Refactor TransportSecurityState.

Do some minor "gcl lint" cleanup while here.

BUG=113280, 120373
TEST=net_unittests, browser_tests, unit_tests TransportSecurityPersisterTest.*

Review URL: http://codereview.chromium.org/9415040

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134754 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 36 insertions, 46 deletions

diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc
index 552f7af..5f8a32c 100644
--- a/net/url_request/url_request_context_builder.cc
+++ b/net/url_request/url_request_context_builder.cc
@@ -214,7 +214,7 @@ scoped_refptr<URLRequestContext> URLRequestContextBuilder::Build() {
   storage->set_http_auth_handler_factory(
       net::HttpAuthHandlerRegistryFactory::CreateDefault(host_resolver));
   storage->set_cookie_store(new CookieMonster(NULL, NULL));
-  storage->set_transport_security_state(new net::TransportSecurityState(""));
+  storage->set_transport_security_state(new net::TransportSecurityState());
   storage->set_http_server_properties(new net::HttpServerPropertiesImpl);
   storage->set_cert_verifier(CertVerifier::CreateDefault());
 
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index cb7a64d..8e6626a 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -144,10 +144,10 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
   if (scheme == "http" &&
       request->context()->transport_security_state() &&
       request->context()->transport_security_state()->GetDomainState(
-          &domain_state,
           request->url().host(),
           SSLConfigService::IsSNIAvailable(
-              request->context()->ssl_config_service())) &&
+              request->context()->ssl_config_service()),
+          &domain_state) &&
       domain_state.ShouldRedirectHTTPToHTTPS()) {
     DCHECK_EQ(request->url().scheme(), "http");
     url_canon::Replacements<char> replacements;
@@ -599,30 +599,21 @@ void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
 
   bool sni_available =
       SSLConfigService::IsSNIAvailable(ctx->ssl_config_service());
-  if (!security_state->HasMetadata(&domain_state, host, sni_available)) {
-    // |HasMetadata| may have altered |domain_state| while searching. If not
-    // found, start with a fresh state.
-    domain_state = TransportSecurityState::DomainState();
-    domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
-  }
+  if (!security_state->GetDomainState(host, sni_available, &domain_state))
+    // |GetDomainState| may have altered |domain_state| while searching. If
+    // not found, start with a fresh state.
+    domain_state.upgrade_mode =
+        TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
 
   HttpResponseHeaders* headers = GetResponseHeaders();
   std::string value;
   void* iter = NULL;
+  base::Time now = base::Time::Now();
 
   while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) {
-    int max_age;
-    bool include_subdomains;
-    if (TransportSecurityState::ParseHeader(value, &max_age,
-                                            &include_subdomains)) {
-      base::Time current_time(base::Time::Now());
-      base::TimeDelta max_age_delta = base::TimeDelta::FromSeconds(max_age);
-
-      domain_state.expiry = current_time + max_age_delta;
-      domain_state.include_subdomains = include_subdomains;
-
+    TransportSecurityState::DomainState domain_state;
+    if (domain_state.ParseSTSHeader(now, value))
       security_state->EnableHost(host, domain_state);
-    }
   }
 }
 
@@ -645,25 +636,23 @@ void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {
 
   bool sni_available =
       SSLConfigService::IsSNIAvailable(ctx->ssl_config_service());
-  if (!security_state->HasMetadata(&domain_state, host, sni_available)) {
-    // |HasMetadata| may have altered |domain_state| while searching. If not
-    // found, start with a fresh state.
-    domain_state = TransportSecurityState::DomainState();
-    domain_state.mode = TransportSecurityState::DomainState::MODE_PINNING_ONLY;
-  }
+  if (!security_state->GetDomainState(host, sni_available, &domain_state))
+    // |GetDomainState| may have altered |domain_state| while searching. If
+    // not found, start with a fresh state.
+    domain_state.upgrade_mode =
+        TransportSecurityState::DomainState::MODE_DEFAULT;
 
   HttpResponseHeaders* headers = GetResponseHeaders();
   void* iter = NULL;
   std::string value;
+  base::Time now = base::Time::Now();
 
   while (headers->EnumerateHeader(&iter, "Public-Key-Pins", &value)) {
     // Note that ParsePinsHeader updates |domain_state| (iff the header parses
     // correctly), but does not completely overwrite it. It just updates the
     // dynamic pinning metadata.
-    if (TransportSecurityState::ParsePinsHeader(value, ssl_info,
-                                                &domain_state)) {
+    if (domain_state.ParsePinsHeader(now, value, ssl_info))
       security_state->EnableHost(host, domain_state);
-    }
   }
 }
 
@@ -729,8 +718,9 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
     const bool fatal =
         context_->transport_security_state() &&
         context_->transport_security_state()->GetDomainState(
-            &domain_state, request_info_.url.host(),
-            SSLConfigService::IsSNIAvailable(context_->ssl_config_service()));
+            request_info_.url.host(),
+            SSLConfigService::IsSNIAvailable(context_->ssl_config_service()),
+            &domain_state);
     NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal);
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
     NotifyCertificateRequested(
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index d53c01c..204f223 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -479,8 +479,8 @@ class URLRequestTestHTTP : public URLRequestTest {
   void HTTPUploadDataOperationTest(const std::string& method) {
     const int kMsgSize = 20000;  // multiple of 10
     const int kIterations = 50;
-    char *uploadBytes = new char[kMsgSize+1];
-    char *ptr = uploadBytes;
+    char* uploadBytes = new char[kMsgSize+1];
+    char* ptr = uploadBytes;
     char marker = 'a';
     for (int idx = 0; idx < kMsgSize/10; idx++) {
       memcpy(ptr, "----------", 10);
@@ -1774,7 +1774,7 @@ TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) {
   scoped_refptr<TestURLRequestContext> context(new TestURLRequestContext(true));
   context->set_network_delegate(&network_delegate);
   context->set_host_resolver(&host_resolver);
-  TransportSecurityState transport_security_state("");
+  TransportSecurityState transport_security_state;
   context->set_transport_security_state(&transport_security_state);
   context->Init();
 
@@ -1817,10 +1817,10 @@ TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
   scoped_refptr<TestURLRequestContext> context(new TestURLRequestContext(true));
   context->set_network_delegate(&network_delegate);
   context->set_host_resolver(&host_resolver);
-  TransportSecurityState transport_security_state("");
+  TransportSecurityState transport_security_state;
   TransportSecurityState::DomainState domain_state;
-  EXPECT_TRUE(transport_security_state.HasMetadata(&domain_state,
-                                                   "www.google.com", true));
+  EXPECT_TRUE(transport_security_state.GetDomainState("www.google.com", true,
+                                                      &domain_state));
   context->set_transport_security_state(&transport_security_state);
   context->Init();
 
@@ -1842,17 +1842,17 @@ TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
 
   // Get a fresh copy of the state, and check that it hasn't been updated.
   TransportSecurityState::DomainState new_domain_state;
-  EXPECT_TRUE(transport_security_state.HasMetadata(&new_domain_state,
-                                                   "www.google.com", true));
-  EXPECT_EQ(new_domain_state.mode, domain_state.mode);
+  EXPECT_TRUE(transport_security_state.GetDomainState("www.google.com", true,
+                                                      &new_domain_state));
+  EXPECT_EQ(new_domain_state.upgrade_mode, domain_state.upgrade_mode);
   EXPECT_EQ(new_domain_state.include_subdomains,
             domain_state.include_subdomains);
-  EXPECT_TRUE(FingerprintsEqual(new_domain_state.preloaded_spki_hashes,
-                                domain_state.preloaded_spki_hashes));
+  EXPECT_TRUE(FingerprintsEqual(new_domain_state.static_spki_hashes,
+                                domain_state.static_spki_hashes));
   EXPECT_TRUE(FingerprintsEqual(new_domain_state.dynamic_spki_hashes,
                                 domain_state.dynamic_spki_hashes));
-  EXPECT_TRUE(FingerprintsEqual(new_domain_state.bad_preloaded_spki_hashes,
-                                domain_state.bad_preloaded_spki_hashes));
+  EXPECT_TRUE(FingerprintsEqual(new_domain_state.bad_static_spki_hashes,
+                                domain_state.bad_static_spki_hashes));
 }
 
 namespace {
@@ -2571,8 +2571,8 @@ TEST_F(URLRequestTest, ResolveShortcutTest) {
   std::wstring lnk_path = app_path.value() + L".lnk";
 
   HRESULT result;
-  IShellLink *shell = NULL;
-  IPersistFile *persist = NULL;
+  IShellLink* shell = NULL;
+  IPersistFile* persist = NULL;
 
   CoInitialize(NULL);
   // Temporarily create a shortcut for test