Certificate Transparency: Adding finch and NetLog logging for EV certs

chrome/browser/io_thread.cc

Index: chrome/browser/io_thread.cc
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index f88e506700efe921e35196f6f9fa07f3faf73080..8f34934df52870467cdb374c8fee132338a84422 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -324,6 +324,17 @@ bool IsStaleWhileRevalidateEnabled(const base::CommandLine& command_line) {
   return group_name == "Enabled";
 }
 
+bool IsCertificateTransparencyRequiredForEV(
+    const base::CommandLine& command_line) {
+  const std::string group_name =
+      base::FieldTrialList::FindFullName("CTRequiredForEVTrial");

[mmenke, 2014/12/16 16:40:12]

nit:  Should put this just before use, per Google style guide.  Admittedly,
doesn't really matter for performance, but still seems weird to always do it
even when we have a switch and end up ignoring the result.

[Eran Messeri, 2014/12/17 16:19:31]

IIUC in go/finch-and-flags this pattern is explicitly stated for UMA to report
the correct group with each histogram logging.

+
+  if (command_line.HasSwitch(switches::kRequireCTForEV))
+    return true;
+
+  return group_name == "RequirementEnforced";
+}
+
 }  // namespace
 
 class IOThread::LoggingNetworkChangeObserver
@@ -656,12 +667,8 @@ void IOThread::InitAsync() {
   }
 
   net::CertPolicyEnforcer* policy_enforcer = NULL;
-  // TODO(eranm): Control with Finch, crbug.com/437766
-  if (command_line.HasSwitch(switches::kRequireCTForEV)) {
-    policy_enforcer = new net::CertPolicyEnforcer(true);
-  } else {
-    policy_enforcer = new net::CertPolicyEnforcer(false);
-  }
+  policy_enforcer = new net::CertPolicyEnforcer(
+      IsCertificateTransparencyRequiredForEV(command_line));
   globals_->cert_policy_enforcer.reset(policy_enforcer);
 
   globals_->ssl_config_service = GetSSLConfigService();