Send HPKP violation reports when a pin check fails

net/http/transport_security_state.h

Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 8c9782f382eb6968aaf35d1ae7175a9aa948ea39..a18c7b91f62196ff7b8e571c0202730976c458cd 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -227,6 +227,13 @@ class NET_EXPORT TransportSecurityState
     virtual ~Reporter() {}
   };
 
+  // Indicates whether or not a public key pin check should send a
+  // report if a violation is detected.
+  enum PublicKeyPinReportStatus {
+    DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT,
+    SEND_PUBLIC_KEY_PIN_REPORT

[Ryan Sleevi, 2015/07/10 16:40:00]

Perhaps for brevity/readability this should be

DISABLE_REPORTING
ENABLE_REPORTING

I guess the two issues I have that make me feel uneasy are the "PUBLIC_KEY_PIN"
(which feels overly verbose) but also the "SEND_..._REPORT", which implies a
report will always be sent in the check, but it's not (only if the check
mismatches)

There's probably other ways to paint the bikeshed with those two concerns, so go
to town on naming (since I agree even my naming is weird)

[estark, 2015/07/10 19:33:30]

Renamed to ENABLE_PIN_REPORTS/DISABLE_PIN_REPORTS?

+  };
+
   TransportSecurityState();
   ~TransportSecurityState();
 
@@ -239,6 +246,10 @@ class NET_EXPORT TransportSecurityState
   bool CheckPublicKeyPins(const std::string& host,
                           bool is_issued_by_known_root,
                           const HashValueVector& hashes,
+                          uint16_t port,
+                          const X509Certificate* served_certificate_chain,
+                          const X509Certificate* validated_certificate_chain,
+                          const PublicKeyPinReportStatus report_status,
                           std::string* failure_log);
   bool HasPublicKeyPins(const std::string& host);
 
@@ -365,9 +376,14 @@ class NET_EXPORT TransportSecurityState
   static bool IsBuildTimely();
 
   // Helper method for actually checking pins.
-  bool CheckPublicKeyPinsImpl(const std::string& host,
-                              const HashValueVector& hashes,
-                              std::string* failure_log);
+  bool CheckPublicKeyPinsImpl(
+      const std::string& host,
+      const HashValueVector& hashes,
+      uint16_t port,
+      const X509Certificate* served_certificate_chain,
+      const X509Certificate* validated_certificate_chain,
+      const PublicKeyPinReportStatus report_status,
+      std::string* failure_log);
 
   // If a Delegate is present, notify it that the internal state has
   // changed.