Implement SHA-256 fingerprint support

net/base/transport_security_state.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_
 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_
 
 #include <map>
 #include <string>
 #include <utility>
@@ skipping 73 matching lines @@
     // any one of which is sufficient to validate the certificate chain in
     // question. The public keys could be of a root CA, intermediate CA, or
     // leaf certificate, depending on the security vs. disaster recovery
     // tradeoff selected. (Pinning only to leaf certifiates increases
     // security because you no longer trust any CAs, but it hampers disaster
     // recovery because you can't just get a new certificate signed by the
     // CA.)
     //
     // |bad_static_spki_hashes| contains public keys that we don't want to
     // trust.
-    bool IsChainOfPublicKeysPermitted(const FingerprintVector& hashes) const;
+    bool IsChainOfPublicKeysPermitted(
+        const std::vector<HashValueVector>& hashes) const;
 
-    // Returns true if any of the FingerprintVectors |static_spki_hashes|,
+    // Returns true if any of the HashValueVectors |static_spki_hashes|,
     // |bad_static_spki_hashes|, or |dynamic_spki_hashes| contains any
     // items.
     bool HasPins() const;
 
     // ShouldRedirectHTTPToHTTPS returns true iff, given the |mode| of this
     // DomainState, HTTP requests should be internally redirected to HTTPS.
     bool ShouldRedirectHTTPToHTTPS() const;
 
     bool Equals(const DomainState& other) const;
 
@@ skipping 17 matching lines @@
     bool include_subdomains;
 
     // Optional; hashes of static pinned SubjectPublicKeyInfos. Unless both
     // are empty, at least one of |static_spki_hashes| and
     // |dynamic_spki_hashes| MUST intersect with the set of SPKIs in the TLS
     // server's certificate chain.
     //
     // |dynamic_spki_hashes| take precedence over |static_spki_hashes|.
     // That is, |IsChainOfPublicKeysPermitted| first checks dynamic pins and
     // then checks static pins.
-    FingerprintVector static_spki_hashes;
+    HashValueVector static_spki_hashes;
 
     // Optional; hashes of dynamically pinned SubjectPublicKeyInfos.
-    FingerprintVector dynamic_spki_hashes;
+    HashValueVector dynamic_spki_hashes;
 
     // The absolute time (UTC) when the |dynamic_spki_hashes| expire.
     base::Time dynamic_spki_hashes_expiry;
 
     // Optional; hashes of static known-bad SubjectPublicKeyInfos which
     // MUST NOT intersect with the set of SPKIs in the TLS server's
     // certificate chain.
-    FingerprintVector bad_static_spki_hashes;
+    HashValueVector bad_static_spki_hashes;
 
     // The following members are not valid when stored in |enabled_hosts_|:
 
     // The domain which matched during a search for this DomainState entry.
     // Updated by |GetDomainState| and |GetStaticDomainState|.
     std::string domain;
   };
 
   class Iterator {
    public:
@@ skipping 92 matching lines @@
   // SNI-using hosts as well as the rest of the pins.
   //
   // If |host| matches both an exact entry and is a subdomain of another
   // entry, the exact match determines the return value.
   static bool IsGooglePinnedProperty(const std::string& host,
                                      bool sni_enabled);
 
   // Decodes a pin string |value| (e.g. "sha1/hvfkN/qlp/zhXR3cuerq6jd2Z7g=").
   // If parsing succeeded, updates |*out| and returns true; otherwise returns
   // false without updating |*out|.
-  static bool ParsePin(const std::string& value, Fingerprint* out);
+  static bool ParsePin(const std::string& value, HashValue* out);
 
   // The maximum number of seconds for which we'll cache an HSTS request.
   static const long int kMaxHSTSAgeSecs;
 
   // Converts |hostname| from dotted form ("www.google.com") to the form
   // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns
   // the result.
   static std::string CanonicalizeHost(const std::string& hostname);
 
   // Send an UMA report on pin validation failure, if the host is in a
@@ skipping 19 matching lines @@
   std::map<std::string, DomainState> forced_hosts_;
 
   Delegate* delegate_;
 
   DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_TRANSPORT_SECURITY_STATE_H_