Use NSS to generate Origin-Bound Certs on Win and Mac.

The platform RSAPrivateKey is used to generate the private key, which is then imported into NSS to generate the certificate.
X509Certificate::CreateOriginBound is moved to x509_util::CreateOriginBoundCert so it can be shared by those platforms, and removes the unnecessary X509Certificate generation step.

BUG=88782
TEST=X509UtilNSSTest.CreateOriginBoundCert & manual testing: try on win or mac, check if generated cert has the OBC extension.

Review URL: http://codereview.chromium.org/8296014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105997 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 0 deletions

diff --git a/crypto/scoped_nss_types.h b/crypto/scoped_nss_types.h
index 3e84cb0..d8d78b0 100644
--- a/crypto/scoped_nss_types.h
+++ b/crypto/scoped_nss_types.h
@@ -6,6 +6,7 @@
 #define CRYPTO_SCOPED_NSS_TYPES_H_
 #pragma once
 
+#include <keyhi.h>
 #include <nss.h>
 #include <pk11pub.h>
 
@@ -39,6 +40,12 @@ typedef scoped_ptr_malloc<
 typedef scoped_ptr_malloc<
     PK11SymKey, NSSDestroyer<PK11SymKey, PK11_FreeSymKey> > ScopedPK11SymKey;
 typedef scoped_ptr_malloc<
+    SECKEYPublicKey, NSSDestroyer<SECKEYPublicKey, SECKEY_DestroyPublicKey> >
+    ScopedSECKEYPublicKey;
+typedef scoped_ptr_malloc<
+    SECKEYPrivateKey, NSSDestroyer<SECKEYPrivateKey, SECKEY_DestroyPrivateKey> >
+    ScopedSECKEYPrivateKey;
+typedef scoped_ptr_malloc<
     SECAlgorithmID, NSSDestroyer1<SECAlgorithmID,
                                   SECOID_DestroyAlgorithmID,
                                   PR_TRUE> > ScopedSECAlgorithmID;