Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(938)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate.h

Issue 412263003: Add SHA-256 fingerprint functions to x509 certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add comment to CalculateCAFingerprint256 Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/cert/x509_certificate.cc » ('j') | net/cert/x509_certificate.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_X509_CERTIFICATE_H_ 5 #ifndef NET_CERT_X509_CERTIFICATE_H_
6 #define NET_CERT_X509_CERTIFICATE_H_ 6 #define NET_CERT_X509_CERTIFICATE_H_
7 7
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <string> 10 #include <string>
(...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after
382 Format format); 382 Format format);
383 383
384 // Duplicates (or adds a reference to) an OS certificate handle. 384 // Duplicates (or adds a reference to) an OS certificate handle.
385 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle); 385 static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);
386 386
387 // Frees (or releases a reference to) an OS certificate handle. 387 // Frees (or releases a reference to) an OS certificate handle.
388 static void FreeOSCertHandle(OSCertHandle cert_handle); 388 static void FreeOSCertHandle(OSCertHandle cert_handle);
389 389
390 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty 390 // Calculates the SHA-1 fingerprint of the certificate. Returns an empty
391 // (all zero) fingerprint on failure. 391 // (all zero) fingerprint on failure.
392 //
393 // For calculating fingerprints, prefer SHA-1 for performance when indexing,
394 // but callers should use IsSameOSCert() before assuming two certificates are
395 // the same.
392 static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle); 396 static SHA1HashValue CalculateFingerprint(OSCertHandle cert_handle);
393 397
394 // Calculates the SHA-1 fingerprint of the intermediate CA certificates. 398 // Calculates the SHA-1 fingerprint of the intermediate CA certificates.
395 // Returns an empty (all zero) fingerprint on failure. 399 // Returns an empty (all zero) fingerprint on failure.
400 //
401 // See SHA-1 caveat on CalculateFingerprint().
396 static SHA1HashValue CalculateCAFingerprint( 402 static SHA1HashValue CalculateCAFingerprint(
397 const OSCertHandles& intermediates); 403 const OSCertHandles& intermediates);
398 404
405 // Calculates the SHA-256 fingerprint of the intermediate CA certificates.
406 // Returns an empty (all zero) fingerprint on failure.
407 //
408 // The implementation currently relies on the crypto::SecureHash utilities,
409 // which are not as fast as implementing this directly for each platform since
410 // the consumers are not expected to be performance critical. If performance
411 // is a concern going forward, it may be warranted to implement this on a
412 // per-platform basis.
413 static SHA256HashValue CalculateCAFingerprint256(
414 const OSCertHandles& intermediates);
415
416 // Calculates the SHA-256 fingerprint for the complete chain, including the
417 // leaf certificate and all intermediate CA certificates. Returns an empty
418 // (all zero) fingerprint on failure.
419 static SHA256HashValue CalculateFullChainFingerprint256(
Ryan Sleevi 2014/07/26 01:56:21 s/FullChain/Chain
jww 2014/07/26 02:33:25 Done.
420 const OSCertHandle& leaf,
421 const OSCertHandles& intermediates);
422
399 private: 423 private:
400 friend class base::RefCountedThreadSafe<X509Certificate>; 424 friend class base::RefCountedThreadSafe<X509Certificate>;
401 friend class TestRootCerts; // For unit tests 425 friend class TestRootCerts; // For unit tests
402 426
403 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname); 427 FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname);
404 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers); 428 FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers);
405 429
406 // Construct an X509Certificate from a handle to the certificate object 430 // Construct an X509Certificate from a handle to the certificate object
407 // in the underlying crypto library. 431 // in the underlying crypto library.
408 X509Certificate(OSCertHandle cert_handle, 432 X509Certificate(OSCertHandle cert_handle,
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
485 // based on the type of the certificate. 509 // based on the type of the certificate.
486 std::string default_nickname_; 510 std::string default_nickname_;
487 #endif 511 #endif
488 512
489 DISALLOW_COPY_AND_ASSIGN(X509Certificate); 513 DISALLOW_COPY_AND_ASSIGN(X509Certificate);
490 }; 514 };
491 515
492 } // namespace net 516 } // namespace net
493 517
494 #endif // NET_CERT_X509_CERTIFICATE_H_ 518 #endif // NET_CERT_X509_CERTIFICATE_H_
OLDNEW
« no previous file with comments | « no previous file | net/cert/x509_certificate.cc » ('j') | net/cert/x509_certificate.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698