Create PasswordProtectionRequest to handle password pings

components/safe_browsing/password_protection/password_protection_service.h

Index: components/safe_browsing/password_protection/password_protection_service.h
diff --git a/components/safe_browsing/password_protection/password_protection_service.h b/components/safe_browsing/password_protection/password_protection_service.h
index 351c5ef09cb8783168db27c77d22ff4a73e51f1c..a3a59dba8fd5acf771f983d6d2c34d4ee6429992 100644
--- a/components/safe_browsing/password_protection/password_protection_service.h
+++ b/components/safe_browsing/password_protection/password_protection_service.h
@@ -5,6 +5,9 @@
 #ifndef COMPONENTS_SAFE_BROWSING_PASSWORD_PROTECTION_PASSWORD_PROTECTION_SERVICE_H_
 #define COMPONENTS_SAFE_BROWSING_PASSWORD_PROTECTION_PASSWORD_PROTECTION_SERVICE_H_
 
+#include <unordered_map>
+
+#include "base/callback.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
@@ -13,6 +16,7 @@
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/history/core/browser/history_service_observer.h"
 #include "components/safe_browsing/csd.pb.h"
+#include "net/url_request/url_request_context_getter.h"
 
 namespace history {
 class HistoryService;
@@ -23,11 +27,15 @@ class GURL;
 namespace safe_browsing {
 
 class SafeBrowsingDatabaseManager;
+class PasswordProtectionRequest;
 
 class PasswordProtectionService : history::HistoryServiceObserver {
  public:
-  explicit PasswordProtectionService(
-      const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager);
+  using CheckCsdWhitelistCallback = base::Callback<void(bool)>;
+
+  PasswordProtectionService(
+      const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
+      scoped_refptr<net::URLRequestContextGetter> request_content_getter);

[Nathan Parker, 2017/03/23 20:45:51]

nit: request_context_getter

[Jialiu Lin, 2017/03/23 22:43:03]

Done.

 
   ~PasswordProtectionService() override;
 
@@ -35,16 +43,19 @@ class PasswordProtectionService : history::HistoryServiceObserver {
   // Currently called by PasswordReuseDetectionManager on UI thread.
   void RecordPasswordReuse(const GURL& url);
 
+  void CheckCsdWhitelistOnIOThread(const GURL& url,
+                                   const CheckCsdWhitelistCallback& callback);
+
   base::WeakPtr<PasswordProtectionService> GetWeakPtr() {
     return weak_factory_.GetWeakPtr();
   }
 
-  // Looks up |settings|, and returns the verdict of |url|. Can be called on any
-  // thread. If verdict is not available or is expired, return
-  // VERDICT_TYPE_UNSPECIFIED.
+  // Looks up |settings| to find the cached verdict response. Can be called on
+  // any thread.

[Nathan Parker, 2017/03/23 20:45:51]

The orig comment on VERDICT_TYPE_UNSPECIFIED still seems useful

[Jialiu Lin, 2017/03/23 22:43:03]

Done.

   LoginReputationClientResponse::VerdictType GetCachedVerdict(
       const HostContentSettingsMap* settings,
-      const GURL& url);
+      const GURL& url,
+      LoginReputationClientResponse* out_response);
 
   // Stores |verdict| in |settings| based on |url|, |verdict| and
   // |receive_time|.
@@ -53,8 +64,38 @@ class PasswordProtectionService : history::HistoryServiceObserver {
                     const base::Time& receive_time,
                     HostContentSettingsMap* settings);
 
+  void StartRequest(const GURL& main_frame_url,

[Nathan Parker, 2017/03/23 20:45:51]

Add comment. (Is this only used after we check the cache?)

[Jialiu Lin, 2017/03/23 22:43:03]

Actual no, Cache checking is a part of PasswordProtectionRequest logic. This
function creates a new PassProtectionRequest instance and call
PassProtectionRequest::Start().

+                    LoginReputationClientRequest::TriggerType type,
+                    bool is_extended_reporting,
+                    bool is_incognito);
+
+  // Called by a PasswordProtectionRequest instance when it finishes to remove
+  // itself from |requests_|.
+  virtual void RequestFinished(
+      PasswordProtectionRequest* request,
+      std::unique_ptr<LoginReputationClientResponse> response);
+
+  // Cancels all requests in |requests_|, empties it, and releases references to
+  // the requests.
+  void CancelPendingRequests();
+
+  // Gets the total number of verdict (no matter expired or not) we cached for
+  // current active profile.
+  virtual size_t GetStoredVerdictCount();
+
+  scoped_refptr<net::URLRequestContextGetter> request_context_getter() {
+    return request_context_getter_;
+  }
+
+  // Returns the URL where PasswordProtectionRequest instances send requests.
+  static GURL GetPasswordProtectionRequestUrl();
+
+  // Gets the request timeout in milliseconds.
+  static int GetRequestTimeoutInMS();
+
  protected:
-  // Called on UI thread.
+  friend class PasswordProtectionRequest;
+
   // Increases "PasswordManager.PasswordReuse.MainFrameMatchCsdWhitelist" UMA
   // metric based on input.
   void OnMatchCsdWhiteListResult(bool match_whitelist);
@@ -114,6 +155,18 @@ class PasswordProtectionService : history::HistoryServiceObserver {
       const LoginReputationClientResponse* verdict,
       const base::Time& receive_time);
 
+  // Stored verdict count for each HostContentSettingsMap.
+  std::unordered_map<HostContentSettingsMap*, size_t> stored_verdict_counts_;
+
+  // The context we use to issue network requests.

[Nathan Parker, 2017/03/23 20:45:51]

(Could add a note that we do this because we need to use the Safe Browisng
cookie store.)

[Jialiu Lin, 2017/03/23 22:43:03]

Done.

+  scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
+
+  // Set of pending PasswordProtectionRequests. Using a map because
+  // heterogeneous lookups aren't available yet in std::unordered_map.
+  std::unordered_map<PasswordProtectionRequest*,

[Nathan Parker, 2017/03/23 20:45:51]

How about just a vector of unique_ptrs?  If we assume it's uncommon to have more
than one, it'd be more efficient and simpler code.

[Jialiu Lin, 2017/03/23 22:43:03]

Yep, using a std::unordered_set instead.

+                     std::unique_ptr<PasswordProtectionRequest>>
+      requests_;
+
   scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
   base::WeakPtrFactory<PasswordProtectionService> weak_factory_;
   DISALLOW_COPY_AND_ASSIGN(PasswordProtectionService);