Cleanup ChromeSSLHostStateDelegate

Group overrides and match function definitions and declartions order.
Change QueryPolicy to take an int argument instead of a net::CertStatus.

Bug: 840045
Change-Id: I6aa960015ffc2f81ab73957c2e14451143e6f8df
Reviewed-on: https://chromium-review.googlesource.com/1065955Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Commit-Queue: Amos Lim <eui-sang.lim@samsung.com>
Cr-Commit-Position: refs/heads/master@{#565561}

android_webview/browser/aw_ssl_host_state_delegate.cc

@@ -21,8 +21,7 @@ CertPolicy::~CertPolicy() {
 // For an allowance, we consider a given |cert| to be a match to a saved
 // allowed cert if the |error| is an exact match to or subset of the errors
 // in the saved CertStatus.
-bool CertPolicy::Check(const net::X509Certificate& cert,
-                       net::CertStatus error) const {
+bool CertPolicy::Check(const net::X509Certificate& cert, int error) const {
   net::SHA256HashValue fingerprint = cert.CalculateChainFingerprint256();
   auto allowed_iter = allowed_.find(fingerprint);
   if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
@@ -32,8 +31,7 @@ bool CertPolicy::Check(const net::X509Certificate& cert,
   return false;
 }
 
-void CertPolicy::Allow(const net::X509Certificate& cert,
-                       net::CertStatus error) {
+void CertPolicy::Allow(const net::X509Certificate& cert, int error) {
   // If this same cert had already been saved with a different error status,
   // this will replace it with the new error status.
   net::SHA256HashValue fingerprint = cert.CalculateChainFingerprint256();
@@ -65,7 +63,7 @@ bool AwSSLHostStateDelegate::DidHostRunInsecureContent(
 
 void AwSSLHostStateDelegate::AllowCert(const std::string& host,
                                        const net::X509Certificate& cert,
-                                       net::CertStatus error) {
+                                       int error) {
   cert_policy_for_host_[host].Allow(cert, error);
 }
 
@@ -90,7 +88,7 @@ void AwSSLHostStateDelegate::Clear(
 SSLHostStateDelegate::CertJudgment AwSSLHostStateDelegate::QueryPolicy(
     const std::string& host,
     const net::X509Certificate& cert,
-    net::CertStatus error,
+    int error,
     bool* expired_previous_decision) {
   return cert_policy_for_host_[host].Check(cert, error)
              ? SSLHostStateDelegate::ALLOWED

android_webview/browser/aw_ssl_host_state_delegate.h

@@ -11,7 +11,6 @@
 #include "base/macros.h"
 #include "content/public/browser/ssl_host_state_delegate.h"
 #include "net/base/hash_value.h"
-#include "net/cert/cert_status_flags.h"
 #include "net/cert/x509_certificate.h"
 
 namespace android_webview {
@@ -25,11 +24,11 @@ class CertPolicy {
   // Returns true if the user has decided to proceed through the ssl error
   // before. For a certificate to be allowed, it must not have any
   // *additional* errors from when it was allowed.
-  bool Check(const net::X509Certificate& cert, net::CertStatus error) const;
+  bool Check(const net::X509Certificate& cert, int error) const;
 
   // Causes the policy to allow this certificate for a given |error|. And
   // remember the user's choice.
-  void Allow(const net::X509Certificate& cert, net::CertStatus error);
+  void Allow(const net::X509Certificate& cert, int error);
 
   // Returns true if and only if there exists a user allow exception for some
   // certificate.
@@ -37,7 +36,7 @@ class CertPolicy {
 
  private:
   // The set of fingerprints of allowed certificates.
-  std::map<net::SHA256HashValue, net::CertStatus> allowed_;
+  std::map<net::SHA256HashValue, int> allowed_;
 };
 
 }  // namespace internal
@@ -51,7 +50,7 @@ class AwSSLHostStateDelegate : public content::SSLHostStateDelegate {
   // a specified |error| type.
   void AllowCert(const std::string& host,
                  const net::X509Certificate& cert,
-                 net::CertStatus error) override;
+                 int error) override;
 
   void Clear(
       const base::Callback<bool(const std::string&)>& host_filter) override;
@@ -60,7 +59,7 @@ class AwSSLHostStateDelegate : public content::SSLHostStateDelegate {
   content::SSLHostStateDelegate::CertJudgment QueryPolicy(
       const std::string& host,
       const net::X509Certificate& cert,
-      net::CertStatus error,
+      int error,
       bool* expired_previous_decision) override;
 
   // Records that a host has run insecure content.

chrome/browser/ssl/chrome_ssl_host_state_delegate.h

@@ -40,15 +40,15 @@ class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
 
   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
 
-  // SSLHostStateDelegate:
+  // content::SSLHostStateDelegate overrides:
   void AllowCert(const std::string& host,
                  const net::X509Certificate& cert,
-                 net::CertStatus error) override;
+                 int error) override;
   void Clear(
       const base::Callback<bool(const std::string&)>& host_filter) override;
   CertJudgment QueryPolicy(const std::string& host,
                            const net::X509Certificate& cert,
-                           net::CertStatus error,
+                           int error,
                            bool* expired_previous_decision) override;
   void HostRanInsecureContent(const std::string& host,
                               int child_id,
@@ -57,10 +57,8 @@ class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
       const std::string& host,
       int child_id,
       InsecureContentType content_type) const override;
-
-  // Revokes all SSL certificate error allow exceptions made by the user for
-  // |host| in the given Profile.
   void RevokeUserAllowExceptions(const std::string& host) override;
+  bool HasAllowException(const std::string& host) const override;
 
   // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
   // additionally may close idle connections in the process. This should be used
@@ -68,12 +66,6 @@ class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
   // disruptive to the networking stack.
   virtual void RevokeUserAllowExceptionsHard(const std::string& host);
 
-  // Returns whether the user has allowed a certificate error exception for
-  // |host|. This does not mean that *all* certificate errors are allowed, just
-  // that there exists an exception. To see if a particular certificate and
-  // error combination exception is allowed, use QueryPolicy().
-  bool HasAllowException(const std::string& host) const override;
-
   // Called when an error page is displayed for a given error code |error|.
   // Tracks whether an error of interest has recurred over a threshold number of
   // times.

content/public/browser/ssl_host_state_delegate.h

@@ -44,7 +44,7 @@ class SSLHostStateDelegate {
   // a specified |error| type.
   virtual void AllowCert(const std::string&,
                          const net::X509Certificate& cert,
-                         net::CertStatus error) = 0;
+                         int error) = 0;
 
   // Clear allow preferences matched by |host_filter|. If the filter is null,
   // clear all preferences.
@@ -56,7 +56,7 @@ class SSLHostStateDelegate {
   // prior to this query, otherwise false.
   virtual CertJudgment QueryPolicy(const std::string& host,
                                    const net::X509Certificate& cert,
-                                   net::CertStatus error,
+                                   int error,
                                    bool* expired_previous_decision) = 0;
 
   // Records that a host has run insecure content of the given |content_type|.

content/test/mock_ssl_host_state_delegate.cc

@@ -13,7 +13,7 @@ MockSSLHostStateDelegate::~MockSSLHostStateDelegate() {}
 
 void MockSSLHostStateDelegate::AllowCert(const std::string& host,
                                          const net::X509Certificate& cert,
-                                         net::CertStatus error) {
+                                         int error) {
   exceptions_.insert(host);
 }
 
@@ -36,7 +36,7 @@ void MockSSLHostStateDelegate::Clear(
 SSLHostStateDelegate::CertJudgment MockSSLHostStateDelegate::QueryPolicy(
     const std::string& host,
     const net::X509Certificate& cert,
-    net::CertStatus error,
+    int error,
     bool* expired_previous_decision) {
   if (exceptions_.find(host) == exceptions_.end())
     return SSLHostStateDelegate::DENIED;

content/test/mock_ssl_host_state_delegate.h

@@ -16,14 +16,14 @@ class MockSSLHostStateDelegate : public SSLHostStateDelegate {
 
   void AllowCert(const std::string& host,
                  const net::X509Certificate& cert,
-                 net::CertStatus error) override;
+                 int error) override;
 
   void Clear(
       const base::Callback<bool(const std::string&)>& host_filter) override;
 
   CertJudgment QueryPolicy(const std::string& host,
                            const net::X509Certificate& cert,
-                           net::CertStatus error,
+                           int error,
                            bool* expired_previous_decision) override;
 
   void HostRanInsecureContent(const std::string& host,