Fix certificate and keychain installation on Android.

content/public/browser/content_browser_client.h

Index: content/public/browser/content_browser_client.h
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 731f89783f5a9509a0dfaa6584f6de2fba163e8d..c791f70810b4b6044db5ef23ef7ceaaf6dca59fc 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -13,6 +13,7 @@
 #include "content/public/browser/file_descriptor_info.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/window_container_type.h"
+#include "net/base/mime_util.h"
 #include "net/cookies/canonical_cookie.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebNotificationPresenter.h"
 
@@ -323,13 +324,16 @@ class CONTENT_EXPORT ContentBrowserClient {
       net::SSLCertRequestInfo* cert_request_info,
       const base::Callback<void(net::X509Certificate*)>& callback) {}
 
-  // Adds a downloaded client cert. The embedder should ensure that there's
-  // a private key for the cert, displays the cert to the user, and adds it upon
-  // user approval. If the downloaded data could not be interpreted as a valid
-  // certificate, |cert| will be NULL.
-  virtual void AddNewCertificate(
+  // Adds a new installable crypto file. This is a downloaded resource
+  // which satisfies net::IsSupportedCryptoMimeType(mime_type).
+  // Typically used to install an x509 user certificate.
+  // Note that it's up to the embedder to validate the data.
+  // |file_data| will be NULL if file_size is 0.
+  virtual void AddNewCryptoFile(

[Ryan Sleevi, 2012/10/24 22:01:25]

I would prefer the name "AddCertificates" be used here. I find "Crypto" is too
generic a term to be meaningful here, and I find "File" to be too misleading,
since it's not actually passing a base::File. The "new" is dropped because it
implies this was freshly generated for the user - but it may not be (in the case
of intermediates / roots)

This also entails renaming IsSupportedCrypto to
net::IsSupportedCertificateMimeType(...);, and net::CertificateMimeType enum (or
possibly just the string mime type)

typo: x509 -> X.509
nit: s/user certificate/client certificate/
nit: "If file_size is 0, |file_data| will be NULL" (if-then rather than then-if)

Alternatively, and this depends on how John feels about the API, it may make
more sense to have some sort of CertificateInstallerClient part of the public
API which is used (similar to how the downloads are handled), rather than
forcing the methods directly on the ContentBrowserClient.

[digit1, 2012/10/25 13:57:38]

yes, I wasn't a big fan of "CryptoFile", but since this is used to install both
certificates and private key chains, it sounded a bit better.

I'll rename this to AddCertificates, and the class will be
CertificateResourceHandler (instead of CryptoFileResourceHandler).

I'm not sure where a CertificateInstallerClient would go. I'd appreciate if you
could clarify, if this becomes necessary.

       net::URLRequest* request,
-      net::X509Certificate* cert,
+      net::CryptoFileType file_type,
+      const void* file_data,
+      size_t file_size,
       int render_process_id,
       int render_view_id) {}