Add CLIENT_CERT_TYPE_DSS_SIGN to net::SSLClientCertType

Add CLIENT_CERT_TYPE_DSS_SIGN to net::SSLClientCertType

This patch adds a new value to the net::SSLClientCertType that matches
DSA-based client certificates. This will be used by Android's client
certificate support code.

For an example, see https://chromiumcodereview.appspot.com/12220104/

More specifically:

- It modifies <net/base/ssl_client_cert_type.h> to add the new
  enum value.

- It adds a corresponding non-translatable string ID to
  chrome/app/generated_resources.grd, and ensures that the
  ClientCertTypeToString() function in cookies_tree_model_util.cc
  returns it appropriately.

- It adds SpdyCredentialBuilderTest.MAYBE_FailedWithDSACert
  unit test, similar to the MAYBE_FailedWithRSACert. This is
  based on the assumption that SPDY uses ECDSA certificates
  exclusively (no code supporting RSA-based ones was found
  under net/spdy).

Note that server-bound certificate unit tests have not been
modified (some of them handle both RSA and ECDSA certificates),
given that none of the production support code for this feature
seems to care about the certificate type, and that DSA-based
certificates are extremely rare in practice, and disappearing.

BUG=165668
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=182119

[digit1, 2013-02-12 13:16:32]

Dear reviewers, here's a patch to add CLIENT_CERT_TYPE_DSS_SIGN. This new value
is used by the Android-specific SSL client authentication support code.

On Android, the certificate key types listed in the Client Authentication
message must be passed directly to the platform (thus net::SSLCertRequestInfo
was augmented with a "cert_key_types" field, a std::vector<SSLClientCertType>).

For more context, see https://chromiumcodereview.appspot.com/12220104/, and
https://code.google.com/p/chromium/issues/detail?id=166642

Thanks in advance.

[Ryan Sleevi, 2013-02-12 18:18:35]

lgtm

[digit1, 2013-02-12 20:58:15]

fyi, I've just added arv@ and estade@ as reviewers so they can review the
chrome/browser/ui/webui/ change here.

[Evan Stade, 2013-02-12 21:35:06]

lgtm

[commit-bot: I haz the power, 2013-02-12 21:45:26]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/digit@chromium.org/12221136/1

[commit-bot: I haz the power, 2013-02-13 04:43:31]

Change committed as 182119

[wtc, 2013-02-13 22:11:54]

Patch set 1 LGTM.

https://chromiumcodereview.appspot.com/12221136/diff/1/net/base/ssl_client_ce...
File net/base/ssl_client_cert_type.h (right):

https://chromiumcodereview.appspot.com/12221136/diff/1/net/base/ssl_client_ce...
net/base/ssl_client_cert_type.h:14: CLIENT_CERT_DSS_SIGN = 2,

I verified this matches the value of dss_sign(2) in TLS.

The other client cert types (containing Diffie-Hellman or
EC Diffie-Hellman public keys in the certificates) are
rarely used in practice, so we can omit them to make our
code size a bit smaller :-)

[digit1, 2013-02-14 06:29:05]

https://chromiumcodereview.appspot.com/12221136/diff/1/net/base/ssl_client_ce...
File net/base/ssl_client_cert_type.h (right):

https://chromiumcodereview.appspot.com/12221136/diff/1/net/base/ssl_client_ce...
net/base/ssl_client_cert_type.h:14: CLIENT_CERT_DSS_SIGN = 2,
On 2013/02/13 22:11:54, wtc wrote:
> 
> I verified this matches the value of dss_sign(2) in TLS.
> 
Indeed, that's why I selected this value. I should have been clearer in my
commit message about this. Thanks for double checking :-)