Check that all preloaded hostnames are in canonicalized form.

The hostnames in the preload list must be in their canonical form because they
are matched against canonicalized input by the Chromium code. Non-canonical
hostnames would never be matched.

This CL also removes one entry which is not in canonical form. The list already
contains entry in its canonical form.

BUG=677294

Review-Url: https://codereview.chromium.org/2906223002
Cr-Commit-Position: refs/heads/master@{#478369}

net/http/transport_security_state_static.json

@@ -12749,7 +12749,6 @@
     { "name": "01seguridad.com.ar", "include_subdomains": true, "mode": "force-https" },
     { "name": "0i0.nl", "include_subdomains": true, "mode": "force-https" },
     { "name": "0x52.org", "include_subdomains": true, "mode": "force-https" },
-    { "name": "0xAA55.me", "include_subdomains": true, "mode": "force-https" },
     { "name": "0xaa55.me", "include_subdomains": true, "mode": "force-https" },
     { "name": "0xb612.org", "include_subdomains": true, "mode": "force-https" },
     { "name": "100dayloans.com", "include_subdomains": true, "mode": "force-https" },

net/tools/transport_security_state_generator/input_file_parsers.cc

@@ -303,6 +303,12 @@ bool ParseJSON(base::StringPiece json,
       return false;
     }
 
+    if (entry->hostname.empty()) {
+      LOG(ERROR) << "The hostname for entry " << base::SizeTToString(i)
+                 << " is empty";
+      return false;
+    }
+
     parsed->GetBoolean("include_subdomains", &entry->include_subdomains);
     std::string mode;
     parsed->GetString("mode", &mode);

net/tools/transport_security_state_generator/transport_security_state_generator.cc

@@ -152,6 +152,50 @@ bool CheckSubdomainsFlags(const TransportSecurityStateEntries& entries) {
   return true;
 }
 
+bool IsLowercaseAlphanumeric(char c) {
+  return ((c >= 'a') && (c <= 'z')) || ((c >= '0') && (c <= '9'));
+}
+
+// Checks the well-formedness of the hostnames. All hostnames should be in their
+// canonicalized form because they will be matched against canonicalized input.
+bool CheckHostnames(const TransportSecurityStateEntries& entries) {
+  for (const auto& entry : entries) {
+    const std::string& hostname = entry->hostname;
+
+    bool in_component = false;
+    bool most_recent_component_started_alphanumeric = false;
+    for (const char& c : hostname) {
+      if (!in_component) {
+        most_recent_component_started_alphanumeric = IsLowercaseAlphanumeric(c);
+        if (!most_recent_component_started_alphanumeric && (c != '-') &&
+            (c != '_')) {
+          LOG(ERROR) << hostname << " is not in canonicalized form";
+          return false;
+        }
+        in_component = true;
+      } else if (c == '.') {
+        in_component = false;
+      } else if (!IsLowercaseAlphanumeric(c) && (c != '-') && (c != '_')) {
+        LOG(ERROR) << hostname << " is not in canonicalized form";
+        return false;
+      }
+    }
+
+    if (!most_recent_component_started_alphanumeric) {
+      LOG(ERROR) << "The last label of " << hostname
+                 << " must start with a lowercase alphanumeric character";
+      return false;
+    }
+
+    if (!in_component) {
+      LOG(ERROR) << hostname << " must not end with a \".\"";
+      return false;
+    }
+  }
+
+  return true;
+}
+
 }  // namespace
 
 int main(int argc, char* argv[]) {
@@ -216,7 +260,7 @@ int main(int argc, char* argv[]) {
 
   if (!CheckDuplicateEntries(entries) || !CheckNoopEntries(entries) ||
       !CheckSubdomainsFlags(entries) || !CheckForDuplicatePins(pinsets) ||
-      !CheckCertificatesInPinsets(pinsets)) {
+      !CheckCertificatesInPinsets(pinsets) || !CheckHostnames(entries)) {
     LOG(ERROR) << "Checks failed. Aborting.";
     return 1;
   }