WKWebView: Implemented recoverable SSL interstitials.

ios/web/net/cert_verification_cache.h

Index: ios/web/net/cert_verification_cache.h
diff --git a/ios/web/net/cert_verification_cache.h b/ios/web/net/cert_verification_cache.h
new file mode 100644
index 0000000000000000000000000000000000000000..eb3cf34563c01bc6bc6a600a5acf9bbcf2734602
--- /dev/null
+++ b/ios/web/net/cert_verification_cache.h
@@ -0,0 +1,101 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_NET_CERT_VERIFICATION_CACHE_H_
+#define IOS_WEB_NET_CERT_VERIFICATION_CACHE_H_
+
+#include <map>
+#include <string>
+
+#include "net/cert/x509_certificate.h"
+
+namespace web {
+
+// Allows caching cert verification data by providing |Get|, |Set| and |reset|
+// API. Cache key used by |Get| and |Set| is cert-host pair. Cached value is a
+// template param which can be any object which holds cert verification data.
+// This class is not threadsafe and provides infinite cache size.
+// Usage example:
+//
+//   scoped_refptr<net::X509Certificate> valid_cert = ...
+//   scoped_refptr<net::X509Certificate> invalid_cert = ...
+//
+//   // Store a bool which indicates whether cert is valid or not.
+//   CertVerificationCache<bool> cert_validness_state;
+//   cert_validness_state.Set(valid_cert, "www.example.com", true);
+//   cert_validness_state.Set(invalid_cert, "www.example.com", false);
+//
+//   // Check cert's validness state.
+//   bool is_valid = cert_validness_state.Get(valid_cert, "www.example.com");
+//
+//   // Clear the cache.
+//   cert_validness_state.reset();
+//
+template <typename ValueType>
+class CertVerificationCache {

[stuartmorgan, 2015/10/08 16:52:39]

Per Ryan's earlier comments, can this be replaced with an existing cache class
(e.g., that's already unit tested)

[Eugene But (OOO till 7-30), 2015/10/09 16:32:36]

Done.

+ public:
+  CertVerificationCache() {}
+  ~CertVerificationCache() {}
+
+  // Retrieves |value| for the given cert-host pair. |cert| cannot be null.
+  // Returns true on success.
+  bool Get(const scoped_refptr<net::X509Certificate>& cert,
+           const std::string& host,
+           ValueType* value) const;
+
+  // Adds |value| for the given cert-host pair. |cert| cannot be null.
+  void Set(const scoped_refptr<net::X509Certificate>& cert,
+           const std::string& host,
+           const ValueType& value);
+
+  // Clears the cache.
+  void reset() { map_.clear(); }
+
+ private:
+  struct KeyType {
+    KeyType(const scoped_refptr<net::X509Certificate>& cert,
+            const std::string& host)
+        : cert(cert), host(host) {}
+
+    bool operator<(const KeyType& other) const {
+      if (host != other.host)
+        return host < other.host;
+      return cert_comparator(cert, other.cert);
+    }
+
+    scoped_refptr<net::X509Certificate> cert;
+    std::string host;
+
+   private:
+    net::X509Certificate::LessThan cert_comparator;
+  };
+
+  std::map<KeyType, ValueType> map_;
+};
+
+template <typename ValueType>
+bool CertVerificationCache<ValueType>::Get(
+    const scoped_refptr<net::X509Certificate>& cert,
+    const std::string& host,
+    ValueType* value) const {
+  auto it = map_.find(KeyType(cert, host));
+  if (it == map_.end())
+    return false;
+
+  *value = it->second;
+  return true;
+}
+
+template <typename ValueType>
+void CertVerificationCache<ValueType>::Set(
+    const scoped_refptr<net::X509Certificate>& cert,
+    const std::string& host,
+    const ValueType& value) {
+  DCHECK(cert);
+  map_[KeyType(cert, host)] = value;
+}
+
+}  // namespace web
+
+#endif  // IOS_WEB_NET_CERT_VERIFICATION_CACHE_H_