Instantiate OriginBoundCertService in relevant places and do plumbing to pass it down to HttpNetw...

chrome/browser/io_thread.cc

Index: chrome/browser/io_thread.cc
===================================================================
--- chrome/browser/io_thread.cc	(revision 94628)
+++ chrome/browser/io_thread.cc	(working copy)
@@ -36,12 +36,14 @@
 #include "content/common/url_fetcher.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/cookie_monster.h"
+#include "net/base/default_origin_bound_cert_store.h"
 #include "net/base/dnsrr_resolver.h"
 #include "net/base/host_cache.h"
 #include "net/base/host_resolver.h"
 #include "net/base/host_resolver_impl.h"
 #include "net/base/mapped_host_resolver.h"
 #include "net/base/net_util.h"
+#include "net/base/origin_bound_cert_service.h"
 #include "net/dns/async_host_resolver.h"
 #include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_auth_filter.h"
@@ -255,6 +257,9 @@
       globals->proxy_script_fetcher_ftp_transaction_factory.get());
   // In-memory cookie store.
   context->set_cookie_store(new net::CookieMonster(NULL, NULL));

[wtc, 2011/08/08 22:49:20]

Similarly, I think the proxy script fetcher context and system
context can share the same in-memory cookie store.

+  // In-memory origin-bound cert store.
+  context->set_origin_bound_cert_service(
+      globals->proxy_origin_bound_cert_service.get());
   context->set_network_delegate(globals->system_network_delegate.get());
   return context;
 }
@@ -277,6 +282,9 @@
       globals->system_ftp_transaction_factory.get());
   // In-memory cookie store.
   context->set_cookie_store(new net::CookieMonster(NULL, NULL));
+  // In-memory origin bound cert-store.
+  context->set_origin_bound_cert_service(
+      globals->system_origin_bound_cert_service.get());
   return context;
 }
 
@@ -485,6 +493,12 @@
   globals_->host_resolver.reset(
       CreateGlobalHostResolver(net_log_));
   globals_->cert_verifier.reset(new net::CertVerifier);
+  globals_->proxy_origin_bound_cert_service.reset(
+      new net::OriginBoundCertService(
+          new net::DefaultOriginBoundCertStore(NULL)));
+  globals_->system_origin_bound_cert_service.reset(
+      new net::OriginBoundCertService(
+          new net::DefaultOriginBoundCertStore(NULL)));

[wtc, 2011/08/08 22:49:20]

We should use globals_->system_origin_bound_cert_service in
system_params in IOThread::InitSystemRequestContextOnIOThread().

I suspect proxy_script_fetcher and system can share the
same origin-bound cert service.  Please find out exactly
what the proxy script fetcher context is used for.  I
seem to recall proxy script fetcher only needs its own
proxy service to avoid a recursion.

   globals_->dnsrr_resolver.reset(new net::DnsRRResolver);
   globals_->ssl_config_service = GetSSLConfigService();
   globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory(
@@ -495,6 +509,8 @@
   net::HttpNetworkSession::Params session_params;
   session_params.host_resolver = globals_->host_resolver.get();
   session_params.cert_verifier = globals_->cert_verifier.get();
+  session_params.origin_bound_cert_service =
+      globals_->proxy_origin_bound_cert_service.get();
   session_params.proxy_service =
       globals_->proxy_script_fetcher_proxy_service.get();
   session_params.http_auth_handler_factory =