Remove the fingerprint and ca_fingerprint from X509Certificate
X509Certificate provided a function to get the SHA-1 hash of
the certificate data and the SHA-1 hash of the intermediates.
This was largely for sorting optimizations, but was never
intended to be a substitute for true equality checks (namely,
IsSameOSCert()). However, because X509Certificate::LessThan
used these, the comparison of two X509Certificates was less
secure than desired.
This removes the fingerprint members and the ability to
publicly compute the SHA-1 hash of the certificate/intermediates.
Callers can instead compute the SHA-256 fingerprint using
X509Certificate::Calculate[CA]Fingerprint256 to obtain the
equivalent SHA256HashValue fingerprint.
This also optimizes CalculateCAFingerprint256 to avoid
additional copies, by moving it to the platform-native
implementation.
BUG=613460
Review-Url: https://codereview.chromium.org/2000503002
Cr-Commit-Position: refs/heads/master@{#400904}
30 files changed