Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(220)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/x509_certificate.h

Issue 412263003: Add SHA-256 fingerprint functions to x509 certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Small fix from trybot failures Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/x509_certificate.cc » ('j') | net/cert/x509_certificate.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_certificate.h
diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h
index 7aa48f068fa12867bd59beb9014dc078c60654ae..15ef81c195532a4782dfece9e33a684cae08a8ea 100644
--- a/net/cert/x509_certificate.h
+++ b/net/cert/x509_certificate.h
@@ -389,13 +389,37 @@ class NET_EXPORT X509Certificate
// Calculates the SHA-1 fingerprint of the certificate. Returns an empty
// (all zero) fingerprint on failure.
+ //
+ // For calculating fingerprints, prefer SHA-1 for performance when indexing,
+ // but callers should use IsSameOSCert() before assuming two certificates are
+ // the same.
static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle);
// Calculates the SHA-1 fingerprint of the intermediate CA certificates.
// Returns an empty (all zero) fingerprint on failure.
+ //
+ // See SHA-1 caveat on CalculateFingerprint().
static SHA1HashValue CalculateCAFingerprint(
const OSCertHandles& intermediates);
+ // Calculates the SHA-256 fingerprint of the intermediate CA certificates.
+ // Returns an empty (all zero) fingerprint on failure.
+ //
+ // The implementation currently relies on the crypto::SecureHash utilities,
wtc 2014/07/28 17:29:52 Nit: it seems that the performance issue is caused
jww 2014/07/28 18:36:14 Done.
+ // which are not as fast as implementing this directly for each platform since
+ // the consumers are not expected to be performance critical. If performance
+ // is a concern going forward, it may be warranted to implement this on a
+ // per-platform basis.
+ static SHA256HashValue CalculateCAFingerprint256(
+ const OSCertHandles& intermediates);
+
+ // Calculates the SHA-256 fingerprint for the complete chain, including the
+ // leaf certificate and all intermediate CA certificates. Returns an empty
+ // (all zero) fingerprint on failure.
+ static SHA256HashValue CalculateChainFingerprint256(
wtc 2014/07/28 17:29:52 For a minimal API, this method can be subsumed by
jww 2014/07/28 18:36:13 This would make it inconsistent with the SHA1 API,
+ const OSCertHandle& leaf,
wtc 2014/07/28 17:29:52 Please pass a single OSCertHandle by value. It is
jww 2014/07/28 18:36:13 Done.
+ const OSCertHandles& intermediates);
+
private:
friend class base::RefCountedThreadSafe<X509Certificate>;
friend class TestRootCerts; // For unit tests
« no previous file with comments | « no previous file | net/cert/x509_certificate.cc » ('j') | net/cert/x509_certificate.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698