SSLCertRequestInfo: Add |valid_cas| and |valid_key_types|

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <set>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 1137 matching lines @@
   scoped_refptr<X509Certificate> client_cert;
   bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup(
       response_.cert_request_info->host_and_port, &client_cert);
   if (!found_cached_cert)
     return error;
 
   // Check that the certificate selected is still a certificate the server
   // is likely to accept, based on the criteria supplied in the
   // CertificateRequest message.
   if (client_cert) {
-    const std::vector<scoped_refptr<X509Certificate> >& client_certs =
-        response_.cert_request_info->client_certs;
-    bool cert_still_valid = false;
-    for (size_t i = 0; i < client_certs.size(); ++i) {
-      if (client_cert->Equals(client_certs[i])) {
-        cert_still_valid = true;
-        break;
-      }
-    }
-
+    bool cert_still_valid = client_cert->IsValidClientCertificate(
+        *(response_.cert_request_info.get()));
     if (!cert_still_valid)
       return error;
   }
 
   // TODO(davidben): Add a unit test which covers this path; we need to be
   // able to send a legitimate certificate and also bypass/clear the
   // SSL session cache.
   SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
       &proxy_ssl_config_ : &server_ssl_config_;
   ssl_config->send_client_cert = true;
@@ skipping 258 matching lines @@
       description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
                                        state);
       break;
   }
   return description;
 }
 
 #undef STATE_CASE
 
 }  // namespace net