Remove CertTrustAnchorProvider from net

chrome/browser/chromeos/policy/policy_cert_verifier.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
 
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "chrome/browser/browser_process.h"
 #include "content/public/browser/browser_thread.h"
@@ skipping 40 matching lines @@
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
 }
 
 void PolicyCertVerifier::InitializeOnIOThread(
     const scoped_refptr<net::CertVerifyProc>& verify_proc) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   if (!verify_proc->SupportsAdditionalTrustAnchors()) {
     LOG(WARNING)
         << "Additional trust anchors not supported on the current platform!";
   }
-  std::unique_ptr<net::CachingCertVerifier> verifier =
-      base::MakeUnique<net::CachingCertVerifier>(
-          base::MakeUnique<net::MultiThreadedCertVerifier>(verify_proc.get()));
-  verifier->SetCertTrustAnchorProvider(this);
-  delegate_ = std::move(verifier);
+  delegate_ = base::MakeUnique<net::CachingCertVerifier>(
+      base::MakeUnique<net::MultiThreadedCertVerifier>(verify_proc.get()));
 }
 
 void PolicyCertVerifier::SetTrustAnchors(
     const net::CertificateList& trust_anchors) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   trust_anchors_ = trust_anchors;
 }
 
 int PolicyCertVerifier::Verify(
     const RequestParams& params,
     net::CRLSet* crl_set,
     net::CertVerifyResult* verify_result,
     const net::CompletionCallback& completion_callback,
     std::unique_ptr<Request>* out_req,
     const net::BoundNetLog& net_log) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   DCHECK(delegate_);
   net::CompletionCallback wrapped_callback =
       base::Bind(&CompleteAndSignalAnchorUse,
                  anchor_used_callback_,
                  completion_callback,
                  verify_result);
-  int error = delegate_->Verify(params, crl_set, verify_result,
+
+  CertificateList merged_trust_anchors(params.additional_trust_anchors());

[eroman, 2016/06/16 19:56:38]

How about reserving the concatenated length first?

[Ryan Sleevi, 2016/06/16 21:07:14]

.insert() does this prior to the insertion (since .begin()/.end() are
Random-Access-Iterators). Reserving it before the copy seemed an explicit
premature optimization, so I left it off lest someone think it was intentional.

[eroman, 2016/06/16 21:47:29]

Not quite. This does two allocations: first it copies the
additional_trust_anchors() list, then it does the insert. A common pattern is to
just reserve the full size first.

[Ryan Sleevi, 2016/06/16 21:50:35]

That's what I said.
Disagree on common, and disagree that the optimization is intrinsically
worthwhile.

+  merged_trust_anchors.insert(merged_trust_anchors.begin(),
+                              trust_anchors_.begin(), trust_anchors_.end());
+  net::CertVerifier::RequestParams new_params(
+      params.certificate(), params.hostname(), params.flags(),
+      params.ocsp_response(), merged_trust_anchors);
+  int error = delegate_->Verify(new_params, crl_set, verify_result,
                                 wrapped_callback, out_req, net_log);
   MaybeSignalAnchorUse(error, anchor_used_callback_, *verify_result);
   return error;
 }
 
 bool PolicyCertVerifier::SupportsOCSPStapling() {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   return delegate_->SupportsOCSPStapling();
 }
 
-const net::CertificateList& PolicyCertVerifier::GetAdditionalTrustAnchors() {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
-  return trust_anchors_;
-}
-
 }  // namespace policy