Initial (partial) implementation of HPKP violation reporting

net/http/http_security_headers.cc

Index: net/http/http_security_headers.cc
diff --git a/net/http/http_security_headers.cc b/net/http/http_security_headers.cc
index e8e3a476829b2fdeb4b2accf622df88fdb769c6d..083f856a5e8fd2796646695ed24c7adb7271a8f4 100644
--- a/net/http/http_security_headers.cc
+++ b/net/http/http_security_headers.cc
@@ -273,14 +273,17 @@ bool ParseHSTSHeader(const std::string& value,
   }
 }
 
-// "Public-Key-Pins" ":"
+// "Public-Key-Pins[-Report-Only]" ":"
 //     "max-age" "=" delta-seconds ";"
 //     "pin-" algo "=" base64 [ ";" ... ]
+//     [ ";" "includeSubdomains" ]
+//     [ ";" "report-uri" "=" uri-reference ]
 bool ParseHPKPHeader(const std::string& value,
                      const HashValueVector& chain_hashes,
                      base::TimeDelta* max_age,
                      bool* include_subdomains,
-                     HashValueVector* hashes) {
+                     HashValueVector* hashes,
+                     std::string* report_uri) {
   bool parsed_max_age = false;
   bool include_subdomains_candidate = false;
   uint32 max_age_candidate = 0;
@@ -311,6 +314,14 @@ bool ParseHPKPHeader(const std::string& value,
         return false;
     } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) {
       include_subdomains_candidate = true;
+    } else if (base::LowerCaseEqualsASCII(equals.first, "report-uri")) {
+      // report-uris are always quoted.
+      if (!HttpUtil::IsQuote(equals.second[0]))
+        return false;
+
+      *report_uri = HttpUtil::Unquote(equals.second);
+      if (report_uri->empty())
+        return false;
     } else {
       // Silently ignore unknown directives for forward compatibility.
     }