Added CreateOriginBound method to x509_certificate.h.

net/base/origin_bound_cert_service.cc

Index: net/base/origin_bound_cert_service.cc
diff --git a/net/base/origin_bound_cert_service.cc b/net/base/origin_bound_cert_service.cc
index 50d45c446e2fe41906a3d62802354acb45ee5460..f51710dbfa2f086a0a86137f5677dae281b5e84d 100644
--- a/net/base/origin_bound_cert_service.cc
+++ b/net/base/origin_bound_cert_service.cc
@@ -316,7 +316,6 @@ int OriginBoundCertService::GenerateCert(const std::string& origin,
                                          uint32 serial_number,
                                          std::string* private_key,
                                          std::string* cert) {
-  std::string subject = "CN=OBC";
   scoped_ptr<crypto::RSAPrivateKey> key(
       crypto::RSAPrivateKey::Create(kKeySizeInBits));
   if (!key.get()) {
@@ -324,9 +323,9 @@ int OriginBoundCertService::GenerateCert(const std::string& origin,
     return ERR_KEY_GENERATION_FAILED;
   }
 
-  scoped_refptr<X509Certificate> x509_cert = X509Certificate::CreateSelfSigned(
+  scoped_refptr<X509Certificate> x509_cert = X509Certificate::CreateOriginBound(
       key.get(),
-      subject,
+      origin,
       serial_number,
       base::TimeDelta::FromDays(kValidityPeriodInDays));

[wtc, 2011/08/24 01:39:42]

This fails on Windows, etc. because X509Certificate::CreateOriginBound()
is not implemented.

For now, we need to use ifdef:

#if defined(USE_NSS)
  scoped_refptr<X509Certificate> x509_cert = X509Certificate::CreateOriginBound(
      key.get(),
      origin,
      serial_number,
      base::TimeDelta::FromDays(kValidityPeriodInDays));
#else
  scoped_refptr<X509Certificate> x509_cert = X509Certificate::CreateSelfSigned(
      key.get(),
      "CN=anonymous.invalid",
      serial_number,
      base::TimeDelta::FromDays(kValidityPeriodInDays));
#endif

Alternatively, the stub implementations of CreateOriginBound
can call CreateSelfSigned("CN=anonymous.invalid") instead of
returning NULL.

   if (!x509_cert) {