Build and send HPKP violation reports

net/http/transport_security_state.h

Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index e82252a2792019c692eb72f658092c0b7b147f61..1c5658ae2984ff34a6d2c7c20783ce56e1772dc9 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -5,12 +5,13 @@
 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 
+#include <stdint.h>
+
 #include <map>
 #include <string>
 #include <utility>
 #include <vector>
 
-#include "base/basictypes.h"
 #include "base/gtest_prod_util.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
@@ -19,8 +20,11 @@
 #include "net/cert/x509_certificate.h"
 #include "url/gurl.h"
 
+class GURL;
+
 namespace net {
 
+class HostPortPair;
 class SSLInfo;
 
 // Tracks which hosts have enabled strict transport security and/or public
@@ -46,19 +50,6 @@ class NET_EXPORT TransportSecurityState
     virtual ~Delegate() {}
   };
 
-  // An interface for asynchronously sending HPKP violation reports.
-  class NET_EXPORT ReportSender {
-   public:
-    // Sends the given serialized |report| to |report_uri|.
-    virtual void Send(const GURL& report_uri, const std::string& report) = 0;
-
-   protected:
-    virtual ~ReportSender() {}
-  };
-
-  TransportSecurityState();
-  ~TransportSecurityState();
-
   // A STSState describes the strict transport security state (required
   // upgrade to HTTPS).
   class NET_EXPORT STSState {
@@ -189,15 +180,35 @@ class NET_EXPORT TransportSecurityState
     std::map<std::string, PKPState>::const_iterator end_;
   };
 
+  // An interface for asynchronously sending HPKP violation reports.
+  class NET_EXPORT ReportSender {
+   public:
+    // Sends the given serialized |report| to |report_uri|.
+    virtual void Send(const GURL& report_uri, const std::string& report) = 0;
+
+   protected:
+    virtual ~ReportSender() {}
+  };
+
+  // Indicates whether or not a public key pin check should send a
+  // report if a violation is detected.
+  enum PublicKeyPinReportStatus { ENABLE_PIN_REPORTS, DISABLE_PIN_REPORTS };
+
+  TransportSecurityState();
+  ~TransportSecurityState();
+
   // These functions search for static and dynamic STS and PKP states, and
-  // invoke the
-  // functions of the same name on them. These functions are the primary public
-  // interface; direct access to STS and PKP states is best left to tests.
+  // invoke the functions of the same name on them. These functions are the
+  // primary public interface; direct access to STS and PKP states is best
+  // left to tests.
   bool ShouldSSLErrorsBeFatal(const std::string& host);
   bool ShouldUpgradeToSSL(const std::string& host);
-  bool CheckPublicKeyPins(const std::string& host,
+  bool CheckPublicKeyPins(const HostPortPair& host_port_pair,
                           bool is_issued_by_known_root,
                           const HashValueVector& hashes,
+                          const X509Certificate* served_certificate_chain,
+                          const X509Certificate* validated_certificate_chain,
+                          const PublicKeyPinReportStatus report_status,
                           std::string* failure_log);
   bool HasPublicKeyPins(const std::string& host);
 
@@ -208,6 +219,8 @@ class NET_EXPORT TransportSecurityState
   // TransportSecurityState.
   void SetDelegate(Delegate* delegate);
 
+  void SetReportSender(ReportSender* report_sender);
+
   // Clears all dynamic data (e.g. HSTS and HPKP data).
   //
   // Does NOT persist changes using the Delegate, as this function is only
@@ -322,9 +335,13 @@ class NET_EXPORT TransportSecurityState
   static bool IsBuildTimely();
 
   // Helper method for actually checking pins.
-  bool CheckPublicKeyPinsImpl(const std::string& host,
-                              const HashValueVector& hashes,
-                              std::string* failure_log);
+  bool CheckPublicKeyPinsImpl(
+      const HostPortPair& host_port_pair,
+      const HashValueVector& hashes,
+      const X509Certificate* served_certificate_chain,
+      const X509Certificate* validated_certificate_chain,
+      const PublicKeyPinReportStatus report_status,
+      std::string* failure_log);
 
   // If a Delegate is present, notify it that the internal state has
   // changed.
@@ -361,6 +378,8 @@ class NET_EXPORT TransportSecurityState
 
   Delegate* delegate_;
 
+  ReportSender* report_sender_;
+
   // True if static pins should be used.
   bool enable_static_pins_;