| Index: net/tools/transport_security_state_generator/transport_security_state_generator.cc
|
| diff --git a/net/tools/transport_security_state_generator/transport_security_state_generator.cc b/net/tools/transport_security_state_generator/transport_security_state_generator.cc
|
| index d5e98cde237185e19dd5b68afe56aff5cd8c7744..ba61b90367dfdefd054ff7f25bf18b05bb741e27 100644
|
| --- a/net/tools/transport_security_state_generator/transport_security_state_generator.cc
|
| +++ b/net/tools/transport_security_state_generator/transport_security_state_generator.cc
|
| @@ -13,6 +13,8 @@
|
| #include "base/files/file_util.h"
|
| #include "base/logging.h"
|
| #include "base/path_service.h"
|
| +#include "base/stl_util.h"
|
| +#include "base/strings/string_number_conversions.h"
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "crypto/openssl_util.h"
|
| #include "net/tools/transport_security_state_generator/input_file_parsers.h"
|
| @@ -21,15 +23,20 @@
|
| #include "net/tools/transport_security_state_generator/transport_security_state_entry.h"
|
|
|
| using net::transport_security_state::TransportSecurityStateEntries;
|
| +using net::transport_security_state::TransportSecurityStateEntry;
|
| using net::transport_security_state::Pinsets;
|
| using net::transport_security_state::PreloadedStateGenerator;
|
|
|
| namespace {
|
|
|
| +static const char kFilterLevelSwitch[] = "filter-level";
|
| +static const unsigned kDefaultFilterLevel = 0;
|
| +
|
| // Print the command line help.
|
| void PrintHelp() {
|
| std::cout << "transport_security_state_generator <json-file> <pins-file>"
|
| - << " <template-file> <output-file> [--v=1]" << std::endl;
|
| + << " <template-file> <output-file> [--v=1] [--filter-level=0]"
|
| + << std::endl;
|
| }
|
|
|
| // Checks if there are pins with the same name or the same hash.
|
| @@ -152,6 +159,24 @@ bool CheckSubdomainsFlags(const TransportSecurityStateEntries& entries) {
|
| return true;
|
| }
|
|
|
| +// Filters entries that don't meet the requested level of importance.
|
| +void FilterEntries(TransportSecurityStateEntries* entries,
|
| + Pinsets* pinsets,
|
| + unsigned filter_level) {
|
| + base::EraseIf(*entries,
|
| + [filter_level](
|
| + const std::unique_ptr<TransportSecurityStateEntry>& entry) {
|
| + return entry->importance < filter_level;
|
| + });
|
| +
|
| + std::set<std::string> required_pinsets;
|
| + for (const auto& entry : *entries) {
|
| + required_pinsets.insert(entry->pinset);
|
| + }
|
| +
|
| + pinsets->FilterPinsets(required_pinsets);
|
| +}
|
| +
|
| } // namespace
|
|
|
| int main(int argc, char* argv[]) {
|
| @@ -205,6 +230,13 @@ int main(int argc, char* argv[]) {
|
| return 1;
|
| }
|
|
|
| + unsigned filter_level;
|
| + std::string filter_level_string =
|
| + command_line.GetSwitchValueASCII(kFilterLevelSwitch);
|
| + if (!base::StringToUint(filter_level_string, &filter_level)) {
|
| + filter_level = kDefaultFilterLevel;
|
| + }
|
| +
|
| TransportSecurityStateEntries entries;
|
| Pinsets pinsets;
|
|
|
| @@ -234,6 +266,8 @@ int main(int argc, char* argv[]) {
|
| return 1;
|
| }
|
|
|
| + FilterEntries(&entries, &pinsets, filter_level);
|
| +
|
| std::string output;
|
| PreloadedStateGenerator generator;
|
| output = generator.Generate(preload_template, entries, pinsets);
|
| @@ -256,4 +290,4 @@ int main(int argc, char* argv[]) {
|
| << output_path.AsUTF8Unsafe() << std::endl;
|
|
|
| return 0;
|
| -}
|
| +}
|
|
|
Chromium Code Reviews
Issue 2901393005:
Experiment with HSTS preload list filtering. (Closed)
