Safebrowsing: change gethash caching to match api 2.3 rules, fix some corner cases.

chrome/browser/safe_browsing/safe_browsing_database_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Unit tests for the SafeBrowsing storage system.
 
+#include "chrome/browser/safe_browsing/safe_browsing_database.h"
+
 #include "base/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/sha1.h"
 #include "base/time/time.h"
-#include "chrome/browser/safe_browsing/safe_browsing_database.h"
 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "crypto/sha2.h"
 #include "net/base/net_util.h"
 #include "sql/connection.h"
 #include "sql/statement.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
 #include "url/gurl.h"
 
 using base::Time;
 
 namespace {
 
 SBPrefix SBPrefixForString(const std::string& str) {
   return SBFullHashForString(str).prefix;
 }
 
+SBFullHash SBFullHashForPrefixAndSuffix(SBPrefix prefix, std::string suffix) {
+  SBFullHash full_hash;
+  memset(&full_hash, 0, sizeof(SBFullHash));
+  full_hash.prefix = prefix;
+  CHECK_LE(suffix.size() + sizeof(SBPrefix), sizeof(SBFullHash));
+  memcpy(full_hash.full_hash + sizeof(SBPrefix), suffix.data(), suffix.size());
+  return full_hash;
+}
+
 std::string HashedIpPrefix(const std::string& ip_prefix, size_t prefix_size) {
   net::IPAddressNumber ip_number;
   EXPECT_TRUE(net::ParseIPLiteralToNumber(ip_prefix, &ip_number));
   EXPECT_EQ(net::kIPv6AddressSize, ip_number.size());
   const std::string hashed_ip_prefix = base::SHA1HashString(
       net::IPAddressToPackedString(ip_number));
   std::string hash(crypto::kSHA256Length, '\0');
   hash.replace(0, hashed_ip_prefix.size(), hashed_ip_prefix);
   hash[base::kSHA1Length] = static_cast<char>(prefix_size);
   return hash;
@@ skipping 19 matching lines @@
 // one url for prefix.
 void InsertAddChunkHostPrefixUrl(SBChunk* chunk,
                                  int chunk_number,
                                  const std::string& host_name,
                                  const std::string& url) {
   InsertAddChunkHostPrefixValue(chunk, chunk_number,
                                 SBPrefixForString(host_name),
                                 SBPrefixForString(url));
 }
 
+// Same as InsertAddChunkHostFullHashes, but with pre-computed
+// prefix and fullhash values.
+void InsertAddChunkHostFullHashValue(SBChunk* chunk,
+                                     int chunk_number,
+                                     const SBPrefix& host_prefix,
+                                     const SBFullHash& url_fullhash) {
+  chunk->chunk_number = chunk_number;
+  chunk->is_add = true;
+  SBChunkHost host;
+  host.host = host_prefix;
+  host.entry = SBEntry::Create(SBEntry::ADD_FULL_HASH, 1);
+  host.entry->set_chunk_id(chunk->chunk_number);
+  host.entry->SetFullHashAt(0, url_fullhash);
+  chunk->hosts.push_back(host);
+}
+
 // Same as InsertAddChunkHostPrefixUrl, but with full hashes.
 void InsertAddChunkHostFullHashes(SBChunk* chunk,
                                   int chunk_number,
                                   const std::string& host_name,
                                   const std::string& url) {
-  chunk->chunk_number = chunk_number;
-  chunk->is_add = true;
-  SBChunkHost host;
-  host.host = SBPrefixForString(host_name);
-  host.entry = SBEntry::Create(SBEntry::ADD_FULL_HASH, 1);
-  host.entry->set_chunk_id(chunk->chunk_number);
-  host.entry->SetFullHashAt(0, SBFullHashForString(url));
-  chunk->hosts.push_back(host);
+  InsertAddChunkHostFullHashValue(chunk,
+                                  chunk_number,
+                                  SBPrefixForString(host_name),
+                                  SBFullHashForString(url));
 }
 
 void InsertAddChunkFullHash(SBChunk* chunk,
                             int chunk_number,
                             const std::string& ip_str,
                             size_t prefix_size) {
   const std::string full_hash_str = HashedIpPrefix(ip_str, prefix_size);
   EXPECT_EQ(sizeof(SBFullHash), full_hash_str.size());
   SBFullHash full_hash;
   std::memcpy(&(full_hash.full_hash), full_hash_str.data(), sizeof(SBFullHash));
@@ skipping 184 matching lines @@
   }
 
   void AddDelChunk(const std::string& list, int chunk_id) {
     DelChunk(list, chunk_id, false);
   }
 
   void SubDelChunk(const std::string& list, int chunk_id) {
     DelChunk(list, chunk_id, true);
   }
 
+  bool ContainsBrowseUrlHashes(std::vector<SBFullHash>* full_hashes,
+                               std::vector<SBPrefix>* prefix_hits,
+                               std::vector<SBFullHashResult>* cache_hits) {
+    std::sort(full_hashes->begin(), full_hashes->end(), SBFullHashLess);
+    return database_->ContainsBrowseUrlHashes(
+        *full_hashes, prefix_hits, cache_hits);
+  }
+
   // Utility function for setting up the database for the caching test.
   void PopulateDatabaseForCacheTest();
 
   scoped_ptr<SafeBrowsingDatabaseNew> database_;
   base::FilePath database_filename_;
   base::ScopedTempDir temp_dir_;
 };
 
 // Tests retrieving list name information.
 TEST_F(SafeBrowsingDatabaseTest, ListNameForBrowse) {
@@ skipping 223 matching lines @@
   chunks.push_back(chunk);
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   // Make sure they were added correctly.
   GetListsInfo(&lists);
   EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList);
   EXPECT_EQ(lists[0].adds, "1-3");
   EXPECT_TRUE(lists[0].subs.empty());
 
-  const Time now = Time::Now();
-  std::vector<SBFullHashResult> full_hashes;
+  std::vector<SBFullHashResult> cache_hits;
   std::vector<SBPrefix> prefix_hits;
-  std::string matching_list;
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/phishing.html"), &prefix_hits, &cache_hits));
   EXPECT_EQ(prefix_hits[0], SBPrefixForString("www.evil.com/phishing.html"));
   EXPECT_EQ(prefix_hits.size(), 1U);
+  EXPECT_TRUE(cache_hits.empty());
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/malware.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/notevil1.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/notevil1.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/notevil2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/notevil2.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/good1.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.good.com/good1.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/good2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.good.com/good2.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://192.168.0.1/malware.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://192.168.0.1/malware.html"), &prefix_hits, &cache_hits));
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/"), &prefix_hits, &cache_hits));
   EXPECT_TRUE(prefix_hits.empty());
+  EXPECT_TRUE(cache_hits.empty());
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/robots.txt"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/robots.txt"), &prefix_hits, &cache_hits));
 
   // Attempt to re-add the first chunk (should be a no-op).
   // see bug: http://code.google.com/p/chromium/issues/detail?id=4522
   chunk.hosts.clear();
   InsertAddChunkHost2PrefixUrls(&chunk, 1, "www.evil.com/",
                                 "www.evil.com/phishing.html",
                                 "www.evil.com/malware.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
@@ skipping 10 matching lines @@
   InsertSubChunkHostPrefixUrl(&chunk, 4, 2, "www.evil.com/",
                               "www.evil.com/notevil1.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
 
   database_->UpdateFinished(true);
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/phishing.html"), &prefix_hits, &cache_hits));
   EXPECT_EQ(prefix_hits[0], SBPrefixForString("www.evil.com/phishing.html"));
   EXPECT_EQ(prefix_hits.size(), 1U);
+  EXPECT_TRUE(cache_hits.empty());
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/notevil1.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/notevil1.html"), &prefix_hits, &cache_hits));
   EXPECT_TRUE(prefix_hits.empty());
+  EXPECT_TRUE(cache_hits.empty());
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/notevil2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/notevil2.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/good1.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.good.com/good1.html"), &prefix_hits, &cache_hits));
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/good2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.good.com/good2.html"), &prefix_hits, &cache_hits));
 
   GetListsInfo(&lists);
   EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList);
   EXPECT_EQ(lists[0].subs, "4");
 
   // Test the same sub chunk again.  This should be a no-op.
   // see bug: http://code.google.com/p/chromium/issues/detail?id=4522
   chunk.hosts.clear();
   InsertSubChunkHostPrefixUrl(&chunk, 4, 2, "www.evil.com/",
                               "www.evil.com/notevil1.html");
   chunks.clear();
   chunks.push_back(chunk);
 
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   GetListsInfo(&lists);
   EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList);
   EXPECT_EQ(lists[0].subs, "4");
 
   // Test removing all the prefixes from an add chunk.
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   AddDelChunk(safe_browsing_util::kMalwareList, 2);
   database_->UpdateFinished(true);
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/notevil2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.evil.com/notevil2.html"), &prefix_hits, &cache_hits));
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/good1.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.good.com/good1.html"), &prefix_hits, &cache_hits));
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/good2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.good.com/good2.html"), &prefix_hits, &cache_hits));
 
   GetListsInfo(&lists);
   EXPECT_TRUE(lists[0].name == safe_browsing_util::kMalwareList);
   EXPECT_EQ(lists[0].adds, "1,3");
   EXPECT_EQ(lists[0].subs, "4");
 
   // The adddel command exposed a bug in the transaction code where any
   // transaction after it would fail.  Add a dummy entry and remove it to
   // make sure the transcation works fine.
   chunk.hosts.clear();
@@ skipping 24 matching lines @@
                                 "www.notevilanymore.com/index.html",
                                 "www.notevilanymore.com/good.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
       GURL("http://www.notevilanymore.com/index.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      &prefix_hits,
+      &cache_hits));
 
   // Now insert the tardy add chunk and we don't expect them to appear
   // in database because of the previous sub chunk.
   chunk.hosts.clear();
   InsertAddChunkHost2PrefixUrls(&chunk, 10, "www.notevilanymore.com/",
                                 "www.notevilanymore.com/index.html",
                                 "www.notevilanymore.com/good.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
       GURL("http://www.notevilanymore.com/index.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      &prefix_hits,
+      &cache_hits));
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
       GURL("http://www.notevilanymore.com/good.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      &prefix_hits,
+      &cache_hits));
 }
 
 
 // Test adding zero length chunks to the database.
 TEST_F(SafeBrowsingDatabaseTest, ZeroSizeChunk) {
   SBChunkList chunks;
   SBChunk chunk;
 
   // Populate with a couple of normal chunks.
   InsertAddChunkHost2PrefixUrls(&chunk, 1, "www.test.com/",
@@ skipping 50 matching lines @@
 
   empty_chunk.hosts.clear();
   InsertAddChunkHostPrefixUrl(&empty_chunk, 22, "www.notempy.com/",
                               "www.notempty.com/full2.html");
   chunks.push_back(empty_chunk);
 
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
-  const Time now = Time::Now();
-  std::vector<SBFullHashResult> full_hashes;
+  std::vector<SBFullHashResult> cache_hits;
   std::vector<SBPrefix> prefix_hits;
-  std::string matching_list;
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.notempty.com/full1.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.notempty.com/full1.html"), &prefix_hits, &cache_hits));
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.notempty.com/full2.html"),
-      &matching_list, &prefix_hits,
-      &full_hashes, now));
+      GURL("http://www.notempty.com/full2.html"), &prefix_hits, &cache_hits));
 
   GetListsInfo(&lists);
   EXPECT_EQ(lists[0].adds, "1,10,19-22");
   EXPECT_EQ(lists[0].subs, "7");
 
   // Handle AddDel and SubDel commands for empty chunks.
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   AddDelChunk(safe_browsing_util::kMalwareList, 21);
   database_->UpdateFinished(true);
 
@@ skipping 22 matching lines @@
 
   std::vector<SBListChunkRanges> lists;
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   // Add the GetHash results to the cache.
   SBFullHashResult full_hash;
   full_hash.hash = SBFullHashForString("www.evil.com/phishing.html");
   full_hash.list_name = safe_browsing_util::kMalwareList;
-  full_hash.add_chunk_id = 1;
 
   std::vector<SBFullHashResult> results;
+  std::vector<SBPrefix> prefixes;
   results.push_back(full_hash);
+  prefixes.push_back(full_hash.hash.prefix);
+  database_->CacheHashResults(
+      prefixes, results, base::TimeDelta::FromMinutes(45));
 
   full_hash.hash = SBFullHashForString("www.evil.com/malware.html");
+  results.clear();
+  prefixes.clear();
   results.push_back(full_hash);
-
-  std::vector<SBPrefix> prefixes;
-  database_->CacheHashResults(prefixes, results);
+  prefixes.push_back(full_hash.hash.prefix);
+  database_->CacheHashResults(
+      prefixes, results, base::TimeDelta::FromMinutes(45));
 }
 
 TEST_F(SafeBrowsingDatabaseTest, HashCaching) {
   PopulateDatabaseForCacheTest();
 
   // We should have both full hashes in the cache.
-  EXPECT_EQ(database_->pending_browse_hashes_.size(), 2U);
+  EXPECT_EQ(database_->browse_gethash_cache_.size(), 2U);
 
   // Test the cache lookup for the first prefix.
   std::string listname;
   std::vector<SBPrefix> prefixes;
-  std::vector<SBFullHashResult> full_hashes;
+  std::vector<SBFullHashResult> cache_hits;
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing.html"),
-      &listname, &prefixes, &full_hashes, Time::Now());
-  EXPECT_EQ(full_hashes.size(), 1U);
-  EXPECT_TRUE(
-      SBFullHashEqual(full_hashes[0].hash,
-                      SBFullHashForString("www.evil.com/phishing.html")));
+      GURL("http://www.evil.com/phishing.html"), &prefixes, &cache_hits);
+  EXPECT_TRUE(prefixes.empty());
+  EXPECT_EQ(cache_hits.size(), 1U);
+  EXPECT_TRUE(SBFullHashEqual(
+      cache_hits[0].hash, SBFullHashForString("www.evil.com/phishing.html")));
 
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // Test the cache lookup for the second prefix.
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &listname, &prefixes, &full_hashes, Time::Now());
-  EXPECT_EQ(full_hashes.size(), 1U);
-  EXPECT_TRUE(
-      SBFullHashEqual(full_hashes[0].hash,
-                      SBFullHashForString("www.evil.com/malware.html")));
+      GURL("http://www.evil.com/malware.html"), &prefixes, &cache_hits);
+  EXPECT_TRUE(prefixes.empty());
+  EXPECT_EQ(cache_hits.size(), 1U);
+  EXPECT_TRUE(SBFullHashEqual(
+      cache_hits[0].hash, SBFullHashForString("www.evil.com/malware.html")));
 
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // Test removing a prefix via a sub chunk.
   SBChunk chunk;
   SBChunkList chunks;
   InsertSubChunkHostPrefixUrl(&chunk, 2, 1, "www.evil.com/",
                               "www.evil.com/phishing.html");
   chunks.push_back(chunk);
 
   std::vector<SBListChunkRanges> lists;
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
-  // This prefix should still be there.
+  // This prefix should still be there, but cached fullhash should be gone.
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &listname, &prefixes, &full_hashes, Time::Now());
-  EXPECT_EQ(full_hashes.size(), 1U);
-  EXPECT_TRUE(
-      SBFullHashEqual(full_hashes[0].hash,
-                      SBFullHashForString("www.evil.com/malware.html")));
+      GURL("http://www.evil.com/malware.html"), &prefixes, &cache_hits);
+  EXPECT_TRUE(cache_hits.empty());
+  EXPECT_EQ(prefixes.size(), 1U);
+  EXPECT_EQ(prefixes[0], SBPrefixForString("www.evil.com/malware.html"));
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // This prefix should be gone.
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing.html"),
-      &listname, &prefixes, &full_hashes, Time::Now());
-  EXPECT_TRUE(full_hashes.empty());
+      GURL("http://www.evil.com/phishing.html"), &prefixes, &cache_hits);
+  EXPECT_TRUE(prefixes.empty());
+  EXPECT_TRUE(cache_hits.empty());
 
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
-  // Test that an AddDel for the original chunk removes the last cached entry.
+  // Test that an AddDel for the original chunk removes the last entry.
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   AddDelChunk(safe_browsing_util::kMalwareList, 1);
   database_->UpdateFinished(true);
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &listname, &prefixes, &full_hashes, Time::Now());
-  EXPECT_TRUE(full_hashes.empty());
+      GURL("http://www.evil.com/malware.html"), &prefixes, &cache_hits);
+  EXPECT_TRUE(cache_hits.empty());
   EXPECT_TRUE(database_->full_browse_hashes_.empty());
-  EXPECT_TRUE(database_->pending_browse_hashes_.empty());
+  EXPECT_TRUE(database_->browse_gethash_cache_.empty());
 
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // Test that the cache won't return expired values. First we have to adjust
   // the cached entries' received time to make them older, since the database
   // cache insert uses Time::Now(). First, store some entries.
   PopulateDatabaseForCacheTest();
 
-  std::vector<SBAddFullHash>* hash_cache = &database_->pending_browse_hashes_;
+  std::map<SBPrefix, SBCachedFullHashResult>* hash_cache =
+      &database_->browse_gethash_cache_;
   EXPECT_EQ(hash_cache->size(), 2U);
 
   // Now adjust one of the entries times to be in the past.
-  base::Time expired = base::Time::Now() - base::TimeDelta::FromMinutes(60);
   const SBPrefix key = SBPrefixForString("www.evil.com/malware.html");
-  std::vector<SBAddFullHash>::iterator iter;
-  for (iter = hash_cache->begin(); iter != hash_cache->end(); ++iter) {
-    if (iter->full_hash.prefix == key) {
-      iter->received = static_cast<int32>(expired.ToTimeT());
-      break;
-    }
-  }
-  EXPECT_TRUE(iter != hash_cache->end());
+  std::map<SBPrefix, SBCachedFullHashResult>::iterator iter =
+      hash_cache->find(key);
+  ASSERT_TRUE(iter != hash_cache->end());
+  iter->second.expire_after =
+      base::Time::Now() - base::TimeDelta::FromMinutes(1);
 
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &listname, &prefixes, &full_hashes, expired);
-  EXPECT_TRUE(full_hashes.empty());
+      GURL("http://www.evil.com/malware.html"), &prefixes, &cache_hits);
+  EXPECT_EQ(prefixes.size(), 1U);
+  EXPECT_TRUE(cache_hits.empty());
+  // Expired entry should have been removed from cache.
+  EXPECT_EQ(hash_cache->size(), 1U);
 
   // This entry should still exist.
   database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing.html"),
-      &listname, &prefixes, &full_hashes, expired);
-  EXPECT_EQ(full_hashes.size(), 1U);
-
+      GURL("http://www.evil.com/phishing.html"), &prefixes, &cache_hits);
+  EXPECT_TRUE(prefixes.empty());
+  EXPECT_EQ(cache_hits.size(), 1U);
 
   // Testing prefix miss caching. First, we clear out the existing database,
   // Since PopulateDatabaseForCacheTest() doesn't handle adding duplicate
   // chunks.
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   AddDelChunk(safe_browsing_util::kMalwareList, 1);
   database_->UpdateFinished(true);
 
   std::vector<SBPrefix> prefix_misses;
   std::vector<SBFullHashResult> empty_full_hash;
   prefix_misses.push_back(SBPrefixForString("http://www.bad.com/malware.html"));
   prefix_misses.push_back(
       SBPrefixForString("http://www.bad.com/phishing.html"));
-  database_->CacheHashResults(prefix_misses, empty_full_hash);
+  database_->CacheHashResults(
+      prefix_misses, empty_full_hash, base::TimeDelta::FromMinutes(45));
 
   // Prefixes with no full results are misses.
-  EXPECT_EQ(database_->prefix_miss_cache_.size(), 2U);
+  EXPECT_EQ(hash_cache->size(), 2U);
+  EXPECT_NE(
+      hash_cache->find(SBPrefixForString("http://www.bad.com/malware.html")),
+      hash_cache->end());
+  EXPECT_TRUE(
+      hash_cache->find(SBPrefixForString("http://www.bad.com/malware.html"))
+          ->second.full_hashes.empty());
+  EXPECT_NE(
+      hash_cache->find(SBPrefixForString("http://www.bad.com/phishing.html")),
+      hash_cache->end());
+  EXPECT_TRUE(
+      hash_cache->find(SBPrefixForString("http://www.bad.com/phishing.html"))
+          ->second.full_hashes.empty());
 
   // Update the database.
   PopulateDatabaseForCacheTest();
 
-  // Prefix miss cache should be cleared.
-  EXPECT_TRUE(database_->prefix_miss_cache_.empty());
-
   // Cache a GetHash miss for a particular prefix, and even though the prefix is
   // in the database, it is flagged as a miss so looking up the associated URL
   // will not succeed.
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
   prefix_misses.clear();
   empty_full_hash.clear();
   prefix_misses.push_back(SBPrefixForString("www.evil.com/phishing.html"));
-  database_->CacheHashResults(prefix_misses, empty_full_hash);
+  database_->CacheHashResults(
+      prefix_misses, empty_full_hash, base::TimeDelta::FromMinutes(45));
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing.html"),
-      &listname, &prefixes,
-      &full_hashes, Time::Now()));
+      GURL("http://www.evil.com/phishing.html"), &prefixes, &cache_hits));
+  EXPECT_TRUE(prefixes.empty());
+  EXPECT_TRUE(cache_hits.empty());
 
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // Test receiving a full add chunk.
   chunk.hosts.clear();
   InsertAddChunkHost2FullHashes(&chunk, 20, "www.fullevil.com/",
                                 "www.fullevil.com/bad1.html",
                                 "www.fullevil.com/bad2.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.fullevil.com/bad1.html"),
-      &listname, &prefixes, &full_hashes,
-      Time::Now()));
-  EXPECT_EQ(full_hashes.size(), 1U);
-  EXPECT_TRUE(
-      SBFullHashEqual(full_hashes[0].hash,
-                      SBFullHashForString("www.fullevil.com/bad1.html")));
+      GURL("http://www.fullevil.com/bad1.html"), &prefixes, &cache_hits));
+  EXPECT_EQ(prefixes.size(), 1U);
+  EXPECT_EQ(prefixes[0], SBPrefixForString("www.fullevil.com/bad1.html"));
+  EXPECT_TRUE(cache_hits.empty());
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.fullevil.com/bad2.html"),
-      &listname, &prefixes, &full_hashes,
-      Time::Now()));
-  EXPECT_EQ(full_hashes.size(), 1U);
-  EXPECT_TRUE(
-      SBFullHashEqual(full_hashes[0].hash,
-                      SBFullHashForString("www.fullevil.com/bad2.html")));
+      GURL("http://www.fullevil.com/bad2.html"), &prefixes, &cache_hits));
+  EXPECT_EQ(prefixes.size(), 1U);
+  EXPECT_EQ(prefixes[0], SBPrefixForString("www.fullevil.com/bad2.html"));
+  EXPECT_TRUE(cache_hits.empty());
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // Test receiving a full sub chunk, which will remove one of the full adds.
   chunk.hosts.clear();
   InsertSubChunkHostFullHash(&chunk, 200, 20,
                              "www.fullevil.com/",
                              "www.fullevil.com/bad1.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.fullevil.com/bad1.html"),
-      &listname, &prefixes, &full_hashes,
-      Time::Now()));
-  EXPECT_TRUE(full_hashes.empty());
+      GURL("http://www.fullevil.com/bad1.html"), &prefixes, &cache_hits));
+  EXPECT_TRUE(prefixes.empty());
+  EXPECT_TRUE(cache_hits.empty());
 
   // There should be one remaining full add.
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.fullevil.com/bad2.html"),
-      &listname, &prefixes, &full_hashes,
-      Time::Now()));
-  EXPECT_EQ(full_hashes.size(), 1U);
-  EXPECT_TRUE(
-      SBFullHashEqual(full_hashes[0].hash,
-                      SBFullHashForString("www.fullevil.com/bad2.html")));
+      GURL("http://www.fullevil.com/bad2.html"), &prefixes, &cache_hits));
+  EXPECT_EQ(prefixes.size(), 1U);
+  EXPECT_EQ(prefixes[0], SBPrefixForString("www.fullevil.com/bad2.html"));
+  EXPECT_TRUE(cache_hits.empty());
   prefixes.clear();
-  full_hashes.clear();
+  cache_hits.clear();
 
   // Now test an AddDel for the remaining full add.
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   AddDelChunk(safe_browsing_util::kMalwareList, 20);
   database_->UpdateFinished(true);
 
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.fullevil.com/bad1.html"),
-      &listname, &prefixes, &full_hashes,
-      Time::Now()));
+      GURL("http://www.fullevil.com/bad1.html"), &prefixes, &cache_hits));
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.fullevil.com/bad2.html"),
-      &listname, &prefixes, &full_hashes,
-      Time::Now()));
+      GURL("http://www.fullevil.com/bad2.html"), &prefixes, &cache_hits));
 }
 
 // Test that corrupt databases are appropriately handled, even if the
 // corruption is detected in the midst of the update.
 // TODO(shess): Disabled until ScopedLogMessageIgnorer resolved.
 // http://crbug.com/56448
 TEST_F(SafeBrowsingDatabaseTest, DISABLED_FileCorruptionHandling) {
   // Re-create the database in a captive message loop so that we can
   // influence task-posting.  Database specifically needs to the
   // file-backed.
@@ skipping 425 matching lines @@
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kPhishingList, chunks);
   database_->UpdateFinished(true);
 
   GetListsInfo(&lists);
   EXPECT_EQ(std::string(safe_browsing_util::kMalwareList), lists[0].name);
   EXPECT_EQ("1", lists[0].adds);
   EXPECT_EQ(std::string(safe_browsing_util::kPhishingList), lists[1].name);
   EXPECT_EQ("47", lists[1].adds);
 
-  const Time now = Time::Now();
   std::vector<SBPrefix> prefixes;
-  std::vector<SBFullHashResult> full_hashes;
-  std::vector<SBPrefix> prefix_hits;
-  std::string matching_list;
+  std::vector<SBFullHashResult> cache_hits;
   std::string listname;
 
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware1.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/malware1.html"), &prefixes, &cache_hits));
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware2.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/malware2.html"), &prefixes, &cache_hits));
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing1.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/phishing1.html"), &prefixes, &cache_hits));
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing2.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/phishing2.html"), &prefixes, &cache_hits));
 
   // Test removing a single prefix from the add chunk.
   // Remove the prefix that added first.
   chunk.hosts.clear();
   InsertSubChunkHostPrefixUrl(&chunk, 4, 1, "www.evil.com/",
                               "www.evil.com/malware1.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
   database_->UpdateFinished(true);
 
   // Remove the prefix that added last.
   chunk.hosts.clear();
   InsertSubChunkHostPrefixUrl(&chunk, 5, 47, "www.evil.com/",
                               "www.evil.com/phishing2.html");
   chunks.clear();
   chunks.push_back(chunk);
   EXPECT_TRUE(database_->UpdateStarted(&lists));
   database_->InsertChunks(safe_browsing_util::kPhishingList, chunks);
   database_->UpdateFinished(true);
 
   // Verify that the database contains urls expected.
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware1.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/malware1.html"), &prefixes, &cache_hits));
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware2.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/malware2.html"), &prefixes, &cache_hits));
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing1.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/phishing1.html"), &prefixes, &cache_hits));
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/phishing2.html"),
-      &listname, &prefixes, &full_hashes, now));
+      GURL("http://www.evil.com/phishing2.html"), &prefixes, &cache_hits));
 }
 
 // Test that an empty update doesn't actually update the database.
 // This isn't a functionality requirement, but it is a useful
 // optimization.
 TEST_F(SafeBrowsingDatabaseTest, EmptyUpdate) {
   SBChunkList chunks;
   SBChunk chunk;
 
   base::FilePath filename = database_->BrowseDBFilename(database_filename_);
@@ skipping 65 matching lines @@
 
     InsertAddChunkHostPrefixUrl(&chunk, 1, "www.evil.com/",
                                 "www.evil.com/malware.html");
     chunks.clear();
     chunks.push_back(chunk);
     database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
     database_->UpdateFinished(true);
   }
 
   // Find the malware url in the database, don't find a good url.
-  const Time now = Time::Now();
-  std::vector<SBFullHashResult> full_hashes;
+  std::vector<SBFullHashResult> cache_hits;
   std::vector<SBPrefix> prefix_hits;
-  std::string matching_list;
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      GURL("http://www.evil.com/malware.html"), &prefix_hits, &cache_hits));
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/goodware.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      GURL("http://www.good.com/goodware.html"), &prefix_hits, &cache_hits));
 
   base::FilePath filter_file = database_->PrefixSetForFilename(
       database_->BrowseDBFilename(database_filename_));
 
   // After re-creating the database, it should have a filter read from
   // a file, so it should find the same results.
   ASSERT_TRUE(base::PathExists(filter_file));
   database_.reset(new SafeBrowsingDatabaseNew);
   database_->Init(database_filename_);
   EXPECT_TRUE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      GURL("http://www.evil.com/malware.html"), &prefix_hits, &cache_hits));
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/goodware.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      GURL("http://www.good.com/goodware.html"), &prefix_hits, &cache_hits));
 
   // If there is no filter file, the database cannot find malware urls.
   base::DeleteFile(filter_file, false);
   ASSERT_FALSE(base::PathExists(filter_file));
   database_.reset(new SafeBrowsingDatabaseNew);
   database_->Init(database_filename_);
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.evil.com/malware.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      GURL("http://www.evil.com/malware.html"), &prefix_hits, &cache_hits));
   EXPECT_FALSE(database_->ContainsBrowseUrl(
-      GURL("http://www.good.com/goodware.html"),
-      &matching_list, &prefix_hits, &full_hashes, now));
+      GURL("http://www.good.com/goodware.html"), &prefix_hits, &cache_hits));
 }
 
+TEST_F(SafeBrowsingDatabaseTest, TestCachedFullMiss) {
+  std::vector<SBListChunkRanges> lists;
+  EXPECT_TRUE(database_->UpdateStarted(&lists));
+
+  SBChunkList chunks;
+  {
+    // Insert prefix 1001 into database.
+    SBChunk chunk;
+    InsertAddChunkHostPrefixValue(&chunk, 1, SBPrefix(100), SBPrefix(1001));
+    chunks.push_back(chunk);
+  }
+  {
+    // Insert prefix 1002 into database.
+    SBChunk chunk;
+    InsertAddChunkHostPrefixValue(&chunk, 2, SBPrefix(101), SBPrefix(1002));
+    chunks.push_back(chunk);
+  }
+
+  database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
+  database_->UpdateFinished(true);
+
+  {
+    // Cache a full miss result for 1001.
+    std::vector<SBPrefix> prefixes;
+    prefixes.push_back(SBPrefix(1001));
+    std::vector<SBFullHashResult> cache_results;
+    database_->CacheHashResults(
+        prefixes, cache_results, base::TimeDelta::FromMinutes(60));
+  }
+
+  {
+    // Check if DB contains (prefix 1001, suffix 01). Should return false, since
+    // we have a cached miss for that prefix.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x01"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_FALSE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1002,01) to search. Should return a prefix hit for 1002 only.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1002, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1002U, prefix_hits[0]);
+    EXPECT_TRUE(cache_hits.empty());
+  }
+}
+
+TEST_F(SafeBrowsingDatabaseTest, TestCachedPrefixHitFullMiss) {
+  std::vector<SBListChunkRanges> lists;
+  EXPECT_TRUE(database_->UpdateStarted(&lists));
+
+  SBChunkList chunks;
+  {
+    // Insert prefix 1001 into database.
+    SBChunk chunk;
+    InsertAddChunkHostPrefixValue(&chunk, 1, SBPrefix(100), SBPrefix(1001));
+    chunks.push_back(chunk);
+  }
+  {
+    // Insert prefix 1002 into database.
+    SBChunk chunk;
+    InsertAddChunkHostPrefixValue(&chunk, 2, SBPrefix(101), SBPrefix(1002));
+    chunks.push_back(chunk);
+  }
+
+  database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
+  database_->UpdateFinished(true);
+
+  {
+    // Check if DB contains (prefix 1001, suffix 01). Should return a prefix
+    // hit.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x01"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1001U, prefix_hits[0]);
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1002,01) to search. Should return a prefix hit for both 1001 and
+    // 1002.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1002, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(2U, prefix_hits.size());
+    EXPECT_EQ(1001U, prefix_hits[0]);
+    EXPECT_EQ(1002U, prefix_hits[1]);
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1003,01) to search. Should still return a prefix hit for both 1001
+    // and 1002.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1003, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(2U, prefix_hits.size());
+    EXPECT_EQ(1001U, prefix_hits[0]);
+    EXPECT_EQ(1002U, prefix_hits[1]);
+    EXPECT_TRUE(cache_hits.empty());
+  }
+
+  {
+    // Cache a fullhash result for (1001,01) and (1001,03).
+    std::vector<SBPrefix> prefixes;
+    prefixes.push_back(SBPrefix(1001));
+    std::vector<SBFullHashResult> cache_results;
+
+    SBFullHashResult full_hash_result;
+    full_hash_result.hash = SBFullHashForPrefixAndSuffix(1001, "\x01");
+    full_hash_result.list_name = safe_browsing_util::kMalwareList;
+    cache_results.push_back(full_hash_result);
+
+    full_hash_result.hash = SBFullHashForPrefixAndSuffix(1001, "\x03");
+    cache_results.push_back(full_hash_result);
+
+    database_->CacheHashResults(
+        prefixes, cache_results, base::TimeDelta::FromMinutes(60));
+  }
+
+  {
+    // Check again if DB contains (prefix 1001, suffix 01). Should return a
+    // cache hit now.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x01"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    ASSERT_EQ(1U, cache_hits.size());
+    EXPECT_TRUE(SBFullHashEqual(SBFullHashForPrefixAndSuffix(1001, "\x01"),
+                                cache_hits[0].hash));
+
+    // Add (1002,01) to search. Should return a cache hit for 1001 and prefix
+    // hit for 1002.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1002, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1002U, prefix_hits[0]);
+    ASSERT_EQ(1U, cache_hits.size());
+    EXPECT_TRUE(SBFullHashEqual(SBFullHashForPrefixAndSuffix(1001, "\x01"),
+                                cache_hits[0].hash));
+
+    // Add (1001,03) to search. Should return 2 cache hits for 1001 and a prefix
+    // hit for 1002.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x03"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1002U, prefix_hits[0]);
+    ASSERT_EQ(2U, cache_hits.size());
+    EXPECT_TRUE(SBFullHashEqual(SBFullHashForPrefixAndSuffix(1001, "\x01"),
+                                cache_hits[0].hash));
+    EXPECT_TRUE(SBFullHashEqual(SBFullHashForPrefixAndSuffix(1001, "\x03"),
+                                cache_hits[1].hash));
+  }
+
+  {
+    // Check if DB contains only (prefix 1001, suffix 03). Should return a cache
+    // hit.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x03"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    ASSERT_EQ(1U, cache_hits.size());
+    EXPECT_TRUE(SBFullHashEqual(SBFullHashForPrefixAndSuffix(1001, "\x03"),
+                                cache_hits[0].hash));
+  }
+
+  {
+    // Check if DB contains (prefix 1001, suffix 02). Should return false, since
+    // we have a cached fullhash for that prefix but which does not match the
+    // fullhash.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x02"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_FALSE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1002,01) to search. Should return a prefix hit for 1002.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1002, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1002U, prefix_hits[0]);
+    EXPECT_TRUE(cache_hits.empty());
+  }
+}
+
+TEST_F(SafeBrowsingDatabaseTest, TestBrowseFullHashMatching) {
+  std::vector<SBListChunkRanges> lists;
+  EXPECT_TRUE(database_->UpdateStarted(&lists));
+
+  SBChunkList chunks;
+  {
+    // Insert fullhash (1001,1) into database.
+    SBChunk chunk;
+    InsertAddChunkHostFullHashValue(
+        &chunk, 1, SBPrefix(100), SBFullHashForPrefixAndSuffix(1001, "\x01"));
+    chunks.push_back(chunk);
+  }
+  {
+    // Insert fullhash (1001,2) into database.
+    SBChunk chunk;
+    InsertAddChunkHostFullHashValue(
+        &chunk, 2, SBPrefix(100), SBFullHashForPrefixAndSuffix(1001, "\x02"));
+    chunks.push_back(chunk);
+  }
+
+  database_->InsertChunks(safe_browsing_util::kMalwareList, chunks);
+  database_->UpdateFinished(true);
+
+  {
+    // Check if DB contains (prefix 1001, suffix 03). Should return false,
+    // since the DB contains a matching prefix but the full hashes do not match.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x03"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_FALSE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1001,1). Should now return a prefix hit.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1001U, prefix_hits[0]);
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1001,2). Should still return a single prefix hit.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x02"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1001U, prefix_hits[0]);
+    EXPECT_TRUE(cache_hits.empty());
+  }
+
+  {
+    // Check if DB contains (prefix 1001, suffix 02) alone. Should return a
+    // prefix hit.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x02"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    ASSERT_EQ(1U, prefix_hits.size());
+    EXPECT_EQ(1001U, prefix_hits[0]);
+    EXPECT_TRUE(cache_hits.empty());
+  }
+
+  {
+    // Cache a fullhash result for (prefix 1001, suffix 02).
+    std::vector<SBPrefix> prefixes;
+    prefixes.push_back(SBPrefix(1001));
+    std::vector<SBFullHashResult> cache_results;
+
+    SBFullHashResult full_hash_result;
+    full_hash_result.hash = SBFullHashForPrefixAndSuffix(1001, "\x02");
+    full_hash_result.list_name = safe_browsing_util::kMalwareList;
+
+    cache_results.push_back(full_hash_result);
+
+    database_->CacheHashResults(
+        prefixes, cache_results, base::TimeDelta::FromMinutes(60));
+  }
+
+  {
+    // Check if DB contains (prefix 1001, suffix 03). Should return false,
+    // since the DB containts a cached hit with matching prefix but not
+    // matching the fullhash.
+    std::vector<SBFullHash> full_hashes;
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x03"));
+    std::vector<SBPrefix> prefix_hits;
+    std::vector<SBFullHashResult> cache_hits;
+    EXPECT_FALSE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1001,1). Should still return false.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x01"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_FALSE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    EXPECT_TRUE(cache_hits.empty());
+
+    // Add (1001,2). Should now return a cache hit.
+    full_hashes.push_back(SBFullHashForPrefixAndSuffix(1001, "\x02"));
+    prefix_hits.clear();
+    cache_hits.clear();
+    EXPECT_TRUE(
+        ContainsBrowseUrlHashes(&full_hashes, &prefix_hits, &cache_hits));
+    EXPECT_TRUE(prefix_hits.empty());
+    ASSERT_EQ(1U, cache_hits.size());
+    EXPECT_TRUE(SBFullHashEqual(SBFullHashForPrefixAndSuffix(1001, "\x02"),
+                                cache_hits[0].hash));
+  }
+}
+
 TEST_F(SafeBrowsingDatabaseTest, MalwareIpBlacklist) {
   database_.reset();
   SafeBrowsingStoreFile* browse_store = new SafeBrowsingStoreFile();
   SafeBrowsingStoreFile* ip_blacklist_store = new SafeBrowsingStoreFile();
   database_.reset(new SafeBrowsingDatabaseNew(browse_store,
                                               NULL,
                                               NULL,
                                               NULL,
                                               NULL,
                                               NULL,
@@ skipping 77 matching lines @@
   EXPECT_FALSE(database_->ContainsMalwareIP("192.1.124.0"));
 
   EXPECT_FALSE(database_->ContainsMalwareIP("192.1.127.255"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.128.0"));
   EXPECT_TRUE(database_->ContainsMalwareIP("::ffff:192.1.128.1"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.128.255"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.255.0"));
   EXPECT_TRUE(database_->ContainsMalwareIP("192.1.255.255"));
   EXPECT_FALSE(database_->ContainsMalwareIP("192.2.0.0"));
 }