diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-05 01:02:21 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-05 01:02:21 +0000 |
| commit | d08140cd489201e53c3de19a1983c872a02705a3 (patch) | |
| tree | 1b9cd039d7bcfbb9cbb24073941d1e8ef4f8f9f7 /net/base/x509_certificate_win.cc | |
| parent | 349bea08ba9f82ada9f21f1a3b773a630bf7fe28 (diff) | |
| download | chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.zip chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.tar.gz chromium_src-d08140cd489201e53c3de19a1983c872a02705a3.tar.bz2 | |
Do not hash the certificate twice.
Change X509Certificate::chain_fingerprint_ to
X509Certificate::ca_fingerprint_ to exclude the certificate
from this fingerprint. This fingerprint covers the intermediate
CA certificates only.
This requires identifying an X509Certificate object by two
fingerprints: cert->fingerprint() and cert->ca_fingerprint().
R=agl@chromium.org,rsleevi@chromium.org
BUG=101555
TEST=unit tests updated
Review URL: http://codereview.chromium.org/8449004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108756 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_win.cc')
| -rw-r--r-- | net/base/x509_certificate_win.cc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index 4905b0b..1c89abb 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -576,7 +576,7 @@ void X509Certificate::Initialize() { valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); fingerprint_ = CalculateFingerprint(cert_handle_); - chain_fingerprint_ = CalculateChainFingerprint(); + ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_); const CRYPT_INTEGER_BLOB* serial = &cert_handle_->pCertInfo->SerialNumber; scoped_array<uint8> serial_bytes(new uint8[serial->cbData]); @@ -1092,7 +1092,9 @@ SHA1Fingerprint X509Certificate::CalculateFingerprint( // TODO(wtc): This function is implemented with NSS low-level hash // functions to ensure it is fast. Reimplement this function with // CryptoAPI. May need to cache the HCRYPTPROV to reduce the overhead. -SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const { +// static +SHA1Fingerprint X509Certificate::CalculateCAFingerprint( + const OSCertHandles& intermediates) { SHA1Fingerprint sha1; memset(sha1.data, 0, sizeof(sha1.data)); @@ -1100,10 +1102,8 @@ SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const { if (!sha1_ctx) return sha1; SHA1_Begin(sha1_ctx); - SHA1_Update(sha1_ctx, cert_handle_->pbCertEncoded, - cert_handle_->cbCertEncoded); - for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { - PCCERT_CONTEXT ca_cert = intermediate_ca_certs_[i]; + for (size_t i = 0; i < intermediates.size(); ++i) { + PCCERT_CONTEXT ca_cert = intermediates[i]; SHA1_Update(sha1_ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded); } unsigned int result_len; |