Obsolete HTTP Cleaner

chrome/browser/password_manager/chrome_password_manager_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/chrome_password_manager_client.h"
 
 #include <string>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 42 matching lines @@
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/ssl_status.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "extensions/features/features.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/base/url_util.h"
+#include "net/http/transport_security_state.h"
+#include "net/url_request/url_request_context.h"
 #include "third_party/re2/src/re2/re2.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/android/tab_android.h"
 #include "chrome/browser/password_manager/account_chooser_dialog_android.h"
 #include "chrome/browser/password_manager/auto_signin_first_run_dialog_android.h"
 #include "chrome/browser/password_manager/generated_password_saved_infobar_delegate_android.h"
 #include "chrome/browser/password_manager/save_password_infobar_delegate_android.h"
 #include "chrome/browser/password_manager/update_password_infobar_delegate_android.h"
 #include "chrome/browser/ui/android/snackbars/auto_signin_prompt_controller.h"
@@ skipping 60 matching lines @@
 
 }  // namespace
 
 // static
 void ChromePasswordManagerClient::CreateForWebContentsWithAutofillClient(
     content::WebContents* contents,
     autofill::AutofillClient* autofill_client) {
   if (FromWebContents(contents))
     return;
 
-  contents->SetUserData(
-      UserDataKey(),
-      new ChromePasswordManagerClient(contents, autofill_client));
+  contents->SetUserData(UserDataKey(), new ChromePasswordManagerClient(
+                                           contents, autofill_client));

[jdoerrie, 2017/02/03 16:49:15]

I'm just seeing these now, most likely they are caused by |git cl format|. Is it
fine to keep them or should I remove these changes from the CL?

[vasilii, 2017/02/06 16:43:24]

Better remove. The previous formatting is nicer.

 }
 
 ChromePasswordManagerClient::ChromePasswordManagerClient(
     content::WebContents* web_contents,
     autofill::AutofillClient* autofill_client)
     : content::WebContentsObserver(web_contents),
       profile_(Profile::FromBrowserContext(web_contents->GetBrowserContext())),
       password_manager_(this),
       password_reuse_detection_manager_(this),
       driver_factory_(nullptr),
@@ skipping 60 matching lines @@
   // here once we decide to switch to new settings behavior for everyone.
   return *saving_and_filling_passwords_enabled_ && !IsOffTheRecord() &&
          IsFillingEnabledForCurrentPage();
 }
 
 bool ChromePasswordManagerClient::IsFillingEnabledForCurrentPage() const {
   return !DidLastPageLoadEncounterSSLErrors() &&
          IsPasswordManagementEnabledForCurrentPage();
 }
 
+bool ChromePasswordManagerClient::IsHSTSActiveForOrigin(

[jdoerrie, 2017/02/03 16:49:15]

I'm not quite sure if naming is correct here. Maybe it should be
|IsHSTSActiveForHost| instead?

[vasilii, 2017/02/06 16:43:24]

Agree with host.

[jdoerrie, 2017/02/07 13:15:00]

Done.

+    const GURL& origin) const {
+  if (!origin.is_valid())
+    return false;
+
+  net::TransportSecurityState* security_state =
+      profile_->GetRequestContext()
+          ->GetURLRequestContext()
+          ->transport_security_state();
+
+  if (!security_state)
+    return false;
+
+  const std::string host = origin.host();
+  net::TransportSecurityState::STSState sts_state;
+  net::TransportSecurityState::PKPState pkp_state;
+  return security_state->GetStaticDomainState(host, &sts_state, &pkp_state) ||
+         security_state->GetDynamicSTSState(host, &sts_state) ||
+         security_state->GetDynamicPKPState(host, &pkp_state);

[jdoerrie, 2017/02/03 16:49:15]

This check is very similar to what is done in
|TransportSecurityState::ShouldSSLErrorsBeFatal|
(https://codesearch.chromium.org/chromium/src/net/http/transport_security_stat...)
and |NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery|
(https://codesearch.chromium.org/chromium/src/chrome/browser/ui/webui/net_inte...).
Thus it leads to some code duplication, but I feel it is good to have this logic
directly in PasswordManagerClient as well. Thoughts?

[vasilii, 2017/02/06 16:43:24]

The code should be here. How is HPKP relevant here?

[jdoerrie, 2017/02/07 13:15:00]

Not sure, I reached out to security folks regarding this.

+}
+
 bool ChromePasswordManagerClient::OnCredentialManagerUsed() {
   prerender::PrerenderContents* prerender_contents =
       prerender::PrerenderContents::FromWebContents(web_contents());
   if (prerender_contents) {
     prerender_contents->Destroy(prerender::FINAL_STATUS_CREDENTIAL_MANAGER_API);
     return false;
   }
   return true;
 }
 
@@ skipping 18 matching lines @@
   }
 #else
   if (form_to_save->IsBlacklisted())
     return false;
 
   if (update_password) {
     UpdatePasswordInfoBarDelegate::Create(web_contents(),
                                           std::move(form_to_save));
     return true;
   }
-  SavePasswordInfoBarDelegate::Create(web_contents(),
-                                      std::move(form_to_save));
+  SavePasswordInfoBarDelegate::Create(web_contents(), std::move(form_to_save));
 #endif  // !defined(OS_ANDROID)
   return true;
 }
 
 bool ChromePasswordManagerClient::PromptUserToChooseCredentials(
     std::vector<std::unique_ptr<autofill::PasswordForm>> local_forms,
     const GURL& origin,
     const CredentialsCallback& callback) {
   // Set up an intercept callback if the prompt is zero-clickable (e.g. just one
   // form provided).
@@ skipping 128 matching lines @@
     return;
   const blink::WebKeyboardEvent& key_event =
       static_cast<const blink::WebKeyboardEvent&>(event);
   password_reuse_detection_manager_.OnKeyPressed(key_event.text);
 }
 
 PrefService* ChromePasswordManagerClient::GetPrefs() {
   return profile_->GetPrefs();
 }
 
-password_manager::PasswordStore*
-ChromePasswordManagerClient::GetPasswordStore() const {
+password_manager::PasswordStore* ChromePasswordManagerClient::GetPasswordStore()
+    const {
   // Always use EXPLICIT_ACCESS as the password manager checks IsOffTheRecord
   // itself when it shouldn't access the PasswordStore.
   // TODO(gcasto): Is is safe to change this to
   // ServiceAccessType::IMPLICIT_ACCESS?
-  return PasswordStoreFactory::GetForProfile(
-             profile_, ServiceAccessType::EXPLICIT_ACCESS).get();
+  return PasswordStoreFactory::GetForProfile(profile_,
+                                             ServiceAccessType::EXPLICIT_ACCESS)
+      .get();
 }
 
 password_manager::PasswordSyncState
 ChromePasswordManagerClient::GetPasswordSyncState() const {
   const browser_sync::ProfileSyncService* sync_service =
       ProfileSyncServiceFactory::GetForProfile(profile_);
   return password_manager_util::GetPasswordSyncState(sync_service);
 }
 
 bool ChromePasswordManagerClient::WasLastNavigationHTTPError() const {
   DCHECK(web_contents());
 
   std::unique_ptr<password_manager::BrowserSavePasswordProgressLogger> logger;
   if (log_manager_->IsLoggingActive()) {
     logger.reset(new password_manager::BrowserSavePasswordProgressLogger(
         log_manager_.get()));
-    logger->LogMessage(
-        Logger::STRING_WAS_LAST_NAVIGATION_HTTP_ERROR_METHOD);
+    logger->LogMessage(Logger::STRING_WAS_LAST_NAVIGATION_HTTP_ERROR_METHOD);
   }
 
   content::NavigationEntry* entry =
       web_contents()->GetController().GetVisibleEntry();
   if (!entry)
     return false;
   int http_status_code = entry->GetHttpStatusCode();
 
   if (logger)
     logger->LogNumber(Logger::STRING_HTTP_STATUS_CODE, http_status_code);
@@ skipping 208 matching lines @@
 // static
 bool ChromePasswordManagerClient::CanShowBubbleOnURL(const GURL& url) {
   std::string scheme = url.scheme();
   return (content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme(
               scheme) &&
 #if BUILDFLAG(ENABLE_EXTENSIONS)
           scheme != extensions::kExtensionScheme &&
 #endif
           scheme != content::kChromeDevToolsScheme);
 }