Instantiate OriginBoundCertService in relevant places and do plumbing to pass it down to HttpNetw...

chrome/browser/profiles/profile_impl_io_data.cc

Index: chrome/browser/profiles/profile_impl_io_data.cc
===================================================================
--- chrome/browser/profiles/profile_impl_io_data.cc	(revision 94628)
+++ chrome/browser/profiles/profile_impl_io_data.cc	(working copy)
@@ -12,6 +12,7 @@
 #include "chrome/browser/io_thread.h"
 #include "chrome/browser/net/chrome_net_log.h"
 #include "chrome/browser/net/chrome_network_delegate.h"
+#include "chrome/browser/net/sqlite_origin_bound_cert_store.h"
 #include "chrome/browser/net/sqlite_persistent_cookie_store.h"
 #include "chrome/browser/prefs/pref_member.h"
 #include "chrome/browser/profiles/profile.h"
@@ -21,6 +22,7 @@
 #include "chrome/common/url_constants.h"
 #include "content/browser/browser_thread.h"
 #include "content/browser/resource_context.h"
+#include "net/base/origin_bound_cert_service.h"
 #include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_cache.h"
 
@@ -53,6 +55,7 @@
 }
 
 void ProfileImplIOData::Handle::Init(const FilePath& cookie_path,
+                                     const FilePath& origin_bound_cert_path,
                                      const FilePath& cache_path,
                                      int cache_max_size,
                                      const FilePath& media_cache_path,
@@ -64,6 +67,7 @@
   LazyParams* lazy_params = new LazyParams;
 
   lazy_params->cookie_path = cookie_path;
+  lazy_params->origin_bound_cert_path = origin_bound_cert_path;
   lazy_params->cache_path = cache_path;
   lazy_params->cache_max_size = cache_max_size;
   lazy_params->media_cache_path = media_cache_path;
@@ -230,40 +234,15 @@
   main_context->set_proxy_service(proxy_service());
   media_request_context_->set_proxy_service(proxy_service());
 

[rkn, 2011/08/03 00:39:35]

I moved the below block of code farther down because it depends on
origin_bound_cert_service.

-  net::HttpCache::DefaultBackend* main_backend =
-      new net::HttpCache::DefaultBackend(
-          net::DISK_CACHE,
-          lazy_params_->cache_path,
-          lazy_params_->cache_max_size,
-          BrowserThread::GetMessageLoopProxyForThread(BrowserThread::CACHE));
-  net::HttpCache* main_cache = new net::HttpCache(
-      main_context->host_resolver(),
-      main_context->cert_verifier(),
-      main_context->dnsrr_resolver(),
-      main_context->dns_cert_checker(),
-      main_context->proxy_service(),
-      main_context->ssl_config_service(),
-      main_context->http_auth_handler_factory(),
-      main_context->network_delegate(),
-      main_context->net_log(),
-      main_backend);
-
-  net::HttpCache::DefaultBackend* media_backend =
-      new net::HttpCache::DefaultBackend(
-          net::MEDIA_CACHE, lazy_params_->media_cache_path,
-          lazy_params_->media_cache_max_size,
-          BrowserThread::GetMessageLoopProxyForThread(BrowserThread::CACHE));
-  net::HttpNetworkSession* main_network_session = main_cache->GetSession();
-  net::HttpCache* media_cache =
-      new net::HttpCache(main_network_session, media_backend);
-
   scoped_refptr<net::CookieStore> cookie_store = NULL;
+  net::OriginBoundCertService* origin_bound_cert_service = NULL;

[wtc, 2011/08/04 00:56:20]

IMPORTANT: we should use a scoped_refptr or a scoped_ptr
here, depending on whether OriginBoundCertService is a
reference-counted type or not.

   if (record_mode || playback_mode) {
     // Don't use existing cookies and use an in-memory store.
     cookie_store = new net::CookieMonster(
         NULL, profile_params->cookie_monster_delegate);
-    main_cache->set_mode(
-        record_mode ? net::HttpCache::RECORD : net::HttpCache::PLAYBACK);
+    // Don't use existing origin-bound certs and use an in-memory store.
+    origin_bound_cert_service = new net::OriginBoundCertService(
+        new net::DefaultOriginBoundCertStore(NULL));
   }
 
   // setup cookie store
@@ -279,6 +258,19 @@
                                profile_params->cookie_monster_delegate);
   }
 
+  // Setup origin bound cert service.
+  if (!origin_bound_cert_service) {
+    DCHECK(!lazy_params_->origin_bound_cert_path.empty());
+
+    scoped_refptr<SQLiteOriginBoundCertStore> origin_bound_cert_db =
+        new SQLiteOriginBoundCertStore(lazy_params_->origin_bound_cert_path);
+    origin_bound_cert_db->SetClearLocalStateOnExit(
+        profile_params->clear_local_state_on_exit);
+    origin_bound_cert_service =
+        new net::OriginBoundCertService(
+            new net::DefaultOriginBoundCertStore(origin_bound_cert_db.get()));
+  }

[wtc, 2011/08/04 00:56:20]

I suggest moving this block of code to line 287 below,
so that we don't separate the code that creates cookie_store
from the code that creates extensions_cookie_store.

+
   net::CookieMonster* extensions_cookie_store =
       new net::CookieMonster(
           new SQLitePersistentCookieStore(
@@ -292,6 +284,43 @@
   media_request_context_->set_cookie_store(cookie_store);
   extensions_context->set_cookie_store(extensions_cookie_store);
 
+  main_context->set_origin_bound_cert_service(origin_bound_cert_service);
+  media_request_context_->set_origin_bound_cert_service(
+      origin_bound_cert_service);

[wtc, 2011/08/04 00:56:20]

NOTE: this code implies that OriginBoundCertService needs to
be reference-counted, because both main_context and
media_request_context "own" it.

[willchan no longer on Chromium, 2011/08/05 04:01:18]

We're generally moving toward the ProfileIOData owning the data rather than the
URLRequestContext refcounting it. Can you do that here?

+
+  net::HttpCache::DefaultBackend* main_backend =
+      new net::HttpCache::DefaultBackend(
+          net::DISK_CACHE,
+          lazy_params_->cache_path,
+          lazy_params_->cache_max_size,
+          BrowserThread::GetMessageLoopProxyForThread(BrowserThread::CACHE));
+  net::HttpCache* main_cache = new net::HttpCache(
+      main_context->host_resolver(),
+      main_context->cert_verifier(),
+      main_context->origin_bound_cert_service(),
+      main_context->dnsrr_resolver(),
+      main_context->dns_cert_checker(),
+      main_context->proxy_service(),
+      main_context->ssl_config_service(),
+      main_context->http_auth_handler_factory(),
+      main_context->network_delegate(),
+      main_context->net_log(),
+      main_backend);
+
+  net::HttpCache::DefaultBackend* media_backend =
+      new net::HttpCache::DefaultBackend(
+          net::MEDIA_CACHE, lazy_params_->media_cache_path,
+          lazy_params_->media_cache_max_size,
+          BrowserThread::GetMessageLoopProxyForThread(BrowserThread::CACHE));
+  net::HttpNetworkSession* main_network_session = main_cache->GetSession();
+  net::HttpCache* media_cache =
+      new net::HttpCache(main_network_session, media_backend);
+
+  if (record_mode || playback_mode) {
+    main_cache->set_mode(
+        record_mode ? net::HttpCache::RECORD : net::HttpCache::PLAYBACK);
+  }
+
   main_http_factory_.reset(main_cache);
   media_http_factory_.reset(media_cache);
   main_context->set_http_transaction_factory(main_cache);