Whitelist executables that are trusted in the SafeBrowsing download protection.

chrome/browser/safe_browsing/download_protection_service.cc

Index: chrome/browser/safe_browsing/download_protection_service.cc
diff --git a/chrome/browser/safe_browsing/download_protection_service.cc b/chrome/browser/safe_browsing/download_protection_service.cc
index 897d401e144041be6c7026cf2fdc1c6e860988b6..71fa9c3e71d3638eec0041145ec6af4bdc6f01f0 100644
--- a/chrome/browser/safe_browsing/download_protection_service.cc
+++ b/chrome/browser/safe_browsing/download_protection_service.cc
@@ -484,11 +484,15 @@ class DownloadProtectionService::CheckClientDownloadRequest
           sb_service_->MatchDownloadWhitelistUrl(info_.referrer_url)) {
         reason = REASON_WHITELISTED_REFERRER;
       }
-      if (reason != REASON_MAX ||
-          signature_info_.certificate_chain_size() > 0) {
+      if (reason != REASON_MAX || signature_info_.trusted()) {
         UMA_HISTOGRAM_COUNTS("SBClientDownload.SignedOrWhitelistedDownload", 1);
       }
     }
+    if (reason == REASON_MAX && signature_info_.trusted()) {
+      // TODO(noelutz): implement a certificate whitelist and only whitelist
+      // binaries whose certificate match the whitelist.
+      reason = REASON_TRUSTED_EXECUTABLE;
+    }
     if (reason != REASON_MAX) {
       RecordImprovedProtectionStats(reason);
       CheckDigestList();
@@ -496,8 +500,6 @@ class DownloadProtectionService::CheckClientDownloadRequest
       RecordImprovedProtectionStats(REASON_PING_DISABLED);
       CheckDigestList();
     } else {
-      // TODO(noelutz): check signature and CA against whitelist.
-
       // The URLFetcher is owned by the UI thread, so post a message to
       // start the pingback.
       BrowserThread::PostTask(