| Index: net/tools/transport_security_state_generator/transport_security_state_generator.cc | 
| diff --git a/net/tools/transport_security_state_generator/transport_security_state_generator.cc b/net/tools/transport_security_state_generator/transport_security_state_generator.cc | 
| index d5e98cde237185e19dd5b68afe56aff5cd8c7744..ba61b90367dfdefd054ff7f25bf18b05bb741e27 100644 | 
| --- a/net/tools/transport_security_state_generator/transport_security_state_generator.cc | 
| +++ b/net/tools/transport_security_state_generator/transport_security_state_generator.cc | 
| @@ -13,6 +13,8 @@ | 
| #include "base/files/file_util.h" | 
| #include "base/logging.h" | 
| #include "base/path_service.h" | 
| +#include "base/stl_util.h" | 
| +#include "base/strings/string_number_conversions.h" | 
| #include "base/strings/utf_string_conversions.h" | 
| #include "crypto/openssl_util.h" | 
| #include "net/tools/transport_security_state_generator/input_file_parsers.h" | 
| @@ -21,15 +23,20 @@ | 
| #include "net/tools/transport_security_state_generator/transport_security_state_entry.h" | 
|  | 
| using net::transport_security_state::TransportSecurityStateEntries; | 
| +using net::transport_security_state::TransportSecurityStateEntry; | 
| using net::transport_security_state::Pinsets; | 
| using net::transport_security_state::PreloadedStateGenerator; | 
|  | 
| namespace { | 
|  | 
| +static const char kFilterLevelSwitch[] = "filter-level"; | 
| +static const unsigned kDefaultFilterLevel = 0; | 
| + | 
| // Print the command line help. | 
| void PrintHelp() { | 
| std::cout << "transport_security_state_generator <json-file> <pins-file>" | 
| -            << " <template-file> <output-file> [--v=1]" << std::endl; | 
| +            << " <template-file> <output-file> [--v=1] [--filter-level=0]" | 
| +            << std::endl; | 
| } | 
|  | 
| // Checks if there are pins with the same name or the same hash. | 
| @@ -152,6 +159,24 @@ bool CheckSubdomainsFlags(const TransportSecurityStateEntries& entries) { | 
| return true; | 
| } | 
|  | 
| +// Filters entries that don't meet the requested level of importance. | 
| +void FilterEntries(TransportSecurityStateEntries* entries, | 
| +                   Pinsets* pinsets, | 
| +                   unsigned filter_level) { | 
| +  base::EraseIf(*entries, | 
| +                [filter_level]( | 
| +                    const std::unique_ptr<TransportSecurityStateEntry>& entry) { | 
| +                  return entry->importance < filter_level; | 
| +                }); | 
| + | 
| +  std::set<std::string> required_pinsets; | 
| +  for (const auto& entry : *entries) { | 
| +    required_pinsets.insert(entry->pinset); | 
| +  } | 
| + | 
| +  pinsets->FilterPinsets(required_pinsets); | 
| +} | 
| + | 
| }  // namespace | 
|  | 
| int main(int argc, char* argv[]) { | 
| @@ -205,6 +230,13 @@ int main(int argc, char* argv[]) { | 
| return 1; | 
| } | 
|  | 
| +  unsigned filter_level; | 
| +  std::string filter_level_string = | 
| +      command_line.GetSwitchValueASCII(kFilterLevelSwitch); | 
| +  if (!base::StringToUint(filter_level_string, &filter_level)) { | 
| +    filter_level = kDefaultFilterLevel; | 
| +  } | 
| + | 
| TransportSecurityStateEntries entries; | 
| Pinsets pinsets; | 
|  | 
| @@ -234,6 +266,8 @@ int main(int argc, char* argv[]) { | 
| return 1; | 
| } | 
|  | 
| +  FilterEntries(&entries, &pinsets, filter_level); | 
| + | 
| std::string output; | 
| PreloadedStateGenerator generator; | 
| output = generator.Generate(preload_template, entries, pinsets); | 
| @@ -256,4 +290,4 @@ int main(int argc, char* argv[]) { | 
| << output_path.AsUTF8Unsafe() << std::endl; | 
|  | 
| return 0; | 
| -} | 
| +} | 
|  |