1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef IOS_WEB_PUBLIC_CERT_POLICY_H_
6 #define IOS_WEB_PUBLIC_CERT_POLICY_H_
10 #include "net/base/hash_value.h"
11 #include "net/cert/cert_status_flags.h"
14 class X509Certificate
;
19 // This class is useful for maintaining policies about which certificates are
20 // permitted or forbidden for a particular purpose.
23 // The judgments this policy can reach.
25 // We don't have policy information for this certificate.
28 // This certificate is allowed.
31 // This certificate is denied.
38 // Returns the judgment this policy makes about this certificate.
39 // For a certificate to be allowed, it must not have any *additional* errors
40 // from when it was allowed.
41 // This function returns either ALLOWED or UNKNOWN, but never DENIED.
42 Judgment
Check(net::X509Certificate
* cert
, net::CertStatus error
) const;
44 // Causes the policy to allow this certificate for a given |error|.
45 void Allow(net::X509Certificate
* cert
, net::CertStatus error
);
48 // The set of fingerprints of allowed certificates.
49 std::map
<net::SHA1HashValue
, net::CertStatus
, net::SHA1HashValueLessThan
>
55 #endif // IOS_WEB_PUBLIC_CERT_POLICY_H_