Separate http_security_headers from transport_security_state

chrome/browser/ui/webui/net_internals/net_internals_ui.cc

Index: chrome/browser/ui/webui/net_internals/net_internals_ui.cc
===================================================================
--- chrome/browser/ui/webui/net_internals/net_internals_ui.cc	(revision 175018)
+++ chrome/browser/ui/webui/net_internals/net_internals_ui.cc	(working copy)
@@ -110,6 +110,41 @@
   return context->host_resolver()->GetHostCache();
 }
 
+std::string HashesToBase64String(const net::HashValueVector& hashes) {
+  std::string str;
+  for (size_t i = 0; i != hashes.size(); ++i) {
+    if (i != 0)
+      str += ",";
+    str += hashes[i].ToString();
+  }
+  return str;
+}
+
+bool Base64StringToHashes(const std::string& hashes_str,
+                          net::HashValueVector* hashes) {
+  hashes->clear();
+  std::vector<std::string> vector_hash_str;
+  base::SplitString(hashes_str, ',', &vector_hash_str);
+
+  for (size_t i = 0; i != vector_hash_str.size(); ++i) {
+    std::string hash_str;
+    RemoveChars(vector_hash_str[i], " \t\r\n", &hash_str);
+    net::HashValue hash;
+    // Skip past unrecognized hash algos
+    // But return false on malformatted input
+    if (hash_str.empty())
+      return false;
+    if (hash_str.compare(0, 5, "sha1/") != 0 &&

[eroman, 2013/01/08 00:18:09]

See also StartsWithASCII()

+        hash_str.compare(0, 7, "sha256/") != 0) {
+      continue;
+    }
+    if (!hash.FromString(hash_str))
+      return false;
+    hashes->push_back(hash);
+  }
+  return true;
+}
+
 // Returns a Value representing the state of a pre-existing URLRequest when
 // net-internals was opened.
 Value* RequestStateToValue(const net::URLRequest* request,
@@ -1171,21 +1206,6 @@
   connection_tester_->RunAllTests(url);
 }
 
-void SPKIHashesToString(const net::HashValueVector& hashes,
-                        std::string* string) {
-  for (net::HashValueVector::const_iterator
-       i = hashes.begin(); i != hashes.end(); ++i) {
-    base::StringPiece hash_str(reinterpret_cast<const char*>(i->data()),
-                               i->size());
-    std::string encoded;
-    base::Base64Encode(hash_str, &encoded);
-
-    if (i != hashes.begin())
-      *string += ",";
-    *string += net::TransportSecurityState::HashValueLabel(*i) + encoded;
-  }
-}
-
 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery(
     const ListValue* list) {
   // |list| should be: [<domain to query>].
@@ -1214,13 +1234,10 @@
         result->SetDouble("dynamic_spki_hashes_expiry",
                           state.dynamic_spki_hashes_expiry.ToDoubleT());
 
-        std::string hashes;
-        SPKIHashesToString(state.static_spki_hashes, &hashes);
-        result->SetString("static_spki_hashes", hashes);
-
-        hashes.clear();
-        SPKIHashesToString(state.dynamic_spki_hashes, &hashes);
-        result->SetString("dynamic_spki_hashes", hashes);
+        result->SetString("static_spki_hashes",
+                          HashesToBase64String(state.static_spki_hashes));
+        result->SetString("dynamic_spki_hashes",
+                          HashesToBase64String(state.dynamic_spki_hashes));
       }
     }
   }
@@ -1252,20 +1269,9 @@
   state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000);
   state.include_subdomains = include_subdomains;
   if (!hashes_str.empty()) {
-    std::vector<std::string> type_and_b64s;
-    base::SplitString(hashes_str, ',', &type_and_b64s);
-    for (std::vector<std::string>::const_iterator
-         i = type_and_b64s.begin(); i != type_and_b64s.end(); ++i) {
-      std::string type_and_b64;
-      RemoveChars(*i, " \t\r\n", &type_and_b64);
-      net::HashValue hash;
-      if (!net::TransportSecurityState::ParsePin(type_and_b64, &hash))
-        continue;
-
-      state.dynamic_spki_hashes.push_back(hash);
-    }
+    if (!Base64StringToHashes(hashes_str, &state.dynamic_spki_hashes))
+      return;
   }
-
   transport_security_state->EnableHost(domain, state);
 }