Reland: Cache protected password entry and password on focus ping separately.

components/safe_browsing/password_protection/password_protection_service.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.

[lpz, 2017/06/08 15:18:33]

meta comment: this might be just my ignorance, but I'm still unclear about how
the two trigger types are stored. Is one of them a "child" of the other, or are
they contained together in a flat list but the "on focus" verdicts are just
tagged with the new key?

A comment with an example somewhere in here could help. Thanks!

[Jialiu Lin, 2017/06/08 20:47:30]

Yes, UMFAMILIAR_LOGIN_PAGE(a.k.a password on focus ping) verdict is cached as a
child of PASSWORD_REUSE_EVENT(a.k.a protected password entry ping). I'll add
some more comments and an example. 

 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/safe_browsing/password_protection/password_protection_service.h"
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/memory/ptr_util.h"
 #include "base/metrics/field_trial.h"
@@ skipping 19 matching lines @@
 namespace safe_browsing {
 
 namespace {
 
 // Keys for storing password protection verdict into a DictionaryValue.
 const char kCacheCreationTime[] = "cache_creation_time";
 const char kVerdictProto[] = "verdict_proto";
 const int kRequestTimeoutMs = 10000;
 const char kPasswordProtectionRequestUrl[] =
     "https://sb-ssl.google.com/safebrowsing/clientreport/login";
+const char kPasswordOnFocusCacheKey[] = "password_on_focus_cache_key";
 
 // Helper function to determine if the given origin matches content settings
 // map's patterns.
 bool OriginMatchPrimaryPattern(
     const GURL& origin,
     const ContentSettingsPattern& primary_pattern,
     const ContentSettingsPattern& secondary_pattern_unused) {
   return ContentSettingsPattern::FromURLNoWildcard(origin) == primary_pattern;
 }
 
@@ skipping 29 matching lines @@
 const char kPasswordOnFocusRequestOutcomeHistogramName[] =
     "PasswordProtection.RequestOutcome.PasswordFieldOnFocus";
 const char kPasswordEntryRequestOutcomeHistogramName[] =
     "PasswordProtection.RequestOutcome.ProtectedPasswordEntry";
 
 PasswordProtectionService::PasswordProtectionService(
     const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
     scoped_refptr<net::URLRequestContextGetter> request_context_getter,
     HistoryService* history_service,
     HostContentSettingsMap* host_content_settings_map)
-    : stored_verdict_count_(-1),
+    : stored_verdict_count_password_on_focus_(-1),
+      stored_verdict_count_password_entry_(-1),
       database_manager_(database_manager),
       request_context_getter_(request_context_getter),
       history_service_observer_(this),
       content_settings_(host_content_settings_map),
       weak_factory_(this) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   if (history_service)
     history_service_observer_.Add(history_service);
 }
 
@@ skipping 17 matching lines @@
     return false;
 
   const std::string& hostname = url.HostNoBrackets();
   return !net::IsLocalhost(hostname) && !net::IsHostnameNonUnique(hostname) &&
          hostname.find('.') != std::string::npos;
 }
 
 LoginReputationClientResponse::VerdictType
 PasswordProtectionService::GetCachedVerdict(
     const GURL& url,
+    TriggerType type,
     LoginReputationClientResponse* out_response) {
+  DCHECK(content_settings_);
+  DCHECK(type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE ||
+         type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
+
   if (!url.is_valid())
     return LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED;
 
-  DCHECK(content_settings_);
-
   GURL hostname = GetHostNameWithHTTPScheme(url);
-  std::unique_ptr<base::DictionaryValue> verdict_dictionary =
+  std::unique_ptr<base::DictionaryValue> cache_dictionary =
       base::DictionaryValue::From(content_settings_->GetWebsiteSetting(
           hostname, GURL(), CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION,
           std::string(), nullptr));
-  // Return early if there is no verdict cached for this origin.
-  if (!verdict_dictionary.get() || verdict_dictionary->empty())
+
+  if (!cache_dictionary.get() || cache_dictionary->empty())
     return LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED;
 
+  base::DictionaryValue* verdict_dictionary = nullptr;
+  if (type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) {
+    // All UNFAMILIAR_LOGIN_PAGE verdicts (a.k.a password on focus ping)
+    // are cached under |kPasswordOnFocusCacheKey|.
+    if (!cache_dictionary->HasKey(kPasswordOnFocusCacheKey)) {
+      return LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED;
+    }
+    DCHECK(cache_dictionary->GetDictionaryWithoutPathExpansion(
+        kPasswordOnFocusCacheKey, &verdict_dictionary));
+  } else {
+    verdict_dictionary = cache_dictionary.get();
+  }
+
   std::vector<std::string> paths;
   GeneratePathVariantsWithoutQuery(url, &paths);
   int max_path_depth = -1;
   LoginReputationClientResponse::VerdictType most_matching_verdict =
       LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED;
   // For all the verdicts of the same origin, we key them by |cache_expression|.
   // Its corresponding value is a DictionaryValue contains its creation time and
   // the serialized verdict proto.
-  for (base::DictionaryValue::Iterator it(*verdict_dictionary.get());
-       !it.IsAtEnd(); it.Advance()) {
+  for (base::DictionaryValue::Iterator it(*verdict_dictionary); !it.IsAtEnd();
+       it.Advance()) {
+    if (type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT &&
+        it.key() == kPasswordOnFocusCacheKey) {
+      continue;
+    }
     base::DictionaryValue* verdict_entry = nullptr;
     CHECK(verdict_dictionary->GetDictionaryWithoutPathExpansion(
         it.key() /* cache_expression */, &verdict_entry));
     int verdict_received_time;
     LoginReputationClientResponse verdict;
     CHECK(ParseVerdictEntry(verdict_entry, &verdict_received_time, &verdict));
     // Since password protection content settings are keyed by origin, we only
     // need to compare the path part of the cache_expression and the given url.
     std::string cache_expression_path =
         GetCacheExpressionPath(verdict.cache_expression());
@@ skipping 10 matching lines @@
               ? LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED
               : verdict.verdict_type();
       out_response->CopyFrom(verdict);
     }
   }
   return most_matching_verdict;
 }
 
 void PasswordProtectionService::CacheVerdict(
     const GURL& url,
+    TriggerType type,
     LoginReputationClientResponse* verdict,
     const base::Time& receive_time) {
   DCHECK(verdict);
   DCHECK(content_settings_);
+  DCHECK(type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE ||
+         type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
 
   GURL hostname = GetHostNameWithHTTPScheme(url);
-  std::unique_ptr<base::DictionaryValue> verdict_dictionary =
+  int* stored_verdict_count =
+      type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE
+          ? &stored_verdict_count_password_on_focus_
+          : &stored_verdict_count_password_entry_;
+  std::unique_ptr<base::DictionaryValue> cache_dictionary =
       base::DictionaryValue::From(content_settings_->GetWebsiteSetting(
           hostname, GURL(), CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION,
           std::string(), nullptr));
 
-  if (!verdict_dictionary.get())
-    verdict_dictionary = base::MakeUnique<base::DictionaryValue>();
+  if (!cache_dictionary.get())
+    cache_dictionary = base::MakeUnique<base::DictionaryValue>();
 
   std::unique_ptr<base::DictionaryValue> verdict_entry =
       CreateDictionaryFromVerdict(verdict, receive_time);
 
+  base::DictionaryValue* verdict_dictionary = nullptr;
+  if (type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) {
+    // All UNFAMILIAR_LOGIN_PAGE verdicts (a.k.a password on focus ping)
+    // are cached under |kPasswordOnFocusCacheKey|.
+    if (!cache_dictionary->HasKey(kPasswordOnFocusCacheKey)) {
+      cache_dictionary->SetDictionaryWithoutPathExpansion(
+          kPasswordOnFocusCacheKey, base::MakeUnique<base::DictionaryValue>());
+    }
+    DCHECK(cache_dictionary->GetDictionaryWithoutPathExpansion(
+        kPasswordOnFocusCacheKey, &verdict_dictionary));
+  } else {
+    verdict_dictionary = cache_dictionary.get();
+  }
+
   // Increases stored verdict count if we haven't seen this cache expression
   // before.
   if (!verdict_dictionary->HasKey(verdict->cache_expression()))
-    stored_verdict_count_ = GetStoredVerdictCount() + 1;
+    *stored_verdict_count = GetStoredVerdictCount(type) + 1;
   // If same cache_expression is already in this verdict_dictionary, we simply
   // override it.
   verdict_dictionary->SetWithoutPathExpansion(verdict->cache_expression(),
                                               std::move(verdict_entry));
   content_settings_->SetWebsiteSettingDefaultScope(
       hostname, GURL(), CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION,
-      std::string(), std::move(verdict_dictionary));
+      std::string(), std::move(cache_dictionary));
 }
 
 void PasswordProtectionService::CleanUpExpiredVerdicts() {
   DCHECK(content_settings_);
-  if (GetStoredVerdictCount() <= 0)
+
+  if (GetStoredVerdictCount(
+          LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) <= 0 &&
+      GetStoredVerdictCount(
+          LoginReputationClientRequest::PASSWORD_REUSE_EVENT) <= 0)
     return;
 
   ContentSettingsForOneType password_protection_settings;
   content_settings_->GetSettingsForOneType(
       CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, std::string(),
       &password_protection_settings);
 
   for (const ContentSettingPatternSource& source :
        password_protection_settings) {
     GURL primary_pattern_url = GURL(source.primary_pattern.ToString());
     // Find all verdicts associated with this origin.
-    std::unique_ptr<base::DictionaryValue> verdict_dictionary =
+    std::unique_ptr<base::DictionaryValue> cache_dictionary =
         base::DictionaryValue::From(content_settings_->GetWebsiteSetting(
             primary_pattern_url, GURL(),
             CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, std::string(), nullptr));
-    std::vector<std::string> expired_keys;
-    for (base::DictionaryValue::Iterator it(*verdict_dictionary.get());
-         !it.IsAtEnd(); it.Advance()) {
-      base::DictionaryValue* verdict_entry = nullptr;
-      CHECK(verdict_dictionary->GetDictionaryWithoutPathExpansion(
-          it.key(), &verdict_entry));
-      int verdict_received_time;
-      LoginReputationClientResponse verdict;
-      CHECK(ParseVerdictEntry(verdict_entry, &verdict_received_time, &verdict));
+    bool has_expired_password_on_focus_entry = RemoveExpiredVerdicts(
+        LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE,
+        cache_dictionary.get());
+    bool has_expired_password_reuse_entry = RemoveExpiredVerdicts(
+        LoginReputationClientRequest::PASSWORD_REUSE_EVENT,
+        cache_dictionary.get());
 
-      if (IsCacheExpired(verdict_received_time, verdict.cache_duration_sec())) {
-        // Since DictionaryValue::Iterator cannot be used to modify the
-        // dictionary, we record the keys of expired verdicts in |expired_keys|
-        // and remove them in the next for-loop.
-        expired_keys.push_back(it.key());
-      }
-    }
-
-    for (const std::string& key : expired_keys) {
-      verdict_dictionary->RemoveWithoutPathExpansion(key, nullptr);
-      stored_verdict_count_--;
-    }
-
-    if (verdict_dictionary->size() == 0u) {
+    if (cache_dictionary->size() == 0u) {
       content_settings_->ClearSettingsForOneTypeWithPredicate(
           CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, base::Time(),
           base::Bind(&OriginMatchPrimaryPattern, primary_pattern_url));
-    } else if (expired_keys.size() > 0u) {
+    } else if (has_expired_password_on_focus_entry ||
+               has_expired_password_reuse_entry) {
       // Set the website setting of this origin with the updated
       // |verdict_diectionary|.
       content_settings_->SetWebsiteSettingDefaultScope(
           primary_pattern_url, GURL(),
           CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, std::string(),
-          std::move(verdict_dictionary));
+          std::move(cache_dictionary));
     }
   }
 }
 
 void PasswordProtectionService::StartRequest(
     WebContents* web_contents,
     const GURL& main_frame_url,
     const GURL& password_form_action,
     const GURL& password_form_frame_url,
     const std::string& saved_domain,
-    LoginReputationClientRequest::TriggerType type) {
+    TriggerType type) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   scoped_refptr<PasswordProtectionRequest> request(
       new PasswordProtectionRequest(web_contents, main_frame_url,
                                     password_form_action,
                                     password_form_frame_url, saved_domain, type,
                                     this, GetRequestTimeoutInMS()));
   DCHECK(request);
   request->Start();
   requests_.insert(std::move(request));
 }
@@ skipping 36 matching lines @@
 
 void PasswordProtectionService::RequestFinished(
     PasswordProtectionRequest* request,
     bool already_cached,
     std::unique_ptr<LoginReputationClientResponse> response) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   DCHECK(request);
 
   if (response) {
     if (!already_cached) {
-      CacheVerdict(request->main_frame_url(), response.get(),
-                   base::Time::Now());
+      CacheVerdict(request->main_frame_url(), request->request_type(),
+                   response.get(), base::Time::Now());
     }
 
     if (request->request_type() ==
             LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE &&
         response->verdict_type() == LoginReputationClientResponse::PHISHING &&
         base::FeatureList::IsEnabled(kPasswordProtectionInterstitial)) {
       ShowPhishingInterstitial(request->main_frame_url(),
                                response->verdict_token(),
                                request->web_contents());
     }
@@ skipping 25 matching lines @@
   return database_manager_;
 }
 
 GURL PasswordProtectionService::GetPasswordProtectionRequestUrl() {
   GURL url(kPasswordProtectionRequestUrl);
   std::string api_key = google_apis::GetAPIKey();
   DCHECK(!api_key.empty());
   return url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true));
 }
 
-int PasswordProtectionService::GetStoredVerdictCount() {
+int PasswordProtectionService::GetStoredVerdictCount(TriggerType type) {
   DCHECK(content_settings_);
+  DCHECK(type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE ||
+         type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
+  int* stored_verdict_count =
+      type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE
+          ? &stored_verdict_count_password_on_focus_
+          : &stored_verdict_count_password_entry_;
   // If we have already computed this, return its value.
-  if (stored_verdict_count_ >= 0)
-    return stored_verdict_count_;
+  if (*stored_verdict_count >= 0)
+    return *stored_verdict_count;
 
   ContentSettingsForOneType password_protection_settings;
   content_settings_->GetSettingsForOneType(
       CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, std::string(),
       &password_protection_settings);
-  stored_verdict_count_ = 0;
+  stored_verdict_count_password_on_focus_ = 0;
+  stored_verdict_count_password_entry_ = 0;
   if (password_protection_settings.empty())
     return 0;
 
   for (const ContentSettingPatternSource& source :
        password_protection_settings) {
     std::unique_ptr<base::DictionaryValue> verdict_dictionary =

[lpz, 2017/06/08 15:18:33]

should this be "cache_dictionary" for consistency with other code? If so, maybe
check the rest of this code for that distinction?

[Jialiu Lin, 2017/06/08 20:47:30]

Done.

         base::DictionaryValue::From(content_settings_->GetWebsiteSetting(
             GURL(source.primary_pattern.ToString()), GURL(),
             CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, std::string(), nullptr));
-    if (verdict_dictionary.get() && !verdict_dictionary->empty())
-      stored_verdict_count_ += static_cast<int>(verdict_dictionary->size());
+    if (verdict_dictionary.get() && !verdict_dictionary->empty()) {

[lpz, 2017/06/08 15:18:33]

I think this block could use a couple comments (ie: the outer dict size contains
both types of verdicts and we want to split them apart...is that right?)

[Jialiu Lin, 2017/06/08 20:47:30]

The outer dict size is # of PASSWORD_REUSE_EVENT verdict +1. The "+1" maps to
the lower layer dictionary (keyed on |kPasswordOnFocusCacheKey|) holds all
UMFAMILIAR_LOGIN_PAGE verdicts. 

Added one comment to make it clearer. 

+      stored_verdict_count_password_entry_ +=
+          static_cast<int>(verdict_dictionary->size());
+      if (verdict_dictionary->HasKey(kPasswordOnFocusCacheKey)) {
+        stored_verdict_count_password_entry_ -= 1;
+        base::DictionaryValue* password_on_focus_dict = nullptr;
+        verdict_dictionary->GetDictionaryWithoutPathExpansion(
+            kPasswordOnFocusCacheKey, &password_on_focus_dict);
+        stored_verdict_count_password_on_focus_ +=
+            static_cast<int>(password_on_focus_dict->size());
+      }
+    }
   }
-  return stored_verdict_count_;
+  return *stored_verdict_count;
 }
 
 int PasswordProtectionService::GetRequestTimeoutInMS() {
   return kRequestTimeoutMs;
 }
 
 void PasswordProtectionService::FillUserPopulation(
-    const LoginReputationClientRequest::TriggerType& request_type,
+    TriggerType request_type,
     LoginReputationClientRequest* request_proto) {
   ChromeUserPopulation* user_population = request_proto->mutable_population();
   user_population->set_user_population(
       IsExtendedReporting() ? ChromeUserPopulation::EXTENDED_REPORTING
                             : ChromeUserPopulation::SAFE_BROWSING);
   user_population->set_is_history_sync_enabled(IsHistorySyncEnabled());
 
   base::FieldTrial* low_reputation_field_trial =
       base::FeatureList::GetFieldTrial(kPasswordFieldOnFocusPinging);
   if (low_reputation_field_trial) {
     user_population->add_finch_active_groups(
         low_reputation_field_trial->trial_name() + "|" +
         low_reputation_field_trial->group_name());
   }
   base::FieldTrial* password_entry_field_trial =
       base::FeatureList::GetFieldTrial(kProtectedPasswordEntryPinging);
   if (password_entry_field_trial) {
     user_population->add_finch_active_groups(
         low_reputation_field_trial->trial_name() + "|" +
         low_reputation_field_trial->group_name());
   }
 }
 
 void PasswordProtectionService::OnURLsDeleted(
     history::HistoryService* history_service,
     bool all_history,
     bool expired,
     const history::URLRows& deleted_rows,
     const std::set<GURL>& favicon_urls) {
-  if (stored_verdict_count_ <= 0)
+  if (stored_verdict_count_password_on_focus_ <= 0 &&
+      stored_verdict_count_password_entry_ <= 0) {
     return;
+  }
 
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&PasswordProtectionService::RemoveContentSettingsOnURLsDeleted,
                  GetWeakPtr(), all_history, deleted_rows));
 }
 
 void PasswordProtectionService::HistoryServiceBeingDeleted(
     history::HistoryService* history_service) {
   history_service_observer_.RemoveAll();
 }
 
 void PasswordProtectionService::RemoveContentSettingsOnURLsDeleted(
     bool all_history,
     const history::URLRows& deleted_rows) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   DCHECK(content_settings_);
 
   if (all_history) {
     content_settings_->ClearSettingsForOneType(
         CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION);
-    stored_verdict_count_ = 0;
+    stored_verdict_count_password_on_focus_ = 0;
+    stored_verdict_count_password_entry_ = 0;
     return;
   }
 
   // For now, if a URL is deleted from history, we simply remove all the
   // cached verdicts of the same origin. This is a pretty aggressive deletion.
   // We might revisit this logic later to decide if we want to only delete the
   // cached verdict whose cache expression matches this URL.
   for (const history::URLRow& row : deleted_rows) {
     if (!row.url().SchemeIsHTTPOrHTTPS())
       continue;
     GURL url_key = GetHostNameWithHTTPScheme(row.url());
-    std::unique_ptr<base::DictionaryValue> verdict_dictionary =
-        base::DictionaryValue::From(content_settings_->GetWebsiteSetting(
-            url_key, GURL(), CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION,
-            std::string(), nullptr));
-
-    // Move on if we have no cached verdict for this deleted history row.
-    if (!verdict_dictionary.get() || verdict_dictionary->empty())
-      continue;
-
-    int verdict_count = static_cast<int>(verdict_dictionary->size());
-    stored_verdict_count_ = GetStoredVerdictCount() - verdict_count;
+    stored_verdict_count_password_on_focus_ =
+        GetStoredVerdictCount(
+            LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) -
+        GetVerdictCountForURL(
+            url_key, LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE);
+    stored_verdict_count_password_entry_ =
+        GetStoredVerdictCount(
+            LoginReputationClientRequest::PASSWORD_REUSE_EVENT) -
+        GetVerdictCountForURL(
+            url_key, LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
     content_settings_->ClearSettingsForOneTypeWithPredicate(
         CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, base::Time(),
         base::Bind(&OriginMatchPrimaryPattern, url_key));
   }
 }
 
+int PasswordProtectionService::GetVerdictCountForURL(const GURL& url,
+                                                     TriggerType type) {
+  DCHECK(type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE ||
+         type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
+  std::unique_ptr<base::DictionaryValue> verdict_dictionary =
+      base::DictionaryValue::From(content_settings_->GetWebsiteSetting(
+          url, GURL(), CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, std::string(),
+          nullptr));
+  if (!verdict_dictionary.get() || verdict_dictionary->empty())
+    return 0;
+
+  if (type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) {
+    base::DictionaryValue* password_on_focus_dict = nullptr;
+    verdict_dictionary->GetDictionaryWithoutPathExpansion(
+        kPasswordOnFocusCacheKey, &password_on_focus_dict);
+    return password_on_focus_dict ? password_on_focus_dict->size() : 0;
+  } else {
+    return verdict_dictionary->HasKey(kPasswordOnFocusCacheKey)
+               ? verdict_dictionary->size() - 1
+               : verdict_dictionary->size();
+  }
+}
+
+bool PasswordProtectionService::RemoveExpiredVerdicts(
+    TriggerType type,
+    base::DictionaryValue* cache_dict) {
+  DCHECK(type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE ||
+         type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
+  base::DictionaryValue* verdict_dictionary = nullptr;
+  if (type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT) {
+    verdict_dictionary = cache_dict;
+  } else {
+    if (!cache_dict->GetDictionaryWithoutPathExpansion(kPasswordOnFocusCacheKey,
+                                                       &verdict_dictionary)) {
+      return false;
+    }
+  }
+
+  if (!verdict_dictionary || verdict_dictionary->empty())
+    return false;

[lpz, 2017/06/08 15:18:33]

nit: +1 newline after

[Jialiu Lin, 2017/06/08 20:47:30]

Done.

+  std::vector<std::string> expired_keys;
+  for (base::DictionaryValue::Iterator it(*verdict_dictionary); !it.IsAtEnd();
+       it.Advance()) {
+    if (type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT &&
+        it.key() == std::string(kPasswordOnFocusCacheKey))
+      continue;

[lpz, 2017/06/08 15:18:33]

nit: +1 newline after

[Jialiu Lin, 2017/06/08 20:47:30]

Done.

+    base::DictionaryValue* verdict_entry = nullptr;
+    CHECK(verdict_dictionary->GetDictionaryWithoutPathExpansion(
+        it.key(), &verdict_entry));
+    int verdict_received_time;
+    LoginReputationClientResponse verdict;
+    CHECK(ParseVerdictEntry(verdict_entry, &verdict_received_time, &verdict));
+
+    if (IsCacheExpired(verdict_received_time, verdict.cache_duration_sec())) {
+      // Since DictionaryValue::Iterator cannot be used to modify the
+      // dictionary, we record the keys of expired verdicts in |expired_keys|
+      // and remove them in the next for-loop.
+      expired_keys.push_back(it.key());
+    }
+  }
+
+  for (const std::string& key : expired_keys) {
+    verdict_dictionary->RemoveWithoutPathExpansion(key, nullptr);
+    if (type == LoginReputationClientRequest::PASSWORD_REUSE_EVENT)
+      stored_verdict_count_password_entry_--;
+    else
+      stored_verdict_count_password_on_focus_--;
+  }
+
+  if (type == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE &&
+      verdict_dictionary->size() == 0U) {
+    cache_dict->RemoveWithoutPathExpansion(kPasswordOnFocusCacheKey, nullptr);
+  }
+
+  return expired_keys.size() > 0U;
+}
+
 // static
 bool PasswordProtectionService::ParseVerdictEntry(
     base::DictionaryValue* verdict_entry,
     int* out_verdict_received_time,
     LoginReputationClientResponse* out_verdict) {
   std::string serialized_verdict_proto;
   return verdict_entry && out_verdict &&
          verdict_entry->GetInteger(kCacheCreationTime,
                                    out_verdict_received_time) &&
          verdict_entry->GetString(kVerdictProto, &serialized_verdict_proto) &&
@@ skipping 80 matching lines @@
   if (is_password_entry_ping) {
     UMA_HISTOGRAM_ENUMERATION(kPasswordEntryRequestOutcomeHistogramName, reason,
                               MAX_OUTCOME);
   } else {
     UMA_HISTOGRAM_ENUMERATION(kPasswordOnFocusRequestOutcomeHistogramName,
                               reason, MAX_OUTCOME);
   }
 }
 
 }  // namespace safe_browsing