Do not hash the certificate twice.

Change X509Certificate::chain_fingerprint_ to X509Certificate::ca_fingerprint_ to exclude the certificate from this fingerprint. This fingerprint covers the intermediate CA certificates only. This requires identifying an X509Certificate object by two fingerprints: cert->fingerprint() and cert->ca_fingerprint(). R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=unit tests updated Review URL: http://codereview.chromium.org/8449004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108756 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-05 01:02:21 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-05 01:02:21 +0000
commit: d08140cd489201e53c3de19a1983c872a02705a3 (patch)
tree: 1b9cd039d7bcfbb9cbb24073941d1e8ef4f8f9f7 /net/base/x509_certificate_mac.cc
parent: 349bea08ba9f82ada9f21f1a3b773a630bf7fe28 (diff)
download: chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.zip
chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.tar.gz
chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.tar.bz2
1 files changed, 6 insertions, 8 deletions
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc
index 1db5a3b..6b0c105 100644
--- a/net/base/x509_certificate_mac.cc
+++ b/net/base/x509_certificate_mac.cc
@@ -616,7 +616,7 @@ void X509Certificate::Initialize() {
                     &valid_expiry_);
 
   fingerprint_ = CalculateFingerprint(cert_handle_);
-  chain_fingerprint_ = CalculateChainFingerprint();
+  ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
   serial_number_ = GetCertSerialNumber(cert_handle_);
 }
 
@@ -1124,7 +1124,9 @@ SHA1Fingerprint X509Certificate::CalculateFingerprint(
   return sha1;
 }
 
-SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const {
+// static
+SHA1Fingerprint X509Certificate::CalculateCAFingerprint(
+    const OSCertHandles& intermediates) {
   SHA1Fingerprint sha1;
   memset(sha1.data, 0, sizeof(sha1.data));
 
@@ -1133,12 +1135,8 @@ SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const {
   CC_SHA1_CTX sha1_ctx;
   CC_SHA1_Init(&sha1_ctx);
   CSSM_DATA cert_data;
-  OSStatus status = SecCertificateGetData(cert_handle_, &cert_data);
-  if (status)
-    return sha1;
-  CC_SHA1_Update(&sha1_ctx, cert_data.Data, cert_data.Length);
-  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
-    status = SecCertificateGetData(intermediate_ca_certs_[i], &cert_data);
+  for (size_t i = 0; i < intermediates.size(); ++i) {
+    OSStatus status = SecCertificateGetData(intermediates[i], &cert_data);
     if (status)
       return sha1;
     CC_SHA1_Update(&sha1_ctx, cert_data.Data, cert_data.Length);
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-05 01:02:21 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-05 01:02:21 +0000
commit	d08140cd489201e53c3de19a1983c872a02705a3 (patch)
tree	1b9cd039d7bcfbb9cbb24073941d1e8ef4f8f9f7 /net/base/x509_certificate_mac.cc
parent	349bea08ba9f82ada9f21f1a3b773a630bf7fe28 (diff)
download	chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.zip chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.tar.gz chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.tar.bz2