Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / ios / web / public / cert_policy.h
blob037ef3087f9e236b9baa84c4e98e76904290febf
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef IOS_WEB_PUBLIC_CERT_POLICY_H_
6 #define IOS_WEB_PUBLIC_CERT_POLICY_H_
8 #include <map>
10 #include "net/base/hash_value.h"
11 #include "net/cert/cert_status_flags.h"
13 namespace net {
14 class X509Certificate;
17 namespace web {
19 // This class is useful for maintaining policies about which certificates are
20 // permitted or forbidden for a particular purpose.
21 class CertPolicy {
22 public:
23 // The judgments this policy can reach.
24 enum Judgment {
25 // We don't have policy information for this certificate.
26 UNKNOWN,
28 // This certificate is allowed.
29 ALLOWED,
31 // This certificate is denied.
32 DENIED,
35 CertPolicy();
36 ~CertPolicy();
38 // Returns the judgment this policy makes about this certificate.
39 // For a certificate to be allowed, it must not have any *additional* errors
40 // from when it was allowed.
41 // This function returns either ALLOWED or UNKNOWN, but never DENIED.
42 Judgment Check(net::X509Certificate* cert, net::CertStatus error) const;
44 // Causes the policy to allow this certificate for a given |error|.
45 void Allow(net::X509Certificate* cert, net::CertStatus error);
47 private:
48 // The set of fingerprints of allowed certificates.
49 std::map<net::SHA1HashValue, net::CertStatus, net::SHA1HashValueLessThan>
50 allowed_;
53 } // namespace web
55 #endif // IOS_WEB_PUBLIC_CERT_POLICY_H_