Implement SHA-256 fingerprint support

net/base/cert_verify_proc_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/cert_verify_proc.h"
 
 #include <vector>
 
 #include "base/file_path.h"
 #include "base/string_number_conversions.h"
@@ skipping 102 matching lines @@
 }
 
 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
   scoped_refptr<X509Certificate> paypal_null_cert(
       X509Certificate::CreateFromBytes(
           reinterpret_cast<const char*>(paypal_null_der),
           sizeof(paypal_null_der)));
 
   ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
 
-  const SHA1Fingerprint& fingerprint =
+  const SHA1HashValue& fingerprint =
       paypal_null_cert->fingerprint();
   for (size_t i = 0; i < 20; ++i)
     EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
 
   int flags = 0;
   CertVerifyResult verify_result;
   int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL,
                      &verify_result);
 #if defined(USE_NSS)
   EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);
@@ skipping 256 matching lines @@
         ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]);
     std::string der_bytes;
     ASSERT_TRUE(X509Certificate::GetDEREncoded(
         diginotar_cert->os_cert_handle(), &der_bytes));
 
     base::StringPiece spki;
     ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki));
 
     std::string spki_sha1 = base::SHA1HashString(spki.as_string());
 
-    std::vector<SHA1Fingerprint> public_keys;
-    SHA1Fingerprint fingerprint;
-    ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size());
-    memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size());
+    HashValueVector public_keys;
+    HashValue fingerprint;
+    fingerprint.tag = HASH_VALUE_SHA1;
+    ASSERT_EQ(fingerprint.size(), spki_sha1.size());
+    memcpy(fingerprint.data(), spki_sha1.data(), spki_sha1.size());
     public_keys.push_back(fingerprint);
 
     EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) <<
         "Public key not blocked for " << kDigiNotarFilenames[i];
   }
 }
 
 TEST_F(CertVerifyProcTest, TestKnownRoot) {
   FilePath certs_dir = GetTestCertsDirectory();
   CertificateList certs = CreateCertificateListFromFile(
@@ skipping 33 matching lines @@
                                         intermediates);
   int flags = 0;
   CertVerifyResult verify_result;
 
   // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
   // against agl. See also TestKnownRoot.
   int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
   EXPECT_EQ(OK, error);
   EXPECT_EQ(0U, verify_result.cert_status);
   ASSERT_LE(3u, verify_result.public_key_hashes.size());
-  for (unsigned i = 0; i < 3; i++) {
+
+  HashValueVector sha1_hashes;
+  for (unsigned i = 0; i < verify_result.public_key_hashes.size(); ++i) {
+    if (verify_result.public_key_hashes[i].tag != HASH_VALUE_SHA1)
+      continue;
+    sha1_hashes.push_back(verify_result.public_key_hashes[i]);
+  }
+  ASSERT_LE(3u, sha1_hashes.size());
+
+  for (unsigned i = 0; i < 3; ++i) {
     EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length),
-        HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length));
+              HexEncode(sha1_hashes[i].data(), base::kSHA1Length));
   }
 }
 
 // A regression test for http://crbug.com/70293.
 // The Key Usage extension in this RSA SSL server certificate does not have
 // the keyEncipherment bit.
 TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
   FilePath certs_dir = GetTestCertsDirectory();
 
   scoped_refptr<X509Certificate> server_cert =
@@ skipping 494 matching lines @@
 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
 #else
 #define MAYBE_VerifyMixed VerifyMixed
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(
     MAYBE_VerifyMixed,
     CertVerifyProcWeakDigestTest,
     testing::ValuesIn(kVerifyMixedTestData));
 
 }  // namespace net