Index: net/cert/x509_certificate_win.cc |
diff --git a/net/cert/x509_certificate_win.cc b/net/cert/x509_certificate_win.cc |
index ab92b6f2a628fcc10185274291d2f9c353ae346f..df263d8fa90838d9af5fb7db8e72b0eed0ee8f30 100644 |
--- a/net/cert/x509_certificate_win.cc |
+++ b/net/cert/x509_certificate_win.cc |
@@ -14,6 +14,7 @@ |
#include "base/strings/utf_string_conversions.h" |
#include "crypto/capi_util.h" |
#include "crypto/scoped_capi_types.h" |
+#include "crypto/sha2.h" |
#include "net/base/net_errors.h" |
#pragma comment(lib, "crypt32.lib") |
@@ -315,6 +316,24 @@ SHA1HashValue X509Certificate::CalculateFingerprint( |
return sha1; |
} |
+// static |
+SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
+ DCHECK(NULL != cert->pbCertEncoded); |
+ DCHECK_NE(0u, cert->cbCertEncoded); |
+ |
+ SHA256HashValue sha256; |
+ size_t sha256_size = sizeof(sha256.data); |
+ |
+ // Use crypto::SHA256HashString for two reasons: |
+ // * < Windows Vista does not have universal SHA-256 support. |
+ // * More efficient on Windows > Vista (less overhead since non-default CSP |
+ // is not needed). |
+ base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), |
+ cert->cbCertEncoded); |
+ crypto::SHA256HashString(der_cert, sha256.data, sha256_size); |
+ return sha256; |
+} |
+ |
// TODO(wtc): This function is implemented with NSS low-level hash |
// functions to ensure it is fast. Reimplement this function with |
// CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. |