Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(684)

Unified Diff: net/tools/transport_security_state_generator/pinsets.cc

Issue 2901393005: Experiment with HSTS preload list filtering. (Closed)
Patch Set: play.google.com is required too. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/tools/transport_security_state_generator/pinsets.cc
diff --git a/net/tools/transport_security_state_generator/pinsets.cc b/net/tools/transport_security_state_generator/pinsets.cc
index a9e7446aebc201163c74038e7ff6f0bddab6b1a9..16cb1ff45d2801176d8886cee40a028a95babbbe 100644
--- a/net/tools/transport_security_state_generator/pinsets.cc
+++ b/net/tools/transport_security_state_generator/pinsets.cc
@@ -4,6 +4,7 @@
#include "net/tools/transport_security_state_generator/pinsets.h"
+#include "base/stl_util.h"
#include "net/tools/transport_security_state_generator/spki_hash.h"
namespace net {
@@ -23,6 +24,34 @@ void Pinsets::RegisterPinset(std::unique_ptr<Pinset> pinset) {
pinset->name(), std::move(pinset)));
}
+void Pinsets::FilterPinsets(const std::set<std::string>& except_these) {
+ base::EraseIf(
+ pinsets_,
+ [except_these](
+ const std::pair<const std::string, std::unique_ptr<Pinset>>& pinset) {
+ return except_these.find(pinset.first) == except_these.cend();
+ });
+
+ // Assemble the list of SPKI hashes that are still required.
+ std::set<std::string> required_spki_hashes;
+ for (const auto& pinset : pinsets_) {
+ for (const auto& spki_hash : pinset.second->static_spki_hashes()) {
+ required_spki_hashes.insert(spki_hash);
+ }
+
+ for (const auto& spki_hash : pinset.second->bad_static_spki_hashes()) {
+ required_spki_hashes.insert(spki_hash);
+ }
+ }
+
+ base::EraseIf(spki_hashes_,
+ [required_spki_hashes](
+ const std::pair<std::string, SPKIHash>& spki_hash) {
+ return required_spki_hashes.find(spki_hash.first) ==
+ required_spki_hashes.cend();
+ });
+}
+
} // namespace transport_security_state
} // namespace net

Powered by Google App Engine
This is Rietveld 408576698