Implement a skeleton version of Expect CT reports

chrome/browser/ssl/expect_ct_reporter.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/expect_ct_reporter.h"
+
+#include <string>
+
+#include "net/http/http_response_headers.h"
+#include "net/http/transport_security_state.h"
+#include "net/url_request/certificate_report_sender.h"
+#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_context.h"
+
+ExpectCTReporter::ExpectCTReporter(
+    net::URLRequestContext* request_context,
+    net::TransportSecurityState* transport_security_state)
+    : report_sender_(new net::CertificateReportSender(
+          request_context,
+          net::CertificateReportSender::DO_NOT_SEND_COOKIES)),
+      transport_security_state_(transport_security_state) {}
+
+ExpectCTReporter::~ExpectCTReporter() {}
+
+void ExpectCTReporter::OnCTComplianceFailed(net::URLRequest* request) {
+  net::TransportSecurityState::ExpectCTState expect_ct_state;
+  if (!transport_security_state_->GetStaticExpectCTState(request->url().host(),
+                                                         &expect_ct_state)) {
+    // The host for this request is not on the Expect CT preload list,
+    // so do nothing.
+    return;
+  }
+
+  net::HttpResponseHeaders* response_headers = request->response_headers();
+  std::string value;
+  if (!response_headers->EnumerateHeader(nullptr, "Expect-CT", &value) ||
+      value != "preload") {
+    // The preload list alone is not enough to opt a server in to expect
+    // CT; the server is not sending the Expect-CT header, so it has
+    // effectively opted out.
+    return;
+  }
+
+  // TODO(estark): build and send a report about the policy violation.
+}