Add CLIENT_CERT_TYPE_DSS_SIGN to net::SSLClientCertType

This patch adds a new value to the net::SSLClientCertType that matches
DSA-based client certificates. This will be used by Android's client
certificate support code.

For an example, see https://chromiumcodereview.appspot.com/12220104/

More specifically:

- It modifies <net/base/ssl_client_cert_type.h> to add the new
  enum value.

- It adds a corresponding non-translatable string ID to
  chrome/app/generated_resources.grd, and ensures that the
  ClientCertTypeToString() function in cookies_tree_model_util.cc
  returns it appropriately.

- It adds SpdyCredentialBuilderTest.MAYBE_FailedWithDSACert
  unit test, similar to the MAYBE_FailedWithRSACert. This is
  based on the assumption that SPDY uses ECDSA certificates
  exclusively (no code supporting RSA-based ones was found
  under net/spdy).

Note that server-bound certificate unit tests have not been
modified (some of them handle both RSA and ECDSA certificates),
given that none of the production support code for this feature
seems to care about the certificate type, and that DSA-based
certificates are extremely rare in practice, and disappearing.

BUG=165668


Review URL: https://chromiumcodereview.appspot.com/12221136

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182119 0039d316-1c4b-4281-b951-d872f2087c98

chrome/app/generated_resources.grd

@@ -11555,6 +11555,9 @@ experiment id: "<ph name="EXPERIMENT_ID">$5<ex>ar1</ex></ph>"
       <message name="IDS_CLIENT_CERT_RSA_SIGN" translateable="false" desc="">
         rsa_sign
       </message>
+      <message name="IDS_CLIENT_CERT_DSS_SIGN" translateable="false" desc="">
+        dss_sign
+      </message>
       <message name="IDS_CLIENT_CERT_ECDSA_SIGN" translateable="false" desc="">
         ecdsa_sign
       </message>

chrome/browser/ui/webui/cookies_tree_model_util.cc

@@ -60,6 +60,8 @@ std::string ClientCertTypeToString(net::SSLClientCertType type) {
   switch (type) {
     case net::CLIENT_CERT_RSA_SIGN:
       return l10n_util::GetStringUTF8(IDS_CLIENT_CERT_RSA_SIGN);
+    case net::CLIENT_CERT_DSS_SIGN:
+      return l10n_util::GetStringUTF8(IDS_CLIENT_CERT_DSS_SIGN);
     case net::CLIENT_CERT_ECDSA_SIGN:
       return l10n_util::GetStringUTF8(IDS_CLIENT_CERT_ECDSA_SIGN);
     default:

net/base/ssl_client_cert_type.h

@@ -11,6 +11,7 @@ namespace net {
 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-1
 enum SSLClientCertType {
   CLIENT_CERT_RSA_SIGN = 1,
+  CLIENT_CERT_DSS_SIGN = 2,
   CLIENT_CERT_ECDSA_SIGN = 64,
   // 224-255 are Reserved for Private Use, we pick one to use as "invalid".
   CLIENT_CERT_INVALID_TYPE = 255,

net/spdy/spdy_credential_builder_unittest.cc

@@ -111,6 +111,17 @@ TEST_F(SpdyCredentialBuilderTest, MAYBE_FailsWithRSACert) {
             BuildWithType(CLIENT_CERT_RSA_SIGN));
 }
 
+#if defined(USE_OPENSSL)
+#define MAYBE_FailsWithDSACert DISABLED_FailsWithDSACert
+#else
+#define MAYBE_FailsWithDSACert FailsWithDSACert
+#endif
+
+TEST_F(SpdyCredentialBuilderTest, MAYBE_FailsWithDSACert) {
+  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
+            BuildWithType(CLIENT_CERT_DSS_SIGN));
+}
+
 #if defined(USE_OPENSSL)
 #define MAYBE_SetsSlotCorrectly DISABLED_SetsSlotCorrectly
 #else