Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_win.cc

Issue 2000503002: Remove the fingerprint and ca_fingerprint from X509Certificate (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/x509_certificate_unittest.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/ssl/client_cert_store_mac.cc » ('j') | net/ssl/client_cert_store_mac.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include <openssl/sha.h> 9 #include <openssl/sha.h>
10 10
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after
137 void X509Certificate::Initialize() { 137 void X509Certificate::Initialize() {
138 DCHECK(cert_handle_); 138 DCHECK(cert_handle_);
139 subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData, 139 subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData,
140 cert_handle_->pCertInfo->Subject.cbData); 140 cert_handle_->pCertInfo->Subject.cbData);
141 issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData, 141 issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData,
142 cert_handle_->pCertInfo->Issuer.cbData); 142 cert_handle_->pCertInfo->Issuer.cbData);
143 143
144 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore); 144 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore);
145 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); 145 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter);
146 146
147 fingerprint_ = CalculateFingerprint(cert_handle_);
148 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
149
150 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; 147 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber;
151 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); 148 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]);
152 for (unsigned i = 0; i < serial->cbData; i++) 149 for (unsigned i = 0; i < serial->cbData; i++)
153 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; 150 serial_bytes[i] = serial->pbData[serial->cbData - i - 1];
154 serial_number_ = std::string( 151 serial_number_ = std::string(
155 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); 152 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData);
156 } 153 }
157 154
158 void X509Certificate::GetSubjectAltName( 155 void X509Certificate::GetSubjectAltName(
159 std::vector<std::string>* dns_names, 156 std::vector<std::string>* dns_names,
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
289 OSCertHandle cert_handle) { 286 OSCertHandle cert_handle) {
290 return CertDuplicateCertificateContext(cert_handle); 287 return CertDuplicateCertificateContext(cert_handle);
291 } 288 }
292 289
293 // static 290 // static
294 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 291 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
295 CertFreeCertificateContext(cert_handle); 292 CertFreeCertificateContext(cert_handle);
296 } 293 }
297 294
298 // static 295 // static
299 SHA1HashValue X509Certificate::CalculateFingerprint(
300 OSCertHandle cert) {
301 DCHECK(NULL != cert->pbCertEncoded);
302 DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded);
303
304 BOOL rv;
305 SHA1HashValue sha1;
306 DWORD sha1_size = sizeof(sha1.data);
307 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
308 cert->cbCertEncoded, sha1.data, &sha1_size);
309 DCHECK(rv && sha1_size == sizeof(sha1.data));
310 if (!rv)
311 memset(sha1.data, 0, sizeof(sha1.data));
312 return sha1;
313 }
314
315 // static
316 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { 296 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
317 DCHECK(NULL != cert->pbCertEncoded); 297 DCHECK(NULL != cert->pbCertEncoded);
318 DCHECK_NE(0u, cert->cbCertEncoded); 298 DCHECK_NE(0u, cert->cbCertEncoded);
319 299
320 SHA256HashValue sha256; 300 SHA256HashValue sha256;
321 size_t sha256_size = sizeof(sha256.data); 301 size_t sha256_size = sizeof(sha256.data);
322 302
323 // Use crypto::SHA256HashString for two reasons: 303 // Use crypto::SHA256HashString for two reasons:
324 // * < Windows Vista does not have universal SHA-256 support. 304 // * < Windows Vista does not have universal SHA-256 support.
325 // * More efficient on Windows > Vista (less overhead since non-default CSP 305 // * More efficient on Windows > Vista (less overhead since non-default CSP
326 // is not needed). 306 // is not needed).
327 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), 307 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded),
328 cert->cbCertEncoded); 308 cert->cbCertEncoded);
329 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); 309 crypto::SHA256HashString(der_cert, sha256.data, sha256_size);
330 return sha256; 310 return sha256;
331 } 311 }
332 312
333 SHA1HashValue X509Certificate::CalculateCAFingerprint( 313 SHA256HashValue X509Certificate::CalculateCAFingerprint256(
334 const OSCertHandles& intermediates) { 314 const OSCertHandles& intermediates) {
335 SHA1HashValue sha1; 315 SHA256HashValue sha256;
336 memset(sha1.data, 0, sizeof(sha1.data)); 316 memset(sha256.data, 0, sizeof(sha256.data));
337 317
338 SHA_CTX ctx; 318 SHA_CTX ctx;
339 if (!SHA1_Init(&ctx)) 319 if (!SHA256_Init(&ctx))
340 return sha1; 320 return sha256;
341 for (size_t i = 0; i < intermediates.size(); ++i) { 321 for (size_t i = 0; i < intermediates.size(); ++i) {
342 PCCERT_CONTEXT ca_cert = intermediates[i]; 322 PCCERT_CONTEXT ca_cert = intermediates[i];
343 if (!SHA1_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded)) 323 if (!SHA256_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded))
344 return sha1; 324 return sha256;
345 } 325 }
346 SHA1_Final(sha1.data, &ctx); 326 SHA256_Final(sha256.data, &ctx);
347 327
348 return sha1; 328 return sha256;
349 } 329 }
350 330
351 // static 331 // static
352 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( 332 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle(
353 base::PickleIterator* pickle_iter) { 333 base::PickleIterator* pickle_iter) {
354 const char* data; 334 const char* data;
355 int length; 335 int length;
356 if (!pickle_iter->ReadData(&data, &length)) 336 if (!pickle_iter->ReadData(&data, &length))
357 return NULL; 337 return NULL;
358 338
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after
469 X509_ASN_ENCODING, 449 X509_ASN_ENCODING,
470 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, 450 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
471 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 451 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
472 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, 452 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
473 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 453 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
474 0, 454 0,
475 NULL); 455 NULL);
476 } 456 }
477 457
478 } // namespace net 458 } // namespace net
OLDNEW
« net/cert/x509_certificate_unittest.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/ssl/client_cert_store_mac.cc » ('j') | net/ssl/client_cert_store_mac.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698