1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "ios/web/public/cert_policy.h"
7 #include "base/logging.h"
8 #include "net/cert/x509_certificate.h"
12 CertPolicy::CertPolicy() {
15 CertPolicy::~CertPolicy() {
18 // We consider a given |cert| to be a match to a saved allowed cert if the
19 // |error| is an exact match to or subset of the errors in the saved CertStatus.
20 CertPolicy::Judgment
CertPolicy::Check(net::X509Certificate
* cert
,
21 net::CertStatus error
) const {
22 std::map
<net::SHA1HashValue
,
24 net::SHA1HashValueLessThan
>::const_iterator allowed_iter
=
25 allowed_
.find(cert
->fingerprint());
26 if ((allowed_iter
!= allowed_
.end()) && (allowed_iter
->second
& error
) &&
27 !(~(allowed_iter
->second
& error
) ^ ~error
)) {
30 return UNKNOWN
; // We don't have a policy for this cert.
33 void CertPolicy::Allow(net::X509Certificate
* cert
, net::CertStatus error
) {
34 // If this same cert had already been saved with a different error status,
35 // this will replace it with the new error status.
36 allowed_
[cert
->fingerprint()] = error
;