Remove the fingerprint and ca_fingerprint from X509Certificate

net/cert/cert_verify_proc_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc.h"
 
 #include <vector>
 
 #include "base/callback_helpers.h"
 #include "base/files/file_path.h"
@@ skipping 23 matching lines @@
 #elif defined(OS_ANDROID)
 #include "base/android/build_info.h"
 #endif
 
 using base::HexEncode;
 
 namespace net {
 
 namespace {
 
-// A certificate for www.paypal.com with a NULL byte in the common name.
-// From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363
-unsigned char paypal_null_fingerprint[] = {
-  0x4c, 0x88, 0x9e, 0x28, 0xd7, 0x7a, 0x44, 0x1e, 0x13, 0xf2, 0x6a, 0xba,
-  0x1f, 0xe8, 0x1b, 0xd6, 0xab, 0x7b, 0xe8, 0xd7
-};
-
 // Mock CertVerifyProc that sets the CertVerifyResult to a given value for
 // all certificates that are Verify()'d
 class MockCertVerifyProc : public CertVerifyProc {
  public:
   explicit MockCertVerifyProc(const CertVerifyResult& result)
       : result_(result) {}
   // CertVerifyProc implementation:
   bool SupportsAdditionalTrustAnchors() const override { return false; }
   bool SupportsOCSPStapling() const override { return false; }
 
@@ skipping 141 matching lines @@
                      &verify_result);
   EXPECT_EQ(OK, error);
   EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
 }
 
 // TODO(crbug.com/605457): the test expectation was incorrect on some
 // configurations, so disable the test until it is fixed (better to have
 // a bug to track a failing test than a false sense of security due to
 // false positive).
 TEST_F(CertVerifyProcTest, DISABLED_PaypalNullCertParsing) {
+  // A certificate for www.paypal.com with a NULL byte in the common name.
+  // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363
+  SHA256HashValue paypal_null_fingerprint = {{0x00}};

[Ryan Sleevi, 2016/05/20 06:02:31]

See the TODO / crbug/605457 ; this test is already borked and needs to be
rewritten.

+
   scoped_refptr<X509Certificate> paypal_null_cert(
       X509Certificate::CreateFromBytes(
           reinterpret_cast<const char*>(paypal_null_der),
           sizeof(paypal_null_der)));
 
   ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get());
 
-  const SHA1HashValue& fingerprint =
-      paypal_null_cert->fingerprint();
-  for (size_t i = 0; i < 20; ++i)
-    EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
+  EXPECT_EQ(paypal_null_fingerprint, X509Certificate::CalculateFingerprint256(
+                                         paypal_null_cert->os_cert_handle()));
 
   int flags = 0;
   CertVerifyResult verify_result;
   int error = Verify(paypal_null_cert.get(),
                      "www.paypal.com",
                      flags,
                      NULL,
                      empty_cert_list_,
                      &verify_result);
 #if defined(USE_NSS_CERTS) || defined(OS_ANDROID)
@@ skipping 1476 matching lines @@
   int flags = 0;
   CertVerifyResult verify_result;
   int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_,
                      &verify_result);
   EXPECT_EQ(ERR_CERT_INVALID, error);
   EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status);
 }
 #endif  // defined(OS_MACOSX) && !defined(OS_IOS)
 
 }  // namespace net