Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(303)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_nss.cc

Issue 2000503002: Remove the fingerprint and ca_fingerprint from X509Certificate (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/x509_certificate.cc ('K') | « net/cert/x509_certificate_mac.cc ('k') | net/cert/x509_certificate_openssl.cc » ('j') | net/cert/x509_certificate_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> 5 #include <cert.h>
6 #include <cryptohi.h> 6 #include <cryptohi.h>
7 #include <keyhi.h> 7 #include <keyhi.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <prtime.h> 10 #include <prtime.h>
(...skipping 15 matching lines...) Expand all
26 26
27 namespace net { 27 namespace net {
28 28
29 void X509Certificate::Initialize() { 29 void X509Certificate::Initialize() {
30 x509_util::ParsePrincipal(&cert_handle_->subject, &subject_); 30 x509_util::ParsePrincipal(&cert_handle_->subject, &subject_);
31 x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_); 31 x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_);
32 32
33 x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_); 33 x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_);
34 x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); 34 x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);
35 35
36 fingerprint_ = CalculateFingerprint(cert_handle_);
37 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
38
39 serial_number_ = x509_util::ParseSerialNumber(cert_handle_); 36 serial_number_ = x509_util::ParseSerialNumber(cert_handle_);
40 } 37 }
41 38
42 // static 39 // static
43 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytesWithNickname( 40 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytesWithNickname(
44 const char* data, 41 const char* data,
45 size_t length, 42 size_t length,
46 const char* nickname) { 43 const char* nickname) {
47 OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data, 44 OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data,
48 length, 45 length,
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
201 OSCertHandle cert_handle) { 198 OSCertHandle cert_handle) {
202 return CERT_DupCertificate(cert_handle); 199 return CERT_DupCertificate(cert_handle);
203 } 200 }
204 201
205 // static 202 // static
206 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 203 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
207 CERT_DestroyCertificate(cert_handle); 204 CERT_DestroyCertificate(cert_handle);
208 } 205 }
209 206
210 // static 207 // static
211 SHA1HashValue X509Certificate::CalculateFingerprint(
212 OSCertHandle cert) {
213 SHA1HashValue sha1;
214 memset(sha1.data, 0, sizeof(sha1.data));
215
216 DCHECK(NULL != cert->derCert.data);
217 DCHECK_NE(0U, cert->derCert.len);
218
219 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data,
220 cert->derCert.data, cert->derCert.len);
221 DCHECK_EQ(SECSuccess, rv);
222
223 return sha1;
224 }
225
226 // static
227 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { 208 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
228 SHA256HashValue sha256; 209 SHA256HashValue sha256;
229 memset(sha256.data, 0, sizeof(sha256.data)); 210 memset(sha256.data, 0, sizeof(sha256.data));
230 211
231 DCHECK(NULL != cert->derCert.data); 212 DCHECK(NULL != cert->derCert.data);
232 DCHECK_NE(0U, cert->derCert.len); 213 DCHECK_NE(0U, cert->derCert.len);
233 214
234 SECStatus rv = HASH_HashBuf( 215 SECStatus rv = HASH_HashBuf(
235 HASH_AlgSHA256, sha256.data, cert->derCert.data, cert->derCert.len); 216 HASH_AlgSHA256, sha256.data, cert->derCert.data, cert->derCert.len);
236 DCHECK_EQ(SECSuccess, rv); 217 DCHECK_EQ(SECSuccess, rv);
237 218
238 return sha256; 219 return sha256;
239 } 220 }
240 221
241 // static 222 // static
242 SHA1HashValue X509Certificate::CalculateCAFingerprint( 223 SHA256HashValue X509Certificate::CalculateCAFingerprint256(
243 const OSCertHandles& intermediates) { 224 const OSCertHandles& intermediates) {
244 SHA1HashValue sha1; 225 SHA256HashValue sha256;
245 memset(sha1.data, 0, sizeof(sha1.data)); 226 memset(sha256.data, 0, sizeof(sha256.data));
246 227
247 HASHContext* sha1_ctx = HASH_Create(HASH_AlgSHA1); 228 HASHContext* sha256_ctx = HASH_Create(HASH_AlgSHA256);
248 if (!sha1_ctx) 229 if (!sha256_ctx)
249 return sha1; 230 return sha256;
250 HASH_Begin(sha1_ctx); 231 HASH_Begin(sha256_ctx);
251 for (size_t i = 0; i < intermediates.size(); ++i) { 232 for (size_t i = 0; i < intermediates.size(); ++i) {
252 CERTCertificate* ca_cert = intermediates[i]; 233 CERTCertificate* ca_cert = intermediates[i];
253 HASH_Update(sha1_ctx, ca_cert->derCert.data, ca_cert->derCert.len); 234 HASH_Update(sha256_ctx, ca_cert->derCert.data, ca_cert->derCert.len);
254 } 235 }
255 unsigned int result_len; 236 unsigned int result_len;
256 HASH_End(sha1_ctx, sha1.data, &result_len, HASH_ResultLenContext(sha1_ctx)); 237 HASH_End(sha256_ctx, sha256.data, &result_len,
257 HASH_Destroy(sha1_ctx); 238 HASH_ResultLenContext(sha256_ctx));
239 HASH_Destroy(sha256_ctx);
258 240
259 return sha1; 241 return sha256;
260 } 242 }
261 243
262 // static 244 // static
263 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( 245 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle(
264 base::PickleIterator* pickle_iter) { 246 base::PickleIterator* pickle_iter) {
265 return x509_util::ReadOSCertHandleFromPickle(pickle_iter); 247 return x509_util::ReadOSCertHandleFromPickle(pickle_iter);
266 } 248 }
267 249
268 // static 250 // static
269 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, 251 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
(...skipping 13 matching lines...) Expand all
283 // static 265 // static
284 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { 266 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
285 crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle)); 267 crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle));
286 if (!public_key.get()) 268 if (!public_key.get())
287 return false; 269 return false;
288 return SECSuccess == CERT_VerifySignedDataWithPublicKey( 270 return SECSuccess == CERT_VerifySignedDataWithPublicKey(
289 &cert_handle->signatureWrap, public_key.get(), NULL); 271 &cert_handle->signatureWrap, public_key.get(), NULL);
290 } 272 }
291 273
292 } // namespace net 274 } // namespace net
OLDNEW
« net/cert/x509_certificate.cc ('K') | « net/cert/x509_certificate_mac.cc ('k') | net/cert/x509_certificate_openssl.cc » ('j') | net/cert/x509_certificate_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698