OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include <openssl/sha.h> | 9 #include <openssl/sha.h> |
10 | 10 |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
137 void X509Certificate::Initialize() { | 137 void X509Certificate::Initialize() { |
138 DCHECK(cert_handle_); | 138 DCHECK(cert_handle_); |
139 subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData, | 139 subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData, |
140 cert_handle_->pCertInfo->Subject.cbData); | 140 cert_handle_->pCertInfo->Subject.cbData); |
141 issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData, | 141 issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData, |
142 cert_handle_->pCertInfo->Issuer.cbData); | 142 cert_handle_->pCertInfo->Issuer.cbData); |
143 | 143 |
144 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore); | 144 valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore); |
145 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); | 145 valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); |
146 | 146 |
147 fingerprint_ = CalculateFingerprint(cert_handle_); | |
148 ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); | |
149 | |
150 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; | 147 const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; |
151 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); | 148 std::unique_ptr<uint8_t[]> serial_bytes(new uint8_t[serial->cbData]); |
152 for (unsigned i = 0; i < serial->cbData; i++) | 149 for (unsigned i = 0; i < serial->cbData; i++) |
153 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; | 150 serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; |
154 serial_number_ = std::string( | 151 serial_number_ = std::string( |
155 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); | 152 reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); |
156 } | 153 } |
157 | 154 |
158 void X509Certificate::GetSubjectAltName( | 155 void X509Certificate::GetSubjectAltName( |
159 std::vector<std::string>* dns_names, | 156 std::vector<std::string>* dns_names, |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 OSCertHandle cert_handle) { | 286 OSCertHandle cert_handle) { |
290 return CertDuplicateCertificateContext(cert_handle); | 287 return CertDuplicateCertificateContext(cert_handle); |
291 } | 288 } |
292 | 289 |
293 // static | 290 // static |
294 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 291 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
295 CertFreeCertificateContext(cert_handle); | 292 CertFreeCertificateContext(cert_handle); |
296 } | 293 } |
297 | 294 |
298 // static | 295 // static |
299 SHA1HashValue X509Certificate::CalculateFingerprint( | |
300 OSCertHandle cert) { | |
301 DCHECK(NULL != cert->pbCertEncoded); | |
302 DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded); | |
303 | |
304 BOOL rv; | |
305 SHA1HashValue sha1; | |
306 DWORD sha1_size = sizeof(sha1.data); | |
307 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | |
308 cert->cbCertEncoded, sha1.data, &sha1_size); | |
309 DCHECK(rv && sha1_size == sizeof(sha1.data)); | |
310 if (!rv) | |
311 memset(sha1.data, 0, sizeof(sha1.data)); | |
312 return sha1; | |
313 } | |
314 | |
315 // static | |
316 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | 296 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
317 DCHECK(NULL != cert->pbCertEncoded); | 297 DCHECK(NULL != cert->pbCertEncoded); |
318 DCHECK_NE(0u, cert->cbCertEncoded); | 298 DCHECK_NE(0u, cert->cbCertEncoded); |
319 | 299 |
320 SHA256HashValue sha256; | 300 SHA256HashValue sha256; |
321 size_t sha256_size = sizeof(sha256.data); | 301 size_t sha256_size = sizeof(sha256.data); |
322 | 302 |
323 // Use crypto::SHA256HashString for two reasons: | 303 // Use crypto::SHA256HashString for two reasons: |
324 // * < Windows Vista does not have universal SHA-256 support. | 304 // * < Windows Vista does not have universal SHA-256 support. |
325 // * More efficient on Windows > Vista (less overhead since non-default CSP | 305 // * More efficient on Windows > Vista (less overhead since non-default CSP |
326 // is not needed). | 306 // is not needed). |
327 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), | 307 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), |
328 cert->cbCertEncoded); | 308 cert->cbCertEncoded); |
329 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); | 309 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); |
330 return sha256; | 310 return sha256; |
331 } | 311 } |
332 | 312 |
333 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 313 SHA256HashValue X509Certificate::CalculateCAFingerprint256( |
334 const OSCertHandles& intermediates) { | 314 const OSCertHandles& intermediates) { |
335 SHA1HashValue sha1; | 315 SHA256HashValue sha256; |
336 memset(sha1.data, 0, sizeof(sha1.data)); | 316 memset(sha256.data, 0, sizeof(sha256.data)); |
337 | 317 |
338 SHA_CTX ctx; | 318 SHA256_CTX ctx; |
339 if (!SHA1_Init(&ctx)) | 319 if (!SHA256_Init(&ctx)) |
340 return sha1; | 320 return sha256; |
341 for (size_t i = 0; i < intermediates.size(); ++i) { | 321 for (size_t i = 0; i < intermediates.size(); ++i) { |
342 PCCERT_CONTEXT ca_cert = intermediates[i]; | 322 PCCERT_CONTEXT ca_cert = intermediates[i]; |
343 if (!SHA1_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded)) | 323 if (!SHA256_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded)) |
344 return sha1; | 324 return sha256; |
345 } | 325 } |
346 SHA1_Final(sha1.data, &ctx); | 326 SHA256_Final(sha256.data, &ctx); |
347 | 327 |
348 return sha1; | 328 return sha256; |
349 } | 329 } |
350 | 330 |
351 // static | 331 // static |
352 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( | 332 X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( |
353 base::PickleIterator* pickle_iter) { | 333 base::PickleIterator* pickle_iter) { |
354 const char* data; | 334 const char* data; |
355 int length; | 335 int length; |
356 if (!pickle_iter->ReadData(&data, &length)) | 336 if (!pickle_iter->ReadData(&data, &length)) |
357 return NULL; | 337 return NULL; |
358 | 338 |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
470 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, | 450 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, |
471 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL); | 451 reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL); |
472 if (!valid_signature) | 452 if (!valid_signature) |
473 return false; | 453 return false; |
474 return !!CertCompareCertificateName(X509_ASN_ENCODING, | 454 return !!CertCompareCertificateName(X509_ASN_ENCODING, |
475 &cert_handle->pCertInfo->Subject, | 455 &cert_handle->pCertInfo->Subject, |
476 &cert_handle->pCertInfo->Issuer); | 456 &cert_handle->pCertInfo->Issuer); |
477 } | 457 } |
478 | 458 |
479 } // namespace net | 459 } // namespace net |
OLD | NEW |