Revert due to compile failures...

net/base/x509_certificate.h

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 
 #include <string.h>
 
 #include <map>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/ref_counted.h"
 #include "base/singleton.h"
 #include "base/time.h"
-#include "net/base/x509_cert_types.h"
 #include "testing/gtest/include/gtest/gtest_prod.h"
 
 #if defined(OS_WIN)
 #include <windows.h>
 #include <wincrypt.h>
 #elif defined(OS_MACOSX)
-#include <CoreFoundation/CFArray.h>
-#include <Security/SecBase.h>
+#include <Security/Security.h>
 #elif defined(USE_NSS)
 // Forward declaration; real one in <cert.h>
 struct CERTCertificateStr;
 #endif
 
 class Pickle;
 
 namespace net {
 
 class CertVerifyResult;
 
 // X509Certificate represents an X.509 certificate used by SSL.
 class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
  public:
+  // SHA-1 fingerprint (160 bits) of a certificate.
+  struct Fingerprint {
+    bool Equals(const Fingerprint& other) const {
+      return memcmp(data, other.data, sizeof(data)) == 0;
+    }
+
+    unsigned char data[20];
+  };
+
+  class FingerprintLessThan
+      : public std::binary_function<Fingerprint, Fingerprint, bool> {
+   public:
+    bool operator() (const Fingerprint& lhs, const Fingerprint& rhs) const;
+  };
+
+  // Predicate functor used in maps when X509Certificate is used as the key.
+  class LessThan
+      : public std::binary_function<X509Certificate*, X509Certificate*, bool> {
+   public:
+    bool operator() (X509Certificate* lhs,  X509Certificate* rhs) const;
+  };
+
   // A handle to the certificate object in the underlying crypto library.
   // We assume that OSCertHandle is a pointer type on all platforms and
   // NULL is an invalid OSCertHandle.
 #if defined(OS_WIN)
   typedef PCCERT_CONTEXT OSCertHandle;
 #elif defined(OS_MACOSX)
   typedef SecCertificateRef OSCertHandle;
 #elif defined(USE_NSS)
   typedef struct CERTCertificateStr* OSCertHandle;
 #else
   // TODO(ericroman): not implemented
   typedef void* OSCertHandle;
 #endif
 
   typedef std::vector<OSCertHandle> OSCertHandles;
 
-  // Legacy names for types now defined in x509_cert_types.h.
-  // TODO(snej): Clean up existing code using these names to use the new names.
-  typedef CertPrincipal Principal;
-  typedef CertPolicy Policy;
-  typedef SHA1Fingerprint Fingerprint;
-  typedef SHA1FingerprintLessThan FingerprintLessThan;
+  // Principal represent an X.509 principal.
+  struct Principal {
+    Principal() { }
+    explicit Principal(const std::string& name) : common_name(name) { }
 
-  // Predicate functor used in maps when X509Certificate is used as the key.
-  class LessThan
-      : public std::binary_function<X509Certificate*, X509Certificate*, bool> {
+    // The different attributes for a principal.  They may be "".
+    // Note that some of them can have several values.
+
+    std::string common_name;
+    std::string locality_name;
+    std::string state_or_province_name;
+    std::string country_name;
+
+    std::vector<std::string> street_addresses;
+    std::vector<std::string> organization_names;
+    std::vector<std::string> organization_unit_names;
+    std::vector<std::string> domain_components;
+  };
+
+  // This class is useful for maintaining policies about which certificates are
+  // permitted or forbidden for a particular purpose.
+  class Policy {
    public:
-    bool operator() (X509Certificate* lhs,  X509Certificate* rhs) const;
+    // The judgments this policy can reach.
+    enum Judgment {
+      // We don't have policy information for this certificate.
+      UNKNOWN,
+
+      // This certificate is allowed.
+      ALLOWED,
+
+      // This certificate is denied.
+      DENIED,
+    };
+
+    // Returns the judgment this policy makes about this certificate.
+    Judgment Check(X509Certificate* cert) const;
+
+    // Causes the policy to allow this certificate.
+    void Allow(X509Certificate* cert);
+
+    // Causes the policy to deny this certificate.
+    void Deny(X509Certificate* cert);
+
+    // Returns true if this policy has allowed at least one certificate.
+    bool HasAllowedCert() const;
+
+    // Returns true if this policy has denied at least one certificate.
+    bool HasDeniedCert() const;
+
+   private:
+    // The set of fingerprints of allowed certificates.
+    std::set<Fingerprint, FingerprintLessThan> allowed_;
+
+    // The set of fingerprints of denied certificates.
+    std::set<Fingerprint, FingerprintLessThan> denied_;
   };
 
   // Where the certificate comes from.  The enumeration constants are
   // listed in increasing order of preference.
   enum Source {
     SOURCE_UNUSED = 0,            // The source_ member is not used.
     SOURCE_LONE_CERT_IMPORT = 1,  // From importing a certificate without
                                   // its intermediate CA certificates.
     SOURCE_FROM_NETWORK = 2,      // From the network.
   };
@@ skipping 81 matching lines @@
   // Returns true if I already contain the given intermediate cert.
   bool HasIntermediateCertificate(OSCertHandle cert);
 
   // Returns true if I already contain all the given intermediate certs.
   bool HasIntermediateCertificates(const OSCertHandles& certs);
 
 #if defined(OS_MACOSX)
   // Does this certificate's usage allow SSL client authentication?
   bool SupportsSSLClientAuth() const;
 
-  // Do any of the given issuer names appear in this cert's chain of trust?
-  bool IsIssuedBy(const std::vector<CertPrincipal>& valid_issuers);
-
   // Creates a security policy for SSL client certificates.
   static OSStatus CreateSSLClientPolicy(SecPolicyRef* outPolicy);
 
   // Adds all available SSL client identity certs to the given vector.
   // |server_domain| is a hint for which domain the cert is to be sent to
   // (a cert previously specified as the default for that domain will be given
   // precedence and returned first in the output vector.)
-  // If valid_issuers is non-empty, only certs that were transitively issued by
-  // one of the given names will be included in the list.
   static bool GetSSLClientCertificates(
       const std::string& server_domain,
-      const std::vector<CertPrincipal>& valid_issuers,
       std::vector<scoped_refptr<X509Certificate> >* certs);
 
   // Creates the chain of certs to use for this client identity cert.
   CFArrayRef CreateClientCertificateChain() const;
 #endif
 
   // Verifies the certificate against the given hostname.  Returns OK if
   // successful or an error code upon failure.
   //
   // The |*verify_result| structure, including the |verify_result->cert_status|
@@ skipping 100 matching lines @@
 
   // Where the certificate comes from.
   Source source_;
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_