Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(385)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_ios.cc

Issue 2000503002: Remove the fingerprint and ca_fingerprint from X509Certificate (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache
Patch Set: Fix IDN test Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/x509_certificate.cc ('k') | net/cert/x509_certificate_mac.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <Security/Security.h> 8 #include <Security/Security.h>
9 9
10 #include <openssl/x509.h> 10 #include <openssl/x509.h>
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
166 } 166 }
167 167
168 // static 168 // static
169 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { 169 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
170 if (cert_handle) 170 if (cert_handle)
171 CFRelease(cert_handle); 171 CFRelease(cert_handle);
172 } 172 }
173 173
174 void X509Certificate::Initialize() { 174 void X509Certificate::Initialize() {
175 crypto::EnsureOpenSSLInit(); 175 crypto::EnsureOpenSSLInit();
176 fingerprint_ = CalculateFingerprint(cert_handle_);
177 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
178 ScopedX509 x509_cert = OSCertHandleToOpenSSL(cert_handle_); 176 ScopedX509 x509_cert = OSCertHandleToOpenSSL(cert_handle_);
179 if (!x509_cert) 177 if (!x509_cert)
180 return; 178 return;
181 ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get()); 179 ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get());
182 if (serial_num) { 180 if (serial_num) {
183 // ASN1_INTEGERS represent the decoded number, in a format internal to 181 // ASN1_INTEGERS represent the decoded number, in a format internal to
184 // OpenSSL. Most notably, this may have leading zeroes stripped off for 182 // OpenSSL. Most notably, this may have leading zeroes stripped off for
185 // numbers whose first byte is >= 0x80. Thus, it is necessary to 183 // numbers whose first byte is >= 0x80. Thus, it is necessary to
186 // re-encoded the integer back into DER, which is what the interface 184 // re-encoded the integer back into DER, which is what the interface
187 // of X509Certificate exposes, to ensure callers get the proper (DER) 185 // of X509Certificate exposes, to ensure callers get the proper (DER)
188 // value. 186 // value.
189 int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr); 187 int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr);
190 unsigned char* buffer = reinterpret_cast<unsigned char*>( 188 unsigned char* buffer = reinterpret_cast<unsigned char*>(
191 base::WriteInto(&serial_number_, bytes_required + 1)); 189 base::WriteInto(&serial_number_, bytes_required + 1));
192 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); 190 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
193 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); 191 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
194 } 192 }
195 193
196 ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()), 194 ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()),
197 &subject_); 195 &subject_);
198 ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_); 196 ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_);
199 x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_); 197 x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_);
200 x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_); 198 x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_);
201 } 199 }
202 200
203 // static 201 // static
204 SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) {
205 SHA1HashValue sha1;
206 memset(sha1.data, 0, sizeof(sha1.data));
207
208 ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert));
209 if (!cert_data)
210 return sha1;
211 DCHECK(CFDataGetBytePtr(cert_data));
212 DCHECK_NE(0, CFDataGetLength(cert_data));
213 CC_SHA1(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data), sha1.data);
214
215 return sha1;
216 }
217
218 // static
219 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { 202 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
220 SHA256HashValue sha256; 203 SHA256HashValue sha256;
221 memset(sha256.data, 0, sizeof(sha256.data)); 204 memset(sha256.data, 0, sizeof(sha256.data));
222 205
223 ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert)); 206 ScopedCFTypeRef<CFDataRef> cert_data(SecCertificateCopyData(cert));
224 if (!cert_data) 207 if (!cert_data)
225 return sha256; 208 return sha256;
226 DCHECK(CFDataGetBytePtr(cert_data)); 209 DCHECK(CFDataGetBytePtr(cert_data));
227 DCHECK_NE(0, CFDataGetLength(cert_data)); 210 DCHECK_NE(0, CFDataGetLength(cert_data));
228 CC_SHA256(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data), 211 CC_SHA256(CFDataGetBytePtr(cert_data), CFDataGetLength(cert_data),
229 sha256.data); 212 sha256.data);
230 213
231 return sha256; 214 return sha256;
232 } 215 }
233 216
234 // static 217 // static
235 SHA1HashValue X509Certificate::CalculateCAFingerprint( 218 SHA256HashValue X509Certificate::CalculateCAFingerprint256(
236 const OSCertHandles& intermediates) { 219 const OSCertHandles& intermediates) {
237 SHA1HashValue sha1; 220 SHA256HashValue sha256;
238 memset(sha1.data, 0, sizeof(sha1.data)); 221 memset(sha256.data, 0, sizeof(sha256.data));
239 222
240 CC_SHA1_CTX sha1_ctx; 223 CC_SHA256_CTX sha256_ctx;
241 CC_SHA1_Init(&sha1_ctx); 224 CC_SHA256_Init(&sha256_ctx);
242 for (size_t i = 0; i < intermediates.size(); ++i) { 225 for (size_t i = 0; i < intermediates.size(); ++i) {
243 ScopedCFTypeRef<CFDataRef> cert_data( 226 ScopedCFTypeRef<CFDataRef> cert_data(
244 SecCertificateCopyData(intermediates[i])); 227 SecCertificateCopyData(intermediates[i]));
245 if (!cert_data) 228 if (!cert_data)
246 return sha1; 229 return sha256;
247 CC_SHA1_Update(&sha1_ctx, CFDataGetBytePtr(cert_data), 230 CC_SHA256_Update(&sha256_ctx, CFDataGetBytePtr(cert_data),
248 CFDataGetLength(cert_data)); 231 CFDataGetLength(cert_data));
249 } 232 }
250 CC_SHA1_Final(sha1.data, &sha1_ctx); 233 CC_SHA256_Final(sha256.data, &sha256_ctx);
251 return sha1; 234 return sha256;
252 } 235 }
253 236
254 // static 237 // static
255 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( 238 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
256 const char* data, 239 const char* data,
257 size_t length) { 240 size_t length) {
258 ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy( 241 ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy(
259 kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data), 242 kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data),
260 base::checked_cast<CFIndex>(length), kCFAllocatorNull)); 243 base::checked_cast<CFIndex>(length), kCFAllocatorNull));
261 if (!cert_data) 244 if (!cert_data)
(...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after
465 return false; 448 return false;
466 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get())); 449 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert.get()));
467 if (!scoped_key) 450 if (!scoped_key)
468 return false; 451 return false;
469 if (!X509_verify(cert.get(), scoped_key.get())) 452 if (!X509_verify(cert.get(), scoped_key.get()))
470 return false; 453 return false;
471 return X509_check_issued(cert.get(), cert.get()) == X509_V_OK; 454 return X509_check_issued(cert.get(), cert.get()) == X509_V_OK;
472 } 455 }
473 456
474 } // namespace net 457 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/x509_certificate.cc ('k') | net/cert/x509_certificate_mac.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698