Compile net_unittests on Fuchsia

Several fixes to make net_unittests compile for Fuchsia:
 1. Added cert_database_fuchsia.cc and test_root_certs_fuchsia.cc.
 2. Disabled Kerberos (not implemented on Fuchsia).
 3. Updated CertVerifyProc to use CreateCertVerifyProcBuiltin() with
    OS_FUCHSIA. Currently it uses DummySystemTrustStore, so cert
    verification will always fail. This will need to be fixed later,
    once Fuchsia adds an API for root certs store.
 4. res_ninit() is not yet implemented, so res_init() is used instead.
 5. Disabled DnsReloader. It relies on res_ninit() and it's unlikely
    to be useful on Fuchsia.

Bug: 731302
Change-Id: I05cbb7a4b571d82894b7c62740fc2f5b36870214
Reviewed-on: https://chromium-review.googlesource.com/560050Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Sergey Ulanov <sergeyu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485440}

net/BUILD.gn

@@ -42,7 +42,8 @@ enable_net_mojo = !is_ios && !is_proto_quic
 # in addition to use_openssl_certs or use_nss_certs, in that case byte certs
 # are used internally but OpenSSL or NSS are used for certificate verification.
 # TODO(mattm): crbug.com/671420: Implement and enable this for all platforms.
-use_byte_certs = is_mac || is_android || is_nacl || is_ios || is_win
+use_byte_certs =
+    is_mac || is_android || is_nacl || is_ios || is_win || is_fuchsia
 
 buildflag_header("features") {
   header = "net_features.h"
@@ -1948,6 +1949,14 @@ component("net") {
         "base/platform_mime_util_linux.cc",
       ]
     }
+
+    if (is_fuchsia) {
+      sources += [
+        "base/platform_mime_util_fuchsia.cc",
+        "cert/cert_database_fuchsia.cc",
+        "cert/test_root_certs_fuchsia.cc",
+      ]
+    }
   } else {
     public_deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
   }

net/base/platform_mime_util_fuchsia.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/platform_mime_util.h"
+
+#include <string>
+
+#include "base/logging.h"
+#include "build/build_config.h"
+
+namespace net {
+
+bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension(
+    const base::FilePath::StringType& ext,
+    std::string* result) const {
+  // TODO(fuchsia): Is there MIME DB on Fuchsia? Do we need it?
+  NOTIMPLEMENTED();
+  return false;
+}
+
+bool PlatformMimeUtil::GetPreferredExtensionForMimeType(
+    const std::string& mime_type,
+    base::FilePath::StringType* ext) const {
+  // TODO(fuchsia): Is there MIME DB on Fuchsia? Do we need it?
+  NOTIMPLEMENTED();
+  return false;
+}
+
+void PlatformMimeUtil::GetPlatformExtensionsForMimeType(
+    const std::string& mime_type,
+    std::unordered_set<base::FilePath::StringType>* extensions) const {
+  base::FilePath::StringType ext;
+  if (GetPreferredExtensionForMimeType(mime_type, &ext))
+    extensions->insert(ext);
+}
+
+}  // namespace net

net/cert/cert_database_fuchsia.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/cert_database.h"
+
+#include "base/observer_list_threadsafe.h"
+
+namespace net {
+
+CertDatabase::CertDatabase()
+    : observer_list_(new base::ObserverListThreadSafe<Observer>) {}
+
+CertDatabase::~CertDatabase() {}
+
+}  // namespace net

net/cert/cert_verify_proc.cc

@@ -42,6 +42,8 @@
 #elif defined(OS_WIN)
 #include "base/win/windows_version.h"
 #include "net/cert/cert_verify_proc_win.h"
+#elif defined(OS_FUCHSIA)
+#include "net/cert/cert_verify_proc_builtin.h"
 #else
 #error Implement certificate verification.
 #endif
@@ -500,7 +502,7 @@ WARN_UNUSED_RESULT bool InspectSignatureAlgorithmsInChain(
 }  // namespace
 
 // static
-CertVerifyProc* CertVerifyProc::CreateDefault() {
+scoped_refptr<CertVerifyProc> CertVerifyProc::CreateDefault() {
 #if defined(USE_NSS_CERTS)
   return new CertVerifyProcNSS();
 #elif defined(OS_ANDROID)
@@ -511,6 +513,8 @@ CertVerifyProc* CertVerifyProc::CreateDefault() {
   return new CertVerifyProcMac();
 #elif defined(OS_WIN)
   return new CertVerifyProcWin();
+#elif defined(OS_FUCHSIA)
+  return CreateCertVerifyProcBuiltin();
 #else
 #error Unsupported platform
 #endif

net/cert/cert_verify_proc.h

@@ -29,7 +29,7 @@ class NET_EXPORT CertVerifyProc
     : public base::RefCountedThreadSafe<CertVerifyProc> {
  public:
   // Creates and returns the default CertVerifyProc.
-  static CertVerifyProc* CreateDefault();
+  static scoped_refptr<CertVerifyProc> CreateDefault();
 
   // Verifies the certificate against the given hostname as an SSL server
   // certificate. Returns OK if successful or an error code upon failure.

net/cert/cert_verify_proc_unittest.cc

@@ -134,6 +134,8 @@ CertVerifyProcType GetDefaultCertVerifyProcType() {
   return CERT_VERIFY_PROC_MAC;
 #elif defined(OS_WIN)
   return CERT_VERIFY_PROC_WIN;
+#elif defined(OS_FUCHSIA)
+  return CERT_VERIFY_PROC_BUILTIN;
 #else
 // Will fail to compile.
 #endif

net/cert/multi_threaded_cert_verifier.cc

@@ -341,7 +341,7 @@ class CertVerifierJob {
 };
 
 MultiThreadedCertVerifier::MultiThreadedCertVerifier(
-    CertVerifyProc* verify_proc)
+    scoped_refptr<CertVerifyProc> verify_proc)
     : requests_(0), inflight_joins_(0), verify_proc_(verify_proc) {}
 
 MultiThreadedCertVerifier::~MultiThreadedCertVerifier() {

net/cert/multi_threaded_cert_verifier.h

@@ -31,7 +31,7 @@ class CertVerifyProc;
 // synchronous CertVerifier implementations on worker threads.
 class NET_EXPORT_PRIVATE MultiThreadedCertVerifier : public CertVerifier {
  public:
-  explicit MultiThreadedCertVerifier(CertVerifyProc* verify_proc);
+  explicit MultiThreadedCertVerifier(scoped_refptr<CertVerifyProc> verify_proc);
 
   // When the verifier is destroyed, all certificate verifications requests are
   // canceled, and their completion callbacks will not be called.

net/cert/test_root_certs.h

@@ -127,7 +127,7 @@ class NET_EXPORT TestRootCerts {
   bool allow_system_trust_;
 #endif
 
-#if defined(OS_WIN) || defined(OS_ANDROID)
+#if defined(OS_WIN) || defined(OS_ANDROID) || defined(OS_FUCHSIA)
   // True if there are no temporarily trusted root certificates.
   bool empty_;
 #endif

net/cert/test_root_certs_fuchsia.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/test_root_certs.h"
+
+#include "base/location.h"
+#include "base/logging.h"
+#include "net/cert/x509_certificate.h"
+
+namespace net {
+
+bool TestRootCerts::Add(X509Certificate* certificate) {
+  // TODO(fuchsia): Implement this.
+  NOTIMPLEMENTED();
+  return false;
+}
+
+void TestRootCerts::Clear() {
+  // TODO(fuchsia): Implement this.
+  NOTIMPLEMENTED();
+  empty_ = true;
+}
+
+bool TestRootCerts::IsEmpty() const {
+  return empty_;
+}
+
+TestRootCerts::~TestRootCerts() {}
+
+void TestRootCerts::Init() {
+  empty_ = true;
+}
+
+}  // namespace net

net/dns/dns_config_service_posix.cc

@@ -18,6 +18,7 @@
 #include "base/single_thread_task_runner.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
+#include "build/build_config.h"
 #include "net/base/ip_address.h"
 #include "net/base/ip_endpoint.h"
 #include "net/dns/dns_hosts.h"
@@ -120,7 +121,8 @@ class DnsConfigWatcher {
 ConfigParsePosixResult ReadDnsConfig(DnsConfig* config) {
   ConfigParsePosixResult result;
   config->unhandled_options = false;
-#if defined(OS_OPENBSD)
+// TODO(fuchsia): Use res_ninit() when it's implemented on Fuchsia.
+#if defined(OS_OPENBSD) || defined(OS_FUCHSIA)
   // Note: res_ninit in glibc always returns 0 and sets RES_INIT.
   // res_init behaves the same way.
   memset(&_res, 0, sizeof(_res));

net/dns/dns_reloader.cc

@@ -5,7 +5,7 @@
 #include "net/dns/dns_reloader.h"
 
 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) && \
-    !defined(OS_ANDROID)
+    !defined(OS_ANDROID) && !defined(OS_FUCHSIA)
 
 #include <resolv.h>
 

net/dns/host_resolver_impl.cc

@@ -2059,7 +2059,7 @@ HostResolverImpl::HostResolverImpl(
   NetworkChangeNotifier::AddConnectionTypeObserver(this);
   NetworkChangeNotifier::AddDNSObserver(this);
 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) && \
-    !defined(OS_ANDROID)
+    !defined(OS_ANDROID) && !defined(OS_FUCHSIA)
   EnsureDnsReloaderInit();
 #endif
 

net/dns/host_resolver_proc.cc

@@ -199,7 +199,7 @@ int SystemHostResolverCall(const std::string& host,
   hints.ai_socktype = SOCK_STREAM;
 
 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) && \
-    !defined(OS_ANDROID)
+    !defined(OS_ANDROID) && !defined(OS_FUCHSIA)
   DnsReloaderMaybeReload();
 #endif
   int err = getaddrinfo(host.c_str(), NULL, &hints, &ai);

net/features.gni

@@ -16,11 +16,12 @@ declare_args() {
   enable_websockets = !is_ios
   disable_ftp_support = is_ios || is_chromecast
 
-  # Enable Kerberos authentication. It is disabled by default on iOS,
-  # Chromecast, at least for now. This feature needs configuration (krb5.conf
-  # and so on). On Chrome OS it is only supported on Active Directory
-  # managed devices.
-  use_kerberos = !is_ios && !is_chromecast
+  # Enable Kerberos authentication. It is disabled by default on iOS, Fuchsia
+  # and Chromecast, at least for now. This feature needs configuration
+  # (krb5.conf and so on). On Chrome OS it is only supported on Active
+  # Directory managed devices.
+  # TODO(fuchsia): Enable kerberos on Fuchsia when it's implemented there.
+  use_kerberos = !is_ios && !is_chromecast && !is_fuchsia
 
   # Do not disable brotli filter by default.
   disable_brotli_filter = false

net/socket/unix_domain_server_socket_posix.cc

@@ -11,6 +11,7 @@
 #include <utility>
 
 #include "base/logging.h"
+#include "build/build_config.h"
 #include "net/base/net_errors.h"
 #include "net/base/sockaddr_storage.h"
 #include "net/socket/socket_posix.h"
@@ -47,7 +48,7 @@ UnixDomainServerSocket::~UnixDomainServerSocket() {
 // static
 bool UnixDomainServerSocket::GetPeerCredentials(SocketDescriptor socket,
                                                 Credentials* credentials) {
-#if defined(OS_LINUX) || defined(OS_ANDROID)
+#if defined(OS_LINUX) || defined(OS_ANDROID) || defined(OS_FUCHSIA)
   struct ucred user_cred;
   socklen_t len = sizeof(user_cred);
   if (getsockopt(socket, SOL_SOCKET, SO_PEERCRED, &user_cred, &len) < 0)

net/socket/unix_domain_server_socket_posix.h

@@ -13,6 +13,8 @@
 
 #include "base/callback.h"
 #include "base/macros.h"
+#include "build/build_config.h"
+
 #include "net/base/net_export.h"
 #include "net/socket/server_socket.h"
 #include "net/socket/socket_descriptor.h"
@@ -27,8 +29,8 @@ class NET_EXPORT UnixDomainServerSocket : public ServerSocket {
  public:
   // Credentials of a peer process connected to the socket.
   struct NET_EXPORT Credentials {
-#if defined(OS_LINUX) || defined(OS_ANDROID)
-    // Linux/Android API provides more information about the connected peer
+#if defined(OS_LINUX) || defined(OS_ANDROID) || defined(OS_FUCHSIA)
+    // Linux and Fuchsia provide more information about the connected peer
     // than Windows/OS X. It's useful for permission-based authorization on
     // Android.
     pid_t process_id;