Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(419)

Unified Diff: ios/web/net/cert_policy.cc

Issue 986743003: Upstream (most of) ios/web/public (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix namespace comment Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « ios/web/ios_web_unittests.gyp ('k') | ios/web/net/cert_policy_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/net/cert_policy.cc
diff --git a/ios/web/net/cert_policy.cc b/ios/web/net/cert_policy.cc
new file mode 100644
index 0000000000000000000000000000000000000000..46d5699de3f00d046137741edd53f924d5614ae6
--- /dev/null
+++ b/ios/web/net/cert_policy.cc
@@ -0,0 +1,39 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/cert_policy.h"
+
+#include "base/logging.h"
+#include "net/cert/x509_certificate.h"
+
+namespace web {
+
+CertPolicy::CertPolicy() {
+}
+
+CertPolicy::~CertPolicy() {
+}
+
+// We consider a given |cert| to be a match to a saved allowed cert if the
+// |error| is an exact match to or subset of the errors in the saved CertStatus.
+CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert,
+ net::CertStatus error) const {
+ std::map<net::SHA1HashValue,
+ net::CertStatus,
+ net::SHA1HashValueLessThan>::const_iterator allowed_iter =
+ allowed_.find(cert->fingerprint());
+ if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
+ !(~(allowed_iter->second & error) ^ ~error)) {
+ return ALLOWED;
+ }
+ return UNKNOWN; // We don't have a policy for this cert.
+}
+
+void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) {
+ // If this same cert had already been saved with a different error status,
+ // this will replace it with the new error status.
+ allowed_[cert->fingerprint()] = error;
+}
+
+} // namespace web
« no previous file with comments | « ios/web/ios_web_unittests.gyp ('k') | ios/web/net/cert_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698