Remove DenyCertForHost from SSLHostStateDelegate API.

net/cert/x509_cert_types.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_X509_CERT_TYPES_H_
 #define NET_CERT_X509_CERT_TYPES_H_
 
 #include <string.h>
 
 #include <map>
@@ skipping 50 matching lines @@
   std::string locality_name;
   std::string state_or_province_name;
   std::string country_name;
 
   std::vector<std::string> street_addresses;
   std::vector<std::string> organization_names;
   std::vector<std::string> organization_unit_names;
   std::vector<std::string> domain_components;
 };
 
-// This class is useful for maintaining policies about which certificates are
-// permitted or forbidden for a particular purpose.
-class NET_EXPORT CertPolicy {
- public:
-  // The judgments this policy can reach.
-  enum Judgment {
-    // We don't have policy information for this certificate.
-    UNKNOWN,
-
-    // This certificate is allowed.
-    ALLOWED,
-
-    // This certificate is denied.
-    DENIED,
-  };
-
-  CertPolicy();
-  ~CertPolicy();
-
-  // Returns the judgment this policy makes about this certificate.
-  // For a certificate to be allowed, it must not have any *additional* errors
-  // from when it was allowed. For a certificate to be denied, it need only
-  // match *any* of the errors that caused it to be denied. We check denial
-  // first, before checking whether it's been allowed.
-  Judgment Check(X509Certificate* cert, CertStatus error) const;
-
-  // Causes the policy to allow this certificate for a given |error|.
-  void Allow(X509Certificate* cert, CertStatus error);
-
-  // Causes the policy to deny this certificate for a given |error|.
-  void Deny(X509Certificate* cert, CertStatus error);
-
-  // Returns true if this policy has allowed at least one certificate.
-  bool HasAllowedCert() const;
-
-  // Returns true if this policy has denied at least one certificate.
-  bool HasDeniedCert() const;
-
- private:
-  // The set of fingerprints of allowed certificates.
-  std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan> allowed_;
-
-  // The set of fingerprints of denied certificates.
-  std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan> denied_;
-};
-
 #if defined(OS_MACOSX) && !defined(OS_IOS)
 // Compares two OIDs by value.
 inline bool CSSMOIDEqual(const CSSM_OID* oid1, const CSSM_OID* oid2) {
   return oid1->Length == oid2->Length &&
   (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0);
 }
 #endif
 
 // A list of ASN.1 date/time formats that ParseCertificateDate() supports,
 // encoded in the canonical forms specified in RFC 2459/3280/5280.
 enum CertDateFormat {
   // UTCTime: Format is YYMMDDHHMMSSZ
   CERT_DATE_FORMAT_UTC_TIME,
 
   // GeneralizedTime: Format is YYYYMMDDHHMMSSZ
   CERT_DATE_FORMAT_GENERALIZED_TIME,
 };
 
 // Attempts to parse |raw_date|, an ASN.1 date/time string encoded as
 // |format|, and writes the result into |*time|. If an invalid date is
 // specified, or if parsing fails, returns false, and |*time| will not be
 // updated.
 NET_EXPORT_PRIVATE bool ParseCertificateDate(const base::StringPiece& raw_date,
                                              CertDateFormat format,
                                              base::Time* time);
 }  // namespace net
 
 #endif  // NET_CERT_X509_CERT_TYPES_H_