Implement SHA-256 fingerprint support

net/base/x509_cert_types.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_cert_types.h"
 
 #include <cstdlib>
 #include <cstring>
 
 #include "base/logging.h"
@@ skipping 20 matching lines @@
 
 // CompareSHA1Hashes is a helper function for using bsearch() with an array of
 // SHA1 hashes.
 int CompareSHA1Hashes(const void* a, const void* b) {
   return memcmp(a, b, base::kSHA1Length);
 }
 
 }  // namespace
 
 // static
-bool IsSHA1HashInSortedArray(const SHA1Fingerprint& hash,
+bool IsSHA1HashInSortedArray(const SHA1HashValue& hash,
                              const uint8* array,
                              size_t array_byte_len) {
   DCHECK_EQ(0u, array_byte_len % base::kSHA1Length);
   const size_t arraylen = array_byte_len / base::kSHA1Length;
   return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length,
                          CompareSHA1Hashes);
 }
 
 CertPrincipal::CertPrincipal() {
 }
@@ skipping 84 matching lines @@
 
   valid &= exploded.HasValidValues();
 
   if (!valid)
     return false;
 
   *time = base::Time::FromUTCExploded(exploded);
   return true;
 }
 
+bool HashValue::Equals(const HashValue& other) const {
+  if (tag != other.tag)
+    return false;
+  switch (tag) {
+    case HASH_VALUE_SHA1:
+      return fingerprint.sha1.Equals(other.fingerprint.sha1);
+    case HASH_VALUE_SHA256:
+      return fingerprint.sha256.Equals(other.fingerprint.sha256);
+    default:
+      NOTREACHED() << "Unknown HashValueTag " << tag;
+      return false;
+  }
+}
+
+size_t HashValue::size() const {
+  switch (tag) {
+    case HASH_VALUE_SHA1:
+      return sizeof(fingerprint.sha1.data);
+    case HASH_VALUE_SHA256:
+      return sizeof(fingerprint.sha256.data);
+    default:
+      NOTREACHED() << "Unknown HashValueTag " << tag;
+      // Although this is NOTREACHED, this function might be inlined and its
+      // return value can be passed to memset as the length argument. If we
+      // returned 0 here, it might result in what appears (in some stages of
+      // compilation) to be a call to to memset with a length argument of 0,
+      // which results in a warning. Therefore, we return a dummy value
+      // here.
+      return sizeof(fingerprint.sha1.data);
+  }
+}
+
+unsigned char* HashValue::data() {
+  return const_cast<unsigned char*>(const_cast<const HashValue*>(this)->data());
+}
+
+const unsigned char* HashValue::data() const {
+  switch (tag) {
+    case HASH_VALUE_SHA1:
+      return fingerprint.sha1.data;
+    case HASH_VALUE_SHA256:
+      return fingerprint.sha256.data;
+    default:
+      NOTREACHED() << "Unknown HashValueTag " << tag;
+      return NULL;
+  }
+}
+
+const char* HashValue::label() const {
+  switch (tag) {
+    case HASH_VALUE_SHA1:
+      return "sha1/";
+    case HASH_VALUE_SHA256:
+      return "sha256/";
+    default:
+      NOTREACHED();
+      LOG(WARNING) << "Invalid fingerprint of unknown type " << tag;
+      return "unknown/";
+  }
+}

[Ryan Sleevi, 2012/08/23 22:48:20]

nit: This format for labels - is it intrinsic to all HashValues, or is it
specific to the parsing code(s)

Should this be moved elsewhere? In particular, the choice of delimiter implies
some sort of structured form, I fear.

[palmer, 2012/08/29 00:01:24]

Yeah, you are right. Moved to a static method in TransportSecurityState, so that
everyone who needs it can get at it.

+
 }  // namespace net