Clean Obsolete HTTP Data from the Password Store

chrome/browser/password_manager/password_manager_util.h

Index: chrome/browser/password_manager/password_manager_util.h
diff --git a/chrome/browser/password_manager/password_manager_util.h b/chrome/browser/password_manager/password_manager_util.h
new file mode 100644
index 0000000000000000000000000000000000000000..3b7ed579b0614e1442462913a11853bc71c824ca
--- /dev/null
+++ b/chrome/browser/password_manager/password_manager_util.h
@@ -0,0 +1,34 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.

[vabr (Chromium), 2017/03/24 07:02:42]

Darin and others recommend against creating a "dumping ground" util files:
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/RVps606IB_g/WIPFJ...,
as well as against creating one-file namespaces for them.

While we do have some in our code already, I would prefer not to create more.

In this concrete case, let's not be too general with calling this
"password_manager_util". The names of the functions are actually descriptive and
long enough not to need a namespace to hide in.

Also, is there a reason to have those functions together in one file? It looks
like one is used in the client and one in the store factory. While I agree that
we should rather not bundle them into the classes which use them, to avoid
bloated files, I still think we could separate them in two files, say:
hsts_query.* and http_data_cleaner.*.

[vasilii, 2017/03/24 15:14:30]

Acknowledged.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_MANAGER_UTIL_H_
+#define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_MANAGER_UTIL_H_
+
+#include "base/callback_forward.h"
+
+class GURL;
+class Profile;
+
+namespace password_manager_util {
+
+constexpr int kDefaultDelay = 40;
+using HSTSCallback = base::Callback<void(bool)>;
+// Checks asynchronously whether HTTP Strict Transport Security (HSTS) is active
+// for the host of the given origin for a given profile. Notifies |callback|
+// with the result on the calling thread.
+void PostHSTSQueryForHostAndProfile(const GURL& origin,
+                                    Profile* profile,
+                                    const HSTSCallback& callback);
+
+// Cleans all obsolete HTTP data for a given profile. HTTP data is considered
+// obsolete, when the corresponding site has migrated to HTTPS and HSTS is
+// enabled. Data that will be cleaned includes passwords, blacklisted origins
+// and site statistics. This is guarded by a preference and will be a no-op if
+// the task was run for the profile in the past.
+void DelayCleanObsoleteHttpDataForProfile(Profile* profile,
+                                          int delay_in_seconds = kDefaultDelay);
+
+}  // namespace password_manager_util
+
+#endif  // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_MANAGER_UTIL_H_