Don't hardcode copy of root cert in chromeos/login/test/https_forwarder.cc.

Also use ScopedTestRoot instead of TestRootCerts::Add.

BUG=651965

Review-Url: https://codereview.chromium.org/2513543003
Cr-Commit-Position: refs/heads/master@{#434795}

chrome/browser/chromeos/login/test/https_forwarder.cc

@@ -14,32 +14,16 @@
 #include "base/values.h"
 #include "net/cert/test_root_certs.h"
 #include "net/cert/x509_certificate.h"
+#include "net/test/cert_test_util.h"
 #include "net/test/python_utils.h"
 #include "net/test/spawned_test_server/base_test_server.h"
 #include "net/test/spawned_test_server/local_test_server.h"
+#include "net/test/test_data_directory.h"
 #include "url/third_party/mozilla/url_parse.h"
 #include "url/url_canon.h"
 
 namespace chromeos {
 
-namespace {
-
-// The root certificate used by net/tools/testserver/minica.py.
-const char kMinicaRootCert[] =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIIB0TCCATqgAwIBAgIBATANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpUZXN0aW5nIENBMB"
-    "4XDTEwMDEwMTA2MDAwMFoXDTMyMTIwMTA2MDAwMFowFTETMBEGA1UEAxMKVGVzdGluZyBDQTCB"
-    "nTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEApxmY8pML/nPQMah/Ez0vN47u7tUqd+RND8n/bw"
-    "f/Msvz2pmd5O1lgyr8sIB/mHh1BlOdJYoM48LHeWdlMJmpA0qbEVqHbDmoxOTtSs0MZAlZRvs5"
-    "7utHoHBNuwGKz0jDocS4lfxAn7SjQKmGsa/EVRmrnspHwwGFx3HGSqXs8H0CAQOjMzAxMBIGA1"
-    "UdEwEB/wQIMAYBAf8CAQAwGwYDVR0gAQEABBEwDzANBgsrBgEEAdZ5AgHODzANBgkqhkiG9w0B"
-    "AQUFAAOBgQA/STb40A6D+93jMfLGQzXc997IsaJZdoPt7tYa8PqGJBL62EiTj+erd/H5pDZx/2"
-    "/bcpOG4m9J56ygwOohbllw2TM+oeEd8syzV6X+1SIPnGI56JRrm3UXcHYx1Rq5loM9WKAiz/Wm"
-    "IWmskljsEQ7+542pq0pkHjs8nuXovSkUYA==\n"
-    "-----END CERTIFICATE-----";
-
-}  // namespace
-
 // A net::LocalTestServer that handles the actual forwarding to another server.
 // Requires that the root certificate used by minica.py be marked as trusted
 // before it is used.
@@ -124,19 +108,15 @@ GURL HTTPSForwarder::GetURLForSSLHost(const std::string& path) const {
 
 bool HTTPSForwarder::Initialize(const std::string& ssl_host,
                                 const GURL& forward_target) {
-  // Mark the root certificate used by minica.py as trusted. This will be used
-  // by the Python part of the HTTPSForwarder to generate a certificate for
-  // |ssl_host_|.
-  net::TestRootCerts* root_certs = net::TestRootCerts::GetInstance();
-  if (!root_certs)
-    return false;
-  net::CertificateList certs =
-      net::X509Certificate::CreateCertificateListFromBytes(
-          kMinicaRootCert, strlen(kMinicaRootCert),
-          net::X509Certificate::FORMAT_AUTO);
-  if (certs.size() != 1)
+  // Mark the root certificate used by minica.py as trusted. It will remain
+  // trusted for as long as the HTTPSForwarder object exists. This root cert
+  // will be used by the Python part of the HTTPSForwarder to generate a
+  // certificate for |ssl_host_|.
+  scoped_refptr<net::X509Certificate> root_cert = net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "ocsp-test-root.pem");
+  if (!root_cert)
     return false;
-  root_certs->Add(certs.front().get());
+  test_root_.reset(new net::ScopedTestRoot(root_cert.get()));
 
   ssl_host_ = ssl_host;
   forwarding_server_.reset(new ForwardingServer(ssl_host, forward_target));

chrome/browser/chromeos/login/test/https_forwarder.h

@@ -12,6 +12,10 @@
 #include "base/macros.h"
 #include "url/gurl.h"
 
+namespace net {
+class ScopedTestRoot;
+}
+
 namespace chromeos {
 
 class ForwardingServer;
@@ -35,6 +39,7 @@ class HTTPSForwarder {
  private:
   std::string ssl_host_;
 
+  std::unique_ptr<net::ScopedTestRoot> test_root_;
   std::unique_ptr<ForwardingServer> forwarding_server_;
 
   DISALLOW_COPY_AND_ASSIGN(HTTPSForwarder);