Fix handling of user and CA certificates on Android.

net/android/network_library.h

Index: net/android/network_library.h
diff --git a/net/android/network_library.h b/net/android/network_library.h
index a0cf7d338391f2e4811f96aa6acba14d7f0bde33..46e8f3935a19f1965f0504745784a262fce79eae 100644
--- a/net/android/network_library.h
+++ b/net/android/network_library.h
@@ -33,12 +33,25 @@ VerifyResult VerifyX509CertChain(const std::vector<std::string>& cert_chain,
                                  const std::string& auth_type);
 
 // Helper for the <keygen> handler. Passes the DER-encoded key  pair via
-// JNI to the Credentials store.
+// JNI to the Credentials store. Note that the public key must be a DER
+// encoded SubjectPublicKeyInfo (X.509), as returned by i2d_PUBKEY()
+// (and *not* i2d_PublicKey(), which returns a PKCS#1 key).
+//
+// Also, the private key must be in PKCS#8 format, as returned by
+// i2d_PKCS8_PRIV_KEY_INFO(EVP_PKEY2PKCS8(pkey)), which is a different
+// format than what i2d_PrivateKey() returns, so don't use it either.
+//
 bool StoreKeyPair(const uint8* public_key,
                   size_t public_len,
                   const uint8* private_key,
                   size_t private_len);
 
+// Helper used to pass the DER-encoded bytes of an X.509 certificate or
+// a PKCS#12 keychain to the CertInstaller activity.
+void StoreCertificateOrKeychain(const char* data,
+                                size_t data_len,
+                                bool is_pkcs12);
+
 // Returns true if it can determine that only loopback addresses are configured.
 // i.e. if only 127.0.0.1 and ::1 are routable.
 // Also returns false if it cannot determine this.