Add SecurityStateModelClient interface and implementation

chrome/browser/ssl/security_state_model_delegate.h

Index: chrome/browser/ssl/security_state_model_delegate.h
diff --git a/chrome/browser/ssl/security_state_model_delegate.h b/chrome/browser/ssl/security_state_model_delegate.h
new file mode 100644
index 0000000000000000000000000000000000000000..2c223028d4518cb0abef52554c166c6724d4f965
--- /dev/null
+++ b/chrome/browser/ssl/security_state_model_delegate.h
@@ -0,0 +1,33 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_DELEGATE_H_
+#define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_DELEGATE_H_
+
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+
+namespace net {
+class X509Certificate;
+}  // namespace net
+
+// Provides embedder-specific information that a SecurityStateModel
+// needs to determine the page's security status.
+class SecurityStateModelDelegate {
+ public:
+  SecurityStateModelDelegate() {}
+  virtual ~SecurityStateModelDelegate() {}
+
+  // Returns the certificate used to load the page or request.
+  virtual bool RetrieveCert(scoped_refptr<net::X509Certificate>* cert) = 0;
+
+  // Returns true if the page or request is known to be loaded with a
+  // MITM certificate.

[felt, 2015/11/23 23:21:00]

I think calling it a "MITM certificate" is confusing. It sounds like an invalid
certificate chain. Maybe moving all or some of the comment from the .cc file
would make this less confusing? I'd also recommend renaming it to something like
UsedPolicyInstalledCertificate.

[estark, 2015/11/24 00:07:23]

Done.

+  virtual bool UsedKnownMITMCertificate() = 0;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SecurityStateModelDelegate);
+};
+
+#endif  // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_DELEGATE_H_