Fix SpdySession::WriteCredentialFrame ECPrivateKey creation args.

crypto/ec_signature_creator.h

Index: crypto/ec_signature_creator.h
diff --git a/crypto/ec_signature_creator.h b/crypto/ec_signature_creator.h
index 8858eb50868d99527461af68be4897024d90020f..37b7d5df04137491d3e3056d84a5f25f55fb5a8f 100644
--- a/crypto/ec_signature_creator.h
+++ b/crypto/ec_signature_creator.h
@@ -14,13 +14,21 @@
 namespace crypto {
 
 class ECPrivateKey;
+class ECSignatureCreator;
+
+class CRYPTO_EXPORT ECSignatureCreatorFactory {
+ public:
+  virtual ~ECSignatureCreatorFactory() {}
+
+  virtual ECSignatureCreator* Create(ECPrivateKey* key) = 0;
+};
 
 // Signs data using a bare private key (as opposed to a full certificate).
 // We need this class because SignatureCreator is hardcoded to use
 // RSAPrivateKey.
 class CRYPTO_EXPORT ECSignatureCreator {
  public:
-  ~ECSignatureCreator();
+  virtual ~ECSignatureCreator() {}
 
   // Create an instance. The caller must ensure that the provided PrivateKey
   // instance outlives the created ECSignatureCreator.
@@ -28,23 +36,24 @@ class CRYPTO_EXPORT ECSignatureCreator {
   // pass in the hash algorithm identifier.
   static ECSignatureCreator* Create(ECPrivateKey* key);
 
+  // Set a factory to make the Create function return non-standard
+  // ECSignatureCreator objects.  Because the elliptic curve signature algorithm

[wtc, 2012/02/23 23:39:57]

Nit: elliptic curve signature => ECDSA

[mattm, 2012/02/24 01:05:28]

Done.

+  // involves randomness, this is useful for higher-level tests that want to
+  // have deterministic output to compare.

[wtc, 2012/02/23 23:39:57]

Nit: add "mocked" before "output"

[mattm, 2012/02/24 01:05:28]

Done.

+  static void SetFactoryForTesting(ECSignatureCreatorFactory* factory);
+
   // Signs |data_len| bytes from |data| and writes the results into
   // |signature| as a DER encoded ECDSA-Sig-Value from RFC 3279.
   //
   //  ECDSA-Sig-Value ::= SEQUENCE {
   //    r     INTEGER,
   //    s     INTEGER }
-  bool Sign(const uint8* data,
-            int data_len,
-            std::vector<uint8>* signature);
-
- private:
-  // Private constructor. Use the Create() method instead.
-  explicit ECSignatureCreator(ECPrivateKey* key);
-
-  ECPrivateKey* key_;
+  virtual bool Sign(const uint8* data,
+                    int data_len,
+                    std::vector<uint8>* signature) = 0;
 
-  DISALLOW_COPY_AND_ASSIGN(ECSignatureCreator);
+ protected:
+  static ECSignatureCreator* CreatePlatformImpl(ECPrivateKey* key);

[wtc, 2012/02/23 23:39:57]

Instead of this CreatePlatformImpl, the design I often see
in the Chromium source tree would be to have a
ECSignatureCreatorImpl class, and have the Factory::Create
method call new ECSignatureCreatorImpl if g_factory_ is NULL.

Do you think that design won't work well here because
we'd need to have an NSS-based and OpenSSL-based versions
of the ECSignatureCreatorImpl class, which is more
confusing than having two versions of the CreatePlatformImpl
function?

[mattm, 2012/02/24 01:05:28]

One issue there would be that it makes the openssl non-implemented case a bit
harder, since we'd either have to return a non-functional ECSignatureCreator
instance, or have an ifdef USE_OPENSSL return NULL in the cross-platform file.

[wtc, 2012/02/24 01:12:20]

We already had a non-functional ECSignatureCreator class
for OpenSSL, so we can simply rename it to ECSignatureCreatorImpl.

Having an ifdef USE_OPENSSL return NULL would be bad...

 };
 
 }  // namespace crypto