Remove DenyCertForHost from SSLHostStateDelegate API.

chrome/browser/ssl/chrome_ssl_host_state_delegate.h

Index: chrome/browser/ssl/chrome_ssl_host_state_delegate.h
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate.h b/chrome/browser/ssl/chrome_ssl_host_state_delegate.h
index 1353c20020a5b958d91d33779bd037cc6e25f1bc..833e1f87fee89c1943255ed6a31056e10f7ad15c 100644
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate.h
+++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate.h
@@ -17,45 +17,41 @@ class Clock;
 class DictionaryValue;
 }  //  namespace base
 
-// Implementation of the tracking of user decisions on SSL errors for sites.
-// Tracks if the user has allowed, denied, or not seen an exception for the
-// specified site, SSL fingerprint, and error. If the user makes a decision,
-// stores the decision until either the session ends or for a length of time
-// (across session restarts), based on command line flags.
+// Tracks whether the user has allowed a certificate error exception for a
+// specific site, SSL fingerprint, and error. Based on command-line flags and
+// experimental group, remembers this decision either until end-of-session or
+// for a particular length of time.
 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
  public:
   explicit ChromeSSLHostStateDelegate(Profile* profile);
   virtual ~ChromeSSLHostStateDelegate();
 
   // SSLHostStateDelegate:
-  virtual void DenyCert(const std::string& host,
-                        net::X509Certificate* cert,
-                        net::CertStatus error) OVERRIDE;
   virtual void AllowCert(const std::string& host,
                          net::X509Certificate* cert,
                          net::CertStatus error) OVERRIDE;
   virtual void Clear() OVERRIDE;
-  virtual net::CertPolicy::Judgment QueryPolicy(
-      const std::string& host,
-      net::X509Certificate* cert,
-      net::CertStatus error,
-      bool* expired_previous_decision) OVERRIDE;
+  virtual CertJudgment QueryPolicy(const std::string& host,
+                                   net::X509Certificate* cert,
+                                   net::CertStatus error,
+                                   bool* expired_previous_decision) OVERRIDE;
   virtual void HostRanInsecureContent(const std::string& host,
                                       int pid) OVERRIDE;
   virtual bool DidHostRunInsecureContent(const std::string& host,
                                          int pid) const OVERRIDE;
 
-  // ChromeSSLHostStateDelegate implementation:
-  // Revoke all user decisions for |host| in the given Profile. The
-  // RevokeUserDecisionsHard version may close idle connections in the process.
-  // This version should be used *only* for rare events, such as a user
-  // controlled button, as it may be very disruptive to the networking stack.
-  virtual void RevokeUserDecisions(const std::string& host);
-  virtual void RevokeUserDecisionsHard(const std::string& host);
+  // ChromeSSLHostStateDelegate implementation: Revokes all SSL certificate

[Ryan Sleevi, 2014/09/04 00:17:25]

1) Drop the "// ChromeSSLHostDate delegate implementation:" comment

2) Split the documentation for RevokeUser and RevokeUser...hard to the
associated methods.

[jww, 2014/09/04 01:06:30]

Done.

+  // error allow exceptions made by the user for |host| in the given Profile.
+  // The RevokeUserAllowExceptionsHard version may close idle connections in the
+  // process.  This version should be used *only* for rare events, such as a
+  // user controlled button, as it may be very disruptive to the networking
+  // stack.
+  virtual void RevokeUserAllowExceptions(const std::string& host);
+  virtual void RevokeUserAllowExceptionsHard(const std::string& host);
 
-  // Returns true if any decisions has been recorded for |host| for the given
-  // Profile, otherwise false.
-  virtual bool HasUserDecision(const std::string& host);
+  // Returns whether the user has allowed a certificate error exception for
+  // |host|.
+  virtual bool HasAllowed(const std::string& host);

[Ryan Sleevi, 2014/09/04 00:17:25]

HasAllowed -> HasAllowException ?

symmetry with your previous two methods.

This documentation could use beefing up, particularly in respect to how it plays
with QueryPolicy. Namely, HasAllowException doesn't mean any certs are allowed, 
you still have to call QueryPolicy. It's merely a sign that SOME error may be
allowed.

[jww, 2014/09/04 01:06:30]

Done.

 
   // Called on the UI thread when the profile is about to be destroyed.
   void ShutdownOnUIThread() {}
@@ -88,18 +84,8 @@ class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
     RememberSSLExceptionDecisionsForDelta
   };
 
-  // Modify the user's content settings to specify a judgement made for a
-  // specific site and certificate, where |url| is the site in question, |cert|
-  // is the certificate with an error, |error| is the error in the certificate,
-  // and |judgement| is the user decision to be recorded.
-  void ChangeCertPolicy(const std::string& host,
-                        net::X509Certificate* cert,
-                        net::CertStatus error,
-                        net::CertPolicy::Judgment judgment);
-
-  // Query the content settings to retrieve a dictionary of certificate
-  // fingerprints and errors of certificates to user decisions, as set by
-  // ChangeCertPolicy. Returns NULL on a failure.
+  // Returns a dictionary of certificate fingerprints and errors that have been
+  // allowed as exceptions by the user.
   //
   // |dict| specifies the user's full exceptions dictionary for a specific site
   // in their content settings. Must be retrieved directly from a website