Certificate Transparency: Adding finch and NetLog logging for EV certs

chrome/browser/io_thread.cc

Index: chrome/browser/io_thread.cc
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index 73f9f30c76fd0478ab167bc3d5d78f1ac7772f3b..b8ed1af5d7ef466e2bc20032de44151ffcdc69d9 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -323,6 +323,17 @@ bool IsStaleWhileRevalidateEnabled(const base::CommandLine& command_line) {
   return group_name == "Enabled";
 }
 
+bool IsCertificateTransparencyRequiredForEV(
+    const base::CommandLine& command_line) {
+  const std::string group_name =
+      base::FieldTrialList::FindFullName("CTRequiredForEVTrial");
+
+  if (command_line.HasSwitch(switches::kRequireCTForEV))
+    return true;

[davidben, 2014/12/08 22:42:35]

Suuuper nitpicky nit that completely doesn't matter: I suppose you may as well
reorder these too. Matches the function above and there's no need to query the
field trial if you're going to bail out on the switch early anyway.

[Eran Messeri, 2014/12/09 19:58:15]

My understanding, from go/finch-and-flags, is that you should call FindFullName
regardless of the flag value for UMA to report the correct group.

+
+  return group_name == "RequirementEnforced";
+}
+
 }  // namespace
 
 class IOThread::LoggingNetworkChangeObserver
@@ -643,12 +654,8 @@ void IOThread::InitAsync() {
   }
 
   net::CertPolicyEnforcer* policy_enforcer = NULL;
-  // TODO(eranm): Control with Finch, crbug.com/437766
-  if (command_line.HasSwitch(switches::kRequireCTForEV)) {
-    policy_enforcer = new net::CertPolicyEnforcer(kNumKnownCTLogs, true);
-  } else {
-    policy_enforcer = new net::CertPolicyEnforcer(kNumKnownCTLogs, false);
-  }
+  policy_enforcer = new net::CertPolicyEnforcer(
+      kNumKnownCTLogs, IsCertificateTransparencyRequiredForEV(command_line));
   globals_->cert_policy_enforcer.reset(policy_enforcer);
 
   globals_->ssl_config_service = GetSSLConfigService();