Certificate Transparency: Enhance the CT log flag for multiple logs

chrome/browser/io_thread.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/io_thread.h"
 
 #include <vector>
 
 #include "base/base64.h"
 #include "base/bind.h"
@@ skipping 544 matching lines @@
 
   // Add built-in logs
   ct_verifier->AddLog(net::ct::CreateGooglePilotLogVerifier().Pass());
   ct_verifier->AddLog(net::ct::CreateGoogleAviatorLogVerifier().Pass());
   ct_verifier->AddLog(net::ct::CreateGoogleRocketeerLogVerifier().Pass());
 
   // Add logs from command line
   if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) {
     std::string switch_value = command_line.GetSwitchValueASCII(
         switches::kCertificateTransparencyLog);
-    size_t delim_pos = switch_value.find(":");
-    CHECK(delim_pos != std::string::npos)
+    size_t log_delim_pos = switch_value.find(";");

[Lei Zhang, 2014/01/27 19:46:06]

Would it be slightly easier / readable to do this parsing with
base::SplitString() and then iterating over the output vector?

[Eran M. (Google), 2014/01/28 09:13:02]

Done.

+    while (!switch_value.empty()) {
+      std::string curr_log = switch_value.substr(0, log_delim_pos);
+      size_t delim_pos = curr_log.find(":");
+      CHECK(delim_pos != std::string::npos)
         << "CT log description not provided (switch format"
-           " is 'description:base64_key')";
-    std::string log_description(switch_value.substr(0, delim_pos));
-    std::string ct_public_key_data;
-    CHECK(base::Base64Decode(
-          switch_value.substr(delim_pos + 1),
-          &ct_public_key_data)) << "Unable to decode CT public key.";
-    scoped_ptr<net::CTLogVerifier> external_log_verifier(
-        net::CTLogVerifier::Create(ct_public_key_data, log_description));
-    CHECK(external_log_verifier) << "Unable to parse CT public key.";
-    ct_verifier->AddLog(external_log_verifier.Pass());
+        " is 'description:base64_key')";
+      std::string log_description(curr_log.substr(0, delim_pos));
+      std::string ct_public_key_data;
+      CHECK(base::Base64Decode(
+            curr_log.substr(delim_pos + 1),
+            &ct_public_key_data)) << "Unable to decode CT public key.";
+      scoped_ptr<net::CTLogVerifier> external_log_verifier(
+          net::CTLogVerifier::Create(ct_public_key_data, log_description));
+      CHECK(external_log_verifier) << "Unable to parse CT public key.";
+      VLOG(1) << "Adding log with description " << log_description;
+      ct_verifier->AddLog(external_log_verifier.Pass());
+
+      if (log_delim_pos == std::string::npos) {
+        switch_value = "";
+      } else {
+        switch_value = switch_value.substr(log_delim_pos + 1);
+      }
+      log_delim_pos = switch_value.find(";");
+    }
   }
 #else
   if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) {
     LOG(DFATAL) << "Certificate Transparency is not yet supported in Chrome "
                    "builds using OpenSSL.";
   }
 #endif
   globals_->ssl_config_service = GetSSLConfigService();
 #if defined(OS_ANDROID) || defined(OS_IOS)
   if (DataReductionProxySettings::IsDataReductionProxyAllowed()) {
@@ skipping 596 matching lines @@
   std::string version_flag =
       command_line.GetSwitchValueASCII(switches::kQuicVersion);
   for (size_t i = 0; i < supported_versions.size(); ++i) {
     net::QuicVersion version = supported_versions[i];
     if (net::QuicVersionToString(version) == version_flag) {
       return version;
     }
   }
   return net::QUIC_VERSION_UNSUPPORTED;
 }