diff options
| author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-06 19:04:21 +0000 |
|---|---|---|
| committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-06 19:04:21 +0000 |
| commit | a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75 (patch) | |
| tree | 6a2b69b0160fd4c77dbf1a91af54c48c023eb2af /chrome/browser/net/transport_security_persister.cc | |
| parent | 9939d35f9827ed0929646607cbdb071af627ac38 (diff) | |
| download | chromium_src-a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75.zip chromium_src-a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75.tar.gz chromium_src-a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75.tar.bz2 | |
Implement SHA-256 fingerprint support.
The HTTP-based Public Key Pinning Internet Draft
(tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this.
Per wtc, give the *Fingeprint* types more meaningful *HashValue* names.
Cleaning up lint along the way.
This CL reverts 149268, which reverted 149261 the previous version of this
CL. It includes a fix to the compile problem that necessitated 149268.
BUG=117914
TEST=net_unittests, unit_tests TransportSecurityPersisterTest
Review URL: https://chromiumcodereview.appspot.com/10836062
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150124 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/net/transport_security_persister.cc')
| -rw-r--r-- | chrome/browser/net/transport_security_persister.cc | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/chrome/browser/net/transport_security_persister.cc b/chrome/browser/net/transport_security_persister.cc index 76bc514..c6a27d2 100644 --- a/chrome/browser/net/transport_security_persister.cc +++ b/chrome/browser/net/transport_security_persister.cc @@ -20,32 +20,46 @@ #include "net/base/x509_certificate.h" using content::BrowserThread; -using net::Fingerprint; -using net::FingerprintVector; +using net::HashValue; +using net::HashValueTag; +using net::HashValueVector; using net::TransportSecurityState; namespace { -ListValue* SPKIHashesToListValue(const FingerprintVector& hashes) { +ListValue* SPKIHashesToListValue(const HashValueVector& hashes) { ListValue* pins = new ListValue; - for (FingerprintVector::const_iterator i = hashes.begin(); + for (HashValueVector::const_iterator i = hashes.begin(); i != hashes.end(); ++i) { - std::string hash_str(reinterpret_cast<const char*>(i->data), - sizeof(i->data)); + std::string label; + switch (i->tag) { + case net::HASH_VALUE_SHA1: + label = "sha1/"; + break; + case net::HASH_VALUE_SHA256: + label = "sha256/"; + break; + default: + LOG(WARNING) << "Skipping invalid fingerprint with unknown type " + << i->tag; + continue; + } + + std::string hash_str(reinterpret_cast<const char*>(i->data()), i->size()); std::string b64; base::Base64Encode(hash_str, &b64); - pins->Append(new StringValue("sha1/" + b64)); + pins->Append(new StringValue(label + b64)); } return pins; } -void SPKIHashesFromListValue(const ListValue& pins, FingerprintVector* hashes) { +void SPKIHashesFromListValue(const ListValue& pins, HashValueVector* hashes) { size_t num_pins = pins.GetSize(); for (size_t i = 0; i < num_pins; ++i) { std::string type_and_base64; - Fingerprint fingerprint; + HashValue fingerprint; if (pins.GetString(i, &type_and_base64) && TransportSecurityState::ParsePin(type_and_base64, &fingerprint)) { hashes->push_back(fingerprint); |