Remove the fingerprint and ca_fingerprint from X509Certificate

ios/web/navigation/crw_session_certificate_policy_manager.mm

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/web/navigation/crw_session_certificate_policy_manager.h"
 
 #include <map>
 #include <set>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/strings/sys_string_conversions.h"
 #include "ios/web/public/certificate_policy_cache.h"
 #include "ios/web/public/web_thread.h"
+#include "net/base/hash_value.h"
 #include "net/cert/x509_certificate.h"
 
 // Break if we detect that CertStatus values changed, because we persist them on
 // disk and thus require them to be consistent.
 static_assert(net::CERT_STATUS_ALL_ERRORS == 0xFFFF,
               "The value of CERT_STATUS_ALL_ERRORS changed!");
 static_assert(net::CERT_STATUS_COMMON_NAME_INVALID == 1 << 0,
               "The value of CERT_STATUS_COMMON_NAME_INVALID changed!");
 static_assert(net::CERT_STATUS_DATE_INVALID == 1 << 1,
               "The value of CERT_STATUS_DATE_INVALID changed!");
@@ skipping 17 matching lines @@
               "The value of CERT_STATUS_IS_EV changed!");
 static_assert(net::CERT_STATUS_REV_CHECKING_ENABLED == 1 << 17,
               "The value of CERT_STATUS_REV_CHECKING_ENABLED changed!");
 
 namespace {
 
 NSString* const kAllowedCertificatesKey = @"allowedCertificates";
 
 struct AllowedCertificate {
   scoped_refptr<net::X509Certificate> certificate;
+  net::SHA256HashValue certificateHash;

[eroman, 2016/06/09 22:18:25]

Is the use of camel case here intentional?
(Not familiar with .mm rules)

[Ryan Sleevi, 2016/06/09 22:59:36]

Yeah, obj-C rules -
https://google.github.io/styleguide/objcguide.xml#Variable_Names

   std::string host;
 };
 
 class LessThan {
  public:
   bool operator() (const AllowedCertificate& lhs,
                    const AllowedCertificate& rhs) const {
     if (lhs.host != rhs.host)
       return lhs.host < rhs.host;
-    return certificateCompare_(lhs.certificate, rhs.certificate);
+    return hashCompare_(lhs.certificateHash, rhs.certificateHash);

[eroman, 2016/06/09 22:18:25]

IMPORTANT: Where is certificateHash initialized?

At first glance "struct AllowedCertificate" is private to this file, but I don't
see "certificateHash" written to anywhere.

[Ryan Sleevi, 2016/06/09 22:59:36]

It's an object itself (an object functor) so it's default initialized.

   }
  private:
-  net::X509Certificate::LessThan certificateCompare_;
+  net::SHA256HashValue::LessThan hashCompare_;

[eroman, 2016/06/09 22:18:25]

I thought it was SHA256HashValueLessThan?
Also weird having this as a data member.

[Ryan Sleevi, 2016/06/09 22:59:36]

You're right, it's a typo.
Meh, it matches how functor-objects are handled throughout the STL, so I don't
lose too much sleep over it (e.g. std::unique_ptr<>'s Deleter is a
functor-object, or std::map<>'s Comparator is a functor-object)

 };
 
 typedef std::map<AllowedCertificate, net::CertStatus, LessThan>
     AllowedCertificates;
 
 NSData* CertificateToNSData(net::X509Certificate* certificate) {
   std::string s;
   bool success =
       net::X509Certificate::GetDEREncoded(certificate->os_cert_handle(), &s);
   DCHECK(success);
@@ skipping 99 matching lines @@
 }
 
 - (id)copyWithZone:(NSZone*)zone {
   DCHECK([NSThread isMainThread]);
   CRWSessionCertificatePolicyManager* copy = [[[self class] alloc] init];
   copy->allowed_ = allowed_;
   return copy;
 }
 
 @end