1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef IOS_WEB_PUBLIC_CERTIFICATE_POLICY_CACHE_H_
6 #define IOS_WEB_PUBLIC_CERTIFICATE_POLICY_CACHE_H_
11 #include "ios/web/public/cert_policy.h"
12 #include "net/cert/x509_certificate.h"
16 // A manager for certificate policy decisions for hosts, used to remember
17 // decisions about how to handle problematic certs.
18 // This class is thread-safe only in that in can be created and passed around
19 // on any thread; the policy-related methods can only be called from the IO
21 class CertificatePolicyCache
22 : public base::RefCountedThreadSafe
<CertificatePolicyCache
> {
24 // Can be called from any thread:
25 CertificatePolicyCache();
27 // Everything from here on can only be called from the IO thread.
29 // Records that |cert| is permitted to be used for |host| in the future.
30 virtual void AllowCertForHost(net::X509Certificate
* cert
,
31 const std::string
& host
,
32 net::CertStatus error
);
34 // Queries whether |cert| is allowed or denied for |host|.
35 virtual CertPolicy::Judgment
QueryPolicy(net::X509Certificate
* cert
,
36 const std::string
& host
,
37 net::CertStatus error
);
39 // Removes all policies stored in this instance.
40 virtual void ClearCertificatePolicies();
43 virtual ~CertificatePolicyCache();
46 friend class base::RefCountedThreadSafe
<CertificatePolicyCache
>;
48 // Certificate policies for each host.
49 std::map
<std::string
, CertPolicy
> cert_policy_for_host_
;
51 DISALLOW_COPY_AND_ASSIGN(CertificatePolicyCache
);
56 #endif // IOS_WEB_PUBLIC_CERTIFICATE_POLICY_CACHE_H_