Index: net/tools/transport_security_state_generator/transport_security_state_generator.cc |
diff --git a/net/tools/transport_security_state_generator/transport_security_state_generator.cc b/net/tools/transport_security_state_generator/transport_security_state_generator.cc |
index d5e98cde237185e19dd5b68afe56aff5cd8c7744..ba61b90367dfdefd054ff7f25bf18b05bb741e27 100644 |
--- a/net/tools/transport_security_state_generator/transport_security_state_generator.cc |
+++ b/net/tools/transport_security_state_generator/transport_security_state_generator.cc |
@@ -13,6 +13,8 @@ |
#include "base/files/file_util.h" |
#include "base/logging.h" |
#include "base/path_service.h" |
+#include "base/stl_util.h" |
+#include "base/strings/string_number_conversions.h" |
#include "base/strings/utf_string_conversions.h" |
#include "crypto/openssl_util.h" |
#include "net/tools/transport_security_state_generator/input_file_parsers.h" |
@@ -21,15 +23,20 @@ |
#include "net/tools/transport_security_state_generator/transport_security_state_entry.h" |
using net::transport_security_state::TransportSecurityStateEntries; |
+using net::transport_security_state::TransportSecurityStateEntry; |
using net::transport_security_state::Pinsets; |
using net::transport_security_state::PreloadedStateGenerator; |
namespace { |
+static const char kFilterLevelSwitch[] = "filter-level"; |
+static const unsigned kDefaultFilterLevel = 0; |
+ |
// Print the command line help. |
void PrintHelp() { |
std::cout << "transport_security_state_generator <json-file> <pins-file>" |
- << " <template-file> <output-file> [--v=1]" << std::endl; |
+ << " <template-file> <output-file> [--v=1] [--filter-level=0]" |
+ << std::endl; |
} |
// Checks if there are pins with the same name or the same hash. |
@@ -152,6 +159,24 @@ bool CheckSubdomainsFlags(const TransportSecurityStateEntries& entries) { |
return true; |
} |
+// Filters entries that don't meet the requested level of importance. |
+void FilterEntries(TransportSecurityStateEntries* entries, |
+ Pinsets* pinsets, |
+ unsigned filter_level) { |
+ base::EraseIf(*entries, |
+ [filter_level]( |
+ const std::unique_ptr<TransportSecurityStateEntry>& entry) { |
+ return entry->importance < filter_level; |
+ }); |
+ |
+ std::set<std::string> required_pinsets; |
+ for (const auto& entry : *entries) { |
+ required_pinsets.insert(entry->pinset); |
+ } |
+ |
+ pinsets->FilterPinsets(required_pinsets); |
+} |
+ |
} // namespace |
int main(int argc, char* argv[]) { |
@@ -205,6 +230,13 @@ int main(int argc, char* argv[]) { |
return 1; |
} |
+ unsigned filter_level; |
+ std::string filter_level_string = |
+ command_line.GetSwitchValueASCII(kFilterLevelSwitch); |
+ if (!base::StringToUint(filter_level_string, &filter_level)) { |
+ filter_level = kDefaultFilterLevel; |
+ } |
+ |
TransportSecurityStateEntries entries; |
Pinsets pinsets; |
@@ -234,6 +266,8 @@ int main(int argc, char* argv[]) { |
return 1; |
} |
+ FilterEntries(&entries, &pinsets, filter_level); |
+ |
std::string output; |
PreloadedStateGenerator generator; |
output = generator.Generate(preload_template, entries, pinsets); |
@@ -256,4 +290,4 @@ int main(int argc, char* argv[]) { |
<< output_path.AsUTF8Unsafe() << std::endl; |
return 0; |
-} |
+} |