commit ede03219316ddd2b8e5fea48bd2f592f255036ac
author palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Fri Sep 07 12:52:26 2012
committer palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Fri Sep 07 12:52:26 2012
tree 531919046cd5d4d154c0ec75863ab91841f92053
parent 98822821eb6a0e5cd3d2017dc6003fc64af0e3cc

Implement SHA-256 fingerprint support

The HTTP-based Public Key Pinning Internet Draft
(tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this.

Per wtc, give the *Fingeprint* types more meaningful *HashValue* names.

Cleaning up lint along the way.

BUG=117914
TEST=net_unittests, unit_tests TransportSecurityPersisterTest

Review URL: https://chromiumcodereview.appspot.com/10826257

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155365 0039d316-1c4b-4281-b951-d872f2087c98

net/base/cert_verify_proc_unittest.cc

diff --git a/net/base/cert_verify_proc_unittest.cc b/net/base/cert_verify_proc_unittest.cc
index cfbf8a9..2638dec 100644
--- a/net/base/cert_verify_proc_unittest.cc
+++ b/net/base/cert_verify_proc_unittest.cc
@@ -121,7 +121,7 @@
 
   ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
 
-  const SHA1Fingerprint& fingerprint =
+  const SHA1HashValue& fingerprint =
       paypal_null_cert->fingerprint();
   for (size_t i = 0; i < 20; ++i)
     EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
@@ -415,11 +415,11 @@
 
     std::string spki_sha1 = base::SHA1HashString(spki.as_string());
 
-    std::vector<SHA1Fingerprint> public_keys;
-    SHA1Fingerprint fingerprint;
-    ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size());
-    memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size());
-    public_keys.push_back(fingerprint);
+    HashValueVector public_keys;
+    HashValue hash(HASH_VALUE_SHA1);
+    ASSERT_EQ(hash.size(), spki_sha1.size());
+    memcpy(hash.data(), spki_sha1.data(), spki_sha1.size());
+    public_keys.push_back(hash);
 
     EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) <<
         "Public key not blocked for " << kDigiNotarFilenames[i];
@@ -472,9 +472,18 @@
   EXPECT_EQ(OK, error);
   EXPECT_EQ(0U, verify_result.cert_status);
   ASSERT_LE(3u, verify_result.public_key_hashes.size());
-  for (unsigned i = 0; i < 3; i++) {
+
+  HashValueVector sha1_hashes;
+  for (unsigned i = 0; i < verify_result.public_key_hashes.size(); ++i) {
+    if (verify_result.public_key_hashes[i].tag != HASH_VALUE_SHA1)
+      continue;
+    sha1_hashes.push_back(verify_result.public_key_hashes[i]);
+  }
+  ASSERT_LE(3u, sha1_hashes.size());
+
+  for (unsigned i = 0; i < 3; ++i) {
     EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length),
-        HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length));
+              HexEncode(sha1_hashes[i].data(), base::kSHA1Length));
   }
 }