Remove requested types from the server bound cert service: it only

supports a single type.

BUG=259097

Review URL: https://chromiumcodereview.appspot.com/20456002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@216223 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 18 insertions, 62 deletions

diff --git a/net/spdy/spdy_credential_builder.cc b/net/spdy/spdy_credential_builder.cc
index 1742aff..79567b6 100644
--- a/net/spdy/spdy_credential_builder.cc
+++ b/net/spdy/spdy_credential_builder.cc
@@ -26,14 +26,10 @@ std::vector<uint8> ToVector(base::StringPiece piece) {
 
 // static
 int SpdyCredentialBuilder::Build(const std::string& tls_unique,
-                                 SSLClientCertType type,
                                  const std::string& key,
                                  const std::string& cert,
                                  size_t slot,
                                  SpdyCredential* credential) {
-  if (type != CLIENT_CERT_ECDSA_SIGN)
-    return ERR_BAD_SSL_CLIENT_AUTH_CERT;
-
   std::string secret = SpdyCredentialBuilder::GetCredentialSecret(tls_unique);
 
   // Extract the SubjectPublicKeyInfo from the certificate.
diff --git a/net/spdy/spdy_credential_builder.h b/net/spdy/spdy_credential_builder.h
index d74b600..3bdc0a1 100644
--- a/net/spdy/spdy_credential_builder.h
+++ b/net/spdy/spdy_credential_builder.h
@@ -8,7 +8,6 @@
 #include <string>
 
 #include "net/base/net_export.h"
-#include "net/ssl/ssl_client_cert_type.h"
 
 namespace net {
 
@@ -20,7 +19,6 @@ struct SpdyCredential;
 class NET_EXPORT_PRIVATE SpdyCredentialBuilder {
  public:
   static int Build(const std::string& tls_unique,
-                   SSLClientCertType type,
                    const std::string& key,
                    const std::string& cert,
                    size_t slot,
diff --git a/net/spdy/spdy_credential_builder_unittest.cc b/net/spdy/spdy_credential_builder_unittest.cc
index 89332d5..bc67cc5 100644
--- a/net/spdy/spdy_credential_builder_unittest.cc
+++ b/net/spdy/spdy_credential_builder_unittest.cc
@@ -30,16 +30,12 @@ void CreateCertAndKey(std::string* cert, std::string* key) {
                                  sequenced_worker_pool));
 
   TestCompletionCallback callback;
-  std::vector<uint8> requested_cert_types;
-  requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
-  SSLClientCertType cert_type;
   ServerBoundCertService::RequestHandle request_handle;
   int rv = server_bound_cert_service->GetDomainBoundCert(
-      "www.google.com", requested_cert_types, &cert_type, key, cert,
+      "www.google.com", key, cert,
       callback.callback(), &request_handle);
   EXPECT_EQ(ERR_IO_PENDING, rv);
   EXPECT_EQ(OK, callback.WaitForResult());
-  EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
 
   sequenced_worker_pool->Shutdown();
 }
@@ -53,13 +49,9 @@ class SpdyCredentialBuilderTest : public testing::Test {
   }
 
  protected:
-  int BuildWithType(SSLClientCertType type) {
-    return SpdyCredentialBuilder::Build(
-        MockClientSocket::kTlsUnique, type, key_, cert_, kSlot, &credential_);
-  }
-
   int Build() {
-    return BuildWithType(CLIENT_CERT_ECDSA_SIGN);
+    return SpdyCredentialBuilder::Build(
+        MockClientSocket::kTlsUnique, key_, cert_, kSlot, &credential_);
   }
 
   std::string GetCredentialSecret() {
@@ -89,35 +81,13 @@ TEST_F(SpdyCredentialBuilderTest, MAYBE_GetCredentialSecret) {
 }
 
 #if defined(USE_OPENSSL)
-#define MAYBE_SucceedsWithECDSACert DISABLED_SucceedsWithECDSACert
-#else
-#define MAYBE_SucceedsWithECDSACert SucceedsWithECDSACert
-#endif
-
-TEST_F(SpdyCredentialBuilderTest, MAYBE_SucceedsWithECDSACert) {
-  EXPECT_EQ(OK, BuildWithType(CLIENT_CERT_ECDSA_SIGN));
-}
-
-#if defined(USE_OPENSSL)
-#define MAYBE_FailsWithRSACert DISABLED_FailsWithRSACert
-#else
-#define MAYBE_FailsWithRSACert FailsWithRSACert
-#endif
-
-TEST_F(SpdyCredentialBuilderTest, MAYBE_FailsWithRSACert) {
-  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
-            BuildWithType(CLIENT_CERT_RSA_SIGN));
-}
-
-#if defined(USE_OPENSSL)
-#define MAYBE_FailsWithDSACert DISABLED_FailsWithDSACert
+#define MAYBE_Succeeds DISABLED_Succeeds
 #else
-#define MAYBE_FailsWithDSACert FailsWithDSACert
+#define MAYBE_Succeeds Succeeds
 #endif
 
-TEST_F(SpdyCredentialBuilderTest, MAYBE_FailsWithDSACert) {
-  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
-            BuildWithType(CLIENT_CERT_DSS_SIGN));
+TEST_F(SpdyCredentialBuilderTest, MAYBE_Succeeds) {
+  EXPECT_EQ(OK, Build());
 }
 
 #if defined(USE_OPENSSL)
diff --git a/net/spdy/spdy_http_stream_unittest.cc b/net/spdy/spdy_http_stream_unittest.cc
index 04a8eca..55387cf 100644
--- a/net/spdy/spdy_http_stream_unittest.cc
+++ b/net/spdy/spdy_http_stream_unittest.cc
@@ -540,23 +540,18 @@ void GetECServerBoundCertAndProof(
     std::string* cert,
     std::string* proof) {
   TestCompletionCallback callback;
-  std::vector<uint8> requested_cert_types;
-  requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
-  SSLClientCertType cert_type;
   std::string key;
   ServerBoundCertService::RequestHandle request_handle;
   int rv = server_bound_cert_service->GetDomainBoundCert(
-      host, requested_cert_types, &cert_type, &key, cert, callback.callback(),
+      host, &key, cert, callback.callback(),
       &request_handle);
   EXPECT_EQ(ERR_IO_PENDING, rv);
   EXPECT_EQ(OK, callback.WaitForResult());
-  EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
 
   SpdyCredential credential;
   EXPECT_EQ(OK,
             SpdyCredentialBuilder::Build(
-                MockClientSocket::kTlsUnique, cert_type, key,
-                *cert, 2, &credential));
+                MockClientSocket::kTlsUnique, key, *cert, 2, &credential));
 
   ASSERT_FALSE(credential.certs.empty());
   cert->assign(credential.certs[0]);
diff --git a/net/spdy/spdy_session.cc b/net/spdy/spdy_session.cc
index 8a730ce..db47549 100644
--- a/net/spdy/spdy_session.cc
+++ b/net/spdy/spdy_session.cc
@@ -793,7 +793,6 @@ scoped_ptr<SpdyFrame> SpdySession::CreateSynStream(
 
 int SpdySession::CreateCredentialFrame(
     const std::string& origin,
-    SSLClientCertType type,
     const std::string& key,
     const std::string& cert,
     RequestPriority priority,
@@ -807,7 +806,7 @@ int SpdySession::CreateCredentialFrame(
   std::string tls_unique;
   ssl_socket->GetTLSUniqueChannelBinding(&tls_unique);
   size_t slot = credential_state_.SetHasCredential(GURL(origin));
-  int rv = SpdyCredentialBuilder::Build(tls_unique, type, key, cert, slot,
+  int rv = SpdyCredentialBuilder::Build(tls_unique, key, cert, slot,
                                         &credential);
   DCHECK_NE(rv, ERR_IO_PENDING);
   if (rv != OK)
diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h
index c6a22e6..819db11 100644
--- a/net/spdy/spdy_session.h
+++ b/net/spdy/spdy_session.h
@@ -35,7 +35,6 @@
 #include "net/spdy/spdy_session_pool.h"
 #include "net/spdy/spdy_stream.h"
 #include "net/spdy/spdy_write_queue.h"
-#include "net/ssl/ssl_client_cert_type.h"
 #include "net/ssl/ssl_config_service.h"
 #include "url/gurl.h"
 
@@ -299,7 +298,6 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
   // |credential_frame| and returns OK. Returns the error (guaranteed
   // to not be ERR_IO_PENDING) otherwise.
   int CreateCredentialFrame(const std::string& origin,
-                            SSLClientCertType type,
                             const std::string& key,
                             const std::string& cert,
                             RequestPriority priority,
diff --git a/net/spdy/spdy_stream.cc b/net/spdy/spdy_stream.cc
index db085cf..18d20e8 100644
--- a/net/spdy/spdy_stream.cc
+++ b/net/spdy/spdy_stream.cc
@@ -108,7 +108,6 @@ SpdyStream::SpdyStream(SpdyStreamType type,
       net_log_(net_log),
       send_bytes_(0),
       recv_bytes_(0),
-      domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE),
       just_completed_frame_type_(DATA),
       just_completed_frame_size_(0) {
   CHECK(type_ == SPDY_BIDIRECTIONAL_STREAM ||
@@ -741,11 +740,10 @@ int SpdyStream::DoGetDomainBoundCert() {
   io_state_ = STATE_GET_DOMAIN_BOUND_CERT_COMPLETE;
   ServerBoundCertService* sbc_service = session_->GetServerBoundCertService();
   DCHECK(sbc_service != NULL);
-  std::vector<uint8> requested_cert_types;
-  requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
   int rv = sbc_service->GetDomainBoundCert(
-      url.GetOrigin().host(), requested_cert_types,
-      &domain_bound_cert_type_, &domain_bound_private_key_, &domain_bound_cert_,
+      url.GetOrigin().host(),
+      &domain_bound_private_key_,
+      &domain_bound_cert_,
       base::Bind(&SpdyStream::OnGetDomainBoundCertComplete, GetWeakPtr()),
       &domain_bound_cert_request_handle_);
   return rv;
@@ -771,8 +769,11 @@ int SpdyStream::DoSendDomainBoundCert() {
   origin.erase(origin.length() - 1);  // Trim trailing slash.
   scoped_ptr<SpdyFrame> frame;
   int rv = session_->CreateCredentialFrame(
-      origin, domain_bound_cert_type_, domain_bound_private_key_,
-      domain_bound_cert_, priority_, &frame);
+      origin,
+      domain_bound_private_key_,
+      domain_bound_cert_,
+      priority_,
+      &frame);
   if (rv != OK) {
     DCHECK_NE(rv, ERR_IO_PENDING);
     return rv;
diff --git a/net/spdy/spdy_stream.h b/net/spdy/spdy_stream.h
index 06209a1..4d18e3e 100644
--- a/net/spdy/spdy_stream.h
+++ b/net/spdy/spdy_stream.h
@@ -541,7 +541,6 @@ class NET_EXPORT_PRIVATE SpdyStream {
   // Data received before delegate is attached.
   ScopedVector<SpdyBuffer> pending_buffers_;
 
-  SSLClientCertType domain_bound_cert_type_;
   std::string domain_bound_private_key_;
   std::string domain_bound_cert_;
   ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;