Cert Management UI V2: fix inconsistent calculation of sha256hash_hex key
Most of the production code was setting to lowercase with one
exception, ServerCertificateDatabaseNSSMigrator. Tests were more mixed
on which case was used. This change makes everything use lowercase.
Add a constructor on CertInformation class that initializes it and
switch all the places creating CertInformation objects to use that, so
that they are all consistent.
Bug: 40928765
Change-Id: Ic457772d8f5f21bd79729081c971d24fa9451b0d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6072131
Reviewed-by: Hubert Chao <[email protected]>
Reviewed-by: Kyle Horimoto <[email protected]>
Auto-Submit: Matt Mueller <[email protected]>
Commit-Queue: Kyle Horimoto <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394431}
diff --git a/chrome/browser/net/cert_verifier_policy_browsertest.cc b/chrome/browser/net/cert_verifier_policy_browsertest.cc
index 6ce5e9b..67a3ba1 100644
--- a/chrome/browser/net/cert_verifier_policy_browsertest.cc
+++ b/chrome/browser/net/cert_verifier_policy_browsertest.cc
@@ -951,13 +951,11 @@
{
scoped_refptr<net::X509Certificate> root_cert =
test_server_for_user_added.GetRoot();
- net::ServerCertificateDatabase::CertInformation user_root_info;
- user_root_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation user_root_info(
+ root_cert->cert_span());
user_root_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
- user_root_info.der_cert = base::ToVector(root_cert->cert_span());
base::test::TestFuture<bool> future;
std::vector<net::ServerCertificateDatabase::CertInformation> cert_infos;
@@ -970,13 +968,11 @@
scoped_refptr<net::X509Certificate> hint_cert =
test_server_for_user_added.GetGeneratedIntermediate();
- net::ServerCertificateDatabase::CertInformation user_hint_info;
- user_hint_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(hint_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation user_hint_info(
+ hint_cert->cert_span());
user_hint_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_UNSPECIFIED);
- user_hint_info.der_cert = base::ToVector(hint_cert->cert_span());
base::test::TestFuture<bool> future;
std::vector<net::ServerCertificateDatabase::CertInformation> cert_infos;
diff --git a/chrome/browser/net/cert_verifier_service_browsertest.cc b/chrome/browser/net/cert_verifier_service_browsertest.cc
index df2e684..28c991c 100644
--- a/chrome/browser/net/cert_verifier_service_browsertest.cc
+++ b/chrome/browser/net/cert_verifier_service_browsertest.cc
@@ -269,13 +269,11 @@
{
scoped_refptr<net::X509Certificate> root_cert = https_test_server.GetRoot();
- net::ServerCertificateDatabase::CertInformation user_root_info;
- user_root_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation user_root_info(
+ root_cert->cert_span());
user_root_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
- user_root_info.der_cert = base::ToVector(root_cert->cert_span());
ASSERT_TRUE(AddCertificateToDatabaseAndWaitForVerifierUpdate(
std::move(user_root_info)));
@@ -283,13 +281,11 @@
{
scoped_refptr<net::X509Certificate> hint_cert =
https_test_server.GetGeneratedIntermediate();
- net::ServerCertificateDatabase::CertInformation user_hint_info;
- user_hint_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(hint_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation user_hint_info(
+ hint_cert->cert_span());
user_hint_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_UNSPECIFIED);
- user_hint_info.der_cert = base::ToVector(hint_cert->cert_span());
ASSERT_TRUE(AddCertificateToDatabaseAndWaitForVerifierUpdate(
std::move(user_hint_info)));
@@ -319,15 +315,13 @@
scoped_refptr<net::X509Certificate> root_cert =
net::ImportCertFromFile(net::EmbeddedTestServer::GetRootCertPemPath());
ASSERT_TRUE(root_cert);
- net::ServerCertificateDatabase::CertInformation user_root_info;
- user_root_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation user_root_info(
+ root_cert->cert_span());
user_root_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
user_root_info.cert_metadata.mutable_constraints()->add_dns_names(
"localhost");
- user_root_info.der_cert = base::ToVector(root_cert->cert_span());
ASSERT_TRUE(AddCertificateToDatabaseAndWaitForVerifierUpdate(
std::move(user_root_info)));
@@ -357,15 +351,13 @@
scoped_refptr<net::X509Certificate> root_cert =
net::ImportCertFromFile(net::EmbeddedTestServer::GetRootCertPemPath());
ASSERT_TRUE(root_cert);
- net::ServerCertificateDatabase::CertInformation user_root_info;
- user_root_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation user_root_info(
+ root_cert->cert_span());
user_root_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
user_root_info.cert_metadata.mutable_constraints()->add_dns_names(
"cruddyhost");
- user_root_info.der_cert = base::ToVector(root_cert->cert_span());
ASSERT_TRUE(AddCertificateToDatabaseAndWaitForVerifierUpdate(
std::move(user_root_info)));
@@ -393,13 +385,11 @@
net::ImportCertFromFile(net::EmbeddedTestServer::GetRootCertPemPath());
ASSERT_TRUE(root_cert);
- net::ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation cert_info(
+ root_cert->cert_span());
cert_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_DISTRUSTED);
- cert_info.der_cert = base::ToVector(root_cert->cert_span());
ASSERT_TRUE(
AddCertificateToDatabaseAndWaitForVerifierUpdate(std::move(cert_info)));
@@ -425,13 +415,11 @@
net::ImportCertFromFile(net::EmbeddedTestServer::GetRootCertPemPath());
ASSERT_TRUE(root_cert);
- net::ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation cert_info(
+ root_cert->cert_span());
cert_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_DISTRUSTED);
- cert_info.der_cert = base::ToVector(root_cert->cert_span());
ASSERT_TRUE(
AddCertificateToDatabaseAndWaitForVerifierUpdate(std::move(cert_info)));
@@ -459,13 +447,11 @@
https_test_server.GetCertificate();
ASSERT_TRUE(leaf_cert);
- net::ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(leaf_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation cert_info(
+ leaf_cert->cert_span());
cert_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
- cert_info.der_cert = base::ToVector(leaf_cert->cert_span());
// Sanity check.
ASSERT_EQ(net::ServerCertificateDatabase::GetUserCertificateTrust(cert_info),
@@ -498,13 +484,11 @@
https_test_server.GetCertificate();
ASSERT_TRUE(leaf_cert);
- net::ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(leaf_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation cert_info(
+ leaf_cert->cert_span());
cert_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
- cert_info.der_cert = base::ToVector(leaf_cert->cert_span());
// Sanity check.
ASSERT_EQ(net::ServerCertificateDatabase::GetUserCertificateTrust(cert_info),
@@ -536,13 +520,11 @@
scoped_refptr<net::X509Certificate> root_cert = https_test_server.GetRoot();
ASSERT_TRUE(root_cert);
- net::ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(root_cert->cert_span()));
+ net::ServerCertificateDatabase::CertInformation cert_info(
+ root_cert->cert_span());
cert_info.cert_metadata.mutable_trust()->set_trust_type(
chrome_browser_server_certificate_database::CertificateTrust::
CERTIFICATE_TRUST_TYPE_TRUSTED);
- cert_info.der_cert = base::ToVector(root_cert->cert_span());
// Sanity check.
ASSERT_EQ(net::ServerCertificateDatabase::GetUserCertificateTrust(cert_info),
diff --git a/chrome/browser/net/server_certificate_database.cc b/chrome/browser/net/server_certificate_database.cc
index cd65331..e1ab47d8 100644
--- a/chrome/browser/net/server_certificate_database.cc
+++ b/chrome/browser/net/server_certificate_database.cc
@@ -5,10 +5,13 @@
#include "chrome/browser/net/server_certificate_database.h"
#include "base/containers/span.h"
+#include "base/containers/to_vector.h"
#include "base/files/file_path.h"
#include "base/sequence_checker.h"
+#include "base/strings/string_number_conversions.h"
#include "base/types/zip.h"
#include "build/build_config.h"
+#include "crypto/sha2.h"
#include "net/cert/x509_util.h"
#include "sql/init_status.h"
#include "sql/meta_table.h"
@@ -186,6 +189,12 @@
return delete_statement.Run() && db_.GetLastChangeCount() > 0;
}
+ServerCertificateDatabase::CertInformation::CertInformation(
+ base::span<const uint8_t> cert) {
+ der_cert = base::ToVector(cert);
+ sha256hash_hex =
+ base::ToLowerASCII(base::HexEncode(crypto::SHA256Hash(cert)));
+}
ServerCertificateDatabase::CertInformation::CertInformation() = default;
ServerCertificateDatabase::CertInformation::~CertInformation() = default;
ServerCertificateDatabase::CertInformation::CertInformation(
diff --git a/chrome/browser/net/server_certificate_database.h b/chrome/browser/net/server_certificate_database.h
index 09b4309e..cfa0fc2 100644
--- a/chrome/browser/net/server_certificate_database.h
+++ b/chrome/browser/net/server_certificate_database.h
@@ -23,6 +23,9 @@
class ServerCertificateDatabase {
public:
struct CertInformation {
+ // Initializes a CertInformation object with the `der_cert` and calculates
+ // the `sha256hash_hex` from the supplied cert.
+ explicit CertInformation(base::span<const uint8_t> cert);
CertInformation();
~CertInformation();
CertInformation(CertInformation&&);
diff --git a/chrome/browser/net/server_certificate_database_nss_migrator.cc b/chrome/browser/net/server_certificate_database_nss_migrator.cc
index 5cc9bfb6..ab525cf9 100644
--- a/chrome/browser/net/server_certificate_database_nss_migrator.cc
+++ b/chrome/browser/net/server_certificate_database_nss_migrator.cc
@@ -45,10 +45,8 @@
result.cert_count = certs_to_migrate.size();
for (net::PlatformTrustStore::CertWithTrust& cert_to_migrate :
certs_to_migrate) {
- net::ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256Hash(cert_to_migrate.cert_bytes));
- cert_info.der_cert = std::move(cert_to_migrate.cert_bytes);
+ net::ServerCertificateDatabase::CertInformation cert_info(
+ cert_to_migrate.cert_bytes);
cert_info.cert_metadata.mutable_trust()->set_trust_type(
MapTrust(cert_to_migrate.trust));
diff --git a/chrome/browser/net/server_certificate_database_test_util.cc b/chrome/browser/net/server_certificate_database_test_util.cc
index 0f1e4ab..ec170f32 100644
--- a/chrome/browser/net/server_certificate_database_test_util.cc
+++ b/chrome/browser/net/server_certificate_database_test_util.cc
@@ -5,9 +5,6 @@
#include "chrome/browser/net/server_certificate_database_test_util.h"
#include "base/containers/span.h"
-#include "base/containers/to_vector.h"
-#include "base/strings/string_number_conversions.h"
-#include "crypto/sha2.h"
namespace net {
@@ -15,11 +12,9 @@
std::string_view der_cert,
chrome_browser_server_certificate_database::CertificateTrust::
CertificateTrustType trust_type) {
- ServerCertificateDatabase::CertInformation cert_info;
- cert_info.sha256hash_hex =
- base::HexEncode(crypto::SHA256HashString(der_cert));
+ ServerCertificateDatabase::CertInformation cert_info(
+ base::as_byte_span(der_cert));
cert_info.cert_metadata.mutable_trust()->set_trust_type(trust_type);
- cert_info.der_cert = base::ToVector(base::as_byte_span(der_cert));
return cert_info;
}
