| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| (...skipping 559 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 570 return NULL; | 570 return NULL; |
| 571 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); | 571 return reinterpret_cast<OSCertHandle>(const_cast<void*>(CFRetain(handle))); |
| 572 } | 572 } |
| 573 | 573 |
| 574 // static | 574 // static |
| 575 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 575 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
| 576 CFRelease(cert_handle); | 576 CFRelease(cert_handle); |
| 577 } | 577 } |
| 578 | 578 |
| 579 // static | 579 // static |
| 580 SHA1Fingerprint X509Certificate::CalculateFingerprint( | 580 SHA1HashValue X509Certificate::CalculateFingerprint( |
| 581 OSCertHandle cert) { | 581 OSCertHandle cert) { |
| 582 SHA1Fingerprint sha1; | 582 SHA1HashValue sha1; |
| 583 memset(sha1.data, 0, sizeof(sha1.data)); | 583 memset(sha1.data, 0, sizeof(sha1.data)); |
| 584 | 584 |
| 585 CSSM_DATA cert_data; | 585 CSSM_DATA cert_data; |
| 586 OSStatus status = SecCertificateGetData(cert, &cert_data); | 586 OSStatus status = SecCertificateGetData(cert, &cert_data); |
| 587 if (status) | 587 if (status) |
| 588 return sha1; | 588 return sha1; |
| 589 | 589 |
| 590 DCHECK(cert_data.Data); | 590 DCHECK(cert_data.Data); |
| 591 DCHECK_NE(cert_data.Length, 0U); | 591 DCHECK_NE(cert_data.Length, 0U); |
| 592 | 592 |
| 593 CC_SHA1(cert_data.Data, cert_data.Length, sha1.data); | 593 CC_SHA1(cert_data.Data, cert_data.Length, sha1.data); |
| 594 | 594 |
| 595 return sha1; | 595 return sha1; |
| 596 } | 596 } |
| 597 | 597 |
| 598 // static | 598 // static |
| 599 SHA1Fingerprint X509Certificate::CalculateCAFingerprint( | 599 SHA1HashValue X509Certificate::CalculateCAFingerprint( |
| 600 const OSCertHandles& intermediates) { | 600 const OSCertHandles& intermediates) { |
| 601 SHA1Fingerprint sha1; | 601 SHA1HashValue sha1; |
| 602 memset(sha1.data, 0, sizeof(sha1.data)); | 602 memset(sha1.data, 0, sizeof(sha1.data)); |
| 603 | 603 |
| 604 // The CC_SHA(3cc) man page says all CC_SHA1_xxx routines return 1, so | 604 // The CC_SHA(3cc) man page says all CC_SHA1_xxx routines return 1, so |
| 605 // we don't check their return values. | 605 // we don't check their return values. |
| 606 CC_SHA1_CTX sha1_ctx; | 606 CC_SHA1_CTX sha1_ctx; |
| 607 CC_SHA1_Init(&sha1_ctx); | 607 CC_SHA1_Init(&sha1_ctx); |
| 608 CSSM_DATA cert_data; | 608 CSSM_DATA cert_data; |
| 609 for (size_t i = 0; i < intermediates.size(); ++i) { | 609 for (size_t i = 0; i < intermediates.size(); ++i) { |
| 610 OSStatus status = SecCertificateGetData(intermediates[i], &cert_data); | 610 OSStatus status = SecCertificateGetData(intermediates[i], &cert_data); |
| 611 if (status) | 611 if (status) |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 713 if (err != noErr) | 713 if (err != noErr) |
| 714 continue; | 714 continue; |
| 715 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); | 715 ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); |
| 716 | 716 |
| 717 scoped_refptr<X509Certificate> cert( | 717 scoped_refptr<X509Certificate> cert( |
| 718 CreateFromHandle(cert_handle, OSCertHandles())); | 718 CreateFromHandle(cert_handle, OSCertHandles())); |
| 719 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) | 719 if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) |
| 720 continue; | 720 continue; |
| 721 | 721 |
| 722 // Skip duplicates (a cert may be in multiple keychains). | 722 // Skip duplicates (a cert may be in multiple keychains). |
| 723 const SHA1Fingerprint& fingerprint = cert->fingerprint(); | 723 const SHA1HashValue& fingerprint = cert->fingerprint(); |
| 724 unsigned i; | 724 unsigned i; |
| 725 for (i = 0; i < certs->size(); ++i) { | 725 for (i = 0; i < certs->size(); ++i) { |
| 726 if ((*certs)[i]->fingerprint().Equals(fingerprint)) | 726 if ((*certs)[i]->fingerprint().Equals(fingerprint)) |
| 727 break; | 727 break; |
| 728 } | 728 } |
| 729 if (i < certs->size()) | 729 if (i < certs->size()) |
| 730 continue; | 730 continue; |
| 731 | 731 |
| 732 bool is_preferred = preferred_identity && | 732 bool is_preferred = preferred_identity && |
| 733 CFEqual(preferred_identity, identity); | 733 CFEqual(preferred_identity, identity); |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 862 *type = kPublicKeyTypeDH; | 862 *type = kPublicKeyTypeDH; |
| 863 break; | 863 break; |
| 864 default: | 864 default: |
| 865 *type = kPublicKeyTypeUnknown; | 865 *type = kPublicKeyTypeUnknown; |
| 866 *size_bits = 0; | 866 *size_bits = 0; |
| 867 break; | 867 break; |
| 868 } | 868 } |
| 869 } | 869 } |
| 870 | 870 |
| 871 } // namespace net | 871 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10826257:
Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/