Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/x509_cert_types.cc

Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase on ToT Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/ssl/ssl_policy.cc ('K') | « net/cert/x509_cert_types.h ('k') | net/cert/x509_certificate_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_cert_types.cc
diff --git a/net/cert/x509_cert_types.cc b/net/cert/x509_cert_types.cc
index cfa09923f600e07860df015faf544623746ce4d6..bfb875cf56c138868996097013b1451c59713598 100644
--- a/net/cert/x509_cert_types.cc
+++ b/net/cert/x509_cert_types.cc
@@ -49,66 +49,6 @@ std::string CertPrincipal::GetDisplayName() const {
return std::string();
}
-CertPolicy::CertPolicy() {
-}
-
-CertPolicy::~CertPolicy() {
-}
-
-// For a denial, we consider a given |cert| to be a match to a saved denied
-// cert if the |error| intersects with the saved error status. For an
-// allowance, we consider a given |cert| to be a match to a saved allowed
-// cert if the |error| is an exact match to or subset of the errors in the
-// saved CertStatus.
-CertPolicy::Judgment CertPolicy::Check(
- X509Certificate* cert, CertStatus error) const {
- // It shouldn't matter which set we check first, but we check denied first
- // in case something strange has happened.
- bool denied = false;
- std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator
- denied_iter = denied_.find(cert->fingerprint());
- if ((denied_iter != denied_.end()) && (denied_iter->second & error))
- denied = true;
-
- std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator
- allowed_iter = allowed_.find(cert->fingerprint());
- if ((allowed_iter != allowed_.end()) &&
- (allowed_iter->second & error) &&
- !(~(allowed_iter->second & error) ^ ~error)) {
- DCHECK(!denied);
- return ALLOWED;
- }
-
- if (denied)
- return DENIED;
- return UNKNOWN; // We don't have a policy for this cert.
-}
-
-void CertPolicy::Allow(X509Certificate* cert, CertStatus error) {
- // Put the cert in the allowed set and (maybe) remove it from the denied set.
- denied_.erase(cert->fingerprint());
- // If this same cert had already been saved with a different error status,
- // this will replace it with the new error status.
- allowed_[cert->fingerprint()] = error;
-}
-
-void CertPolicy::Deny(X509Certificate* cert, CertStatus error) {
- // Put the cert in the denied set and (maybe) remove it from the allowed set.
- std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator
- allowed_iter = allowed_.find(cert->fingerprint());
- if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error))
- allowed_.erase(cert->fingerprint());
- denied_[cert->fingerprint()] |= error;
-}
-
-bool CertPolicy::HasAllowedCert() const {
- return !allowed_.empty();
-}
-
-bool CertPolicy::HasDeniedCert() const {
- return !denied_.empty();
-}
-
bool ParseCertificateDate(const base::StringPiece& raw_date,
CertDateFormat format,
base::Time* time) {
« content/browser/ssl/ssl_policy.cc ('K') | « net/cert/x509_cert_types.h ('k') | net/cert/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698