net: don't save or load static pins from disk.

net/http/transport_security_persister.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/transport_security_persister.h"
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/file_util.h"
 #include "base/files/file_path.h"
@@ skipping 54 matching lines @@
 
   return out;
 }
 
 const char kIncludeSubdomains[] = "include_subdomains";
 const char kStsIncludeSubdomains[] = "sts_include_subdomains";
 const char kPkpIncludeSubdomains[] = "pkp_include_subdomains";
 const char kMode[] = "mode";
 const char kExpiry[] = "expiry";
 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry";
-const char kStaticSPKIHashes[] = "static_spki_hashes";
-const char kPreloadedSPKIHashes[] = "preloaded_spki_hashes";
 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes";
 const char kForceHTTPS[] = "force-https";
 const char kStrict[] = "strict";
 const char kDefault[] = "default";
 const char kPinningOnly[] = "pinning-only";
 const char kCreated[] = "created";
 const char kStsObserved[] = "sts_observed";
 const char kPkpObserved[] = "pkp_observed";
 
 std::string LoadState(const base::FilePath& path) {
@@ skipping 76 matching lines @@
         break;
       case TransportSecurityState::DomainState::MODE_DEFAULT:
         serialized->SetString(kMode, kDefault);
         break;
       default:
         NOTREACHED() << "DomainState with unknown mode";
         delete serialized;
         continue;
     }
 
-    serialized->Set(kStaticSPKIHashes,
-                    SPKIHashesToListValue(domain_state.static_spki_hashes));
-
     if (now < domain_state.dynamic_spki_hashes_expiry) {
       serialized->Set(kDynamicSPKIHashes,
                       SPKIHashesToListValue(domain_state.dynamic_spki_hashes));
     }
 
     toplevel.Set(HashedDomainToExternalString(hostname), serialized);
   }
 
   base::JSONWriter::WriteWithOptions(&toplevel,
                                      base::JSONWriter::OPTIONS_PRETTY_PRINT,
@@ skipping 57 matching lines @@
       LOG(WARNING) << "Could not parse some elements of entry " << i.key()
                    << "; skipping entry";
       continue;
     }
 
     // Don't fail if this key is not present.
     parsed->GetDouble(kDynamicSPKIHashesExpiry,
                       &dynamic_spki_hashes_expiry);
 
     const base::ListValue* pins_list = NULL;
-    // preloaded_spki_hashes is a legacy synonym for static_spki_hashes.
-    if (parsed->GetList(kStaticSPKIHashes, &pins_list))
-      SPKIHashesFromListValue(*pins_list, &domain_state.static_spki_hashes);
-    else if (parsed->GetList(kPreloadedSPKIHashes, &pins_list))
-      SPKIHashesFromListValue(*pins_list, &domain_state.static_spki_hashes);
-
     if (parsed->GetList(kDynamicSPKIHashes, &pins_list))
       SPKIHashesFromListValue(*pins_list, &domain_state.dynamic_spki_hashes);
 
     if (mode_string == kForceHTTPS || mode_string == kStrict) {
       domain_state.upgrade_mode =
           TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
     } else if (mode_string == kDefault || mode_string == kPinningOnly) {
       domain_state.upgrade_mode =
           TransportSecurityState::DomainState::MODE_DEFAULT;
     } else {
@@ skipping 58 matching lines @@
   bool dirty = false;
   if (!LoadEntries(state, &dirty)) {
     LOG(ERROR) << "Failed to deserialize state: " << state;
     return;
   }
   if (dirty)
     StateIsDirty(transport_security_state_);
 }
 
 }  // namespace net