Experiment with HSTS preload list filtering.

net/tools/transport_security_state_generator/pinsets.cc

 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/tools/transport_security_state_generator/pinsets.h"
 
+#include "base/stl_util.h"
 #include "net/tools/transport_security_state_generator/spki_hash.h"
 
 namespace net {
 
 namespace transport_security_state {
 
 Pinsets::Pinsets() {}
 
 Pinsets::~Pinsets() {}
 
 void Pinsets::RegisterSPKIHash(base::StringPiece name, const SPKIHash& hash) {
   spki_hashes_.insert(std::pair<std::string, SPKIHash>(name.as_string(), hash));
 }
 
 void Pinsets::RegisterPinset(std::unique_ptr<Pinset> pinset) {
   pinsets_.insert(std::pair<std::string, std::unique_ptr<Pinset>>(
       pinset->name(), std::move(pinset)));
 }
 
+void Pinsets::FilterPinsets(const std::set<std::string>& except_these) {
+  base::EraseIf(
+      pinsets_,
+      [except_these](
+          const std::pair<const std::string, std::unique_ptr<Pinset>>& pinset) {
+        return except_these.find(pinset.first) == except_these.cend();
+      });
+
+  // Assemble the list of SPKI hashes that are still required.
+  std::set<std::string> required_spki_hashes;
+  for (const auto& pinset : pinsets_) {
+    for (const auto& spki_hash : pinset.second->static_spki_hashes()) {
+      required_spki_hashes.insert(spki_hash);
+    }
+
+    for (const auto& spki_hash : pinset.second->bad_static_spki_hashes()) {
+      required_spki_hashes.insert(spki_hash);
+    }
+  }
+
+  base::EraseIf(spki_hashes_,
+                [required_spki_hashes](
+                    const std::pair<std::string, SPKIHash>& spki_hash) {
+                  return required_spki_hashes.find(spki_hash.first) ==
+                         required_spki_hashes.cend();
+                });
+}
+
 }  // namespace transport_security_state
 
 }  // namespace net