| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
| 8 #include <openssl/bytestring.h> | 8 #include <openssl/bytestring.h> |
| 9 #include <openssl/crypto.h> | 9 #include <openssl/crypto.h> |
| 10 #include <openssl/obj_mac.h> | 10 #include <openssl/obj_mac.h> |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 186 // static | 186 // static |
| 187 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 187 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
| 188 // Decrement the ref-count for the cert and, if all references are gone, | 188 // Decrement the ref-count for the cert and, if all references are gone, |
| 189 // free the memory and any application-specific data associated with the | 189 // free the memory and any application-specific data associated with the |
| 190 // certificate. | 190 // certificate. |
| 191 X509_free(cert_handle); | 191 X509_free(cert_handle); |
| 192 } | 192 } |
| 193 | 193 |
| 194 void X509Certificate::Initialize() { | 194 void X509Certificate::Initialize() { |
| 195 crypto::EnsureOpenSSLInit(); | 195 crypto::EnsureOpenSSLInit(); |
| 196 fingerprint_ = CalculateFingerprint(cert_handle_); | |
| 197 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); | |
| 198 | 196 |
| 199 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); | 197 ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); |
| 200 if (serial_num) { | 198 if (serial_num) { |
| 201 // ASN1_INTEGERS represent the decoded number, in a format internal to | 199 // ASN1_INTEGERS represent the decoded number, in a format internal to |
| 202 // OpenSSL. Most notably, this may have leading zeroes stripped off for | 200 // OpenSSL. Most notably, this may have leading zeroes stripped off for |
| 203 // numbers whose first byte is >= 0x80. Thus, it is necessary to | 201 // numbers whose first byte is >= 0x80. Thus, it is necessary to |
| 204 // re-encoded the integer back into DER, which is what the interface | 202 // re-encoded the integer back into DER, which is what the interface |
| 205 // of X509Certificate exposes, to ensure callers get the proper (DER) | 203 // of X509Certificate exposes, to ensure callers get the proper (DER) |
| 206 // value. | 204 // value. |
| 207 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); | 205 int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); |
| 208 unsigned char* buffer = reinterpret_cast<unsigned char*>( | 206 unsigned char* buffer = reinterpret_cast<unsigned char*>( |
| 209 base::WriteInto(&serial_number_, bytes_required + 1)); | 207 base::WriteInto(&serial_number_, bytes_required + 1)); |
| 210 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); | 208 int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); |
| 211 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); | 209 DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); |
| 212 } | 210 } |
| 213 | 211 |
| 214 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); | 212 ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); |
| 215 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); | 213 ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); |
| 216 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); | 214 x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); |
| 217 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); | 215 x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); |
| 218 } | 216 } |
| 219 | 217 |
| 220 // static | 218 // static |
| 221 void X509Certificate::ResetCertStore() { | 219 void X509Certificate::ResetCertStore() { |
| 222 X509InitSingleton::GetInstance()->ResetCertStore(); | 220 X509InitSingleton::GetInstance()->ResetCertStore(); |
| 223 } | 221 } |
| 224 | 222 |
| 225 // static | 223 // static |
| 226 SHA1HashValue X509Certificate::CalculateFingerprint(OSCertHandle cert) { | |
| 227 SHA1HashValue sha1; | |
| 228 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); | |
| 229 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); | |
| 230 CHECK(ret); | |
| 231 CHECK_EQ(sha1_size, sizeof(sha1.data)); | |
| 232 return sha1; | |
| 233 } | |
| 234 | |
| 235 // static | |
| 236 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | 224 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
| 237 SHA256HashValue sha256; | 225 SHA256HashValue sha256; |
| 238 unsigned int sha256_size = static_cast<unsigned int>(sizeof(sha256.data)); | 226 unsigned int sha256_size = static_cast<unsigned int>(sizeof(sha256.data)); |
| 239 int ret = X509_digest(cert, EVP_sha256(), sha256.data, &sha256_size); | 227 int ret = X509_digest(cert, EVP_sha256(), sha256.data, &sha256_size); |
| 240 CHECK(ret); | 228 CHECK(ret); |
| 241 CHECK_EQ(sha256_size, sizeof(sha256.data)); | 229 CHECK_EQ(sha256_size, sizeof(sha256.data)); |
| 242 return sha256; | 230 return sha256; |
| 243 } | 231 } |
| 244 | 232 |
| 245 // static | 233 // static |
| 246 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 234 SHA256HashValue X509Certificate::CalculateCAFingerprint256( |
| 247 const OSCertHandles& intermediates) { | 235 const OSCertHandles& intermediates) { |
| 248 SHA1HashValue sha1; | 236 SHA256HashValue sha256; |
| 249 memset(sha1.data, 0, sizeof(sha1.data)); | 237 memset(sha256.data, 0, sizeof(sha256.data)); |
| 250 | 238 |
| 251 SHA_CTX sha1_ctx; | 239 SHA256_CTX sha256_ctx; |
| 252 SHA1_Init(&sha1_ctx); | 240 SHA256_Init(&sha256_ctx); |
| 253 base::StringPiece der; | 241 base::StringPiece der; |
| 254 for (size_t i = 0; i < intermediates.size(); ++i) { | 242 for (size_t i = 0; i < intermediates.size(); ++i) { |
| 255 if (!x509_util::GetDER(intermediates[i], &der)) | 243 if (!x509_util::GetDER(intermediates[i], &der)) |
| 256 return sha1; | 244 return sha256; |
| 257 SHA1_Update(&sha1_ctx, der.data(), der.length()); | 245 SHA256_Update(&sha256_ctx, der.data(), der.length()); |
| 258 } | 246 } |
| 259 SHA1_Final(sha1.data, &sha1_ctx); | 247 SHA256_Final(sha256.data, &sha256_ctx); |
| 260 | 248 |
| 261 return sha1; | 249 return sha256; |
| 262 } | 250 } |
| 263 | 251 |
| 264 // static | 252 // static |
| 265 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 253 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
| 266 const char* data, | 254 const char* data, |
| 267 size_t length) { | 255 size_t length) { |
| 268 crypto::EnsureOpenSSLInit(); | 256 crypto::EnsureOpenSSLInit(); |
| 269 const unsigned char* d2i_data = | 257 const unsigned char* d2i_data = |
| 270 reinterpret_cast<const unsigned char*>(data); | 258 reinterpret_cast<const unsigned char*>(data); |
| 271 // Don't cache this data for x509_util::GetDER as this wire format | 259 // Don't cache this data for x509_util::GetDER as this wire format |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 455 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { | 443 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { |
| 456 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); | 444 crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle)); |
| 457 if (!scoped_key) | 445 if (!scoped_key) |
| 458 return false; | 446 return false; |
| 459 if (!X509_verify(cert_handle, scoped_key.get())) | 447 if (!X509_verify(cert_handle, scoped_key.get())) |
| 460 return false; | 448 return false; |
| 461 return X509_check_issued(cert_handle, cert_handle) == X509_V_OK; | 449 return X509_check_issued(cert_handle, cert_handle) == X509_V_OK; |
| 462 } | 450 } |
| 463 | 451 |
| 464 } // namespace net | 452 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2000503002:
Remove the fingerprint and ca_fingerprint from X509Certificate (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache