OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. | 7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/pickle.h" | 11 #include "base/pickle.h" |
12 #include "base/sha1.h" | 12 #include "base/sha1.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
15 #include "crypto/capi_util.h" | 15 #include "crypto/capi_util.h" |
16 #include "crypto/scoped_capi_types.h" | 16 #include "crypto/scoped_capi_types.h" |
17 #include "crypto/sha2.h" | |
17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
18 | 19 |
19 #pragma comment(lib, "crypt32.lib") | 20 #pragma comment(lib, "crypt32.lib") |
20 | 21 |
21 using base::Time; | 22 using base::Time; |
22 | 23 |
23 namespace net { | 24 namespace net { |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
306 SHA1HashValue sha1; | 307 SHA1HashValue sha1; |
307 DWORD sha1_size = sizeof(sha1.data); | 308 DWORD sha1_size = sizeof(sha1.data); |
308 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 309 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
309 cert->cbCertEncoded, sha1.data, &sha1_size); | 310 cert->cbCertEncoded, sha1.data, &sha1_size); |
310 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 311 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
311 if (!rv) | 312 if (!rv) |
312 memset(sha1.data, 0, sizeof(sha1.data)); | 313 memset(sha1.data, 0, sizeof(sha1.data)); |
313 return sha1; | 314 return sha1; |
314 } | 315 } |
315 | 316 |
317 // static | |
318 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | |
319 DCHECK(NULL != cert->pbCertEncoded); | |
320 DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded); | |
321 | |
322 HCRYPTPROV csp_provider; | |
323 SHA256HashValue sha256; | |
324 DWORD sha256_size = sizeof(sha256.data); | |
325 | |
326 if (!CryptAcquireContext(&csp_provider, | |
Ryan Sleevi
2014/09/08 19:48:00
1) Not LGTM.
There's zero reason to go through a
Eran Messeri
2014/09/10 12:42:25
Done, I'm happy to get rid of this CryptAcquireCon
| |
327 NULL, | |
328 MS_ENH_RSA_AES_PROV, | |
329 PROV_RSA_AES, | |
330 CRYPT_VERIFYCONTEXT)) { | |
331 // Fall back to third-party NSS code for SHA-256 calculation if the desired | |
332 // CSP is not available (Happens on Windows XP). | |
333 base::StringPiece der_cert( | |
334 reinterpret_cast<const char*>(cert->pbCertEncoded), | |
335 cert->cbCertEncoded); | |
336 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); | |
337 return sha256; | |
338 } | |
339 | |
340 BOOL rv; | |
341 rv = CryptHashCertificate(csp_provider, | |
342 CALG_SHA_256, | |
343 0, | |
344 cert->pbCertEncoded, | |
345 cert->cbCertEncoded, | |
346 sha256.data, | |
347 &sha256_size); | |
348 | |
349 DCHECK(rv && sha256_size == sizeof(sha256.data)); | |
350 if (!rv) | |
351 memset(sha256.data, 0, sizeof(sha256.data)); | |
352 | |
353 if (csp_provider) | |
354 CryptReleaseContext(csp_provider, 0); | |
355 return sha256; | |
356 } | |
357 | |
316 // TODO(wtc): This function is implemented with NSS low-level hash | 358 // TODO(wtc): This function is implemented with NSS low-level hash |
317 // functions to ensure it is fast. Reimplement this function with | 359 // functions to ensure it is fast. Reimplement this function with |
318 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. | 360 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. |
319 // static | 361 // static |
320 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 362 SHA1HashValue X509Certificate::CalculateCAFingerprint( |
321 const OSCertHandles& intermediates) { | 363 const OSCertHandles& intermediates) { |
322 SHA1HashValue sha1; | 364 SHA1HashValue sha1; |
323 memset(sha1.data, 0, sizeof(sha1.data)); | 365 memset(sha1.data, 0, sizeof(sha1.data)); |
324 | 366 |
325 SHA1Context* sha1_ctx = SHA1_NewContext(); | 367 SHA1Context* sha1_ctx = SHA1_NewContext(); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
445 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, | 487 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, |
446 valid_issuers)) { | 488 valid_issuers)) { |
447 return true; | 489 return true; |
448 } | 490 } |
449 } | 491 } |
450 | 492 |
451 return false; | 493 return false; |
452 } | 494 } |
453 | 495 |
454 } // namespace net | 496 } // namespace net |
OLD | NEW |