Do not hash the certificate twice.

Change X509Certificate::chain_fingerprint_ to
X509Certificate::ca_fingerprint_ to exclude the certificate
from this fingerprint.  This fingerprint covers the intermediate
CA certificates only.

This requires identifying an X509Certificate object by two
fingerprints: cert->fingerprint() and cert->ca_fingerprint().

R=agl@chromium.org,rsleevi@chromium.org
BUG=101555
TEST=unit tests updated

Review URL: http://codereview.chromium.org/8449004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108756 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 3 deletions

diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc
index 90206c9..324dcc6 100644
--- a/net/base/x509_certificate.cc
+++ b/net/base/x509_certificate.cc
@@ -231,8 +231,14 @@ bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
   if (lhs == rhs)
     return false;
 
-  SHA1FingerprintLessThan fingerprint_functor;
-  return fingerprint_functor(lhs->chain_fingerprint_, rhs->chain_fingerprint_);
+  int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,
+                  sizeof(lhs->fingerprint_.data));
+  if (rv != 0)
+    return rv < 0;
+
+  rv = memcmp(lhs->ca_fingerprint_.data, rhs->ca_fingerprint_.data,
+              sizeof(lhs->ca_fingerprint_.data));
+  return rv < 0;
 }
 
 X509Certificate::X509Certificate(const std::string& subject,
@@ -245,7 +251,7 @@ X509Certificate::X509Certificate(const std::string& subject,
       valid_expiry_(expiration_date),
       cert_handle_(NULL) {
   memset(fingerprint_.data, 0, sizeof(fingerprint_.data));
-  memset(chain_fingerprint_.data, 0, sizeof(chain_fingerprint_.data));
+  memset(ca_fingerprint_.data, 0, sizeof(ca_fingerprint_.data));
 }
 
 // static