Replace SafeBrowsing MAC with downloads over SSL.

BUG=119662 TEST=updated unittests, ran Chrome and verified SB functionality on new profile Review URL: http://codereview.chromium.org/10069031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132456 0039d316-1c4b-4281-b951-d872f2087c98

Replace SafeBrowsing MAC with downloads over SSL.
BUG=119662 TEST=updated unittests, ran Chrome and verified SB functionality on new profile Review URL: http://codereview.chromium.org/10069031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132456 0039d316-1c4b-4281-b951-d872f2087c98
ce82c057 · bryner@chromium.org · c7ebcb98 · ce82c057 · ce82c057 · ce82c057
Commit ce82c057 authored Apr 16, 2012 by bryner@chromium.org
15 changed files
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -46,7 +46,6 @@
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/renderer_host/web_cache_manager.h"
-#include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/search_engines/template_url_prepopulate_data.h"
 #include "chrome/browser/tabs/pinned_tab_codec.h"
 #include "chrome/browser/task_manager/task_manager.h"
@@ -130,10 +129,6 @@ void RegisterLocalState(PrefService* local_state) {
  NotificationPrefsManager::RegisterPrefs(local_state);
 #endif
-#if defined(ENABLE_SAFE_BROWSING)
-  SafeBrowsingService::RegisterPrefs(local_state);
-#endif
 #if defined(ENABLE_TASK_MANAGER)
  TaskManager::RegisterPrefs(local_state);
 #endif  // defined(ENABLE_TASK_MANAGER)

--- a/chrome/browser/safe_browsing/protocol_manager.cc
+++ b/chrome/browser/safe_browsing/protocol_manager.cc
--- a/chrome/browser/safe_browsing/protocol_manager.h
+++ b/chrome/browser/safe_browsing/protocol_manager.h
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
@@ -49,11 +49,8 @@ class SBProtocolManagerFactory {
  virtual SafeBrowsingProtocolManager* CreateProtocolManager(
      SafeBrowsingService* sb_service,
      const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
      net::URLRequestContextGetter* request_context_getter,
-      const std::string& info_url_prefix,
+      const std::string& url_prefix,
-      const std::string& mackey_url_prefix,
      bool disable_auto_update) = 0;
 private:
  DISALLOW_COPY_AND_ASSIGN(SBProtocolManagerFactory);
@@ -65,7 +62,6 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest, TestGetHashUrl);
  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest,
                           TestGetHashBackOffTimes);
-  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest, TestMacKeyUrl);
  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest,
                           TestSafeBrowsingHitUrl);
  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest,
@@ -87,11 +83,8 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  static SafeBrowsingProtocolManager* Create(
      SafeBrowsingService* sb_service,
      const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
      net::URLRequestContextGetter* request_context_getter,
-      const std::string& info_url_prefix,
+      const std::string& url_prefix,
-      const std::string& mackey_url_prefix,
      bool disable_auto_update);
  // Sets up the update schedule and internal state for making periodic requests
@@ -136,8 +129,6 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  // malware reports. |report| is the serialized report.
  void ReportMalwareDetails(const std::string& report);
-  bool is_initial_request() const { return initial_request_; }
  // The last time we received an update.
  base::Time last_update() const { return last_update_; }
@@ -193,11 +184,8 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  SafeBrowsingProtocolManager(
      SafeBrowsingService* sb_service,
      const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
      net::URLRequestContextGetter* request_context_getter,
-      const std::string& http_url_prefix,
+      const std::string& url_prefix,
-      const std::string& https_url_prefix,
      bool disable_auto_update);
 private:
@@ -210,13 +198,11 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
    NO_REQUEST = 0,     // No requests in progress
    UPDATE_REQUEST,     // Request for redirect URLs
    CHUNK_REQUEST,      // Request for a specific chunk
-    GETKEY_REQUEST      // Update the client's MAC key
  };
-  // Composes a URL using |prefix|, |method| (e.g.: gethash, download,
+  // Composes a URL using |prefix|, |method| (e.g.: gethash, download, report).
-  // newkey, report), |client_name| and |version|. When not empty,
+  // |client_name| and |version|. When not empty, |additional_query| is
-  // |additional_query| is appended to the URL with an additional "&"
+  // appended to the URL with an additional "&" in the front.
-  // in the front.
  static std::string ComposeUrl(const std::string& prefix,
                                const std::string& method,
                                const std::string& client_name,
@@ -224,13 +210,9 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
                                const std::string& additional_query);
  // Generates Update URL for querying about the latest set of chunk updates.
-  // Append "wrkey=xxx" to the URL when |use_mac| is true.
+  GURL UpdateUrl() const;
-  GURL UpdateUrl(bool use_mac) const;
  // Generates GetHash request URL for retrieving full hashes.
-  // Append "wrkey=xxx" to the URL when |use_mac| is true.
+  GURL GetHashUrl() const;
-  GURL GetHashUrl(bool use_mac) const;
-  // Generates new MAC client key request URL.
-  GURL MacKeyUrl() const;
  // Generates URL for reporting safe browsing hits for UMA users.
  GURL SafeBrowsingHitUrl(
      const GURL& malicious_url, const GURL& page_url, const GURL& referrer_url,
@@ -269,23 +251,15 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  // Sends a request for a chunk to the SafeBrowsing servers.
  void IssueChunkRequest();
-  // Gets a key from the SafeBrowsing servers for use with MAC. This should only
-  // be called once per client unless the server directly tells us to update.
-  void IssueKeyRequest();
  // Formats a string returned from the database into:
-  //   "list_name;a:<add_chunk_ranges>:s:<sub_chunk_ranges>:mac\n"
+  //   "list_name;a:<add_chunk_ranges>:s:<sub_chunk_ranges>\n"
-  static std::string FormatList(const SBListChunkRanges& list, bool use_mac);
+  static std::string FormatList(const SBListChunkRanges& list);
  // Runs the protocol parser on received data and update the
  // SafeBrowsingService with the new content. Returns 'true' on successful
  // parse, 'false' on error.
  bool HandleServiceResponse(const GURL& url, const char* data, int length);
-  // If the SafeBrowsing service wants us to re-key, we clear our key state and
-  // issue the request.
-  void HandleReKey();
  // Updates internal state for each GetHash response error, assuming that the
  // current time is |now|.
  void HandleGetHashError(const base::Time& now);
@@ -332,7 +306,7 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  int next_update_sec_;
  base::OneShotTimer<SafeBrowsingProtocolManager> update_timer_;
-  // All chunk requests that need to be made, along with their MAC.
+  // All chunk requests that need to be made.
  std::deque<ChunkUrl> chunk_request_urls_;
  // Map of GetHash requests.
@@ -348,19 +322,10 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  };
  UpdateRequestState update_state_;
-  // We'll attempt to get keys once per browser session if we don't already have
-  // them. They are not essential to operation, but provide a layer of
-  // verification.
-  bool initial_request_;
  // True if the service has been given an add/sub chunk but it hasn't been
  // added to the database yet.
  bool chunk_pending_to_write_;
-  // The keys used for MAC. Empty keys mean we aren't using MAC.
-  std::string client_key_;
-  std::string wrapped_key_;
  // The last time we successfully received an update.
  base::Time last_update_;
@@ -384,19 +349,16 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
  std::string client_name_;
  // A string that is appended to the end of URLs for download, gethash,
-  // newkey, safebrowsing hits and chunk update requests.
+  // safebrowsing hits and chunk update requests.
  std::string additional_query_;
  // The context we use to issue network requests.
  scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
  // URL prefix where browser fetches safebrowsing chunk updates, hashes, and
-  // reports hits to the safebrowsing list for UMA users.
+  // reports hits to the safebrowsing list and sends detaild malware reports
-  std::string http_url_prefix_;
+  // for UMA users.
+  std::string url_prefix_;
-  // URL prefix where browser fetches MAC client key, and reports detailed
-  // malware reports for users who opt-in.
-  std::string https_url_prefix_;
  // When true, protocol manager will not start an update unless
  // ForceScheduleNextUpdate() is called. This is set for testing purpose.

--- a/chrome/browser/safe_browsing/protocol_manager_unittest.cc
+++ b/chrome/browser/safe_browsing/protocol_manager_unittest.cc
--- a/chrome/browser/safe_browsing/protocol_parser.cc
+++ b/chrome/browser/safe_browsing/protocol_parser.cc
@@ -44,8 +44,6 @@ SafeBrowsingProtocolParser::SafeBrowsingProtocolParser() {
 bool SafeBrowsingProtocolParser::ParseGetHash(
    const char* chunk_data,
    int chunk_len,
-    const std::string& key,
-    bool* re_key,
    std::vector<SBFullHashResult>* full_hashes) {
  full_hashes->clear();
  int length = chunk_len;
@@ -53,23 +51,6 @@ bool SafeBrowsingProtocolParser::ParseGetHash(
  int offset;
  std::string line;
-  if (!key.empty()) {
-    if (!GetLine(data, length, &line))
-      return false;  // Error! Bad GetHash result.
-    if (line == "e:pleaserekey") {
-      *re_key = true;
-      return true;
-    }
-    offset = static_cast<int>(line.size()) + 1;
-    data += offset;
-    length -= offset;
-    if (!safe_browsing_util::VerifyMAC(key, line, data, length))
-      return false;
-  }
  while (length > 0) {
    if (!GetLine(data, length, &line))
      return false;
@@ -125,9 +106,7 @@ void SafeBrowsingProtocolParser::FormatGetHash(
 bool SafeBrowsingProtocolParser::ParseUpdate(
    const char* chunk_data,
    int chunk_len,
-    const std::string& key,
    int* next_update_sec,
-    bool* re_key,
    bool* reset,
    std::vector<SBChunkDelete>* deletes,
    std::vector<ChunkUrl>* chunk_urls) {
@@ -141,12 +120,6 @@ bool SafeBrowsingProtocolParser::ParseUpdate(
  // Populated below.
  std::string list_name;
-  // If we requested the MAC, the response must start with a MAC command.
-  // This test ensures it is present, the value will be verified in the
-  // switch statement below.
-  if (!key.empty() && (length < 1 || data[0] != 'm'))
-    return false;
  while (length > 0) {
    std::string cmd_line;
    if (!GetLine(data, length, &cmd_line))
@@ -184,50 +157,20 @@ bool SafeBrowsingProtocolParser::ParseUpdate(
        break;
      }
-      case 'e':
-        if (cmd_parts[1] != "pleaserekey")
-          return false;
-        *re_key = true;
-        break;
      case 'i':
        // The line providing the name of the list (i.e. 'goog-phish-shavar').
        list_name = cmd_parts[1];
        break;
-      case 'm':
-        // Verify that the MAC of the remainer of this chunk is what we expect.
-        if (!key.empty() &&
-            !safe_browsing_util::VerifyMAC(key, cmd_parts[1], data, length))
-          return false;
-        break;
      case 'n':
        // The line providing the next earliest time (in seconds) to re-query.
        *next_update_sec = atoi(cmd_parts[1].c_str());
        break;
      case 'u': {
-        // The redirect command is of the form: u:<url>,<mac> where <url> can
-        // contain multiple colons, commas or any valid URL characters. We scan
-        // backwards in the string looking for the first ',' we encounter and
-        // assume that everything before that is the URL and everything after
-        // is the MAC (if the MAC was requested).
-        std::string mac;
-        std::string redirect_url(cmd_line, 2);  // Skip the initial "u:".
-        if (!key.empty()) {
-          std::string::size_type mac_pos = redirect_url.rfind(',');
-          if (mac_pos == std::string::npos)
-            return false;
-          mac = redirect_url.substr(mac_pos + 1);
-          redirect_url = redirect_url.substr(0, mac_pos);
-        }
        ChunkUrl chunk_url;
-        chunk_url.url = redirect_url;
+        chunk_url.url = cmd_line.substr(2);  // Skip the initial "u:".
        chunk_url.list_name = list_name;
-        if (!key.empty())
-          chunk_url.mac = mac;
        chunk_urls->push_back(chunk_url);
        break;
      }
@@ -250,18 +193,10 @@ bool SafeBrowsingProtocolParser::ParseUpdate(
 bool SafeBrowsingProtocolParser::ParseChunk(const std::string& list_name,
                                            const char* data,
                                            int length,
-                                            const std::string& key,
-                                            const std::string& mac,
-                                            bool* re_key,
                                            SBChunkList* chunks) {
  int remaining = length;
  const char* chunk_data = data;
-  if (!key.empty() &&
-      !safe_browsing_util::VerifyMAC(key, mac, data, length)) {
-    return false;
-  }
  while (remaining > 0) {
    std::string cmd_line;
    if (!GetLine(chunk_data, length, &cmd_line))
@@ -272,15 +207,7 @@ bool SafeBrowsingProtocolParser::ParseChunk(const std::string& list_name,
    remaining -= line_len;
    std::vector<std::string> cmd_parts;
    base::SplitString(cmd_line, ':', &cmd_parts);
-    // Handle a possible re-key command.
    if (cmd_parts.size() != 4) {
-      if (cmd_parts.size() == 2 &&
-          cmd_parts[0] == "e" &&
-          cmd_parts[1] == "pleaserekey") {
-        *re_key = true;
-        continue;
-      }
      return false;
    }
@@ -485,45 +412,3 @@ bool SafeBrowsingProtocolParser::ReadPrefixes(
  return true;
 }
-bool SafeBrowsingProtocolParser::ParseNewKey(const char* chunk_data,
-                                             int chunk_length,
-                                             std::string* client_key,
-                                             std::string* wrapped_key) {
-  DCHECK(client_key && wrapped_key);
-  client_key->clear();
-  wrapped_key->clear();
-  const char* data = chunk_data;
-  int remaining = chunk_length;
-  while (remaining > 0) {
-    std::string line;
-    if (!GetLine(data, remaining, &line))
-      return false;
-    std::vector<std::string> cmd_parts;
-    base::SplitString(line, ':', &cmd_parts);
-    if (cmd_parts.size() != 3)
-      return false;
-    if (static_cast<int>(cmd_parts[2].size()) != atoi(cmd_parts[1].c_str()))
-      return false;
-    if (cmd_parts[0] == "clientkey") {
-      client_key->assign(cmd_parts[2]);
-    } else if (cmd_parts[0] == "wrappedkey") {
-      wrapped_key->assign(cmd_parts[2]);
-    } else {
-      return false;
-    }
-    data += line.size() + 1;
-    remaining -= static_cast<int>(line.size()) + 1;
-  }
-  if (client_key->empty() || wrapped_key->empty())
-    return false;
-  return true;
-}
--- a/chrome/browser/safe_browsing/protocol_parser.h
+++ b/chrome/browser/safe_browsing/protocol_parser.h
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
@@ -56,18 +56,13 @@ class SafeBrowsingProtocolParser {
  // Parse the response of an update request. Results for chunk deletions (both
  // add-del and sub-del are returned in 'chunk_deletes', and new chunk URLs to
  // download are contained in 'chunk_urls'. The next time the client is allowed
-  // to request another update is returned in 'next_update_sec'. If the service
+  // to request another update is returned in 'next_update_sec'. 'reset' will
-  // wants us to retrieve new MAC keys, 're_key' will be set to true. If we are
+  // be set to true if the SafeBrowsing service wants us to dump our database.
-  // using MACs to verify responses, the 'key' must be set to the private key
-  // returned from the SafeBrowsing servers. 'reset' will be set to true if the
-  // SafeBrowsing service wants us to dump our database.
  // Returns 'true'if it was able to decode the chunk properly, 'false' if not
  // decoded properly and the results should be ignored.
  bool ParseUpdate(const char* chunk_data,
                   int chunk_len,
-                   const std::string& key,
                   int* next_update_sec,
-                   bool* re_key,
                   bool* reset,
                   std::vector<SBChunkDelete>* chunk_deletes,
                   std::vector<ChunkUrl>* chunk_urls);
@@ -78,30 +73,17 @@ class SafeBrowsingProtocolParser {
  bool ParseChunk(const std::string& list_name,
                  const char* chunk_data,
                  int chunk_len,
-                  const std::string& key,
-                  const std::string& mac,
-                  bool* re_key,
                  SBChunkList* chunks);
  // Parse the result of a GetHash request, returning the list of full hashes.
-  // If we are checking for valid MACs, the caller should populate 'key'.
  bool ParseGetHash(const char* chunk_data,
                    int chunk_len,
-                    const std::string& key,
-                    bool* re_key,
                    std::vector<SBFullHashResult>* full_hashes);
  // Convert a list of partial hashes into a proper GetHash request.
  void FormatGetHash(const std::vector<SBPrefix>& prefixes,
                     std::string* request);
-  // Parse the keys used for subsequent communications with the SafeBrowsing
-  // servers. Returns true on successful parse, false on parse error.
-  bool ParseNewKey(const char* chunk_data,
-                   int chunk_length,
-                   std::string* client_key,
-                   std::string* wrapped_key);
 private:
  bool ParseAddChunk(const std::string& list_name,
                     const char* data,

--- a/chrome/browser/safe_browsing/protocol_parser_unittest.cc
+++ b/chrome/browser/safe_browsing/protocol_parser_unittest.cc
--- a/chrome/browser/safe_browsing/safe_browsing_service.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_service.cc
@@ -59,14 +59,9 @@ namespace {
 const FilePath::CharType kCookiesFile[] = FILE_PATH_LITERAL(" Cookies");
 // The default URL prefix where browser fetches chunk updates, hashes,
-// and reports safe browsing hits.
+// and reports safe browsing hits and malware details.
-const char* const kSbDefaultInfoURLPrefix =
+const char* const kSbDefaultURLPrefix =
-    "http://safebrowsing.clients.google.com/safebrowsing";
+    "https://safebrowsing.google.com/safebrowsing";
-// The default URL prefix where browser fetches MAC client key and reports
-// malware details.
-const char* const kSbDefaultMacKeyURLPrefix =
-    "https://sb-ssl.google.com/safebrowsing";
 // When download url check takes this long, client's callback will be called
 // without waiting for the result.
@@ -586,26 +581,11 @@ void SafeBrowsingService::OnBlockingPageDone(
  }
 }
-void SafeBrowsingService::OnNewMacKeys(const std::string& client_key,
-                                       const std::string& wrapped_key) {
-  PrefService* prefs = g_browser_process->local_state();
-  if (prefs) {
-    prefs->SetString(prefs::kSafeBrowsingClientKey, client_key);
-    prefs->SetString(prefs::kSafeBrowsingWrappedKey, wrapped_key);
-  }
-}
 net::URLRequestContextGetter* SafeBrowsingService::url_request_context() {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
  return url_request_context_getter_.get();
 }
-// static
-void SafeBrowsingService::RegisterPrefs(PrefService* prefs) {
-  prefs->RegisterStringPref(prefs::kSafeBrowsingClientKey, "");
-  prefs->RegisterStringPref(prefs::kSafeBrowsingWrappedKey, "");
-}
 void SafeBrowsingService::ResetDatabase() {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
  DCHECK(enabled_);
@@ -653,9 +633,7 @@ void SafeBrowsingService::DestroyURLRequestContextOnIOThread() {
  url_request_context_ = NULL;
 }
-void SafeBrowsingService::StartOnIOThread(
+void SafeBrowsingService::StartOnIOThread() {
-    const std::string& client_key,
-    const std::string& wrapped_key) {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
  if (enabled_)
    return;
@@ -686,24 +664,17 @@ void SafeBrowsingService::StartOnIOThread(
  bool disable_auto_update =
      cmdline->HasSwitch(switches::kSbDisableAutoUpdate) ||
      cmdline->HasSwitch(switches::kDisableBackgroundNetworking);
-  std::string info_url_prefix =
+  std::string url_prefix =
-      cmdline->HasSwitch(switches::kSbInfoURLPrefix) ?
+      cmdline->HasSwitch(switches::kSbURLPrefix) ?
-      cmdline->GetSwitchValueASCII(switches::kSbInfoURLPrefix) :
+      cmdline->GetSwitchValueASCII(switches::kSbURLPrefix) :
-      kSbDefaultInfoURLPrefix;
+      kSbDefaultURLPrefix;
-  std::string mackey_url_prefix =
-      cmdline->HasSwitch(switches::kSbMacKeyURLPrefix) ?
-      cmdline->GetSwitchValueASCII(switches::kSbMacKeyURLPrefix) :
-      kSbDefaultMacKeyURLPrefix;
  DCHECK(!protocol_manager_);
  protocol_manager_ =
      SafeBrowsingProtocolManager::Create(this,
                                          client_name,
-                                          client_key,
-                                          wrapped_key,
                                          url_request_context_getter_,
-                                          info_url_prefix,
+                                          url_prefix,
-                                          mackey_url_prefix,
                                          disable_auto_update);
  protocol_manager_->Initialize();
@@ -1005,17 +976,6 @@ void SafeBrowsingService::DatabaseUpdateFinished(bool update_succeeded) {
 void SafeBrowsingService::Start() {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  // Retrieve client MAC keys.
-  PrefService* local_state = g_browser_process->local_state();
-  DCHECK(local_state);
-  std::string client_key, wrapped_key;
-  if (local_state) {
-    client_key =
-      local_state->GetString(prefs::kSafeBrowsingClientKey);
-    wrapped_key =
-      local_state->GetString(prefs::kSafeBrowsingWrappedKey);
-  }
  CommandLine* cmdline = CommandLine::ForCurrentProcess();
  enable_download_protection_ =
      !cmdline->HasSwitch(switches::kSbDisableDownloadProtection);
@@ -1039,8 +999,7 @@ void SafeBrowsingService::Start() {
  BrowserThread::PostTask(
      BrowserThread::IO, FROM_HERE,
-      base::Bind(&SafeBrowsingService::StartOnIOThread,
+      base::Bind(&SafeBrowsingService::StartOnIOThread, this));
-                 this, client_key, wrapped_key));
 }
 void SafeBrowsingService::Stop() {

--- a/chrome/browser/safe_browsing/safe_browsing_service.h
+++ b/chrome/browser/safe_browsing/safe_browsing_service.h
@@ -263,11 +263,6 @@ class SafeBrowsingService
  void OnBlockingPageDone(const std::vector<UnsafeResource>& resources,
                          bool proceed);
-  // Called on the UI thread when the SafeBrowsingProtocolManager has received
-  // updated MAC keys.
-  void OnNewMacKeys(const std::string& client_key,
-                    const std::string& wrapped_key);
  bool enabled() const { return enabled_; }
  bool download_protection_enabled() const {
@@ -288,9 +283,6 @@ class SafeBrowsingService
  net::URLRequestContextGetter* url_request_context();
-  // Preference handling.
-  static void RegisterPrefs(PrefService* prefs);
  // Called on the IO thread to reset the database.
  void ResetDatabase();
@@ -357,8 +349,7 @@ class SafeBrowsingService
  // Called to initialize objects that are used on the io_thread.  This may be
  // called multiple times during the life of the SafeBrowsingService.
-  void StartOnIOThread(const std::string& client_key,
+  void StartOnIOThread();
-                       const std::string& wrapped_key);
  // Called to shutdown operations on the io_thread. This may be called multiple
  // times during the life of the SafeBrowsingService.

--- a/chrome/browser/safe_browsing/safe_browsing_service_browsertest.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_service_browsertest.cc
@@ -194,15 +194,11 @@ class TestProtocolManager :  public SafeBrowsingProtocolManager {
 public:
  TestProtocolManager(SafeBrowsingService* sb_service,
                      const std::string& client_name,
-                      const std::string& client_key,
-                      const std::string& wrapped_key,
                      net::URLRequestContextGetter* request_context_getter,
-                      const std::string& info_url_prefix,
+                      const std::string& url_prefix,
-                      const std::string& mackey_url_prefix,
                      bool disable_auto_update)
-      : SafeBrowsingProtocolManager(sb_service, client_name, client_key,
+      : SafeBrowsingProtocolManager(sb_service, client_name,
-                                    wrapped_key, request_context_getter,
+                                    request_context_getter, url_prefix,
-                                    info_url_prefix, mackey_url_prefix,
                                    disable_auto_update),
        sb_service_(sb_service),
        delay_ms_(0) {
@@ -249,16 +245,12 @@ class TestSBProtocolManagerFactory : public SBProtocolManagerFactory {
  virtual SafeBrowsingProtocolManager* CreateProtocolManager(
      SafeBrowsingService* sb_service,
      const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
      net::URLRequestContextGetter* request_context_getter,
-      const std::string& info_url_prefix,
+      const std::string& url_prefix,
-      const std::string& mackey_url_prefix,
      bool disable_auto_update) {
    pm_ = new TestProtocolManager(
-        sb_service, client_name, client_key, wrapped_key,
+        sb_service, client_name, request_context_getter,
-        request_context_getter, info_url_prefix, mackey_url_prefix,
+        url_prefix, disable_auto_update);
-        disable_auto_update);
    return pm_;
  }
  TestProtocolManager* GetProtocolManager() {

--- a/chrome/browser/safe_browsing/safe_browsing_test.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_test.cc
@@ -52,7 +52,8 @@ using content::BrowserThread;
 namespace {
-const FilePath::CharType kDataFile[] = FILE_PATH_LITERAL("testing_input.dat");
+const FilePath::CharType kDataFile[] =
+    FILE_PATH_LITERAL("testing_input_nomac.dat");
 const char kUrlVerifyPath[] = "/safebrowsing/verify_urls";
 const char kDBVerifyPath[] = "/safebrowsing/verify_database";
 const char kDBResetPath[] = "/reset";
@@ -209,7 +210,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
  SafeBrowsingServiceTest()
    : safe_browsing_service_(NULL),
      is_database_ready_(true),
-      is_initial_request_(false),
      is_update_scheduled_(false),
      is_checked_url_in_db_(false),
      is_checked_url_safe_(false) {
@@ -221,8 +221,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
  void UpdateSafeBrowsingStatus() {
    ASSERT_TRUE(safe_browsing_service_);
    base::AutoLock lock(update_status_mutex_);
-    is_initial_request_ =
-        safe_browsing_service_->protocol_manager_->is_initial_request();
    last_update_ = safe_browsing_service_->protocol_manager_->last_update();
    is_update_scheduled_ =
        safe_browsing_service_->protocol_manager_->update_timer_.IsRunning();
@@ -273,11 +271,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
    return is_database_ready_;
  }
-  bool is_initial_request() {
-    base::AutoLock l(update_status_mutex_);
-    return is_initial_request_;
-  }
  base::Time last_update() {
    base::AutoLock l(update_status_mutex_);
    return last_update_;
@@ -317,15 +310,12 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
    command_line->AppendSwitch(
        switches::kDisableClientSidePhishingDetection);
-    // In this test, we fetch SafeBrowsing data and Mac key from the same
+    // Point to the testing server for all SafeBrowsing requests.
-    // server. Although in real production, they are served from different
-    // servers.
    std::string url_prefix =
        base::StringPrintf("http://%s:%d/safebrowsing",
                           SafeBrowsingTestServer::Host(),
                           SafeBrowsingTestServer::Port());
-    command_line->AppendSwitchASCII(switches::kSbInfoURLPrefix, url_prefix);
+    command_line->AppendSwitchASCII(switches::kSbURLPrefix, url_prefix);
-    command_line->AppendSwitchASCII(switches::kSbMacKeyURLPrefix, url_prefix);
  }
  void SetTestStep(int step) {
@@ -342,7 +332,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
  // States associated with safebrowsing service updates.
  bool is_database_ready_;
-  bool is_initial_request_;
  base::Time last_update_;
  bool is_update_scheduled_;
  // Indicates if there is a match between a URL's prefix and safebrowsing
@@ -577,7 +566,6 @@ IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest,
  // is checked.
  safe_browsing_helper->WaitForStatusUpdate(0);
  EXPECT_TRUE(is_database_ready());
-  EXPECT_TRUE(is_initial_request());
  EXPECT_FALSE(is_update_scheduled());
  EXPECT_TRUE(last_update().is_null());
  // Starts updates. After each update, the test will fetch a list of URLs with
@@ -601,8 +589,7 @@ IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest,
      // Periodically pull the status.
      safe_browsing_helper->WaitForStatusUpdate(
          TestTimeouts::tiny_timeout_ms());
-    } while (is_update_scheduled() || is_initial_request() ||
+    } while (is_update_scheduled() || !is_database_ready());
-             !is_database_ready());
    if (last_update() < now) {

--- a/chrome/browser/safe_browsing/safe_browsing_util.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_util.cc
@@ -4,12 +4,10 @@
 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
-#include "base/base64.h"
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "chrome/browser/google/google_util.h"
-#include "crypto/hmac.h"
 #include "crypto/sha2.h"
 #include "googleurl/src/gurl.h"
 #include "googleurl/src/url_util.h"
@@ -20,8 +18,6 @@
 #include "chrome/installer/util/browser_distribution.h"
 #endif
-static const int kSafeBrowsingMacDigestSize = 20;
 // Continue to this URL after submitting the phishing report form.
 // TODO(paulg): Change to a Chrome specific URL.
 static const char kContinueUrlFormat[] =
@@ -479,39 +475,6 @@ bool IsBadbinhashList(const std::string& list_name) {
  return list_name.compare(kBinHashList) == 0;
 }
-static void DecodeWebSafe(std::string* decoded) {
-  DCHECK(decoded);
-  for (std::string::iterator i(decoded->begin()); i != decoded->end(); ++i) {
-    if (*i == '_')
-      *i = '/';
-    else if (*i == '-')
-      *i = '+';
-  }
-}
-bool VerifyMAC(const std::string& key, const std::string& mac,
-               const char* data, int data_length) {
-  std::string key_copy = key;
-  DecodeWebSafe(&key_copy);
-  std::string decoded_key;
-  base::Base64Decode(key_copy, &decoded_key);
-  std::string mac_copy = mac;
-  DecodeWebSafe(&mac_copy);
-  std::string decoded_mac;
-  base::Base64Decode(mac_copy, &decoded_mac);
-  crypto::HMAC hmac(crypto::HMAC::SHA1);
-  if (!hmac.Init(decoded_key))
-    return false;
-  const std::string data_str(data, data_length);
-  unsigned char digest[kSafeBrowsingMacDigestSize];
-  if (!hmac.Sign(data_str, digest, kSafeBrowsingMacDigestSize))
-    return false;
-  return !memcmp(digest, decoded_mac.data(), kSafeBrowsingMacDigestSize);
-}
 GURL GeneratePhishingReportUrl(const std::string& report_page,
                               const std::string& url_to_report,
                               bool is_client_side_detection) {

--- a/chrome/browser/safe_browsing/safe_browsing_util.h
+++ b/chrome/browser/safe_browsing/safe_browsing_util.h
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
@@ -23,10 +23,9 @@ class SBEntry;
 // A truncated hash's type.
 typedef int32 SBPrefix;
-// Container for holding a chunk URL and the MAC of the contents of the URL.
+// Container for holding a chunk URL and the list it belongs to.
 struct ChunkUrl {
  std::string url;
-  std::string mac;
  std::string list_name;
 };
@@ -319,12 +318,6 @@ bool IsMalwareList(const std::string& list_name);
 bool IsBadbinurlList(const std::string& list_name);
 bool IsBadbinhashList(const std::string& list_name);
-// Returns 'true' if 'mac' can be verified using 'key' and 'data'.
-bool VerifyMAC(const std::string& key,
-               const std::string& mac,
-               const char* data,
-               int data_length);
 GURL GeneratePhishingReportUrl(const std::string& report_page,
                               const std::string& url_to_report,
                               bool is_client_side_detection);

--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -1055,10 +1055,7 @@ const char kRestoreLastSession[]            = "restore-last-session";
 // URL prefix used by safebrowsing to fetch hash, download data and report
 // malware.
-const char kSbInfoURLPrefix[] = "safebrowsing-info-url-prefix";
+const char kSbURLPrefix[] = "safebrowsing-url-prefix";
-// URL prefix used by safebrowsing to get MAC key.
-const char kSbMacKeyURLPrefix[] = "safebrowsing-mackey-url-prefix";
 // If present, safebrowsing only performs update when
 // SafeBrowsingProtocolManager::ForceScheduleNextUpdate() is explicitly called.

--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -286,8 +286,7 @@ extern const char kReloadKilledTabs[];
 extern const char kRemoteDebuggingFrontend[];
 extern const char kRendererPrintPreview[];
 extern const char kRestoreLastSession[];
-extern const char kSbInfoURLPrefix[];
+extern const char kSbURLPrefix[];
-extern const char kSbMacKeyURLPrefix[];
 extern const char kSbDisableAutoUpdate[];
 extern const char kSbDisableDownloadProtection[];
 extern const char kSearchInOmniboxHint[];