Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / ios / web / net / cert_policy.cc
blob46d5699de3f00d046137741edd53f924d5614ae6
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "ios/web/public/cert_policy.h"
7 #include "base/logging.h"
8 #include "net/cert/x509_certificate.h"
10 namespace web {
12 CertPolicy::CertPolicy() {
15 CertPolicy::~CertPolicy() {
18 // We consider a given |cert| to be a match to a saved allowed cert if the
19 // |error| is an exact match to or subset of the errors in the saved CertStatus.
20 CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert,
21 net::CertStatus error) const {
22 std::map<net::SHA1HashValue,
23 net::CertStatus,
24 net::SHA1HashValueLessThan>::const_iterator allowed_iter =
25 allowed_.find(cert->fingerprint());
26 if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
27 !(~(allowed_iter->second & error) ^ ~error)) {
28 return ALLOWED;
30 return UNKNOWN; // We don't have a policy for this cert.
33 void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) {
34 // If this same cert had already been saved with a different error status,
35 // this will replace it with the new error status.
36 allowed_[cert->fingerprint()] = error;
39 } // namespace web