Initial infrastructure for the fraudulent certificate chain reporting

feature. Phase Two of this feature is
http://codereview.chromium.org/8055027/, and Phase Three is
http://codereview.chromium.org/8120016/.

This feature will be under heavy development, including additional,
end-to-end unit testing, throughout Q4 2011. Manual testing shows that
the basic SendReport functionality works, and that is all we need in
the immediate, pre-Stable short-term.

BUG=99185
Review URL: http://codereview.chromium.org/8037039

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105595 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 15 insertions, 0 deletions

diff --git a/net/base/transport_security_state.h b/net/base/transport_security_state.h
index f65da62..6832daf 100644
--- a/net/base/transport_security_state.h
+++ b/net/base/transport_security_state.h
@@ -113,6 +113,21 @@ class NET_EXPORT TransportSecurityState
                    const std::string& host,
                    bool sni_available);
 
+  // Returns true if we have a preloaded certificate pin for the |host| and if
+  // its set of required certificates is the set we expect for Google
+  // properties. If |sni_available| is true, searches the preloads defined for
+  // SNI-using hosts as well as the usual preload list.
+  //
+  // Note that like HasMetadata, if |host| matches both an exact entry and is a
+  // subdomain of another entry, the exact match determines the return value.
+  //
+  // This function is used by ChromeFraudulentCertificateReporter to determine
+  // whether or not we can automatically post fraudulent certificate reports to
+  // Google; we only do so automatically in cases when the user was trying to
+  // connect to Google in the first place.
+  static bool IsGooglePinnedProperty(const std::string& host,
+                                     bool sni_available);
+
   // Deletes all records created since a given time.
   void DeleteSince(const base::Time& time);