Remove the fingerprint and ca_fingerprint from X509Certificate

chrome/browser/safe_browsing/download_protection_service.cc

Index: chrome/browser/safe_browsing/download_protection_service.cc
diff --git a/chrome/browser/safe_browsing/download_protection_service.cc b/chrome/browser/safe_browsing/download_protection_service.cc
index cdb87558e9eab975404b2e6fc9823c969d58471d..d0d09bed94c67fd0964bf0a04daa3e73366dec06 100644
--- a/chrome/browser/safe_browsing/download_protection_service.cc
+++ b/chrome/browser/safe_browsing/download_protection_service.cc
@@ -20,6 +20,7 @@
 #include "base/metrics/sparse_histogram.h"
 #include "base/rand_util.h"
 #include "base/sequenced_task_runner_helpers.h"
+#include "base/sha1.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
@@ -1670,8 +1671,10 @@ void DownloadProtectionService::GetCertificateWhitelistStrings(
     paths_to_check.insert(ou_tokens[i]);
   }
 
-  std::string issuer_fp = base::HexEncode(issuer.fingerprint().data,
-                                          sizeof(issuer.fingerprint().data));
+  std::string issuer_der;
+  net::X509Certificate::GetDEREncoded(issuer.os_cert_handle(), &issuer_der);

[Nathan Parker, 2016/06/16 18:32:23]

Can you verify this produces the same string as before, with the test cert?

[Ryan Sleevi, 2016/06/16 21:16:45]

Confirmed.

+  std::string hashed = base::SHA1HashString(issuer_der);
+  std::string issuer_fp = base::HexEncode(hashed.data(), hashed.size());
   for (std::set<std::string>::iterator it = paths_to_check.begin();
        it != paths_to_check.end(); ++it) {
     whitelist_strings->push_back("cert/" + issuer_fp + *it);