Distinguish STS observation times from PKP observation times.

net/http/transport_security_state.cc

Index: net/http/transport_security_state.cc
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index f2282ed320a67983535e9dd09cea468447f6d501..2634afb7ccffd6c835f273b6bfd3840416dcf707 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -202,9 +202,15 @@ void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) {
 
   DomainStateMap::iterator i = enabled_hosts_.begin();
   while (i != enabled_hosts_.end()) {
-    if (i->second.created >= time) {
+    if (i->second.sts_observed >= time && i->second.pkp_observed >= time) {
       dirtied = true;
       enabled_hosts_.erase(i++);
+    } else if (i->second.sts_observed >= time) {
+      dirtied = true;
+      i->second.upgrade_mode = DomainState::MODE_DEFAULT;
+    } else if (i->second.pkp_observed >= time) {
+      dirtied = true;
+      i->second.dynamic_spki_hashes.clear();

[wtc, 2013/07/23 21:31:07]

Should we increment |i| in these two cases?

[palmer, 2013/12/12 01:32:12]

Done.

     } else {
       i++;
     }

[Ryan Sleevi, 2013/07/17 23:32:43]

FWIW, this seems weird.

Imagine the user visits site.example at T0, which sets up HSTS.

- They then revisit the site at T5, updating the observation time.
- They then revisit the site at T10, updating the observation time.
- They choose to clear all history from T6 to T10.
- This will reset site.example to pre-HSTS (which it existed at T0-T5).

That said, this is probably unavoidable. Do you know how we handle cookies? Do
we distinguish create from last_modified? I thought we did, and we only nuked
those created after T6, not those modified after T6.

[palmer, 2013/12/12 01:32:12]

I don't see a way to avoid this, short of keeping a record of every observation
ever (thus bloating the stored TSS).

I don't know how we handle cookies — nor am I sure how we should. :) Nor am I
sure if TSS should be handled the same way as cookies.

I suppose we could rename this method |DeleteAllDynamicDataModifiedAfter|, to
clarify? :\

@@ -623,7 +629,7 @@ bool TransportSecurityState::AddHSTSHeader(const std::string& host,
       domain_state.upgrade_mode = DomainState::MODE_DEFAULT;
     else
       domain_state.upgrade_mode = DomainState::MODE_FORCE_HTTPS;
-    domain_state.created = now;
+    domain_state.sts_observed = now;
     domain_state.upgrade_expiry = now + max_age;
     EnableHost(host, domain_state);
     return true;
@@ -644,7 +650,7 @@ bool TransportSecurityState::AddHPKPHeader(const std::string& host,
                       &max_age, &domain_state.pkp_include_subdomains,
                       &domain_state.dynamic_spki_hashes)) {
     // TODO(palmer): http://crbug.com/243865 handle max-age == 0.
-    domain_state.created = now;
+    domain_state.pkp_observed = now;
     domain_state.dynamic_spki_hashes_expiry = now + max_age;
     EnableHost(host, domain_state);
     return true;
@@ -666,7 +672,7 @@ bool TransportSecurityState::AddHSTS(const std::string& host,
   if (i != enabled_hosts_.end())
     domain_state = i->second;
 
-  domain_state.created = base::Time::Now();
+  domain_state.sts_observed = base::Time::Now();
   domain_state.sts_include_subdomains = include_subdomains;
   domain_state.upgrade_expiry = expiry;
   domain_state.upgrade_mode = DomainState::MODE_FORCE_HTTPS;
@@ -689,7 +695,7 @@ bool TransportSecurityState::AddHPKP(const std::string& host,
   if (i != enabled_hosts_.end())
     domain_state = i->second;
 
-  domain_state.created = base::Time::Now();
+  domain_state.pkp_observed = base::Time::Now();
   domain_state.pkp_include_subdomains = include_subdomains;
   domain_state.dynamic_spki_hashes_expiry = expiry;
   domain_state.dynamic_spki_hashes = hashes;
@@ -834,7 +840,8 @@ void TransportSecurityState::AddOrUpdateEnabledHosts(
 
 TransportSecurityState::DomainState::DomainState()
     : upgrade_mode(MODE_DEFAULT),
-      created(base::Time::Now()),
+      sts_observed(base::Time::Now()),
+      pkp_observed(base::Time::Now()),

[wtc, 2013/07/23 21:31:07]

These two base::Time::Now() calls may potentially return different values.
It would be nice to ensure that sts_observed and pkp_observed be initialized
to the same value.

Alternatively, perhaps sts_observed and pkp_observed should just be initialized
to the default base::Time value.

[palmer, 2013/12/12 01:32:12]

Done.

       sts_include_subdomains(false),
       pkp_include_subdomains(false) {
 }