Implement SHA-256 fingerprint support

chrome/browser/net/transport_security_persister_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/transport_security_persister.h"
 
 #include <map>
 #include <string>
+#include <vector>
 
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/message_loop.h"
 #include "base/scoped_temp_dir.h"
 #include "content/public/test/test_browser_thread.h"
 #include "net/base/transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using net::TransportSecurityState;
@@ skipping 70 matching lines @@
             TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
   EXPECT_TRUE(state_.GetDomainState("foo.bar.baz.yahoo.com", true,
                                    &domain_state));
   EXPECT_EQ(domain_state.upgrade_mode,
             TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
   EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state));
 }
 
 TEST_F(TransportSecurityPersisterTest, SerializeData3) {
   // Add an entry.
-  net::SHA1Fingerprint fp1;
-  memset(fp1.data, 0, sizeof(fp1.data));
-  net::SHA1Fingerprint fp2;
-  memset(fp2.data, 1, sizeof(fp2.data));
+  net::HashValue fp1;
+  fp1.tag = net::HASH_VALUE_SHA1;
+  memset(fp1.data(), 0, fp1.size());
+  net::HashValue fp2;
+  fp2.tag = net::HASH_VALUE_SHA1;
+  memset(fp2.data(), 1, fp2.size());
   TransportSecurityState::DomainState example_state;
   example_state.upgrade_expiry =
       base::Time::Now() + base::TimeDelta::FromSeconds(1000);
   example_state.upgrade_mode =
       TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
   example_state.dynamic_spki_hashes_expiry = example_state.upgrade_expiry;
   example_state.dynamic_spki_hashes.push_back(fp1);
   example_state.dynamic_spki_hashes.push_back(fp2);
   state_.EnableHost("www.example.com", example_state);
 
   // Add another entry.
-  memset(fp1.data, 2, sizeof(fp1.data));
-  memset(fp2.data, 3, sizeof(fp2.data));
+  memset(fp1.data(), 2, fp1.size());
+  memset(fp2.data(), 3, fp2.size());
   example_state.upgrade_expiry =
       base::Time::Now() + base::TimeDelta::FromSeconds(3000);
   example_state.upgrade_mode =
       TransportSecurityState::DomainState::MODE_DEFAULT;
   example_state.dynamic_spki_hashes_expiry = example_state.upgrade_expiry;
   example_state.dynamic_spki_hashes.push_back(fp1);
   example_state.dynamic_spki_hashes.push_back(fp2);
   state_.EnableHost("www.example.net", example_state);
 
   // Save a copy of everything.
@@ skipping 48 matching lines @@
       "}";
   bool dirty;
   EXPECT_TRUE(persister_->LoadEntries(output, &dirty));
   EXPECT_TRUE(dirty);
 }
 
 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
   TransportSecurityState::DomainState domain_state;
   static const char kTestDomain[] = "example.com";
   EXPECT_FALSE(state_.GetDomainState(kTestDomain, false, &domain_state));
-  net::FingerprintVector hashes;
+  std::vector<net::HashValueVector> hashes;
+  for (size_t i = 0; i < net::HASH_VALUE_TAGS_COUNT; ++i) {
+    net::HashValueVector v;
+    hashes.push_back(v);
+  }
+  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+
+  net::HashValue sha1;
+  sha1.tag = net::HASH_VALUE_SHA1;
+  memset(sha1.data(), '1', sha1.size());
+  domain_state.static_spki_hashes.push_back(sha1);
+
+  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+
+DLOG(WARNING) << hashes[net::HASH_VALUE_SHA1].size();
+  hashes[net::HASH_VALUE_SHA1].push_back(sha1);
+DLOG(WARNING) << hashes[net::HASH_VALUE_SHA1].size();

[wtc, 2012/08/07 15:00:54]

Nit: should these two lines be indented?

   EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
 
-  net::SHA1Fingerprint hash;
-  memset(hash.data, '1', sizeof(hash.data));
-  domain_state.static_spki_hashes.push_back(hash);
-
-  EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
-  hashes.push_back(hash);
-  EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
-  hashes[0].data[0] = '2';
+  hashes[net::HASH_VALUE_SHA1][0].data()[0] = '2';
   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
 
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
   domain_state.upgrade_expiry = expiry;
   state_.EnableHost(kTestDomain, domain_state);
   std::string ser;
   EXPECT_TRUE(persister_->SerializeData(&ser));
   bool dirty;
   EXPECT_TRUE(persister_->LoadEntries(ser, &dirty));
   EXPECT_TRUE(state_.GetDomainState(kTestDomain, false, &domain_state));
   EXPECT_EQ(1u, domain_state.static_spki_hashes.size());
-  EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data, hash.data,
-                      sizeof(hash.data)));
+  EXPECT_EQ(sha1.tag, domain_state.static_spki_hashes[0].tag);
+  EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data(), sha1.data(),
+                      sha1.size()));
 }
 
 TEST_F(TransportSecurityPersisterTest, ForcePreloads) {
   // The static state for docs.google.com, defined in
   // net/base/transport_security_state_static.h, has pins and mode strict.
   // This new policy overrides that with no pins and a weaker mode. We apply
   // this new policy with |DeserializeFromCommandLine| and expect that the
   // new policy is in effect, overriding the static policy.
   std::string preload("{"
                       "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
                       "\"created\": 0.0,"
                       "\"expiry\": 2000000000.0,"
                       "\"include_subdomains\": false,"
                       "\"mode\": \"pinning-only\""
                       "}}");
 
   EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload));
 
   TransportSecurityState::DomainState domain_state;
   EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state));
   EXPECT_FALSE(domain_state.HasPins());
   EXPECT_FALSE(domain_state.ShouldRedirectHTTPToHTTPS());
 }