Stop using CertStore which is not compatible with PlzNavigate.

ios/web/net/crw_ssl_status_updater.mm

Index: ios/web/net/crw_ssl_status_updater.mm
diff --git a/ios/web/net/crw_ssl_status_updater.mm b/ios/web/net/crw_ssl_status_updater.mm
index da487021799da360f862422c0b7fb44ebcff23a6..0d1149b930c1be28d9185b487d9241e9b8708edf 100644
--- a/ios/web/net/crw_ssl_status_updater.mm
+++ b/ios/web/net/crw_ssl_status_updater.mm
@@ -7,7 +7,6 @@
 #import "base/ios/weak_nsobject.h"
 #import "base/mac/scoped_nsobject.h"
 #import "base/strings/sys_string_conversions.h"
-#include "ios/web/public/cert_store.h"
 #import "ios/web/public/navigation_item.h"
 #import "ios/web/public/navigation_manager.h"
 #include "ios/web/public/ssl_status.h"
@@ -33,9 +32,6 @@ using web::SecurityStyle;
 // Unowned pointer to web::NavigationManager.
 @property(nonatomic, readonly) web::NavigationManager* navigationManager;
 
-// Identifier used for storing and retrieving certificates.
-@property(nonatomic, readonly) int certGroupID;
-
 // Updates |security_style| and |cert_status| for the NavigationItem with ID
 // |navigationItemID|, if URL and certificate chain still match |host| and
 // |certChain|.
@@ -58,20 +54,16 @@ using web::SecurityStyle;
 
 @implementation CRWSSLStatusUpdater
 @synthesize navigationManager = _navigationManager;
-@synthesize certGroupID = _certGroupID;
 
 #pragma mark - Public
 
 - (instancetype)initWithDataSource:(id<CRWSSLStatusUpdaterDataSource>)dataSource
-                 navigationManager:(web::NavigationManager*)navigationManager
-                       certGroupID:(int)certGroupID {
+                 navigationManager:(web::NavigationManager*)navigationManager {
   DCHECK(dataSource);
   DCHECK(navigationManager);
-  DCHECK(certGroupID);
   if (self = [super init]) {
     _dataSource.reset(dataSource);
     _navigationManager = navigationManager;
-    _certGroupID = certGroupID;
   }
   return self;
 }
@@ -101,14 +93,13 @@ using web::SecurityStyle;
   if (item->GetURL().SchemeIsCryptographic()) {
     cert = web::CreateCertFromTrust(trust);
     if (cert) {
-      int oldCertID = item->GetSSL().cert_id;
+      scoped_refptr<net::X509Certificate> oldCert = item->GetSSL().certificate;
       std::string oldHost = item->GetSSL().cert_status_host;
-      item->GetSSL().cert_id = web::CertStore::GetInstance()->StoreCert(
-          cert.get(), self.certGroupID);
+      item->GetSSL().certificate = cert;
       item->GetSSL().cert_status_host = base::SysNSStringToUTF8(host);
       // Only recompute the SSLStatus information if the certificate or host has
       // since changed. Host can be changed in case of redirect.
-      if (oldCertID != item->GetSSL().cert_id ||
+      if (!oldCert || !oldCert->Equals(cert.get()) ||
           oldHost != item->GetSSL().cert_status_host) {
         // Real SSL status is unknown, reset cert status and security style.
         // They will be asynchronously updated in
@@ -122,7 +113,7 @@ using web::SecurityStyle;
   }
 
   if (!cert) {
-    item->GetSSL().cert_id = 0;
+    item->GetSSL().certificate = nullptr;
     if (!item->GetURL().SchemeIsCryptographic()) {
       // HTTP or other non-secure connection.
       item->GetSSL().security_style = web::SECURITY_STYLE_UNAUTHENTICATED;
@@ -154,11 +145,10 @@ using web::SecurityStyle;
     // NavigationItem's UniqueID is preserved even after redirects, so
     // checking that cert and URL match is necessary.
     scoped_refptr<net::X509Certificate> cert(web::CreateCertFromTrust(trust));
-    int certID =
-        web::CertStore::GetInstance()->StoreCert(cert.get(), self.certGroupID);
     std::string GURLHost = base::SysNSStringToUTF8(host);
     web::SSLStatus& SSLStatus = item->GetSSL();
-    if (item->GetURL().SchemeIsCryptographic() && SSLStatus.cert_id == certID &&
+    if (item->GetURL().SchemeIsCryptographic() && !!SSLStatus.certificate &&
+        SSLStatus.certificate->Equals(cert.get()) &&
         item->GetURL().host() == GURLHost) {
       web::SSLStatus previousSSLStatus = item->GetSSL();
       SSLStatus.cert_status = certStatus;