Remove DenyCertForHost from SSLHostStateDelegate API.

net/cert/x509_cert_types.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_cert_types.h"
 
 #include <cstdlib>
 #include <cstring>
 
 #include "base/logging.h"
@@ skipping 31 matching lines @@
   if (!common_name.empty())
     return common_name;
   if (!organization_names.empty())
     return organization_names[0];
   if (!organization_unit_names.empty())
     return organization_unit_names[0];
 
   return std::string();
 }
 
-CertPolicy::CertPolicy() {
-}
-
-CertPolicy::~CertPolicy() {
-}
-
-// For a denial, we consider a given |cert| to be a match to a saved denied
-// cert if the |error| intersects with the saved error status. For an
-// allowance, we consider a given |cert| to be a match to a saved allowed
-// cert if the |error| is an exact match to or subset of the errors in the
-// saved CertStatus.
-CertPolicy::Judgment CertPolicy::Check(
-    X509Certificate* cert, CertStatus error) const {
-  // It shouldn't matter which set we check first, but we check denied first
-  // in case something strange has happened.
-  bool denied = false;
-  std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator
-      denied_iter = denied_.find(cert->fingerprint());
-  if ((denied_iter != denied_.end()) && (denied_iter->second & error))
-    denied = true;
-
-  std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator
-      allowed_iter = allowed_.find(cert->fingerprint());
-  if ((allowed_iter != allowed_.end()) &&
-      (allowed_iter->second & error) &&
-      !(~(allowed_iter->second & error) ^ ~error)) {
-    DCHECK(!denied);
-    return ALLOWED;
-  }
-
-  if (denied)
-    return DENIED;
-  return UNKNOWN;  // We don't have a policy for this cert.
-}
-
-void CertPolicy::Allow(X509Certificate* cert, CertStatus error) {
-  // Put the cert in the allowed set and (maybe) remove it from the denied set.
-  denied_.erase(cert->fingerprint());
-  // If this same cert had already been saved with a different error status,
-  // this will replace it with the new error status.
-  allowed_[cert->fingerprint()] = error;
-}
-
-void CertPolicy::Deny(X509Certificate* cert, CertStatus error) {
-  // Put the cert in the denied set and (maybe) remove it from the allowed set.
-  std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator
-      allowed_iter = allowed_.find(cert->fingerprint());
-  if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error))
-    allowed_.erase(cert->fingerprint());
-  denied_[cert->fingerprint()] |= error;
-}
-
-bool CertPolicy::HasAllowedCert() const {
-  return !allowed_.empty();
-}
-
-bool CertPolicy::HasDeniedCert() const {
-  return !denied_.empty();
-}
-
 bool ParseCertificateDate(const base::StringPiece& raw_date,
                           CertDateFormat format,
                           base::Time* time) {
   size_t year_length = format == CERT_DATE_FORMAT_UTC_TIME ? 2 : 4;
 
   if (raw_date.length() < 11 + year_length)
     return false;
 
   const char* field = raw_date.data();
   bool valid = true;
@@ skipping 11 matching lines @@
   valid &= exploded.HasValidValues();
 
   if (!valid)
     return false;
 
   *time = base::Time::FromUTCExploded(exploded);
   return true;
 }
 
 }  // namespace net