Implement a whitelist for code-signing certificates.

chrome/browser/safe_browsing/download_protection_service.h

Index: chrome/browser/safe_browsing/download_protection_service.h
diff --git a/chrome/browser/safe_browsing/download_protection_service.h b/chrome/browser/safe_browsing/download_protection_service.h
index 80d988bcf282e283f0fd6d04df9d4a9c570ecb68..93ea128e1fcb6a515419c500bca39afae3075793 100644
--- a/chrome/browser/safe_browsing/download_protection_service.h
+++ b/chrome/browser/safe_browsing/download_protection_service.h
@@ -25,6 +25,7 @@ class SafeBrowsingService;
 
 namespace net {
 class URLRequestContextGetter;
+class X509Certificate;
 }  // namespace net
 
 namespace safe_browsing {
@@ -139,7 +140,6 @@ class DownloadProtectionService {
                            CheckClientDownloadFetchFailed);
   FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest,
                            TestDownloadRequestTimeout);
-
   static const char kDownloadRequestUrl[];
 
   // Cancels all requests in |download_requests_|, and empties it, releasing
@@ -153,6 +153,14 @@ class DownloadProtectionService {
   static void FillDownloadInfo(const DownloadItem& item,
                                DownloadInfo* download_info);
 
+  // Given a certificate and its immediate issuer certificate, generates the
+  // list of strings that need to be checked against the download whitelist to
+  // determine whether the certificate is whitelisted.
+  static void GetCertificateWhitelistStrings(
+      const net::X509Certificate& certificate,
+      const net::X509Certificate& issuer,
+      std::vector<std::string>* whitelist_strings);
+
   // This pointer may be NULL if SafeBrowsing is disabled. The
   // SafeBrowsingService owns us, so we don't need to hold a reference to it.
   SafeBrowsingService* sb_service_;