Move TransportSecurityPersister completely to IO thread.

This should fix problems caused by calling ImportantFileWriter
on wrong threads.

BUG=none

Review URL: http://codereview.chromium.org/7966005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102139 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/browsing_data_remover.cc

@@ -292,14 +292,7 @@ void BrowsingDataRemover::Remove(int remove_mask) {
   }
 
   // Also delete cached TransportSecurityState data.
-  if (profile_->GetTransportSecurityState()) {
-    BrowserThread::PostTask(
-        BrowserThread::IO, FROM_HERE,
-        NewRunnableMethod(
-            profile_->GetTransportSecurityState(),
-            &net::TransportSecurityState::DeleteSince,
-            delete_begin_));
-  }
+  profile_->DeleteTransportSecurityStateSince(delete_begin_);
 
   NotifyAndDeleteIfDone();
 }

chrome/browser/profiles/off_the_record_profile_impl.cc

@@ -244,22 +244,6 @@ SSLHostState* OffTheRecordProfileImpl::GetSSLHostState() {
   return ssl_host_state_.get();
 }
 
-net::TransportSecurityState*
-    OffTheRecordProfileImpl::GetTransportSecurityState() {
-  if (!transport_security_state_.get()) {
-    transport_security_state_ = new net::TransportSecurityState(
-        CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-            switches::kHstsHosts));
-    transport_security_loader_ =
-       new TransportSecurityPersister(transport_security_state_.get(),
-                                      GetPath(),
-                                      true /* readonly */);
-    transport_security_loader_->Init();
-  }
-
-  return transport_security_state_.get();
-}
-
 HistoryService* OffTheRecordProfileImpl::GetHistoryService(
     ServiceAccessType sat) {
   if (sat == EXPLICIT_ACCESS)
@@ -612,6 +596,11 @@ chrome_browser_net::Predictor* OffTheRecordProfileImpl::GetNetworkPredictor() {
   return NULL;
 }
 
+void OffTheRecordProfileImpl::DeleteTransportSecurityStateSince(
+    base::Time time) {
+  // No need to do anything here, our transport security state is read-only.
+}
+
 void OffTheRecordProfileImpl::Observe(int type,
                      const NotificationSource& source,
                      const NotificationDetails& details) {

chrome/browser/profiles/off_the_record_profile_impl.h

@@ -54,7 +54,6 @@ class OffTheRecordProfileImpl : public Profile,
   virtual ExtensionSpecialStoragePolicy*
       GetExtensionSpecialStoragePolicy() OVERRIDE;
   virtual SSLHostState* GetSSLHostState() OVERRIDE;
-  virtual net::TransportSecurityState* GetTransportSecurityState() OVERRIDE;
   virtual HistoryService* GetHistoryService(ServiceAccessType sat) OVERRIDE;
   virtual HistoryService* GetHistoryServiceWithoutCreating() OVERRIDE;
   virtual FaviconService* GetFaviconService(ServiceAccessType sat) OVERRIDE;
@@ -131,6 +130,7 @@ class OffTheRecordProfileImpl : public Profile,
   virtual PrefProxyConfigTracker* GetProxyConfigTracker() OVERRIDE;
   virtual prerender::PrerenderManager* GetPrerenderManager() OVERRIDE;
   virtual chrome_browser_net::Predictor* GetNetworkPredictor() OVERRIDE;
+  virtual void DeleteTransportSecurityStateSince(base::Time time) OVERRIDE;
 
   // NotificationObserver implementation.
   virtual void Observe(int type,
@@ -180,10 +180,6 @@ class OffTheRecordProfileImpl : public Profile,
   // profile.
   scoped_ptr<FindBarState> find_bar_state_;
 
-  // The TransportSecurityState that only stores enabled sites in memory.
-  scoped_refptr<net::TransportSecurityState>
-      transport_security_state_;
-
   // Time we were started.
   Time start_time_;
 
@@ -206,9 +202,6 @@ class OffTheRecordProfileImpl : public Profile,
 
   scoped_refptr<quota::QuotaManager> quota_manager_;
 
-  // Used read-only.
-  scoped_refptr<TransportSecurityPersister> transport_security_loader_;
-
   DISALLOW_COPY_AND_ASSIGN(OffTheRecordProfileImpl);
 };
 

chrome/browser/profiles/off_the_record_profile_io_data.cc

@@ -146,6 +146,9 @@ void OffTheRecordProfileIOData::LazyInitializeInternal(
   ApplyProfileParamsToContext(main_context);
   ApplyProfileParamsToContext(extensions_context);
 
+  main_context->set_transport_security_state(transport_security_state());
+  extensions_context->set_transport_security_state(transport_security_state());
+
   main_context->set_net_log(io_thread->net_log());
   extensions_context->set_net_log(io_thread->net_log());
 

chrome/browser/profiles/profile.cc

@@ -32,7 +32,6 @@
 #include "chrome/browser/profiles/profile_dependency_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/themes/theme_service.h"
-#include "chrome/browser/transport_security_persister.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/find_bar/find_bar_state.h"
 #include "chrome/browser/ui/webui/chrome_url_data_manager.h"
@@ -57,7 +56,6 @@
 #include "content/browser/webui/web_ui.h"
 #include "content/common/notification_service.h"
 #include "grit/locale_settings.h"
-#include "net/base/transport_security_state.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "webkit/database/database_tracker.h"
 #include "webkit/quota/quota_manager.h"

chrome/browser/profiles/profile.h

@@ -40,7 +40,6 @@ class ShortcutsBackend;
 }
 
 namespace net {
-class TransportSecurityState;
 class SSLConfigService;
 }
 
@@ -89,7 +88,6 @@ class SSLConfigServiceManager;
 class SpellCheckHost;
 class TemplateURLFetcher;
 class TokenService;
-class TransportSecurityPersister;
 class UserScriptMaster;
 class UserStyleSheetWatcher;
 class VisitedLinkEventListener;
@@ -277,11 +275,6 @@ class Profile : public content::BrowserContext {
   virtual ExtensionSpecialStoragePolicy*
       GetExtensionSpecialStoragePolicy() = 0;
 
-  // Retrieves a pointer to the TransportSecurityState associated with
-  // this profile.  The TransportSecurityState is lazily created the
-  // first time that this method is called.
-  virtual net::TransportSecurityState* GetTransportSecurityState() = 0;
-
   // Retrieves a pointer to the FaviconService associated with this
   // profile.  The FaviconService is lazily created the first time
   // that this method is called.
@@ -504,6 +497,11 @@ class Profile : public content::BrowserContext {
   // Returns the Predictor object used for dns prefetch.
   virtual chrome_browser_net::Predictor* GetNetworkPredictor() = 0;
 
+  // Deletes transport security state since |time|. The implementation
+  // is free to run this on a background thread, so when this method
+  // returns data is not guaranteed to be deleted.
+  virtual void DeleteTransportSecurityStateSince(base::Time time) = 0;
+
   std::string GetDebugName();
 
   // Returns whether it is a guest session.

chrome/browser/profiles/profile_impl.cc

@@ -950,22 +950,6 @@ SSLHostState* ProfileImpl::GetSSLHostState() {
   return ssl_host_state_.get();
 }
 
-net::TransportSecurityState*
-    ProfileImpl::GetTransportSecurityState() {
-  if (!transport_security_state_.get()) {
-    transport_security_state_ = new net::TransportSecurityState(
-        CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-            switches::kHstsHosts));
-    transport_security_persister_ =
-        new TransportSecurityPersister(transport_security_state_.get(),
-                                       path_,
-                                       false /* read-write */);
-    transport_security_persister_->Init();
-  }
-
-  return transport_security_state_.get();
-}
-
 void ProfileImpl::OnPrefsLoaded(bool success) {
   if (!success) {
     DCHECK(delegate_);
@@ -1828,6 +1812,10 @@ chrome_browser_net::Predictor* ProfileImpl::GetNetworkPredictor() {
   return predictor_;
 }
 
+void ProfileImpl::DeleteTransportSecurityStateSince(base::Time time) {
+  io_data_.DeleteTransportSecurityStateSince(time);
+}
+
 SpellCheckProfile* ProfileImpl::GetSpellCheckProfile() {
   if (!spellcheck_profile_.get())
     spellcheck_profile_.reset(new SpellCheckProfile());

chrome/browser/profiles/profile_impl.h

@@ -58,7 +58,6 @@ class ProfileImpl : public Profile,
   virtual VisitedLinkMaster* GetVisitedLinkMaster();
   virtual UserScriptMaster* GetUserScriptMaster();
   virtual SSLHostState* GetSSLHostState();
-  virtual net::TransportSecurityState* GetTransportSecurityState();
   virtual ExtensionService* GetExtensionService();
   virtual ExtensionDevToolsManager* GetExtensionDevToolsManager();
   virtual ExtensionProcessManager* GetExtensionProcessManager();
@@ -124,6 +123,7 @@ class ProfileImpl : public Profile,
   virtual PromoCounter* GetInstantPromoCounter();
   virtual ChromeURLDataManager* GetChromeURLDataManager();
   virtual chrome_browser_net::Predictor* GetNetworkPredictor();
+  virtual void DeleteTransportSecurityStateSince(base::Time time);
 
 #if defined(OS_CHROMEOS)
   virtual void ChangeAppLocale(const std::string& locale, AppLocaleChangedVia);
@@ -209,10 +209,6 @@ class ProfileImpl : public Profile,
   scoped_refptr<ExtensionSpecialStoragePolicy>
       extension_special_storage_policy_;
   scoped_ptr<SSLHostState> ssl_host_state_;
-  scoped_refptr<net::TransportSecurityState>
-      transport_security_state_;
-  scoped_refptr<TransportSecurityPersister>
-      transport_security_persister_;
   scoped_ptr<prerender::PrerenderManager> prerender_manager_;
   scoped_ptr<NetPrefObserver> net_pref_observer_;
   scoped_ptr<TemplateURLFetcher> template_url_fetcher_;

chrome/browser/profiles/profile_impl_io_data.cc

@@ -29,6 +29,16 @@
 #include "net/http/http_cache.h"
 #include "net/url_request/url_request_job_factory.h"
 
+namespace {
+
+void DeleteTransportSecurityStateSinceOnIOThread(
+    ProfileImplIOData* io_data, base::Time time) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  io_data->transport_security_state()->DeleteSince(time);
+}
+
+}  // namespace
+
 ProfileImplIOData::Handle::Handle(Profile* profile)
     : io_data_(new ProfileImplIOData),
       profile_(profile),
@@ -176,6 +186,19 @@ ProfileImplIOData::Handle::GetIsolatedAppRequestContextGetter(
   return context;
 }
 
+void ProfileImplIOData::Handle::DeleteTransportSecurityStateSince(
+    base::Time time) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  LazyInitialize();
+
+  BrowserThread::PostTask(
+      BrowserThread::IO, FROM_HERE,
+      base::Bind(
+          &DeleteTransportSecurityStateSinceOnIOThread,
+          io_data_,
+          time));
+}
+
 void ProfileImplIOData::Handle::LazyInitialize() const {
   if (!initialized_) {
     io_data_->InitializeOnUIThread(profile_);
@@ -225,6 +248,11 @@ void ProfileImplIOData::LazyInitializeInternal(
   ApplyProfileParamsToContext(media_request_context_);
   ApplyProfileParamsToContext(extensions_context);
 
+  main_context->set_transport_security_state(transport_security_state());
+  media_request_context_->set_transport_security_state(
+      transport_security_state());
+  extensions_context->set_transport_security_state(transport_security_state());
+
   main_context->set_net_log(io_thread->net_log());
   media_request_context_->set_net_log(io_thread->net_log());
   extensions_context->set_net_log(io_thread->net_log());

chrome/browser/profiles/profile_impl_io_data.h

@@ -58,6 +58,8 @@ class ProfileImplIOData : public ProfileIOData {
         GetIsolatedAppRequestContextGetter(
             const std::string& app_id) const;
 
+    void DeleteTransportSecurityStateSince(base::Time time);
+
    private:
     typedef base::hash_map<std::string,
                            scoped_refptr<ChromeURLRequestContextGetter> >

chrome/browser/profiles/profile_io_data.cc

@@ -33,6 +33,7 @@
 #include "chrome/browser/prerender/prerender_manager.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/transport_security_persister.h"
 #include "chrome/browser/ui/webui/chrome_url_data_manager_backend.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
@@ -194,6 +195,7 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
   PrefService* pref_service = profile->GetPrefs();
 
   scoped_ptr<ProfileParams> params(new ProfileParams);
+  params->path = profile->GetPath();
   params->is_incognito = profile->IsOffTheRecord();
   params->clear_local_state_on_exit =
       pref_service->GetBoolean(prefs::kClearSiteDataOnExit);
@@ -225,7 +227,6 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) {
 
   params->host_content_settings_map = profile->GetHostContentSettingsMap();
   params->host_zoom_map = profile->GetHostZoomMap();
-  params->transport_security_state = profile->GetTransportSecurityState();
   params->ssl_config_service = profile->GetSSLConfigService();
   base::Callback<Profile*(void)> profile_getter =
       base::Bind(&GetProfileOnUI, g_browser_process->profile_manager(),
@@ -429,6 +430,13 @@ void ProfileIOData::LazyInitialize() const {
           profile_params_->proxy_config_service.release(),
           command_line));
 
+  transport_security_state_ = new net::TransportSecurityState(
+      command_line.GetSwitchValueASCII(switches::kHstsHosts));
+  transport_security_persister_.reset(
+      new TransportSecurityPersister(transport_security_state_.get(),
+                                     profile_params_->path,
+                                     !profile_params_->is_incognito));
+
   // NOTE(willchan): Keep these protocol handlers in sync with
   // ProfileIOData::IsHandledProtocol().
   job_factory_.reset(new net::URLRequestJobFactory);
@@ -510,8 +518,6 @@ void ProfileIOData::ApplyProfileParamsToContext(
   context->set_accept_language(profile_params_->accept_language);
   context->set_accept_charset(profile_params_->accept_charset);
   context->set_referrer_charset(profile_params_->referrer_charset);
-  context->set_transport_security_state(
-      profile_params_->transport_security_state);
   context->set_ssl_config_service(profile_params_->ssl_config_service);
 }
 

chrome/browser/profiles/profile_io_data.h

@@ -29,6 +29,7 @@ class HostZoomMap;
 class IOThread;
 class Profile;
 class ProtocolHandlerRegistry;
+class TransportSecurityPersister;
 
 namespace fileapi {
 class FileSystemContext;
@@ -112,6 +113,10 @@ class ProfileIOData {
     return &safe_browsing_enabled_;
   }
 
+  net::TransportSecurityState* transport_security_state() const {
+    return transport_security_state_.get();
+  }
+
  protected:
   class AppRequestContext : public ChromeURLRequestContext {
    public:
@@ -132,6 +137,7 @@ class ProfileIOData {
     ProfileParams();
     ~ProfileParams();
 
+    FilePath path;
     bool is_incognito;
     bool clear_local_state_on_exit;
     std::string accept_language;
@@ -140,7 +146,6 @@ class ProfileIOData {
     IOThread* io_thread;
     scoped_refptr<HostContentSettingsMap> host_content_settings_map;
     scoped_refptr<HostZoomMap> host_zoom_map;
-    scoped_refptr<net::TransportSecurityState> transport_security_state;
     scoped_refptr<net::SSLConfigService> ssl_config_service;
     scoped_refptr<net::CookieMonster::Delegate> cookie_monster_delegate;
     scoped_refptr<webkit_database::DatabaseTracker> database_tracker;
@@ -272,6 +277,7 @@ class ProfileIOData {
   mutable scoped_ptr<net::NetworkDelegate> network_delegate_;
   mutable scoped_ptr<net::DnsCertProvenanceChecker> dns_cert_checker_;
   mutable scoped_ptr<net::ProxyService> proxy_service_;
+  mutable scoped_refptr<net::TransportSecurityState> transport_security_state_;
   mutable scoped_ptr<net::URLRequestJobFactory> job_factory_;
 
   // Pointed to by ResourceContext.
@@ -291,6 +297,9 @@ class ProfileIOData {
 
   mutable ResourceContext resource_context_;
 
+  mutable scoped_ptr<TransportSecurityPersister>
+      transport_security_persister_;
+
   // These are only valid in between LazyInitialize() and their accessor being
   // called.
   mutable scoped_refptr<ChromeURLRequestContext> main_request_context_;

chrome/browser/transport_security_persister.cc

@@ -4,6 +4,7 @@
 
 #include "chrome/browser/transport_security_persister.h"
 
+#include "base/bind.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/message_loop.h"
@@ -12,6 +13,42 @@
 #include "content/browser/browser_thread.h"
 #include "net/base/transport_security_state.h"
 
+class TransportSecurityPersister::Loader {
+ public:
+  Loader(const base::WeakPtr<TransportSecurityPersister>& persister,
+         const FilePath& path)
+      : persister_(persister),
+        path_(path),
+        state_valid_(false) {
+  }
+
+  void Load() {
+    DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
+    state_valid_ = file_util::ReadFileToString(path_, &state_);
+  }
+
+  void CompleteLoad() {
+    DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+    // Make sure we're deleted.
+    scoped_ptr<Loader> deleter(this);
+
+    if (!persister_ || !state_valid_)
+      return;
+    persister_->CompleteLoad(state_);
+  }
+
+ private:
+  base::WeakPtr<TransportSecurityPersister> persister_;
+
+  FilePath path_;
+
+  std::string state_;
+  bool state_valid_;
+
+  DISALLOW_COPY_AND_ASSIGN(Loader);
+};
+
 TransportSecurityPersister::TransportSecurityPersister(
     net::TransportSecurityState* state,
     const FilePath& profile_path,
@@ -19,40 +56,28 @@ TransportSecurityPersister::TransportSecurityPersister(
     : transport_security_state_(state),
       writer_(profile_path.AppendASCII("TransportSecurity"),
               BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE)),
-      readonly_(readonly) {
-  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+      readonly_(readonly),
+      weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
 
   transport_security_state_->SetDelegate(this);
+
+  Loader* loader = new Loader(weak_ptr_factory_.GetWeakPtr(), writer_.path());
+  BrowserThread::PostTaskAndReply(
+      BrowserThread::FILE, FROM_HERE,
+      base::Bind(&Loader::Load, base::Unretained(loader)),
+      base::Bind(&Loader::CompleteLoad, base::Unretained(loader)));
 }
 
 TransportSecurityPersister::~TransportSecurityPersister() {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
   if (writer_.HasPendingWrite())
     writer_.DoScheduledWrite();
 
   transport_security_state_->SetDelegate(NULL);
 }
 
-void TransportSecurityPersister::Init() {
-  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  BrowserThread::PostTask(
-      BrowserThread::FILE, FROM_HERE,
-      NewRunnableMethod(this, &TransportSecurityPersister::Load));
-}
-
-void TransportSecurityPersister::Load() {
-  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
-
-  std::string state;
-  if (!file_util::ReadFileToString(writer_.path(), &state))
-    return;
-
-  BrowserThread::PostTask(
-      BrowserThread::IO, FROM_HERE,
-      NewRunnableMethod(this,
-                        &TransportSecurityPersister::CompleteLoad,
-                        state));
-}
-
 void TransportSecurityPersister::CompleteLoad(const std::string& state) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
 
@@ -75,5 +100,6 @@ void TransportSecurityPersister::StateIsDirty(
 }
 
 bool TransportSecurityPersister::SerializeData(std::string* data) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   return transport_security_state_->Serialise(data);
 }

chrome/browser/transport_security_persister.h

@@ -37,24 +37,20 @@
 #include <string>
 
 #include "base/file_path.h"
-#include "base/memory/ref_counted.h"
+#include "base/memory/weak_ptr.h"
 #include "chrome/common/important_file_writer.h"
-#include "content/browser/browser_thread.h"
 #include "net/base/transport_security_state.h"
 
+// Reads and updates on-disk TransportSecurity state.
+// Must be created, used and destroyed only on the IO thread.
 class TransportSecurityPersister
-    : public base::RefCountedThreadSafe<TransportSecurityPersister,
-                                        BrowserThread::DeleteOnUIThread>,
-      public net::TransportSecurityState::Delegate,
+    : public net::TransportSecurityState::Delegate,
       public ImportantFileWriter::DataSerializer {
  public:
   TransportSecurityPersister(net::TransportSecurityState* state,
                              const FilePath& profile_path,
                              bool readonly);
-
-  // Starts transport security data load on a background thread.
-  // Must be called on the UI thread right after construction.
-  void Init();
+  virtual ~TransportSecurityPersister();
 
   // Called by the TransportSecurityState when it changes its state.
   virtual void StateIsDirty(net::TransportSecurityState*);
@@ -63,15 +59,10 @@ class TransportSecurityPersister
   virtual bool SerializeData(std::string* data);
 
  private:
-  friend struct BrowserThread::DeleteOnThread<BrowserThread::UI>;
-  friend class DeleteTask<TransportSecurityPersister>;
+  class Loader;
 
-  virtual ~TransportSecurityPersister();
-
-  void Load();
   void CompleteLoad(const std::string& state);
 
-  // IO thread only.
   scoped_refptr<net::TransportSecurityState> transport_security_state_;
 
   // Helper for safely writing the data.
@@ -80,6 +71,8 @@ class TransportSecurityPersister
   // Whether or not we're in read-only mode.
   const bool readonly_;
 
+  base::WeakPtrFactory<TransportSecurityPersister> weak_ptr_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(TransportSecurityPersister);
 };
 

chrome/test/base/testing_profile.cc

@@ -460,10 +460,6 @@ SSLHostState* TestingProfile::GetSSLHostState() {
   return NULL;
 }
 
-net::TransportSecurityState* TestingProfile::GetTransportSecurityState() {
-  return NULL;
-}
-
 FaviconService* TestingProfile::GetFaviconService(ServiceAccessType access) {
   return favicon_service_.get();
 }
@@ -793,6 +789,10 @@ chrome_browser_net::Predictor* TestingProfile::GetNetworkPredictor() {
   return NULL;
 }
 
+void TestingProfile::DeleteTransportSecurityStateSince(base::Time time) {
+  NOTIMPLEMENTED();
+}
+
 PrefService* TestingProfile::GetOffTheRecordPrefs() {
   return NULL;
 }

chrome/test/base/testing_profile.h

@@ -166,7 +166,6 @@ class TestingProfile : public Profile {
       ExtensionSpecialStoragePolicy* extension_special_storage_policy);
   virtual ExtensionSpecialStoragePolicy* GetExtensionSpecialStoragePolicy();
   virtual SSLHostState* GetSSLHostState();
-  virtual net::TransportSecurityState* GetTransportSecurityState();
   virtual FaviconService* GetFaviconService(ServiceAccessType access);
   virtual HistoryService* GetHistoryService(ServiceAccessType access);
   virtual HistoryService* GetHistoryServiceWithoutCreating();
@@ -281,6 +280,7 @@ class TestingProfile : public Profile {
   virtual ChromeURLDataManager* GetChromeURLDataManager();
   virtual prerender::PrerenderManager* GetPrerenderManager();
   virtual chrome_browser_net::Predictor* GetNetworkPredictor();
+  virtual void DeleteTransportSecurityStateSince(base::Time time);
   virtual PrefService* GetOffTheRecordPrefs();
 
   // TODO(jam): remove me once webkit_context_unittest.cc doesn't use Profile

net/base/transport_security_state.h

@@ -24,6 +24,9 @@ namespace net {
 // Tracks which hosts have enabled *-Transport-Security. This object manages
 // the in-memory store. A separate object must register itself with this object
 // in order to persist the state to disk.
+//
+// TODO(phajdan.jr): Convert this to non-thread-safe non-ref-counted
+// for simplicity.
 class NET_EXPORT TransportSecurityState :
     public base::RefCountedThreadSafe<TransportSecurityState> {
  public: