Revert due to compile failures...

net/base/x509_certificate.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
-#if defined(OS_MACOSX)
-#include <Security/Security.h>
-#elif defined(USE_NSS)
+#if defined(USE_NSS)
 #include <cert.h>
 #endif
 
 #include "base/histogram.h"
 #include "base/logging.h"
 #include "base/time.h"
 
 namespace net {
 
 namespace {
@@ skipping 31 matching lines @@
   return a->derCert.len == b->derCert.len &&
       memcmp(a->derCert.data, b->derCert.data, a->derCert.len) == 0;
 #else
   // TODO(snej): not implemented
   UNREACHED();
   return false;
 #endif
 }
 
 bool X509Certificate::FingerprintLessThan::operator()(
-    const SHA1Fingerprint& lhs,
-    const SHA1Fingerprint& rhs) const {
+    const Fingerprint& lhs,
+    const Fingerprint& rhs) const {
   for (size_t i = 0; i < sizeof(lhs.data); ++i) {
     if (lhs.data[i] < rhs.data[i])
       return true;
     if (lhs.data[i] > rhs.data[i])
       return false;
   }
   return false;
 }
 
 bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
@@ skipping 43 matching lines @@
 X509Certificate* X509Certificate::Cache::Find(const Fingerprint& fingerprint) {
   AutoLock lock(lock_);
 
   CertMap::iterator pos(cache_.find(fingerprint));
   if (pos == cache_.end())
     return NULL;
 
   return pos->second;
 };
 
+X509Certificate::Policy::Judgment X509Certificate::Policy::Check(
+    X509Certificate* cert) const {
+  // It shouldn't matter which set we check first, but we check denied first
+  // in case something strange has happened.
+
+  if (denied_.find(cert->fingerprint()) != denied_.end()) {
+    // DCHECK that the order didn't matter.
+    DCHECK(allowed_.find(cert->fingerprint()) == allowed_.end());
+    return DENIED;
+  }
+
+  if (allowed_.find(cert->fingerprint()) != allowed_.end()) {
+    // DCHECK that the order didn't matter.
+    DCHECK(denied_.find(cert->fingerprint()) == denied_.end());
+    return ALLOWED;
+  }
+
+  // We don't have a policy for this cert.
+  return UNKNOWN;
+}
+
+void X509Certificate::Policy::Allow(X509Certificate* cert) {
+  // Put the cert in the allowed set and (maybe) remove it from the denied set.
+  denied_.erase(cert->fingerprint());
+  allowed_.insert(cert->fingerprint());
+}
+
+void X509Certificate::Policy::Deny(X509Certificate* cert) {
+  // Put the cert in the denied set and (maybe) remove it from the allowed set.
+  allowed_.erase(cert->fingerprint());
+  denied_.insert(cert->fingerprint());
+}
+
+bool X509Certificate::Policy::HasAllowedCert() const {
+  return !allowed_.empty();
+}
+
+bool X509Certificate::Policy::HasDeniedCert() const {
+  return !denied_.empty();
+}
+
 // static
 X509Certificate* X509Certificate::CreateFromHandle(
     OSCertHandle cert_handle,
     Source source,
     const OSCertHandles& intermediates) {
   DCHECK(cert_handle);
   DCHECK(source != SOURCE_UNUSED);
 
   // Check if we already have this certificate in memory.
   X509Certificate::Cache* cache = X509Certificate::Cache::GetInstance();
@@ skipping 88 matching lines @@
 
 bool X509Certificate::HasIntermediateCertificates(const OSCertHandles& certs) {
   for (size_t i = 0; i < certs.size(); ++i) {
     if (!HasIntermediateCertificate(certs[i]))
       return false;
   }
   return true;
 }
 
 }  // namespace net