OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
| 9 #include <openssl/sha.h> |
| 10 |
9 #include "base/logging.h" | 11 #include "base/logging.h" |
10 #include "base/memory/free_deleter.h" | 12 #include "base/memory/free_deleter.h" |
11 #include "base/numerics/safe_conversions.h" | 13 #include "base/numerics/safe_conversions.h" |
12 #include "base/pickle.h" | 14 #include "base/pickle.h" |
13 #include "base/sha1.h" | 15 #include "base/sha1.h" |
14 #include "base/strings/string_util.h" | 16 #include "base/strings/string_util.h" |
15 #include "base/strings/utf_string_conversions.h" | 17 #include "base/strings/utf_string_conversions.h" |
16 #include "crypto/capi_util.h" | 18 #include "crypto/capi_util.h" |
17 #include "crypto/scoped_capi_types.h" | 19 #include "crypto/scoped_capi_types.h" |
18 #include "crypto/sha2.h" | 20 #include "crypto/sha2.h" |
19 #include "net/base/net_errors.h" | 21 #include "net/base/net_errors.h" |
20 | 22 |
21 // Implement CalculateChainFingerprint() with our native crypto library. | |
22 #if defined(USE_OPENSSL) | |
23 #include <openssl/sha.h> | |
24 #else | |
25 #include <blapi.h> | |
26 #endif | |
27 | |
28 using base::Time; | 23 using base::Time; |
29 | 24 |
30 namespace net { | 25 namespace net { |
31 | 26 |
32 namespace { | 27 namespace { |
33 | 28 |
34 typedef crypto::ScopedCAPIHandle< | 29 typedef crypto::ScopedCAPIHandle< |
35 HCERTSTORE, | 30 HCERTSTORE, |
36 crypto::CAPIDestroyerWithFlags<HCERTSTORE, | 31 crypto::CAPIDestroyerWithFlags<HCERTSTORE, |
37 CertCloseStore, 0> > ScopedHCERTSTORE; | 32 CertCloseStore, 0> > ScopedHCERTSTORE; |
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
333 cert->cbCertEncoded); | 328 cert->cbCertEncoded); |
334 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); | 329 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); |
335 return sha256; | 330 return sha256; |
336 } | 331 } |
337 | 332 |
338 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 333 SHA1HashValue X509Certificate::CalculateCAFingerprint( |
339 const OSCertHandles& intermediates) { | 334 const OSCertHandles& intermediates) { |
340 SHA1HashValue sha1; | 335 SHA1HashValue sha1; |
341 memset(sha1.data, 0, sizeof(sha1.data)); | 336 memset(sha1.data, 0, sizeof(sha1.data)); |
342 | 337 |
343 #if defined(USE_OPENSSL) | |
344 SHA_CTX ctx; | 338 SHA_CTX ctx; |
345 if (!SHA1_Init(&ctx)) | 339 if (!SHA1_Init(&ctx)) |
346 return sha1; | 340 return sha1; |
347 for (size_t i = 0; i < intermediates.size(); ++i) { | 341 for (size_t i = 0; i < intermediates.size(); ++i) { |
348 PCCERT_CONTEXT ca_cert = intermediates[i]; | 342 PCCERT_CONTEXT ca_cert = intermediates[i]; |
349 if (!SHA1_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded)) | 343 if (!SHA1_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded)) |
350 return sha1; | 344 return sha1; |
351 } | 345 } |
352 SHA1_Final(sha1.data, &ctx); | 346 SHA1_Final(sha1.data, &ctx); |
353 #else // !USE_OPENSSL | |
354 SHA1Context* sha1_ctx = SHA1_NewContext(); | |
355 if (!sha1_ctx) | |
356 return sha1; | |
357 SHA1_Begin(sha1_ctx); | |
358 for (size_t i = 0; i < intermediates.size(); ++i) { | |
359 PCCERT_CONTEXT ca_cert = intermediates[i]; | |
360 SHA1_Update(sha1_ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded); | |
361 } | |
362 unsigned int result_len; | |
363 SHA1_End(sha1_ctx, sha1.data, &result_len, SHA1_LENGTH); | |
364 SHA1_DestroyContext(sha1_ctx, PR_TRUE); | |
365 #endif // USE_OPENSSL | |
366 | 347 |
367 return sha1; | 348 return sha1; |
368 } | 349 } |
369 | 350 |
370 // static | 351 // static |
371 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( | 352 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( |
372 base::PickleIterator* pickle_iter) { | 353 base::PickleIterator* pickle_iter) { |
373 const char* data; | 354 const char* data; |
374 int length; | 355 int length; |
375 if (!pickle_iter->ReadData(&data, &length)) | 356 if (!pickle_iter->ReadData(&data, &length)) |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
488 X509_ASN_ENCODING, | 469 X509_ASN_ENCODING, |
489 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, | 470 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, |
490 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), | 471 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), |
491 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, | 472 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, |
492 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), | 473 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), |
493 0, | 474 0, |
494 NULL); | 475 NULL); |
495 } | 476 } |
496 | 477 |
497 } // namespace net | 478 } // namespace net |
OLD | NEW |