Improve TransportSecurityState data storage.

chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
 
 #include <set>
 
 #include "base/base64.h"
 #include "base/logging.h"
@@ skipping 47 matching lines @@
 net::URLRequest* ChromeFraudulentCertificateReporter::CreateURLRequest(
       net::URLRequestContext* context) {
   net::URLRequest* request = context->CreateRequest(upload_url_, this);
   request->set_load_flags(net::LOAD_DO_NOT_SEND_COOKIES |
                           net::LOAD_DO_NOT_SAVE_COOKIES);
   return request;
 }
 
 void ChromeFraudulentCertificateReporter::SendReport(
     const std::string& hostname,
-    const net::SSLInfo& ssl_info,
-    bool sni_available) {
+    const net::SSLInfo& ssl_info) {
   // We do silent/automatic reporting ONLY for Google properties. For other
   // domains (when we start supporting that), we will ask for user permission.

[palmer, 2013/03/25 23:54:34]

So what code now enforces this comment?

I think we need to keep the IsGooglePinnedProperty check up here in
chrome/browser code, because at some point we're going to fire off UI to ask the
user if they want to report more kinds of pinning failure, and we can't do that
in e.g. the net/ layer.

[unsafe, 2013/03/26 01:42:22]

URLRequestHttpJob::OnStartCompleted().  
The reason for here is that IsGooglePinnedProperty() was moved into DomainState,
so that all relevant preloaded state gets loaded via
TSS::GetPreloadDomainState(), instead of needing a different function for
searching preload entries.

The URLRequestHttpJob function already deals with a TSS instance for
ShouldSSLErrorsBeFatal(), so it seemed easier to handle the check at that level,
instead of pushing sni_available down to here, then figuring some way to get at
the TSS object from here...

But I could move the check back to here, if there's some way to get at a TSS
object?

-  if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname,
-                                                           sni_available)) {
-    return;
-  }
 
   std::string report = BuildReport(hostname, ssl_info);
 
   net::URLRequest* url_request = CreateURLRequest(request_context_);
   url_request->set_method("POST");
 
   scoped_ptr<net::UploadElementReader> reader(
       net::UploadOwnedBytesElementReader::CreateWithString(report));
   url_request->set_upload(make_scoped_ptr(
       net::UploadDataStream::CreateWithReader(reader.Pass(), 0)));
@@ skipping 29 matching lines @@
     LOG(WARNING) << "Certificate upload HTTP status: "
                  << request->GetResponseCode();
   }
   RequestComplete(request);
 }
 
 void ChromeFraudulentCertificateReporter::OnReadCompleted(
     net::URLRequest* request, int bytes_read) {}
 
 }  // namespace chrome_browser_net