Revert 150375 - Implement SHA-256 fingerprint support

The HTTP-based Public Key Pinning Internet Draft (tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this. Per wtc, give the *Fingeprint* types more meaningful *HashValue* names. Cleaning up lint along the way. BUG=117914 TEST=net_unittests, unit_tests TransportSecurityPersisterTest Review URL: https://chromiumcodereview.appspot.com/10825211 TBR=palmer@chromium.org Review URL: https://chromiumcodereview.appspot.com/10836150 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150507 0039d316-1c4b-4281-b951-d872f2087c98
author: palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-08-08 06:32:23 +0000
committer: palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-08-08 06:32:23 +0000
commit: bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c (patch)
tree: 6f86b2850f0763210ab249fceafbfb28a6013ead /chrome/browser/net
parent: 77d555c7a0984ab10edc3d05016246d932cef2e1 (diff)
download: chromium_src-bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c.zip
chromium_src-bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c.tar.gz
chromium_src-bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c.tar.bz2
2 files changed, 24 insertions, 49 deletions
diff --git a/chrome/browser/net/transport_security_persister.cc b/chrome/browser/net/transport_security_persister.cc
index c6a27d2..76bc514 100644
--- a/chrome/browser/net/transport_security_persister.cc
+++ b/chrome/browser/net/transport_security_persister.cc
@@ -20,46 +20,32 @@
 #include "net/base/x509_certificate.h"
 
 using content::BrowserThread;
-using net::HashValue;
-using net::HashValueTag;
-using net::HashValueVector;
+using net::Fingerprint;
+using net::FingerprintVector;
 using net::TransportSecurityState;
 
 namespace {
 
-ListValue* SPKIHashesToListValue(const HashValueVector& hashes) {
+ListValue* SPKIHashesToListValue(const FingerprintVector& hashes) {
   ListValue* pins = new ListValue;
 
-  for (HashValueVector::const_iterator i = hashes.begin();
+  for (FingerprintVector::const_iterator i = hashes.begin();
        i != hashes.end(); ++i) {
-    std::string label;
-    switch (i->tag) {
-      case net::HASH_VALUE_SHA1:
-        label = "sha1/";
-        break;
-      case net::HASH_VALUE_SHA256:
-        label = "sha256/";
-        break;
-      default:
-        LOG(WARNING) << "Skipping invalid fingerprint with unknown type "
-                     << i->tag;
-        continue;
-    }
-
-    std::string hash_str(reinterpret_cast<const char*>(i->data()), i->size());
+    std::string hash_str(reinterpret_cast<const char*>(i->data),
+                         sizeof(i->data));
     std::string b64;
     base::Base64Encode(hash_str, &b64);
-    pins->Append(new StringValue(label + b64));
+    pins->Append(new StringValue("sha1/" + b64));
   }
 
   return pins;
 }
 
-void SPKIHashesFromListValue(const ListValue& pins, HashValueVector* hashes) {
+void SPKIHashesFromListValue(const ListValue& pins, FingerprintVector* hashes) {
   size_t num_pins = pins.GetSize();
   for (size_t i = 0; i < num_pins; ++i) {
     std::string type_and_base64;
-    HashValue fingerprint;
+    Fingerprint fingerprint;
     if (pins.GetString(i, &type_and_base64) &&
         TransportSecurityState::ParsePin(type_and_base64, &fingerprint)) {
       hashes->push_back(fingerprint);
diff --git a/chrome/browser/net/transport_security_persister_unittest.cc b/chrome/browser/net/transport_security_persister_unittest.cc
index 1507b9c..2607a09 100644
--- a/chrome/browser/net/transport_security_persister_unittest.cc
+++ b/chrome/browser/net/transport_security_persister_unittest.cc
@@ -6,7 +6,6 @@
 
 #include <map>
 #include <string>
-#include <vector>
 
 #include "base/file_path.h"
 #include "base/file_util.h"
@@ -97,12 +96,10 @@ TEST_F(TransportSecurityPersisterTest, SerializeData2) {
 
 TEST_F(TransportSecurityPersisterTest, SerializeData3) {
   // Add an entry.
-  net::HashValue fp1;
-  fp1.tag = net::HASH_VALUE_SHA1;
-  memset(fp1.data(), 0, fp1.size());
-  net::HashValue fp2;
-  fp2.tag = net::HASH_VALUE_SHA1;
-  memset(fp2.data(), 1, fp2.size());
+  net::SHA1Fingerprint fp1;
+  memset(fp1.data, 0, sizeof(fp1.data));
+  net::SHA1Fingerprint fp2;
+  memset(fp2.data, 1, sizeof(fp2.data));
   TransportSecurityState::DomainState example_state;
   example_state.upgrade_expiry =
       base::Time::Now() + base::TimeDelta::FromSeconds(1000);
@@ -114,8 +111,8 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) {
   state_.EnableHost("www.example.com", example_state);
 
   // Add another entry.
-  memset(fp1.data(), 2, fp1.size());
-  memset(fp2.data(), 3, fp2.size());
+  memset(fp1.data, 2, sizeof(fp1.data));
+  memset(fp2.data, 3, sizeof(fp2.data));
   example_state.upgrade_expiry =
       base::Time::Now() + base::TimeDelta::FromSeconds(3000);
   example_state.upgrade_mode =
@@ -184,24 +181,17 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
   TransportSecurityState::DomainState domain_state;
   static const char kTestDomain[] = "example.com";
   EXPECT_FALSE(state_.GetDomainState(kTestDomain, false, &domain_state));
-  std::vector<net::HashValueVector> hashes;
-  for (size_t i = 0; i < net::HASH_VALUE_TAGS_COUNT; ++i) {
-    net::HashValueVector v;
-    hashes.push_back(v);
-  }
-  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+  net::FingerprintVector hashes;
+  EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
 
-  net::HashValue sha1;
-  sha1.tag = net::HASH_VALUE_SHA1;
-  memset(sha1.data(), '1', sha1.size());
-  domain_state.static_spki_hashes.push_back(sha1);
+  net::SHA1Fingerprint hash;
+  memset(hash.data, '1', sizeof(hash.data));
+  domain_state.static_spki_hashes.push_back(hash);
 
   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
-
-  hashes[net::HASH_VALUE_SHA1].push_back(sha1);
+  hashes.push_back(hash);
   EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
-
-  hashes[net::HASH_VALUE_SHA1][0].data()[0] = '2';
+  hashes[0].data[0] = '2';
   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
 
   const base::Time current_time(base::Time::Now());
@@ -214,9 +204,8 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
   EXPECT_TRUE(persister_->LoadEntries(ser, &dirty));
   EXPECT_TRUE(state_.GetDomainState(kTestDomain, false, &domain_state));
   EXPECT_EQ(1u, domain_state.static_spki_hashes.size());
-  EXPECT_EQ(sha1.tag, domain_state.static_spki_hashes[0].tag);
-  EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data(), sha1.data(),
-                      sha1.size()));
+  EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data, hash.data,
+                      sizeof(hash.data)));
 }
 
 TEST_F(TransportSecurityPersisterTest, ForcePreloads) {
author	palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-08-08 06:32:23 +0000
committer	palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-08-08 06:32:23 +0000
commit	bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c (patch)
tree	6f86b2850f0763210ab249fceafbfb28a6013ead /chrome/browser/net
parent	77d555c7a0984ab10edc3d05016246d932cef2e1 (diff)
download	chromium_src-bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c.zip chromium_src-bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c.tar.gz chromium_src-bc0d7b86f1bb6ed7a4e0374a2c1a4c8182de307c.tar.bz2