsDirectory(), "root_ca_cert.crt",
+      X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, certs.size());
   EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
 
   // Import it.
   CertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL,
                                      &failed));
 
   EXPECT_EQ(0U, failed.size());
 
   CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
   ASSERT_EQ(1U, cert_list.size());
   scoped_refptr<X509Certificate> cert(cert_list[0]);
   EXPECT_EQ("Test CA", cert->subject().common_name);
 
   EXPECT_EQ(CertDatabase::TRUSTED_SSL,
             cert_db_.GetCertTrust(cert.get(), CA_CERT));
 
   psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust);
   EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE));
   EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE));
   EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE));
   EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE));
   EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE));
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) {
-  std::string cert_data = ReadTestFile("root_ca_cert.crt");
-
-  CertificateList certs =
-      X509Certificate::CreateCertificateListFromBytes(
-          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  CertificateList certs = CreateCertificateListFromFile(
+      GetTestCertsDirectory(), "root_ca_cert.crt",
+      X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, certs.size());
   EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
 
   // Import it.
   CertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL,
                                      &failed));
 
   EXPECT_EQ(0U, failed.size());
 
   CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
   ASSERT_EQ(1U, cert_list.size());
   scoped_refptr<X509Certificate> cert(cert_list[0]);
   EXPECT_EQ("Test CA", cert->subject().common_name);
 
   EXPECT_EQ(CertDatabase::TRUSTED_EMAIL,
             cert_db_.GetCertTrust(cert.get(), CA_CERT));
 
   psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust);
   EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE));
   EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE));
   EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE));
   EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE));
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) {
-  std::string cert_data = ReadTestFile("root_ca_cert.crt");
-
-  CertificateList certs =
-      X509Certificate::CreateCertificateListFromBytes(
-          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  CertificateList certs = CreateCertificateListFromFile(
+      GetTestCertsDirectory(), "root_ca_cert.crt",
+      X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, certs.size());
   EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
 
   // Import it.
   CertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN,
                                      &failed));
 
   EXPECT_EQ(0U, failed.size());
 
   CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
   ASSERT_EQ(1U, cert_list.size());
   scoped_refptr<X509Certificate> cert(cert_list[0]);
   EXPECT_EQ("Test CA", cert->subject().common_name);
 
   EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN,
             cert_db_.GetCertTrust(cert.get(), CA_CERT));
 
   psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust);
   EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE));
   EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE));
   EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE));
   EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE));
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCA_NotCACert) {
-  std::string cert_data = ReadTestFile("google.single.pem");
-
-  CertificateList certs =
-      X509Certificate::CreateCertificateListFromBytes(
-          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  CertificateList certs = CreateCertificateListFromFile(
+      GetTestCertsDirectory(), "google.single.pem",
+      X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, certs.size());
   EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
 
   // Import it.
   CertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL,
                                      &failed));
   ASSERT_EQ(1U, failed.size());
   // Note: this compares pointers directly.  It's okay in this case because
   // ImportCACerts returns the same pointers that were passed in.  In the
@@ skipping 107 matching lines @@
   // ASSERT_EQ(3U, cert_list.size());
   // EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name);
   // EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name);
   // EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name);
   ASSERT_EQ(2U, cert_list.size());
   EXPECT_EQ("DoD Root CA 2", cert_list[0]->subject().common_name);
   EXPECT_EQ("DOD CA-17", cert_list[1]->subject().common_name);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) {
-  std::string cert_data = ReadTestFile("root_ca_cert.crt");
-  CertificateList certs =
-      X509Certificate::CreateCertificateListFromBytes(
-          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  CertificateList certs = CreateCertificateListFromFile(
+      GetTestCertsDirectory(), "root_ca_cert.crt",
+      X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, certs.size());
   ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
 
   // Import it.
   CertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_.ImportCACerts(
       certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL |
       CertDatabase::TRUSTED_OBJ_SIGN, &failed));
 
   ASSERT_EQ(2U, failed.size());
   // TODO(mattm): should check for net error equivalent of
   // SEC_ERROR_UNKNOWN_ISSUER
   EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name);
   EXPECT_EQ(ERR_FAILED, failed[0].net_error);
   EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
   EXPECT_EQ(ERR_FAILED, failed[1].net_error);
 
   CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
   ASSERT_EQ(1U, cert_list.size());
   EXPECT_EQ("Test CA", cert_list[0]->subject().common_name);
 }
 
 // http://crbug.com/108009 - Disabled, as google.chain.pem is an expired
 // certificate.
 TEST_F(CertDatabaseNSSTest, DISABLED_ImportServerCert) {
   // Need to import intermediate cert for the verify of google cert, otherwise
   // it will try to fetch it automatically with cert_pi_useAIACertFetch, which
   // will cause OCSPCreateSession on the main thread, which is not allowed.
-  std::string cert_data = ReadTestFile("google.chain.pem");
-  CertificateList certs =
-      X509Certificate::CreateCertificateListFromBytes(
-          cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
+  CertificateList certs = CreateCertificateListFromFile(
+      GetTestCertsDirectory(), "google.chain.pem",
+      X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(2U, certs.size());
 
   CertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_.ImportServerCert(certs, &failed));
 
   EXPECT_EQ(0U, failed.size());
 
   CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
   ASSERT_EQ(2U, cert_list.size());
   scoped_refptr<X509Certificate> goog_cert(cert_list[0]);
@@ skipping 48 matching lines @@
       CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL));
 
   verify_result.Reset();
   error = verify_proc->Verify(puny_cert, "xn--wgv71a119e.com", flags,
                                   NULL, &verify_result);
   EXPECT_EQ(OK, error);
   EXPECT_EQ(0U, verify_result.cert_status);
 }
 
 }  // namespace net