net/cert/x509_cert_types.cc - Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_cert_types.cc

Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase on ToT Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_cert_types.cc

diff --git a/net/cert/x509_cert_types.cc b/net/cert/x509_cert_types.cc

index cfa09923f600e07860df015faf544623746ce4d6..bfb875cf56c138868996097013b1451c59713598 100644

--- a/net/cert/x509_cert_types.cc

+++ b/net/cert/x509_cert_types.cc

@@ -49,66 +49,6 @@ std::string CertPrincipal::GetDisplayName() const {

return std::string();

}

-CertPolicy::CertPolicy() {

-CertPolicy::~CertPolicy() {

-// For a denial, we consider a given |cert| to be a match to a saved denied

-// cert if the |error| intersects with the saved error status. For an

-// allowance, we consider a given |cert| to be a match to a saved allowed

-// cert if the |error| is an exact match to or subset of the errors in the

-// saved CertStatus.

-CertPolicy::Judgment CertPolicy::Check(

- X509Certificate* cert, CertStatus error) const {

- // It shouldn't matter which set we check first, but we check denied first

- // in case something strange has happened.

- bool denied = false;

- std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator

- denied_iter = denied_.find(cert->fingerprint());

- if ((denied_iter != denied_.end()) && (denied_iter->second & error))

- denied = true;

- std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator

- allowed_iter = allowed_.find(cert->fingerprint());

- if ((allowed_iter != allowed_.end()) &&

- (allowed_iter->second & error) &&

- !(~(allowed_iter->second & error) ^ ~error)) {

- DCHECK(!denied);

- return ALLOWED;

- }

- if (denied)

- return DENIED;

- return UNKNOWN; // We don't have a policy for this cert.

-void CertPolicy::Allow(X509Certificate* cert, CertStatus error) {

- // Put the cert in the allowed set and (maybe) remove it from the denied set.

- denied_.erase(cert->fingerprint());

- // If this same cert had already been saved with a different error status,

- // this will replace it with the new error status.

- allowed_[cert->fingerprint()] = error;

-void CertPolicy::Deny(X509Certificate* cert, CertStatus error) {

- // Put the cert in the denied set and (maybe) remove it from the allowed set.

- std::map<SHA1HashValue, CertStatus, SHA1HashValueLessThan>::const_iterator

- allowed_iter = allowed_.find(cert->fingerprint());

- if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error))

- allowed_.erase(cert->fingerprint());

- denied_[cert->fingerprint()] |= error;

-bool CertPolicy::HasAllowedCert() const {

- return !allowed_.empty();

-bool CertPolicy::HasDeniedCert() const {

- return !denied_.empty();

bool ParseCertificateDate(const base::StringPiece& raw_date,

CertDateFormat format,

base::Time* time) {

« no previous file with comments | « net/cert/x509_cert_types.h ('k') | net/cert/x509_certificate_unittest.cc » ('j') | no next file with comments »