Certificate Transparency: Code for unpacking EV cert hashes whitelist

net/cert/x509_certificate_win.cc

Index: net/cert/x509_certificate_win.cc
diff --git a/net/cert/x509_certificate_win.cc b/net/cert/x509_certificate_win.cc
index ab92b6f2a628fcc10185274291d2f9c353ae346f..df263d8fa90838d9af5fb7db8e72b0eed0ee8f30 100644
--- a/net/cert/x509_certificate_win.cc
+++ b/net/cert/x509_certificate_win.cc
@@ -14,6 +14,7 @@
 #include "base/strings/utf_string_conversions.h"
 #include "crypto/capi_util.h"
 #include "crypto/scoped_capi_types.h"
+#include "crypto/sha2.h"
 #include "net/base/net_errors.h"
 
 #pragma comment(lib, "crypt32.lib")
@@ -315,6 +316,24 @@ SHA1HashValue X509Certificate::CalculateFingerprint(
   return sha1;
 }
 
+// static
+SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
+  DCHECK(NULL != cert->pbCertEncoded);
+  DCHECK_NE(0u, cert->cbCertEncoded);
+
+  SHA256HashValue sha256;
+  size_t sha256_size = sizeof(sha256.data);
+
+  // Use crypto::SHA256HashString for two reasons:
+  // * < Windows Vista does not have universal SHA-256 support.
+  // * More efficient on Windows > Vista (less overhead since non-default CSP
+  // is not needed).
+  base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded),
+                             cert->cbCertEncoded);
+  crypto::SHA256HashString(der_cert, sha256.data, sha256_size);
+  return sha256;
+}
+
 // TODO(wtc): This function is implemented with NSS low-level hash
 // functions to ensure it is fast.  Reimplement this function with
 // CryptoAPI.  May need to cache the HCRYPTPROV to reduce the overhead.