Instantiate OriginBoundCertService in relevant places and do plumbing to pass it down to HttpNetw...

chrome/browser/profiles/off_the_record_profile_io_data.cc

Index: chrome/browser/profiles/off_the_record_profile_io_data.cc
===================================================================
--- chrome/browser/profiles/off_the_record_profile_io_data.cc	(revision 94628)
+++ chrome/browser/profiles/off_the_record_profile_io_data.cc	(working copy)
@@ -19,6 +19,8 @@
 #include "chrome/common/url_constants.h"
 #include "content/browser/browser_thread.h"
 #include "content/browser/resource_context.h"
+#include "net/base/default_origin_bound_cert_store.h"
+#include "net/base/origin_bound_cert_service.h"

[wtc, 2011/08/01 18:21:24]

Can you find out why we need to include the origin-bound
cert headers, but not the cookie store headers?

[rkn, 2011/08/01 19:32:53]

I believe this is the case because off_the_record_profile_io_data.h includes
profile_io_data.h which includes cookie_monster.h.

 #include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_cache.h"
 #include "webkit/database/database_tracker.h"
@@ -166,6 +168,10 @@
   // All we care about for extensions is the cookie store. For incognito, we
   // use a non-persistent cookie store.
 
+  main_context->set_origin_bound_cert_service(

[wtc, 2011/08/01 18:21:24]

Add a comment to say:
  // For incognito, we use a non-persistent origin bound cert store.  See lines
168-169 above.

+      new net::OriginBoundCertService(
+          new net::DefaultOriginBoundCertStore(NULL)));

[wtc, 2011/08/01 18:21:24]

This code should be moved before line 166, because the
comments on lines 168-169 seem to describe the code that sets
up cookie stores for incognito and extensions (lines 166-181),
so we should not add code in the middle of that.

+
   net::CookieMonster* extensions_cookie_store =
       new net::CookieMonster(NULL, NULL);
   // Enable cookies for devtools and extension URLs.
@@ -174,11 +180,18 @@
   extensions_cookie_store->SetCookieableSchemes(schemes, 2);
   extensions_context->set_cookie_store(extensions_cookie_store);
 
+  net::OriginBoundCertService* extensions_origin_bound_cert_service =
+      new net::OriginBoundCertService(
+          new net::DefaultOriginBoundCertStore(NULL));
+  extensions_context->set_origin_bound_cert_service(
+      extensions_origin_bound_cert_service);

[wtc, 2011/08/01 18:21:24]

IMPORTANT: the extensions_origin_bound_cert_service code
should be reviewed carefully.  You need to be sure that the
extensions need origin-bound certs.

Note that the extensions_cookie_store code on lines 175-181
above seems to be restricted to only handle the
"chrome dev tools" and "extensions" URL schemes.

[rkn, 2011/08/01 19:32:53]

I'm removing origin-bound certs for extensions until I can figure out if it is
necessary or not.

+
   net::HttpCache::BackendFactory* main_backend =
       net::HttpCache::DefaultBackend::InMemory(0);
   net::HttpCache* cache =
       new net::HttpCache(main_context->host_resolver(),
                          main_context->cert_verifier(),
+                         main_context->origin_bound_cert_service(),
                          main_context->dnsrr_resolver(),
                          main_context->dns_cert_checker(),
                          main_context->proxy_service(),