Handle Origin Bound Certificate expiration.

net/base/origin_bound_cert_service.h

Index: net/base/origin_bound_cert_service.h
diff --git a/net/base/origin_bound_cert_service.h b/net/base/origin_bound_cert_service.h
index c3861e6db06e10ee9f0427e285079b77bb8e5085..a5defc42d9495a50b9b9bb57b589237ffdd4eaff 100644
--- a/net/base/origin_bound_cert_service.h
+++ b/net/base/origin_bound_cert_service.h
@@ -12,6 +12,7 @@
 
 #include "base/basictypes.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/time.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
@@ -94,12 +95,14 @@ class NET_EXPORT OriginBoundCertService
   static int GenerateCert(const std::string& origin,
                           SSLClientCertType type,
                           uint32 serial_number,
+                          base::Time not_valid_after,

[wtc, 2011/12/14 02:03:39]

Please document the |type| and |not_valid_after| input
parameters.

For the GenerateCert() method, it may be better to take
a base::TimeDelta validity_period input parameter instead.

[mattm, 2011/12/20 00:28:38]

I documented the expiration_time return value.  I think that like origin, the
type input is pretty self-explanitory.

                           std::string* private_key,
                           std::string* cert);
 
   void HandleResult(const std::string& origin,
                     int error,
                     SSLClientCertType type,
+                    base::Time not_valid_after,
                     const std::string& private_key,
                     const std::string& cert);