OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. | 7 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/pickle.h" | 11 #include "base/pickle.h" |
12 #include "base/sha1.h" | 12 #include "base/sha1.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
15 #include "crypto/capi_util.h" | 15 #include "crypto/capi_util.h" |
16 #include "crypto/scoped_capi_types.h" | 16 #include "crypto/scoped_capi_types.h" |
| 17 #include "crypto/sha2.h" |
17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
18 | 19 |
19 #pragma comment(lib, "crypt32.lib") | 20 #pragma comment(lib, "crypt32.lib") |
20 | 21 |
21 using base::Time; | 22 using base::Time; |
22 | 23 |
23 namespace net { | 24 namespace net { |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
308 SHA1HashValue sha1; | 309 SHA1HashValue sha1; |
309 DWORD sha1_size = sizeof(sha1.data); | 310 DWORD sha1_size = sizeof(sha1.data); |
310 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, | 311 rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded, |
311 cert->cbCertEncoded, sha1.data, &sha1_size); | 312 cert->cbCertEncoded, sha1.data, &sha1_size); |
312 DCHECK(rv && sha1_size == sizeof(sha1.data)); | 313 DCHECK(rv && sha1_size == sizeof(sha1.data)); |
313 if (!rv) | 314 if (!rv) |
314 memset(sha1.data, 0, sizeof(sha1.data)); | 315 memset(sha1.data, 0, sizeof(sha1.data)); |
315 return sha1; | 316 return sha1; |
316 } | 317 } |
317 | 318 |
| 319 // static |
| 320 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { |
| 321 DCHECK(NULL != cert->pbCertEncoded); |
| 322 DCHECK_NE(0u, cert->cbCertEncoded); |
| 323 |
| 324 SHA256HashValue sha256; |
| 325 size_t sha256_size = sizeof(sha256.data); |
| 326 |
| 327 // Use crypto::SHA256HashString for two reasons: |
| 328 // * < Windows Vista does not have universal SHA-256 support. |
| 329 // * More efficient on Windows > Vista (less overhead since non-default CSP |
| 330 // is not needed). |
| 331 base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), |
| 332 cert->cbCertEncoded); |
| 333 crypto::SHA256HashString(der_cert, sha256.data, sha256_size); |
| 334 return sha256; |
| 335 } |
| 336 |
318 // TODO(wtc): This function is implemented with NSS low-level hash | 337 // TODO(wtc): This function is implemented with NSS low-level hash |
319 // functions to ensure it is fast. Reimplement this function with | 338 // functions to ensure it is fast. Reimplement this function with |
320 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. | 339 // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. |
321 // static | 340 // static |
322 SHA1HashValue X509Certificate::CalculateCAFingerprint( | 341 SHA1HashValue X509Certificate::CalculateCAFingerprint( |
323 const OSCertHandles& intermediates) { | 342 const OSCertHandles& intermediates) { |
324 SHA1HashValue sha1; | 343 SHA1HashValue sha1; |
325 memset(sha1.data, 0, sizeof(sha1.data)); | 344 memset(sha1.data, 0, sizeof(sha1.data)); |
326 | 345 |
327 SHA1Context* sha1_ctx = SHA1_NewContext(); | 346 SHA1Context* sha1_ctx = SHA1_NewContext(); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
447 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, | 466 if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer, |
448 valid_issuers)) { | 467 valid_issuers)) { |
449 return true; | 468 return true; |
450 } | 469 } |
451 } | 470 } |
452 | 471 |
453 return false; | 472 return false; |
454 } | 473 } |
455 | 474 |
456 } // namespace net | 475 } // namespace net |
OLD | NEW |