OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> | 5 #include <cert.h> |
6 #include <cryptohi.h> | 6 #include <cryptohi.h> |
7 #include <keyhi.h> | 7 #include <keyhi.h> |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <prtime.h> | 10 #include <prtime.h> |
(...skipping 15 matching lines...) Expand all Loading... |
26 | 26 |
27 namespace net { | 27 namespace net { |
28 | 28 |
29 void X509Certificate::Initialize() { | 29 void X509Certificate::Initialize() { |
30 x509_util::ParsePrincipal(&cert_handle_->subject, &subject_); | 30 x509_util::ParsePrincipal(&cert_handle_->subject, &subject_); |
31 x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_); | 31 x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_); |
32 | 32 |
33 x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_); | 33 x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_); |
34 x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); | 34 x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); |
35 | 35 |
36 fingerprint_ = CalculateFingerprint(cert_handle_); | |
37 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); | |
38 | |
39 serial_number_ = x509_util::ParseSerialNumber(cert_handle_); | 36 serial_number_ = x509_util::ParseSerialNumber(cert_handle_); |
40 } | 37 } |
41 | 38 |
42 // static | 39 // static |
43 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytesWithNickname( | 40 scoped_refptr<X509Certificate> X509Certificate::CreateFromBytesWithNickname( |
44 const char* data, | 41 const char* data, |
45 size_t length, | 42 size_t length, |
46 const char* nickname) { | 43 const char* nickname) { |
47 OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data, | 44 OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data, |
48 length, | 45 length, |
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
201 OSCertHandle cert_handle) { | 198 OSCertHandle cert_handle) { |
202 return CERT_DupCertificate(cert_handle); | 199 return CERT_DupCertificate(cert_handle); |
203 } | 200 } |
204 | 201 |
205 // static | 202 // static |
206 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 203 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
207 CERT_DestroyCertificate(cert_handle); | 204 CERT_DestroyCertificate(cert_handle); |
208 } | 205 } |
209 | 206 |
210 // static | 207 // static |
211 SHA1HashValue X509Certificate::CalculateFingerprint( | |
212 OSCertHandle cert) { | |
213 SHA1HashValue sha1; | |
214 memset(sha1.data, 0, sizeof(sha1.data)); | |
215 | |
216 DCHECK(NULL != cert->derCert.data); | |
217 DCHECK_NE(0U, cert->derCert.len); | |
218 | |
219 SECStatus rv = HASH_HashBuf(HASH_AlgSHA1, sha1.data, | |
220 cert->derCert.data, cert->derCert.len); | |
221 DCHECK_EQ(SECSuccess, rv); | |
222 | |
223 return sha1; | |
224 } | |
225 | |
226 // static | |
227 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | 208 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
228 SHA256HashValue sha256; | 209 SHA256HashValue sha256; |
229 memset(sha256.data, 0, sizeof(sha256.data)); | 210 memset(sha256.data, 0, sizeof(sha256.data)); |
230 | 211 |
231 DCHECK(NULL != cert->derCert.data); | 212 DCHECK(NULL != cert->derCert.data); |
232 DCHECK_NE(0U, cert->derCert.len); | 213 DCHECK_NE(0U, cert->derCert.len); |
233 | 214 |
234 SECStatus rv = HASH_HashBuf( | 215 SECStatus rv = HASH_HashBuf( |
235 HASH_AlgSHA256, sha256.data, cert->derCert.data, cert->derCert.len); | 216 HASH_AlgSHA256, sha256.data, cert->derCert.data, cert->derCert.len); |
236 DCHECK_EQ(SECSuccess, rv); | 217 DCHECK_EQ(SECSuccess, rv); |
237 | 218 |
238 return sha256; | 219 return sha256; |
239 } | 220 } |
240 | 221 |
241 // static | 222 // static |
242 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 223 SHA256HashValue X509Certificate::CalculateCAFingerprint256( |
243 const OSCertHandles& intermediates) { | 224 const OSCertHandles& intermediates) { |
244 SHA1HashValue sha1; | 225 SHA256HashValue sha256; |
245 memset(sha1.data, 0, sizeof(sha1.data)); | 226 memset(sha256.data, 0, sizeof(sha256.data)); |
246 | 227 |
247 HASHContext* sha1_ctx = HASH_Create(HASH_AlgSHA1); | 228 HASHContext* sha256_ctx = HASH_Create(HASH_AlgSHA256); |
248 if (!sha1_ctx) | 229 if (!sha256_ctx) |
249 return sha1; | 230 return sha256; |
250 HASH_Begin(sha1_ctx); | 231 HASH_Begin(sha256_ctx); |
251 for (size_t i = 0; i < intermediates.size(); ++i) { | 232 for (size_t i = 0; i < intermediates.size(); ++i) { |
252 CERTCertificate* ca_cert = intermediates[i]; | 233 CERTCertificate* ca_cert = intermediates[i]; |
253 HASH_Update(sha1_ctx, ca_cert->derCert.data, ca_cert->derCert.len); | 234 HASH_Update(sha256_ctx, ca_cert->derCert.data, ca_cert->derCert.len); |
254 } | 235 } |
255 unsigned int result_len; | 236 unsigned int result_len; |
256 HASH_End(sha1_ctx, sha1.data, &result_len, HASH_ResultLenContext(sha1_ctx)); | 237 HASH_End(sha256_ctx, sha256.data, &result_len, |
257 HASH_Destroy(sha1_ctx); | 238 HASH_ResultLenContext(sha256_ctx)); |
| 239 HASH_Destroy(sha256_ctx); |
258 | 240 |
259 return sha1; | 241 return sha256; |
260 } | 242 } |
261 | 243 |
262 // static | 244 // static |
263 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( | 245 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( |
264 base::PickleIterator* pickle_iter) { | 246 base::PickleIterator* pickle_iter) { |
265 return x509_util::ReadOSCertHandleFromPickle(pickle_iter); | 247 return x509_util::ReadOSCertHandleFromPickle(pickle_iter); |
266 } | 248 } |
267 | 249 |
268 // static | 250 // static |
269 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, | 251 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, |
(...skipping 17 matching lines...) Expand all Loading... |
287 return false; | 269 return false; |
288 if (SECSuccess != CERT_VerifySignedDataWithPublicKey( | 270 if (SECSuccess != CERT_VerifySignedDataWithPublicKey( |
289 &cert_handle->signatureWrap, public_key.get(), NULL)) { | 271 &cert_handle->signatureWrap, public_key.get(), NULL)) { |
290 return false; | 272 return false; |
291 } | 273 } |
292 return CERT_CompareName(&cert_handle->subject, &cert_handle->issuer) == | 274 return CERT_CompareName(&cert_handle->subject, &cert_handle->issuer) == |
293 SECEqual; | 275 SECEqual; |
294 } | 276 } |
295 | 277 |
296 } // namespace net | 278 } // namespace net |
OLD | NEW |