diff options
| author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-16 00:23:03 +0000 |
|---|---|---|
| committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-16 00:23:03 +0000 |
| commit | 1f528b557f829a838ffa0767a49ce5a55a0b2343 (patch) | |
| tree | 76d8e3c0f4288e808e0fe939a90c6f9eaadbb451 | |
| parent | ca7c456246121d7e17c22181f0a76eb5c79d3ac0 (diff) | |
| download | chromium_src-1f528b557f829a838ffa0767a49ce5a55a0b2343.zip chromium_src-1f528b557f829a838ffa0767a49ce5a55a0b2343.tar.gz chromium_src-1f528b557f829a838ffa0767a49ce5a55a0b2343.tar.bz2 | |
Don't use X509Certificate in chromoting code.
X509Certificate currently is not usable in sandbox on Mac. Don't use it in
chromoting code.
BUG=80587
TEST=Unittests
Review URL: http://codereview.chromium.org/7401005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92772 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | remoting/host/host_key_pair.cc | 14 | ||||
| -rw-r--r-- | remoting/host/host_key_pair.h | 6 | ||||
| -rw-r--r-- | remoting/protocol/connection_to_host.cc | 2 | ||||
| -rw-r--r-- | remoting/protocol/content_description.cc | 25 | ||||
| -rw-r--r-- | remoting/protocol/content_description.h | 9 | ||||
| -rw-r--r-- | remoting/protocol/jingle_channel_connector.h | 10 | ||||
| -rw-r--r-- | remoting/protocol/jingle_datagram_connector.cc | 4 | ||||
| -rw-r--r-- | remoting/protocol/jingle_datagram_connector.h | 4 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session.cc | 11 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session.h | 14 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session_manager.cc | 8 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session_manager.h | 7 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session_unittest.cc | 14 | ||||
| -rw-r--r-- | remoting/protocol/jingle_stream_connector.cc | 20 | ||||
| -rw-r--r-- | remoting/protocol/jingle_stream_connector.h | 10 | ||||
| -rw-r--r-- | remoting/protocol/session_manager.h | 6 |
16 files changed, 69 insertions, 95 deletions
diff --git a/remoting/host/host_key_pair.cc b/remoting/host/host_key_pair.cc index 948b4ad..576bc1b 100644 --- a/remoting/host/host_key_pair.cc +++ b/remoting/host/host_key_pair.cc @@ -94,11 +94,15 @@ crypto::RSAPrivateKey* HostKeyPair::CopyPrivateKey() const { return crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes); } -net::X509Certificate* HostKeyPair::GenerateCertificate() const { - return net::X509Certificate::CreateSelfSigned( - key_.get(), "CN=chromoting", - base::RandInt(1, std::numeric_limits<int>::max()), - base::TimeDelta::FromDays(1)); +std::string HostKeyPair::GenerateCertificate() const { + scoped_refptr<net::X509Certificate> cert = + net::X509Certificate::CreateSelfSigned( + key_.get(), "CN=chromoting", + base::RandInt(1, std::numeric_limits<int>::max()), + base::TimeDelta::FromDays(1)); + std::string result; + CHECK(cert->GetDEREncoded(&result)); + return result; } } // namespace remoting diff --git a/remoting/host/host_key_pair.h b/remoting/host/host_key_pair.h index c1f6082..32a15d0 100644 --- a/remoting/host/host_key_pair.h +++ b/remoting/host/host_key_pair.h @@ -15,10 +15,6 @@ namespace crypto { class RSAPrivateKey; } // namespace base -namespace net { -class X509Certificate; -} // namespace net - namespace remoting { class HostConfig; @@ -39,7 +35,7 @@ class HostKeyPair { // Make a new copy of private key. Caller will own the generated private key. crypto::RSAPrivateKey* CopyPrivateKey() const; - net::X509Certificate* GenerateCertificate() const; + std::string GenerateCertificate() const; private: scoped_ptr<crypto::RSAPrivateKey> key_; diff --git a/remoting/protocol/connection_to_host.cc b/remoting/protocol/connection_to_host.cc index 135dd1f..422f090 100644 --- a/remoting/protocol/connection_to_host.cc +++ b/remoting/protocol/connection_to_host.cc @@ -111,7 +111,7 @@ void ConnectionToHost::InitSession() { session_manager->set_allow_local_ips(true); session_manager->Init( local_jid_, signal_strategy_.get(), - NewCallback(this, &ConnectionToHost::OnNewSession), NULL, NULL); + NewCallback(this, &ConnectionToHost::OnNewSession), NULL, ""); session_manager_.reset(session_manager); CandidateSessionConfig* candidate_config = diff --git a/remoting/protocol/content_description.cc b/remoting/protocol/content_description.cc index df289d8..8ea4f6b 100644 --- a/remoting/protocol/content_description.cc +++ b/remoting/protocol/content_description.cc @@ -154,7 +154,7 @@ ContentDescription::ContentDescription( const CandidateSessionConfig* candidate_config, const std::string& auth_token, const std::string& master_key, - scoped_refptr<net::X509Certificate> certificate) + const std::string& certificate) : candidate_config_(candidate_config), auth_token_(auth_token), master_key_(master_key), @@ -209,21 +209,16 @@ XmlElement* ContentDescription::ToXml() const { config()->initial_resolution().height)); root->AddElement(resolution_tag); - if (certificate() || !auth_token().empty()) { + if (!certificate().empty() || !auth_token().empty()) { XmlElement* authentication_tag = new XmlElement( QName(kChromotingXmlNamespace, kAuthenticationTag)); - if (certificate()) { + if (!certificate().empty()) { XmlElement* certificate_tag = new XmlElement( QName(kChromotingXmlNamespace, kCertificateTag)); - std::string der_cert; - if (!certificate()->GetDEREncoded(&der_cert)) { - LOG(DFATAL) << "Cannot obtain DER encoded certificate"; - } - std::string base64_cert; - if (!base::Base64Encode(der_cert, &base64_cert)) { + if (!base::Base64Encode(certificate(), &base64_cert)) { LOG(DFATAL) << "Cannot perform base64 encode on certificate"; } @@ -318,7 +313,7 @@ cricket::ContentDescription* ContentDescription::ParseXml( *config->mutable_initial_resolution() = resolution; // Parse authentication information. - scoped_refptr<net::X509Certificate> certificate; + std::string certificate; std::string auth_token; std::string master_key; child = element->FirstNamed(QName(kChromotingXmlNamespace, @@ -329,18 +324,10 @@ cricket::ContentDescription* ContentDescription::ParseXml( child->FirstNamed(QName(kChromotingXmlNamespace, kCertificateTag)); if (cert_tag) { std::string base64_cert = cert_tag->BodyText(); - std::string der_cert; - if (!base::Base64Decode(base64_cert, &der_cert)) { + if (!base::Base64Decode(base64_cert, &certificate)) { LOG(ERROR) << "Failed to decode certificate received from the peer."; return NULL; } - - certificate = net::X509Certificate::CreateFromBytes(der_cert.data(), - der_cert.length()); - if (!certificate) { - LOG(ERROR) << "Failed to create platform-specific certificate handle"; - return NULL; - } } // Parse master-key. diff --git a/remoting/protocol/content_description.h b/remoting/protocol/content_description.h index 3759838..f4cb97b 100644 --- a/remoting/protocol/content_description.h +++ b/remoting/protocol/content_description.h @@ -9,7 +9,6 @@ #include "base/memory/scoped_ptr.h" #include "base/memory/ref_counted.h" -#include "net/base/x509_certificate.h" #include "remoting/protocol/session_config.h" #include "third_party/libjingle/source/talk/p2p/base/sessiondescription.h" @@ -30,7 +29,7 @@ class ContentDescription : public cricket::ContentDescription { explicit ContentDescription(const CandidateSessionConfig* config, const std::string& auth_token, const std::string& master_key, - scoped_refptr<net::X509Certificate> certificate); + const std::string& certificate); virtual ~ContentDescription(); const CandidateSessionConfig* config() const { @@ -39,9 +38,7 @@ class ContentDescription : public cricket::ContentDescription { const std::string& auth_token() const { return auth_token_; } const std::string& master_key() const { return master_key_; } - scoped_refptr<net::X509Certificate> certificate() const { - return certificate_; - } + const std::string& certificate() const { return certificate_; } buzz::XmlElement* ToXml() const; @@ -57,7 +54,7 @@ class ContentDescription : public cricket::ContentDescription { // Master key used for the session encrypted with the hosts key. std::string master_key_; - scoped_refptr<net::X509Certificate> certificate_; + std::string certificate_; }; } // namespace protocol diff --git a/remoting/protocol/jingle_channel_connector.h b/remoting/protocol/jingle_channel_connector.h index 6037ee4..8327ebf 100644 --- a/remoting/protocol/jingle_channel_connector.h +++ b/remoting/protocol/jingle_channel_connector.h @@ -5,6 +5,8 @@ #ifndef REMOTING_PROTOCOL_JINGLE_CHANNEL_CONNECTOR_H_ #define REMOTING_PROTOCOL_JINGLE_CHANNEL_CONNECTOR_H_ +#include <string> + #include "base/basictypes.h" #include "base/threading/non_thread_safe.h" @@ -16,10 +18,6 @@ namespace crypto { class RSAPrivateKey; } // namespace crypto -namespace net { -class X509Certificate; -} // namespace net - namespace remoting { namespace protocol { @@ -29,8 +27,8 @@ class JingleChannelConnector : public base::NonThreadSafe { virtual ~JingleChannelConnector() { } virtual void Connect(bool initiator, - net::X509Certificate* local_cert, - net::X509Certificate* remote_cert, + const std::string& local_cert, + const std::string& remote_cert, crypto::RSAPrivateKey* local_private_key, cricket::TransportChannel* raw_channel) = 0; diff --git a/remoting/protocol/jingle_datagram_connector.cc b/remoting/protocol/jingle_datagram_connector.cc index ff717a0..ce40202 100644 --- a/remoting/protocol/jingle_datagram_connector.cc +++ b/remoting/protocol/jingle_datagram_connector.cc @@ -25,8 +25,8 @@ JingleDatagramConnector::~JingleDatagramConnector() { void JingleDatagramConnector::Connect( bool initiator, - net::X509Certificate* local_cert, - net::X509Certificate* remote_cert, + const std::string& local_cert, + const std::string& remote_cert, crypto::RSAPrivateKey* local_private_key, cricket::TransportChannel* raw_channel) { DCHECK(CalledOnValidThread()); diff --git a/remoting/protocol/jingle_datagram_connector.h b/remoting/protocol/jingle_datagram_connector.h index f6b79d7..dafdb0d 100644 --- a/remoting/protocol/jingle_datagram_connector.h +++ b/remoting/protocol/jingle_datagram_connector.h @@ -33,8 +33,8 @@ class JingleDatagramConnector : public JingleChannelConnector { // owned by the caller, and must exist until this object is // destroyed. virtual void Connect(bool initiator, - net::X509Certificate* local_cert, - net::X509Certificate* remote_cert, + const std::string& local_cert, + const std::string& remote_cert, crypto::RSAPrivateKey* local_private_key, cricket::TransportChannel* raw_channel) OVERRIDE; diff --git a/remoting/protocol/jingle_session.cc b/remoting/protocol/jingle_session.cc index f7d61f1..7c05d2b 100644 --- a/remoting/protocol/jingle_session.cc +++ b/remoting/protocol/jingle_session.cc @@ -86,20 +86,20 @@ bool GetChannelKey(const std::string& channel_name, // static JingleSession* JingleSession::CreateClientSession( JingleSessionManager* manager, const std::string& host_public_key) { - return new JingleSession(manager, NULL, NULL, host_public_key); + return new JingleSession(manager, "", NULL, host_public_key); } // static JingleSession* JingleSession::CreateServerSession( JingleSessionManager* manager, - scoped_refptr<net::X509Certificate> certificate, + const std::string& certificate, crypto::RSAPrivateKey* key) { return new JingleSession(manager, certificate, key, ""); } JingleSession::JingleSession( JingleSessionManager* jingle_session_manager, - scoped_refptr<net::X509Certificate> local_cert, + const std::string& local_cert, crypto::RSAPrivateKey* local_private_key, const std::string& peer_public_key) : jingle_session_manager_(jingle_session_manager), @@ -261,7 +261,7 @@ void JingleSession::set_candidate_config( candidate_config_.reset(candidate_config); } -scoped_refptr<net::X509Certificate> JingleSession::local_certificate() const { +const std::string& JingleSession::local_certificate() const { DCHECK(CalledOnValidThread()); return local_cert_; } @@ -405,7 +405,8 @@ bool JingleSession::InitializeConfigFromDescription( static_cast<const protocol::ContentDescription*>(content->description); CHECK(content_description); - remote_cert_ = content_description->certificate(); if (!remote_cert_) { + remote_cert_ = content_description->certificate(); + if (remote_cert_.empty()) { LOG(ERROR) << "Connection response does not specify certificate"; return false; } diff --git a/remoting/protocol/jingle_session.h b/remoting/protocol/jingle_session.h index 13a29bc..cc40660 100644 --- a/remoting/protocol/jingle_session.h +++ b/remoting/protocol/jingle_session.h @@ -13,10 +13,6 @@ #include "third_party/libjingle/source/talk/base/sigslot.h" #include "third_party/libjingle/source/talk/p2p/base/session.h" -namespace net { -class X509Certificate; -} // namespace net - namespace remoting { namespace protocol { @@ -71,19 +67,19 @@ class JingleSession : public protocol::Session, // TODO(sergeyu): Remove |certificate| and |key| when we stop using TLS. static JingleSession* CreateServerSession( JingleSessionManager* manager, - scoped_refptr<net::X509Certificate> certificate, + const std::string& certificate, crypto::RSAPrivateKey* key); // TODO(sergeyu): Change type of |peer_public_key| to RSAPublicKey. JingleSession(JingleSessionManager* jingle_session_manager, - scoped_refptr<net::X509Certificate> local_cert, + const std::string& local_cert, crypto::RSAPrivateKey* local_private_key, const std::string& peer_public_key); virtual ~JingleSession(); // Called by JingleSessionManager. void set_candidate_config(const CandidateSessionConfig* candidate_config); - scoped_refptr<net::X509Certificate> local_certificate() const; + const std::string& local_certificate() const; void Init(cricket::Session* cricket_session); std::string GetEncryptedMasterKey() const; @@ -142,8 +138,8 @@ class JingleSession : public protocol::Session, // Certificates used for connection. Currently only receiving side // has a certificate. - scoped_refptr<net::X509Certificate> local_cert_; - scoped_refptr<net::X509Certificate> remote_cert_; + std::string local_cert_; + std::string remote_cert_; // Private key used in SSL server sockets. scoped_ptr<crypto::RSAPrivateKey> local_private_key_; diff --git a/remoting/protocol/jingle_session_manager.cc b/remoting/protocol/jingle_session_manager.cc index 9c56592..44df56f 100644 --- a/remoting/protocol/jingle_session_manager.cc +++ b/remoting/protocol/jingle_session_manager.cc @@ -64,7 +64,7 @@ void JingleSessionManager::Init( SignalStrategy* signal_strategy, IncomingSessionCallback* incoming_session_callback, crypto::RSAPrivateKey* private_key, - scoped_refptr<net::X509Certificate> certificate) { + const std::string& certificate) { DCHECK(CalledOnValidThread()); DCHECK(signal_strategy); @@ -171,7 +171,7 @@ void JingleSessionManager::OnSessionCreate( // If this is an outcoming session the session object is already created. if (incoming) { - DCHECK(certificate_); + DCHECK(!certificate_.empty()); DCHECK(private_key_.get()); JingleSession* jingle_session = JingleSession::CreateServerSession( @@ -327,14 +327,14 @@ JingleSessionManager::CreateClientSessionDescription( cricket::SessionDescription* desc = new cricket::SessionDescription(); desc->AddContent( JingleSession::kChromotingContentName, kChromotingXmlNamespace, - new ContentDescription(config, auth_token, master_key, NULL)); + new ContentDescription(config, auth_token, master_key, "")); return desc; } // static cricket::SessionDescription* JingleSessionManager::CreateHostSessionDescription( const CandidateSessionConfig* config, - scoped_refptr<net::X509Certificate> certificate) { + const std::string& certificate) { cricket::SessionDescription* desc = new cricket::SessionDescription(); desc->AddContent( JingleSession::kChromotingContentName, kChromotingXmlNamespace, diff --git a/remoting/protocol/jingle_session_manager.h b/remoting/protocol/jingle_session_manager.h index 0eda7cf..bde603f 100644 --- a/remoting/protocol/jingle_session_manager.h +++ b/remoting/protocol/jingle_session_manager.h @@ -9,7 +9,6 @@ #include <string> #include "base/memory/ref_counted.h" -#include "net/base/x509_certificate.h" #include "remoting/protocol/content_description.h" #include "remoting/protocol/jingle_session.h" #include "remoting/protocol/session_manager.h" @@ -50,7 +49,7 @@ class JingleSessionManager SignalStrategy* signal_strategy, IncomingSessionCallback* incoming_session_callback, crypto::RSAPrivateKey* private_key, - scoped_refptr<net::X509Certificate> certificate) OVERRIDE; + const std::string& certificate) OVERRIDE; virtual Session* Connect( const std::string& host_jid, const std::string& host_public_key, @@ -108,7 +107,7 @@ class JingleSessionManager // Creates session description for incoming session. static cricket::SessionDescription* CreateHostSessionDescription( const CandidateSessionConfig* candidate_config, - scoped_refptr<net::X509Certificate> certificate); + const std::string& certificate); scoped_ptr<talk_base::NetworkManager> network_manager_; scoped_ptr<talk_base::PacketSocketFactory> socket_factory_; @@ -117,7 +116,7 @@ class JingleSessionManager std::string local_jid_; // Full jid for the local side of the session. SignalStrategy* signal_strategy_; scoped_ptr<IncomingSessionCallback> incoming_session_callback_; - scoped_refptr<net::X509Certificate> certificate_; + std::string certificate_; scoped_ptr<crypto::RSAPrivateKey> private_key_; // This must be set to true to enable NAT traversal. STUN/Relay diff --git a/remoting/protocol/jingle_session_unittest.cc b/remoting/protocol/jingle_session_unittest.cc index 4a69ac2..504176e 100644 --- a/remoting/protocol/jingle_session_unittest.cc +++ b/remoting/protocol/jingle_session_unittest.cc @@ -155,10 +155,6 @@ class JingleSessionTest : public testing::Test { std::string cert_der; ASSERT_TRUE(file_util::ReadFileToString(cert_path, &cert_der)); - scoped_refptr<net::X509Certificate> cert = - net::X509Certificate::CreateFromBytes(cert_der.data(), - cert_der.size()); - FilePath key_path = certs_dir.AppendASCII("unittest.key.bin"); std::string key_string; ASSERT_TRUE(file_util::ReadFileToString(key_path, &key_string)); @@ -181,7 +177,7 @@ class JingleSessionTest : public testing::Test { NewCallback(&host_server_callback_, &MockSessionManagerCallback::OnIncomingSession), private_key.release(), - cert); + cert_der); client_server_.reset(JingleSessionManager::CreateNotSandboxed()); client_server_->set_allow_local_ips(true); @@ -189,7 +185,7 @@ class JingleSessionTest : public testing::Test { kClientJid, client_signal_strategy_.get(), NewCallback(&client_server_callback_, &MockSessionManagerCallback::OnIncomingSession), - NULL, NULL); + NULL, ""); } void CloseSessionManager() { @@ -607,10 +603,6 @@ class UDPChannelTester : public ChannelTesterBase { int broken_packets_; }; -// Mac needs to implement X509Certificate::CreateSelfSigned to enable these -// tests. -#if defined(USE_NSS) || defined(OS_WIN) - // Verify that we can create and destory server objects without a connection. TEST_F(JingleSessionTest, CreateAndDestoy) { CreateServerPair(); @@ -749,7 +741,5 @@ TEST_F(JingleSessionTest, DISABLED_TestSpeed) { CloseSessions(); } -#endif - } // namespace protocol } // namespace remoting diff --git a/remoting/protocol/jingle_stream_connector.cc b/remoting/protocol/jingle_stream_connector.cc index ea541b0..27fa331 100644 --- a/remoting/protocol/jingle_stream_connector.cc +++ b/remoting/protocol/jingle_stream_connector.cc @@ -28,14 +28,15 @@ const int kTcpAckDelayMilliseconds = 10; // Helper method to create a SSL client socket. net::SSLClientSocket* CreateSSLClientSocket( - net::StreamSocket* socket, scoped_refptr<net::X509Certificate> cert, + net::StreamSocket* socket, const std::string& cert_der, net::CertVerifier* cert_verifier) { net::SSLConfig ssl_config; // Certificate provided by the host doesn't need authority. net::SSLConfig::CertAndStatus cert_and_status; cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; - cert_and_status.cert = cert; + cert_and_status.cert = net::X509Certificate::CreateFromBytes( + cert_der.data(), cert_der.length()); ssl_config.allowed_bad_certs.push_back(cert_and_status); // SSLClientSocket takes ownership of the adapter. @@ -68,8 +69,8 @@ JingleStreamConnector::~JingleStreamConnector() { } void JingleStreamConnector::Connect(bool initiator, - net::X509Certificate* local_cert, - net::X509Certificate* remote_cert, + const std::string& local_cert, + const std::string& remote_cert, crypto::RSAPrivateKey* local_private_key, cricket::TransportChannel* raw_channel) { DCHECK(CalledOnValidThread()); @@ -125,10 +126,19 @@ bool JingleStreamConnector::EstablishSSLConnection() { result = ssl_client_socket->Connect(&ssl_connect_callback_); } else { + scoped_refptr<net::X509Certificate> cert = + net::X509Certificate::CreateFromBytes( + local_cert_.data(), local_cert_.length()); + if (!cert) { + LOG(ERROR) << "Failed to parse X509Certificate"; + return false; + } + // Create server SSL socket. net::SSLConfig ssl_config; + net::SSLServerSocket* ssl_server_socket = - net::CreateSSLServerSocket(socket_.release(), local_cert_, + net::CreateSSLServerSocket(socket_.release(), cert, local_private_key_, ssl_config); socket_.reset(ssl_server_socket); diff --git a/remoting/protocol/jingle_stream_connector.h b/remoting/protocol/jingle_stream_connector.h index ab7968b..9abfc63 100644 --- a/remoting/protocol/jingle_stream_connector.h +++ b/remoting/protocol/jingle_stream_connector.h @@ -40,10 +40,10 @@ class JingleStreamConnector : public JingleChannelConnector { // owned by the caller, and must exist until this object is // destroyed. virtual void Connect(bool initiator, - net::X509Certificate* local_cert, - net::X509Certificate* remote_cert, + const std::string& local_cert, + const std::string& remote_cert, crypto::RSAPrivateKey* local_private_key, - cricket::TransportChannel* raw_channel) OVERRIDE; + cricket::TransportChannel* raw_channel) OVERRIDE; private: bool EstablishTCPConnection(net::Socket* socket); @@ -62,8 +62,8 @@ class JingleStreamConnector : public JingleChannelConnector { Session::StreamChannelCallback callback_; bool initiator_; - scoped_refptr<net::X509Certificate> local_cert_; - scoped_refptr<net::X509Certificate> remote_cert_; + std::string local_cert_; + std::string remote_cert_; crypto::RSAPrivateKey* local_private_key_; cricket::TransportChannel* raw_channel_; diff --git a/remoting/protocol/session_manager.h b/remoting/protocol/session_manager.h index 4fbd515..75b5591 100644 --- a/remoting/protocol/session_manager.h +++ b/remoting/protocol/session_manager.h @@ -58,10 +58,6 @@ namespace crypto { class RSAPrivateKey; } // namespace base -namespace net { -class X509Certificate; -} // namespace net - namespace remoting { class SignalStrategy; @@ -104,7 +100,7 @@ class SessionManager : public base::NonThreadSafe { SignalStrategy* signal_strategy, IncomingSessionCallback* incoming_session_callback, crypto::RSAPrivateKey* private_key, - scoped_refptr<net::X509Certificate> certificate) = 0; + const std::string& certificate) = 0; // Tries to create a session to the host |jid|. // |