Change Origin bound certs -> Domain bound certs.

BUG=115348
TEST=unit tests, manually checked 'Origin Bound Certs' contents after browsing
TBR=jam@chromium.org,willchan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/9617039

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127817 0039d316-1c4b-4281-b951-d872f2087c98

chrome/app/policy/policy_templates.json

@@ -2221,10 +2221,10 @@
       'future': True,
       'example_value': True,
       'id': 114,
-      'caption': '''Enable TLS origin-bound certificates extension''',
-      'desc': '''Specifies whether the TLS origin-bound certificates extension should be enabled.
+      'caption': '''Enable TLS domain-bound certificates extension''',
+      'desc': '''Specifies whether the TLS domain-bound certificates extension should be enabled.
 
-      This setting is used to enable the TLS origin-bound certificates extension for testing.  This experimental setting will be removed in the future.''',
+      This setting is used to enable the TLS domain-bound certificates extension for testing.  This experimental setting will be removed in the future.''',
     },
     {
       'name': 'EnableMemoryInfo',

chrome/browser/browsing_data_remover.cc

@@ -104,7 +104,7 @@ BrowsingDataRemover::BrowsingDataRemover(Profile* profile,
       waiting_for_clear_cookies_count_(0),
       waiting_for_clear_history_(false),
       waiting_for_clear_networking_history_(false),
-      waiting_for_clear_origin_bound_certs_(false),
+      waiting_for_clear_server_bound_certs_(false),
       waiting_for_clear_plugin_data_(false),
       waiting_for_clear_quota_managed_data_(false),
       remove_mask_(0),
@@ -129,7 +129,7 @@ BrowsingDataRemover::BrowsingDataRemover(Profile* profile,
       waiting_for_clear_cookies_count_(0),
       waiting_for_clear_history_(false),
       waiting_for_clear_networking_history_(false),
-      waiting_for_clear_origin_bound_certs_(false),
+      waiting_for_clear_server_bound_certs_(false),
       waiting_for_clear_plugin_data_(false),
       waiting_for_clear_quota_managed_data_(false),
       remove_mask_(0),
@@ -288,16 +288,16 @@ void BrowsingDataRemover::RemoveImpl(int remove_mask,
 #endif
   }
 
-  if (remove_mask & REMOVE_ORIGIN_BOUND_CERTS) {
+  if (remove_mask & REMOVE_SERVER_BOUND_CERTS) {
     content::RecordAction(
-        UserMetricsAction("ClearBrowsingData_OriginBoundCerts"));
+        UserMetricsAction("ClearBrowsingData_ServerBoundCerts"));
     // Since we are running on the UI thread don't call GetURLRequestContext().
     net::URLRequestContextGetter* rq_context = profile_->GetRequestContext();
     if (rq_context) {
-      waiting_for_clear_origin_bound_certs_ = true;
+      waiting_for_clear_server_bound_certs_ = true;
       BrowserThread::PostTask(
           BrowserThread::IO, FROM_HERE,
-          base::Bind(&BrowsingDataRemover::ClearOriginBoundCertsOnIOThread,
+          base::Bind(&BrowsingDataRemover::ClearServerBoundCertsOnIOThread,
                      base::Unretained(this), base::Unretained(rq_context)));
     }
   }
@@ -692,21 +692,21 @@ void BrowsingDataRemover::ClearCookiesOnIOThread(
                  base::Unretained(this)));
 }
 
-void BrowsingDataRemover::ClearOriginBoundCertsOnIOThread(
+void BrowsingDataRemover::ClearServerBoundCertsOnIOThread(
     net::URLRequestContextGetter* rq_context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
-  net::OriginBoundCertService* origin_bound_cert_service =
-      rq_context->GetURLRequestContext()->origin_bound_cert_service();
-  origin_bound_cert_service->GetCertStore()->DeleteAllCreatedBetween(
+  net::ServerBoundCertService* server_bound_cert_service =
+      rq_context->GetURLRequestContext()->server_bound_cert_service();
+  server_bound_cert_service->GetCertStore()->DeleteAllCreatedBetween(
       delete_begin_, delete_end_);
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
-      base::Bind(&BrowsingDataRemover::OnClearedOriginBoundCerts,
+      base::Bind(&BrowsingDataRemover::OnClearedServerBoundCerts,
                  base::Unretained(this)));
 }
 
-void BrowsingDataRemover::OnClearedOriginBoundCerts() {
+void BrowsingDataRemover::OnClearedServerBoundCerts() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  waiting_for_clear_origin_bound_certs_ = false;
+  waiting_for_clear_server_bound_certs_ = false;
   NotifyAndDeleteIfDone();
 }

chrome/browser/browsing_data_remover.h

@@ -72,14 +72,14 @@ class BrowsingDataRemover : public content::NotificationObserver,
     REMOVE_PLUGIN_DATA = 1 << 9,
     REMOVE_PASSWORDS = 1 << 10,
     REMOVE_WEBSQL = 1 << 11,
-    REMOVE_ORIGIN_BOUND_CERTS = 1 << 12,
+    REMOVE_SERVER_BOUND_CERTS = 1 << 12,
 
     // "Site data" includes cookies, appcache, file systems, indexedDBs, local
     // storage, webSQL, and plugin data.
     REMOVE_SITE_DATA = REMOVE_APPCACHE | REMOVE_COOKIES | REMOVE_FILE_SYSTEMS |
                        REMOVE_INDEXEDDB | REMOVE_LOCAL_STORAGE |
                        REMOVE_PLUGIN_DATA | REMOVE_WEBSQL |
-                       REMOVE_ORIGIN_BOUND_CERTS
+                       REMOVE_SERVER_BOUND_CERTS
   };
 
   // When BrowsingDataRemover successfully removes data, a notification of type
@@ -235,13 +235,13 @@ class BrowsingDataRemover : public content::NotificationObserver,
   // Invoked on the IO thread to delete cookies.
   void ClearCookiesOnIOThread(net::URLRequestContextGetter* rq_context);
 
-  // Invoked on the IO thread to delete origin bound certs.
-  void ClearOriginBoundCertsOnIOThread(
+  // Invoked on the IO thread to delete server bound certs.
+  void ClearServerBoundCertsOnIOThread(
       net::URLRequestContextGetter* rq_context);
 
-  // Callback when origin bound certs have been deleted. Invokes
+  // Callback when server bound certs have been deleted. Invokes
   // NotifyAndDeleteIfDone.
-  void OnClearedOriginBoundCerts();
+  void OnClearedServerBoundCerts();
 
   // Calculate the begin time for the deletion range specified by |time_period|.
   base::Time CalculateBeginDeleteTime(TimePeriod time_period);
@@ -252,7 +252,7 @@ class BrowsingDataRemover : public content::NotificationObserver,
            !waiting_for_clear_cookies_count_&&
            !waiting_for_clear_history_ &&
            !waiting_for_clear_networking_history_ &&
-           !waiting_for_clear_origin_bound_certs_ &&
+           !waiting_for_clear_server_bound_certs_ &&
            !waiting_for_clear_plugin_data_ &&
            !waiting_for_clear_quota_managed_data_;
   }
@@ -300,7 +300,7 @@ class BrowsingDataRemover : public content::NotificationObserver,
   int waiting_for_clear_cookies_count_;
   bool waiting_for_clear_history_;
   bool waiting_for_clear_networking_history_;
-  bool waiting_for_clear_origin_bound_certs_;
+  bool waiting_for_clear_server_bound_certs_;
   bool waiting_for_clear_plugin_data_;
   bool waiting_for_clear_quota_managed_data_;
 

chrome/browser/browsing_data_remover_unittest.cc

@@ -196,49 +196,49 @@ class RemoveSafeBrowsingCookieTester : public RemoveCookieTester {
 };
 #endif
 
-class RemoveOriginBoundCertTester : public BrowsingDataRemoverTester {
+class RemoveServerBoundCertTester : public BrowsingDataRemoverTester {
  public:
-  explicit RemoveOriginBoundCertTester(TestingProfile* profile) {
+  explicit RemoveServerBoundCertTester(TestingProfile* profile) {
     profile->CreateRequestContext();
-    ob_cert_service_ = profile->GetRequestContext()->GetURLRequestContext()->
-        origin_bound_cert_service();
+    server_bound_cert_service_ = profile->GetRequestContext()->
+        GetURLRequestContext()->server_bound_cert_service();
   }
 
-  int OriginBoundCertCount() {
-    return ob_cert_service_->cert_count();
+  int ServerBoundCertCount() {
+    return server_bound_cert_service_->cert_count();
   }
 
-  // Add an origin bound cert for |origin| with specific creation and expiry
+  // Add a server bound cert for |server| with specific creation and expiry
   // times.  The cert and key data will be filled with dummy values.
-  void AddOriginBoundCertWithTimes(const std::string& origin,
+  void AddServerBoundCertWithTimes(const std::string& server_identifier,
                                    base::Time creation_time,
                                    base::Time expiration_time) {
-    GetCertStore()->SetOriginBoundCert(origin, net::CLIENT_CERT_RSA_SIGN,
-                                       creation_time, expiration_time,
-                                       "a", "b");
+    GetCertStore()->SetServerBoundCert(server_identifier,
+                                       net::CLIENT_CERT_RSA_SIGN, creation_time,
+                                       expiration_time, "a", "b");
   }
 
-  // Add an origin bound cert for |origin|, with the current time as the
+  // Add a server bound cert for |server|, with the current time as the
   // creation time.  The cert and key data will be filled with dummy values.
-  void AddOriginBoundCert(const std::string& origin) {
+  void AddServerBoundCert(const std::string& server_identifier) {
     base::Time now = base::Time::Now();
-    AddOriginBoundCertWithTimes(origin,
+    AddServerBoundCertWithTimes(server_identifier,
                                 now,
                                 now + base::TimeDelta::FromDays(1));
   }
 
-  net::OriginBoundCertStore* GetCertStore() {
-    return ob_cert_service_->GetCertStore();
+  net::ServerBoundCertStore* GetCertStore() {
+    return server_bound_cert_service_->GetCertStore();
   }
 
  private:
-  net::OriginBoundCertService* ob_cert_service_;
+  net::ServerBoundCertService* server_bound_cert_service_;
 
   net::SSLClientCertType type_;
   std::string key_;
   std::string cert_;
 
-  DISALLOW_COPY_AND_ASSIGN(RemoveOriginBoundCertTester);
+  DISALLOW_COPY_AND_ASSIGN(RemoveServerBoundCertTester);
 };
 
 class RemoveHistoryTester : public BrowsingDataRemoverTester {
@@ -511,39 +511,39 @@ TEST_F(BrowsingDataRemoverTest, RemoveSafeBrowsingCookieLastHour) {
 }
 #endif
 
-TEST_F(BrowsingDataRemoverTest, RemoveOriginBoundCertForever) {
-  scoped_ptr<RemoveOriginBoundCertTester> tester(
-      new RemoveOriginBoundCertTester(GetProfile()));
+TEST_F(BrowsingDataRemoverTest, RemoveServerBoundCertForever) {
+  scoped_ptr<RemoveServerBoundCertTester> tester(
+      new RemoveServerBoundCertTester(GetProfile()));
 
-  tester->AddOriginBoundCert(kTestkOrigin1);
-  EXPECT_EQ(1, tester->OriginBoundCertCount());
+  tester->AddServerBoundCert(kTestkOrigin1);
+  EXPECT_EQ(1, tester->ServerBoundCertCount());
 
   BlockUntilBrowsingDataRemoved(BrowsingDataRemover::EVERYTHING,
-      BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, tester.get());
+      BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, tester.get());
 
-  EXPECT_EQ(BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, GetRemovalMask());
-  EXPECT_EQ(0, tester->OriginBoundCertCount());
+  EXPECT_EQ(BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, GetRemovalMask());
+  EXPECT_EQ(0, tester->ServerBoundCertCount());
 }
 
-TEST_F(BrowsingDataRemoverTest, RemoveOriginBoundCertLastHour) {
-  scoped_ptr<RemoveOriginBoundCertTester> tester(
-      new RemoveOriginBoundCertTester(GetProfile()));
+TEST_F(BrowsingDataRemoverTest, RemoveServerBoundCertLastHour) {
+  scoped_ptr<RemoveServerBoundCertTester> tester(
+      new RemoveServerBoundCertTester(GetProfile()));
 
   base::Time now = base::Time::Now();
-  tester->AddOriginBoundCert(kTestkOrigin1);
-  tester->AddOriginBoundCertWithTimes(kTestkOrigin2,
+  tester->AddServerBoundCert(kTestkOrigin1);
+  tester->AddServerBoundCertWithTimes(kTestkOrigin2,
                                       now - base::TimeDelta::FromHours(2),
                                       now);
-  EXPECT_EQ(2, tester->OriginBoundCertCount());
+  EXPECT_EQ(2, tester->ServerBoundCertCount());
 
   BlockUntilBrowsingDataRemoved(BrowsingDataRemover::LAST_HOUR,
-      BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, tester.get());
+      BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, tester.get());
 
-  EXPECT_EQ(BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, GetRemovalMask());
-  EXPECT_EQ(1, tester->OriginBoundCertCount());
-  std::vector<net::OriginBoundCertStore::OriginBoundCert> certs;
-  tester->GetCertStore()->GetAllOriginBoundCerts(&certs);
-  EXPECT_EQ(kTestkOrigin2, certs[0].origin());
+  EXPECT_EQ(BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, GetRemovalMask());
+  EXPECT_EQ(1, tester->ServerBoundCertCount());
+  std::vector<net::ServerBoundCertStore::ServerBoundCert> certs;
+  tester->GetCertStore()->GetAllServerBoundCerts(&certs);
+  EXPECT_EQ(kTestkOrigin2, certs[0].server_identifier());
 }
 
 TEST_F(BrowsingDataRemoverTest, RemoveHistoryForever) {

chrome/browser/extensions/api/browsing_data/browsing_data_api.cc

@@ -34,7 +34,7 @@ const char kFormDataKey[] = "formData";
 const char kHistoryKey[] = "history";
 const char kIndexedDBKey[] = "indexedDB";
 const char kLocalStorageKey[] = "localStorage";
-const char kOriginBoundCertsKey[] = "originBoundCerts";
+const char kServerBoundCertsKey[] = "serverBoundCerts";
 const char kPasswordsKey[] = "passwords";
 const char kPluginDataKey[] = "pluginData";
 const char kWebSQLKey[] = "webSQL";
@@ -89,8 +89,8 @@ int ParseRemovalMask(base::DictionaryValue* value) {
                  extension_browsing_data_api_constants::kLocalStorageKey))
     GetRemovalMask |= BrowsingDataRemover::REMOVE_LOCAL_STORAGE;
   if (RemoveType(value,
-                 extension_browsing_data_api_constants::kOriginBoundCertsKey))
-    GetRemovalMask |= BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS;
+                 extension_browsing_data_api_constants::kServerBoundCertsKey))
+    GetRemovalMask |= BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS;
   if (RemoveType(value, extension_browsing_data_api_constants::kPasswordsKey))
     GetRemovalMask |= BrowsingDataRemover::REMOVE_PASSWORDS;
   if (RemoveType(value, extension_browsing_data_api_constants::kPluginDataKey))
@@ -224,8 +224,8 @@ int RemoveLocalStorageFunction::GetRemovalMask() const {
   return BrowsingDataRemover::REMOVE_LOCAL_STORAGE;
 }
 
-int RemoveOriginBoundCertsFunction::GetRemovalMask() const {
-  return BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS;
+int RemoveServerBoundCertsFunction::GetRemovalMask() const {
+  return BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS;
 }
 
 int RemovePluginDataFunction::GetRemovalMask() const {

chrome/browser/extensions/api/browsing_data/browsing_data_api.h

@@ -195,16 +195,16 @@ class RemoveLocalStorageFunction : public BrowsingDataExtensionFunction {
   DECLARE_EXTENSION_FUNCTION_NAME("browsingData.removeLocalStorage")
 };
 
-class RemoveOriginBoundCertsFunction : public BrowsingDataExtensionFunction {
+class RemoveServerBoundCertsFunction : public BrowsingDataExtensionFunction {
  public:
-  RemoveOriginBoundCertsFunction() {}
-  virtual ~RemoveOriginBoundCertsFunction() {}
+  RemoveServerBoundCertsFunction() {}
+  virtual ~RemoveServerBoundCertsFunction() {}
 
  protected:
   // BrowsingDataTypeExtensionFunction interface method.
   virtual int GetRemovalMask() const OVERRIDE;
 
-  DECLARE_EXTENSION_FUNCTION_NAME("browsingData.removeOriginBoundCertificates")
+  DECLARE_EXTENSION_FUNCTION_NAME("browsingData.removeServerBoundCertificates")
 };
 
 class RemovePluginDataFunction : public BrowsingDataExtensionFunction {

chrome/browser/extensions/api/browsing_data/browsing_data_test.cc

@@ -28,7 +28,7 @@ const char kRemoveEverythingArguments[] = "[{\"since\": 1000}, {"
     "\"appcache\": true, \"cache\": true, \"cookies\": true, "
     "\"downloads\": true, \"fileSystems\": true, \"formData\": true, "
     "\"history\": true, \"indexedDB\": true, \"localStorage\": true, "
-    "\"originBoundCerts\": true, \"passwords\": true, \"pluginData\": true, "
+    "\"serverBoundCerts\": true, \"passwords\": true, \"pluginData\": true, "
     "\"webSQL\": true"
     "}]";
 
@@ -131,7 +131,7 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowsingDataTest, RemoveBrowsingDataMask) {
   RunRemoveBrowsingDataFunctionAndCompareMask(
       "localStorage", BrowsingDataRemover::REMOVE_LOCAL_STORAGE);
   RunRemoveBrowsingDataFunctionAndCompareMask(
-      "originBoundCerts", BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS);
+      "serverBoundCerts", BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS);
   RunRemoveBrowsingDataFunctionAndCompareMask(
       "passwords", BrowsingDataRemover::REMOVE_PASSWORDS);
   // We can't remove plugin data inside a test profile.

chrome/browser/extensions/extension_function_registry.cc

@@ -141,7 +141,7 @@ void ExtensionFunctionRegistry::ResetFunctions() {
   RegisterFunction<RemoveHistoryFunction>();
   RegisterFunction<RemoveIndexedDBFunction>();
   RegisterFunction<RemoveLocalStorageFunction>();
-  RegisterFunction<RemoveOriginBoundCertsFunction>();
+  RegisterFunction<RemoveServerBoundCertsFunction>();
   RegisterFunction<RemovePluginDataFunction>();
   RegisterFunction<RemovePasswordsFunction>();
   RegisterFunction<RemoveWebSQLFunction>();

chrome/browser/io_thread.cc

@@ -212,8 +212,8 @@ ConstructProxyScriptFetcherContext(IOThread::Globals* globals,
   context->set_ftp_transaction_factory(
       globals->proxy_script_fetcher_ftp_transaction_factory.get());
   context->set_cookie_store(globals->system_cookie_store.get());
-  context->set_origin_bound_cert_service(
-      globals->system_origin_bound_cert_service.get());
+  context->set_server_bound_cert_service(
+      globals->system_server_bound_cert_service.get());
   context->set_network_delegate(globals->system_network_delegate.get());
   // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the
   // system URLRequestContext too. There's no reason this should be tied to a
@@ -239,8 +239,8 @@ ConstructSystemRequestContext(IOThread::Globals* globals,
   context->set_ftp_transaction_factory(
       globals->system_ftp_transaction_factory.get());
   context->set_cookie_store(globals->system_cookie_store.get());
-  context->set_origin_bound_cert_service(
-      globals->system_origin_bound_cert_service.get());
+  context->set_server_bound_cert_service(
+      globals->system_server_bound_cert_service.get());
   return context;
 }
 
@@ -404,15 +404,15 @@ void IOThread::Init() {
       net::ProxyService::CreateDirectWithNetLog(net_log_));
   // In-memory cookie store.
   globals_->system_cookie_store = new net::CookieMonster(NULL, NULL);
-  // In-memory origin-bound cert store.
-  globals_->system_origin_bound_cert_service.reset(
-      new net::OriginBoundCertService(
-          new net::DefaultOriginBoundCertStore(NULL)));
+  // In-memory server bound cert store.
+  globals_->system_server_bound_cert_service.reset(
+      new net::ServerBoundCertService(
+          new net::DefaultServerBoundCertStore(NULL)));
   net::HttpNetworkSession::Params session_params;
   session_params.host_resolver = globals_->host_resolver.get();
   session_params.cert_verifier = globals_->cert_verifier.get();
-  session_params.origin_bound_cert_service =
-      globals_->system_origin_bound_cert_service.get();
+  session_params.server_bound_cert_service =
+      globals_->system_server_bound_cert_service.get();
   session_params.transport_security_state =
       globals_->transport_security_state.get();
   session_params.proxy_service =
@@ -586,8 +586,8 @@ void IOThread::InitSystemRequestContextOnIOThread() {
   net::HttpNetworkSession::Params system_params;
   system_params.host_resolver = globals_->host_resolver.get();
   system_params.cert_verifier = globals_->cert_verifier.get();
-  system_params.origin_bound_cert_service =
-      globals_->system_origin_bound_cert_service.get();
+  system_params.server_bound_cert_service =
+      globals_->system_server_bound_cert_service.get();
   system_params.transport_security_state =
       globals_->transport_security_state.get();
   system_params.ssl_host_info_factory = NULL;