OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. | 7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/pickle.h" | 11 #include "base/pickle.h" |
12 #include "base/sha1.h" | 12 #include "base/sha1.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
15 #include "crypto/capi_util.h" | 15 #include "crypto/capi_util.h" |
16 #include "crypto/scoped_capi_types.h" | 16 #include "crypto/scoped_capi_types.h" |
17 #include "crypto/sha2.h" | |
17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
18 | 19 |
19 #pragma comment(lib, "crypt32.lib") | 20 #pragma comment(lib, "crypt32.lib") |
20 | 21 |
21 using base::Time; | 22 using base::Time; |
22 | 23 |
23 namespace net { | 24 namespace net { |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
308 SHA1HashValue sha1; | 309 SHA1HashValue sha1; |
309 DWORD sha1_size = sizeof(sha1.data); | 310 DWORD sha1_size = sizeof(sha1.data); |
310 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 311 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
311 cert->cbCertEncoded, sha1.data, &sha1_size); | 312 cert->cbCertEncoded, sha1.data, &sha1_size); |
312 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 313 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
313 if (!rv) | 314 if (!rv) |
314 memset(sha1.data, 0, sizeof(sha1.data)); | 315 memset(sha1.data, 0, sizeof(sha1.data)); |
315 return sha1; | 316 return sha1; |
316 } | 317 } |
317 | 318 |
319 // static | |
320 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { | |
321 DCHECK(NULL != cert->pbCertEncoded); | |
322 DCHECK_NE(static_cast<DWORD>(0), cert->cbCertEncoded); | |
Ryan Sleevi
2014/10/01 20:15:43
just use 0u ?
Eran Messeri
2014/10/03 12:00:11
Done.
| |
323 | |
324 SHA256HashValue sha256; | |
325 DWORD sha256_size = sizeof(sha256.data); | |
Ryan Sleevi
2014/10/01 20:15:43
No longer the correct type now, is it?
Eran Messeri
2014/10/03 12:00:11
Done.
| |
326 | |
327 // Use crypto::SHA256HashString for two reasons: | |
328 // * < Windows Vista does not have universal SHA-256 support. | |
329 // * More efficient on Windows > Vista (less overhead since non-default CSP | |
330 // is not needed). | |
331 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), | |
332 cert->cbCertEncoded); | |
333 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); | |
334 return sha256; | |
335 } | |
336 | |
318 // TODO(wtc): This function is implemented with NSS low-level hash | 337 // TODO(wtc): This function is implemented with NSS low-level hash |
319 // functions to ensure it is fast. Reimplement this function with | 338 // functions to ensure it is fast. Reimplement this function with |
320 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. | 339 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. |
321 // static | 340 // static |
322 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 341 SHA1HashValue X509Certificate::CalculateCAFingerprint( |
323 const OSCertHandles& intermediates) { | 342 const OSCertHandles& intermediates) { |
324 SHA1HashValue sha1; | 343 SHA1HashValue sha1; |
325 memset(sha1.data, 0, sizeof(sha1.data)); | 344 memset(sha1.data, 0, sizeof(sha1.data)); |
326 | 345 |
327 SHA1Context* sha1_ctx = SHA1_NewContext(); | 346 SHA1Context* sha1_ctx = SHA1_NewContext(); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
447 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, | 466 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, |
448 valid_issuers)) { | 467 valid_issuers)) { |
449 return true; | 468 return true; |
450 } | 469 } |
451 } | 470 } |
452 | 471 |
453 return false; | 472 return false; |
454 } | 473 } |
455 | 474 |
456 } // namespace net | 475 } // namespace net |
OLD | NEW |