Added CreateOriginBound method to x509_certificate.h.

net/base/x509_certificate.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 #pragma once
 
 #include <string.h>
 
@@ skipping 184 matching lines @@
   // 1. Encryption without authentication and thus vulnerable to
   //    man-in-the-middle attacks.
   // 2. Self-signed certificates cannot be revoked.
   //
   // Use this certificate only after the above risks are acknowledged.
   static X509Certificate* CreateSelfSigned(crypto::RSAPrivateKey* key,
                                            const std::string& subject,
                                            uint32 serial_number,
                                            base::TimeDelta valid_duration);
 
+  // Create an origin bound certificate containing the public key in |key|.
+  // Subject, web origin, serial number and validity period are given as
+  // parameters. The certificate is signed by the private key in |key|.
+  // The hashing algorithm for the signature is SHA-1.
+  //
+  // |subject| is a distinguished name defined in RFC4514.
+  //
+  // An example:
+  // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com
+  //
+  // SECURITY WARNING
+  //
+  // Using self-signed certificates has the following security risks:
+  // 1. Encryption without authentication and thus vulnerable to
+  //    man-in-the-middle attacks.
+  // 2. Self-signed certificates cannot be revoked.
+  //
+  // Use this certificate only after the above risks are acknowledged.

[wtc, 2011/08/04 00:37:53]

Remove the security warning (lines 215-222).  Replace it with
a reference to the origin-bound certificate Internet-Draft.

+  static X509Certificate* CreateOriginBound(crypto::RSAPrivateKey* key,
+                                            const std::string& subject,
+                                            const std::string& origin,
+                                            uint32 serial_number,
+                                            base::TimeDelta valid_duration);
+
   // Appends a representation of this object to the given pickle.
   void Persist(Pickle* pickle);
 
   // The subject of the certificate.  For HTTPS server certificates, this
   // represents the web server.  The common name of the subject should match
   // the host name of the web server.
   const CertPrincipal& subject() const { return subject_; }
 
   // The issuer of the certificate.
   const CertPrincipal& issuer() const { return issuer_; }
@@ skipping 278 matching lines @@
 
   // Where the certificate comes from.
   Source source_;
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_