chromium_src/ios/web/security/cert_policy.cc · OpenHarmony-TPC/chromium_src - AtomGit

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "ios/web/public/security/cert_policy.h"

#include "net/cert/x509_certificate.h"

namespace web {

CertPolicy::CertPolicy() {}

CertPolicy::~CertPolicy() {}

// We consider a given `cert` to be a match to a saved allowed cert if the
// `error` is an exact match to or subset of the errors in the saved CertStatus.
CertPolicy::Judgment CertPolicy::Check(const net::X509Certificate* cert,
                                       net::CertStatus error) const {
  auto allowed_iter = allowed_.find(cert->CalculateChainFingerprint256());
  if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
      !(~(allowed_iter->second & error) ^ ~error)) {
    return ALLOWED;
  }
  return UNKNOWN;  // We don't have a policy for this cert.
}

void CertPolicy::Allow(const net::X509Certificate* cert,
                       net::CertStatus error) {
  // If this same cert had already been saved with a different error status,
  // this will replace it with the new error status.
  allowed_[cert->CalculateChainFingerprint256()] = error;
}

}  // namespace web