Support EC certs in OriginBoundCertService and OriginBoundCertStore.

OriginBoundCertService::GetOriginBoundCert takes a vector of requested cert
types in order of preferrence and will return or generate one of an acceptable
type.

BUG=88782
TEST=net_unittests, unit_tests

Review URL: http://codereview.chromium.org/8662036

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113108 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 2 deletions

diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 0eddd76..7b56844 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -167,8 +167,10 @@ class SSLClientSocketNSS : public SSLClientSocket {
   static bool OriginBoundCertNegotiated(PRFileDesc* socket);
   // Origin bound cert client auth handler.
   // Returns the value the ClientAuthHandler function should return.
-  SECStatus OriginBoundClientAuthHandler(CERTCertificate** result_certificate,
-                                         SECKEYPrivateKey** result_private_key);
+  SECStatus OriginBoundClientAuthHandler(
+      const std::vector<uint8>& requested_cert_types,
+      CERTCertificate** result_certificate,
+      SECKEYPrivateKey** result_private_key);
 #if defined(NSS_PLATFORM_CLIENT_AUTH)
   // On platforms where we use the native certificate store, NSS calls this
   // instead when client authentication is requested.  At most one of
@@ -259,6 +261,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
   // For origin bound certificates in client auth.
   bool ob_cert_xtn_negotiated_;
   OriginBoundCertService* origin_bound_cert_service_;
+  SSLClientCertType ob_cert_type_;
   std::string ob_private_key_;
   std::string ob_cert_;
   OriginBoundCertService::RequestHandle ob_cert_request_handle_;