net/cert/x509_certificate.h - Issue 412263003: Add SHA-256 fingerprint functions to x509 certs.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_certificate.h

Issue 412263003: Add SHA-256 fingerprint functions to x509 certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Add comment to CalculateCAFingerprint256 Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_certificate.h

diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h

index 7aa48f068fa12867bd59beb9014dc078c60654ae..7eb0dd9ffaa5ff334ff9b7e72d4e729168835527 100644

--- a/net/cert/x509_certificate.h

+++ b/net/cert/x509_certificate.h

@@ -389,13 +389,37 @@ class NET_EXPORT X509Certificate

// Calculates the SHA-1 fingerprint of the certificate. Returns an empty

// (all zero) fingerprint on failure.

+ //

+ // For calculating fingerprints, prefer SHA-1 for performance when indexing,

+ // but callers should use IsSameOSCert() before assuming two certificates are

+ // the same.

static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle);

// Calculates the SHA-1 fingerprint of the intermediate CA certificates.

// Returns an empty (all zero) fingerprint on failure.

+ //

+ // See SHA-1 caveat on CalculateFingerprint().

static SHA1HashValue CalculateCAFingerprint(

const OSCertHandles& intermediates);

+ // Calculates the SHA-256 fingerprint of the intermediate CA certificates.

+ // Returns an empty (all zero) fingerprint on failure.

+ //

+ // The implementation currently relies on the crypto::SecureHash utilities,

+ // which are not as fast as implementing this directly for each platform since

+ // the consumers are not expected to be performance critical. If performance

+ // is a concern going forward, it may be warranted to implement this on a

+ // per-platform basis.

+ static SHA256HashValue CalculateCAFingerprint256(

+ const OSCertHandles& intermediates);

+ // Calculates the SHA-256 fingerprint for the complete chain, including the

+ // leaf certificate and all intermediate CA certificates. Returns an empty

+ // (all zero) fingerprint on failure.

+ static SHA256HashValue CalculateFullChainFingerprint256(

Ryan Sleevi 2014/07/26 01:56:21 s/FullChain/Chain

jww 2014/07/26 02:33:25 Done.

+ const OSCertHandle& leaf,

+ const OSCertHandles& intermediates);

private:

friend class base::RefCountedThreadSafe<X509Certificate>;

friend class TestRootCerts; // For unit tests

« no previous file with comments | « no previous file | net/cert/x509_certificate.cc » ('j') | net/cert/x509_certificate.cc » ('J')