Support SHA-256 in public key pins for HTTPS.

chrome/browser/ui/webui/net_internals/net_internals_ui.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/net_internals/net_internals_ui.h"
 
 #include <algorithm>
 #include <list>
 #include <string>
 #include <utility>
@@ skipping 1055 matching lines @@
 
   connection_tester_.reset(new ConnectionTester(
       this, io_thread_->globals()->proxy_script_fetcher_context.get()));
   connection_tester_->RunAllTests(url);
 }
 
 void SPKIHashesToString(const net::FingerprintVector& hashes,
                         std::string* string) {
   for (net::FingerprintVector::const_iterator
        i = hashes.begin(); i != hashes.end(); ++i) {
-    base::StringPiece hash_str(reinterpret_cast<const char*>(i->data),
-                               arraysize(i->data));
+    std::string label;
+    switch (i->tag) {
+      case net::FINGERPRINT_SHA1:
+        label = "sha1/";
+        break;
+      case net::FINGERPRINT_SHA256:
+        label = "sha256/";
+        break;
+      default:
+        LOG(WARNING) << "Skipping invalid fingerprint of unknown type "
+                     << i->tag;
+        continue;

[mmenke, 2012/06/14 15:47:29]

I'd suggest a NOTREACHED() and outputting a label of "???/" or similar in this
case, so it's more likely this will be noticed when/if new fingerprint types are
added..

[palmer, 2012/06/14 18:56:43]

Done.

+    }
+
+    base::StringPiece hash_str(reinterpret_cast<const char*>(i->data()),
+                               i->size());
     std::string encoded;
     base::Base64Encode(hash_str, &encoded);
 
     if (i != hashes.begin())
       *string += ",";
-    *string += "sha1/" + encoded;
+    *string += label + encoded;
   }
 }
 
 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery(
     const ListValue* list) {
   // |list| should be: [<domain to query>].
   std::string domain;
   CHECK(list->GetString(0, &domain));
   DictionaryValue* result = new(DictionaryValue);
 
@@ skipping 55 matching lines @@
   net::TransportSecurityState::DomainState state;
   state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000);
   state.include_subdomains = include_subdomains;
   if (!hashes_str.empty()) {
     std::vector<std::string> type_and_b64s;
     base::SplitString(hashes_str, ',', &type_and_b64s);
     for (std::vector<std::string>::const_iterator
          i = type_and_b64s.begin(); i != type_and_b64s.end(); i++) {
       std::string type_and_b64;
       RemoveChars(*i, " \t\r\n", &type_and_b64);
-      net::SHA1Fingerprint hash;
+      net::Fingerprint hash;
       if (!net::TransportSecurityState::ParsePin(type_and_b64, &hash))
         continue;
 
       state.dynamic_spki_hashes.push_back(hash);
     }
   }
 
   transport_security_state->EnableHost(domain, state);
 }
 
@@ skipping 557 matching lines @@
 }
 
 NetInternalsUI::NetInternalsUI(content::WebUI* web_ui)
     : WebUIController(web_ui) {
   web_ui->AddMessageHandler(new NetInternalsMessageHandler());
 
   // Set up the chrome://net-internals/ source.
   Profile* profile = Profile::FromWebUI(web_ui);
   ChromeURLDataManager::AddDataSource(profile, CreateNetInternalsHTMLSource());
 }