OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. | 7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/pickle.h" | 11 #include "base/pickle.h" |
12 #include "base/sha1.h" | 12 #include "base/sha1.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
15 #include "crypto/capi_util.h" | 15 #include "crypto/capi_util.h" |
16 #include "crypto/scoped_capi_types.h" | 16 #include "crypto/scoped_capi_types.h" |
17 #include "crypto/sha2.h" | |
17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
18 | 19 |
19 #pragma comment(lib, "crypt32.lib") | 20 #pragma comment(lib, "crypt32.lib") |
20 | 21 |
21 using base::Time; | 22 using base::Time; |
22 | 23 |
23 namespace net { | 24 namespace net { |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
306 SHA1HashValue sha1; | 307 SHA1HashValue sha1; |
307 DWORD sha1_size = sizeof(sha1.data); | 308 DWORD sha1_size = sizeof(sha1.data); |
308 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 309 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
309 cert->cbCertEncoded, sha1.data, &sha1_size); | 310 cert->cbCertEncoded, sha1.data, &sha1_size); |
310 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 311 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
311 if (!rv) | 312 if (!rv) |
312 memset(sha1.data, 0, sizeof(sha1.data)); | 313 memset(sha1.data, 0, sizeof(sha1.data)); |
313 return sha1; | 314 return sha1; |
314 } | 315 } |
315 | 316 |
317 // static | |
318 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | |
319 DCHECK(NULL != cert->pbCertEncoded); | |
320 DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded); | |
321 | |
322 SHA256HashValue sha256; | |
323 DWORD sha256_size = sizeof(sha256.data); | |
324 | |
325 // The reason crypto::SHA256HashString is used here rather than | |
326 // CryptHashCertificate (which is used for SHA1) is that: | |
327 // * On Windows XP there is no CSP that supports SHA-256. | |
328 // * On Windows Vista it is necessary to acquire a non-default CSP | |
329 // to get SHA-256 capabilities, which introduces significant overhead. | |
Ryan Sleevi
2014/09/11 23:44:39
So, I should have been clearer on the comment. The
Eran Messeri
2014/10/01 16:08:36
Done, thanks for the explanation.
| |
330 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), | |
331 cert->cbCertEncoded); | |
332 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); | |
333 return sha256; | |
334 } | |
335 | |
316 // TODO(wtc): This function is implemented with NSS low-level hash | 336 // TODO(wtc): This function is implemented with NSS low-level hash |
317 // functions to ensure it is fast. Reimplement this function with | 337 // functions to ensure it is fast. Reimplement this function with |
318 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. | 338 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. |
319 // static | 339 // static |
320 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 340 SHA1HashValue X509Certificate::CalculateCAFingerprint( |
321 const OSCertHandles& intermediates) { | 341 const OSCertHandles& intermediates) { |
322 SHA1HashValue sha1; | 342 SHA1HashValue sha1; |
323 memset(sha1.data, 0, sizeof(sha1.data)); | 343 memset(sha1.data, 0, sizeof(sha1.data)); |
324 | 344 |
325 SHA1Context* sha1_ctx = SHA1_NewContext(); | 345 SHA1Context* sha1_ctx = SHA1_NewContext(); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
445 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, | 465 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, |
446 valid_issuers)) { | 466 valid_issuers)) { |
447 return true; | 467 return true; |
448 } | 468 } |
449 } | 469 } |
450 | 470 |
451 return false; | 471 return false; |
452 } | 472 } |
453 | 473 |
454 } // namespace net | 474 } // namespace net |
OLD | NEW |