Experiment with HSTS preload list filtering.

net/tools/transport_security_state_generator/pinsets.cc

Index: net/tools/transport_security_state_generator/pinsets.cc
diff --git a/net/tools/transport_security_state_generator/pinsets.cc b/net/tools/transport_security_state_generator/pinsets.cc
index a9e7446aebc201163c74038e7ff6f0bddab6b1a9..16cb1ff45d2801176d8886cee40a028a95babbbe 100644
--- a/net/tools/transport_security_state_generator/pinsets.cc
+++ b/net/tools/transport_security_state_generator/pinsets.cc
@@ -4,6 +4,7 @@
 
 #include "net/tools/transport_security_state_generator/pinsets.h"
 
+#include "base/stl_util.h"
 #include "net/tools/transport_security_state_generator/spki_hash.h"
 
 namespace net {
@@ -23,6 +24,34 @@ void Pinsets::RegisterPinset(std::unique_ptr<Pinset> pinset) {
       pinset->name(), std::move(pinset)));
 }
 
+void Pinsets::FilterPinsets(const std::set<std::string>& except_these) {
+  base::EraseIf(
+      pinsets_,
+      [except_these](
+          const std::pair<const std::string, std::unique_ptr<Pinset>>& pinset) {
+        return except_these.find(pinset.first) == except_these.cend();
+      });
+
+  // Assemble the list of SPKI hashes that are still required.
+  std::set<std::string> required_spki_hashes;
+  for (const auto& pinset : pinsets_) {
+    for (const auto& spki_hash : pinset.second->static_spki_hashes()) {
+      required_spki_hashes.insert(spki_hash);
+    }
+
+    for (const auto& spki_hash : pinset.second->bad_static_spki_hashes()) {
+      required_spki_hashes.insert(spki_hash);
+    }
+  }
+
+  base::EraseIf(spki_hashes_,
+                [required_spki_hashes](
+                    const std::pair<std::string, SPKIHash>& spki_hash) {
+                  return required_spki_hashes.find(spki_hash.first) ==
+                         required_spki_hashes.cend();
+                });
+}
+
 }  // namespace transport_security_state
 
 }  // namespace net