diff --git a/mobile/android/components/NSSDialogService.js b/mobile/android/components/NSSDialogService.js
index 0cc07b27e6b8..2ed1c30931d9 100644
--- a/mobile/android/components/NSSDialogService.js
+++ b/mobile/android/components/NSSDialogService.js
@@ -141,8 +141,8 @@ NSSDialogs.prototype = {
["certmgr.begins", aCert.validity.notBeforeLocalDay,
"certmgr.expires", aCert.validity.notAfterLocalDay])})
.addLabel({ label: this.certInfoSection("certmgr.fingerprints.label",
- ["certmgr.certdetail.sha1fingerprint", aCert.sha1Fingerprint,
- "certmgr.certdetail.md5fingerprint", aCert.md5Fingerprint], false) });
+ ["certmgr.certdetail.sha256fingerprint", aCert.sha256Fingerprint,
+ "certmgr.certdetail.sha1fingerprint", aCert.sha1Fingerprint], false) });
this.showPrompt(p);
},
diff --git a/mobile/android/locales/en-US/chrome/pippki.properties b/mobile/android/locales/en-US/chrome/pippki.properties
index 898cad903c15..54ab946653c5 100644
--- a/mobile/android/locales/en-US/chrome/pippki.properties
+++ b/mobile/android/locales/en-US/chrome/pippki.properties
@@ -35,7 +35,7 @@ certmgr.certdetail.cn=Common Name (CN)
certmgr.certdetail.o=Organization (O)
certmgr.certdetail.ou=Organizational Unit (OU)
certmgr.certdetail.serialnumber=Serial Number
+certmgr.certdetail.sha256fingerprint=SHA-256 Fingerprint
certmgr.certdetail.sha1fingerprint=SHA1 Fingerprint
-certmgr.certdetail.md5fingerprint=MD5 Fingerprint
certmgr.begins=Begins On
certmgr.expires=Expires On
diff --git a/security/manager/locales/en-US/chrome/pippki/certManager.dtd b/security/manager/locales/en-US/chrome/pippki/certManager.dtd
index fb64e0853f61..9bae07aea951 100644
--- a/security/manager/locales/en-US/chrome/pippki/certManager.dtd
+++ b/security/manager/locales/en-US/chrome/pippki/certManager.dtd
@@ -34,8 +34,8 @@
+
-
diff --git a/security/manager/pki/resources/content/viewCertDetails.js b/security/manager/pki/resources/content/viewCertDetails.js
index 371bf9792c8f..bd30cf8a296b 100644
--- a/security/manager/pki/resources/content/viewCertDetails.js
+++ b/security/manager/pki/resources/content/viewCertDetails.js
@@ -241,10 +241,10 @@ function DisplayGeneralDataFromCert(cert)
addAttributeFromCert('orgunit', cert.organizationalUnit);
// Serial Number
addAttributeFromCert('serialnumber',cert.serialNumber);
+ // SHA-256 Fingerprint
+ addAttributeFromCert('sha256fingerprint', cert.sha256Fingerprint);
// SHA1 Fingerprint
addAttributeFromCert('sha1fingerprint',cert.sha1Fingerprint);
- // MD5 Fingerprint
- addAttributeFromCert('md5fingerprint',cert.md5Fingerprint);
// Validity start
addAttributeFromCert('validitystart', cert.validity.notBeforeLocalDay);
// Validity end
diff --git a/security/manager/pki/resources/content/viewCertDetails.xul b/security/manager/pki/resources/content/viewCertDetails.xul
index f4e6263deb17..86acb751cbb2 100644
--- a/security/manager/pki/resources/content/viewCertDetails.xul
+++ b/security/manager/pki/resources/content/viewCertDetails.xul
@@ -87,12 +87,15 @@
-
-
+
+
+
+
-
-
+
+
diff --git a/security/manager/ssl/public/nsIX509Cert.idl b/security/manager/ssl/public/nsIX509Cert.idl
index a70cfe10202b..fb255fe83df3 100644
--- a/security/manager/ssl/public/nsIX509Cert.idl
+++ b/security/manager/ssl/public/nsIX509Cert.idl
@@ -13,7 +13,7 @@ interface nsIASN1Object;
/**
* This represents a X.509 certificate.
*/
-[scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)]
+[scriptable, uuid(900d6442-d8bc-11e3-aa51-0800273c564f)]
interface nsIX509Cert : nsISupports {
/**
@@ -67,18 +67,18 @@ interface nsIX509Cert : nsISupports {
*/
readonly attribute AString organizationalUnit;
+ /**
+ * The fingerprint of the certificate's DER encoding,
+ * calculated using the SHA-256 algorithm.
+ */
+ readonly attribute AString sha256Fingerprint;
+
/**
* The fingerprint of the certificate's public key,
* calculated using the SHA1 algorithm.
*/
readonly attribute AString sha1Fingerprint;
- /**
- * The fingerprint of the certificate's public key,
- * calculated using the MD5 algorithm.
- */
- readonly attribute AString md5Fingerprint;
-
/**
* A human readable name identifying the hardware or
* software token the certificate is stored on.
diff --git a/security/manager/ssl/src/nsNSSCertificate.cpp b/security/manager/ssl/src/nsNSSCertificate.cpp
index 1dc6fcf570d3..54be374f68b0 100644
--- a/security/manager/ssl/src/nsNSSCertificate.cpp
+++ b/security/manager/ssl/src/nsNSSCertificate.cpp
@@ -997,52 +997,43 @@ nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber)
return NS_ERROR_FAILURE;
}
-NS_IMETHODIMP
-nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
+nsresult
+nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg)
{
nsNSSShutDownPreventionLock locker;
- if (isAlreadyShutDown())
+ if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
-
- _sha1Fingerprint.Truncate();
- unsigned char fingerprint[20];
- SECItem fpItem;
- memset(fingerprint, 0, sizeof fingerprint);
- PK11_HashBuf(SEC_OID_SHA1, fingerprint,
- mCert->derCert.data, mCert->derCert.len);
- fpItem.data = fingerprint;
- fpItem.len = SHA1_LENGTH;
- char* fpStr = CERT_Hexify(&fpItem, 1);
- if (fpStr) {
- _sha1Fingerprint = NS_ConvertASCIItoUTF16(fpStr);
- PORT_Free(fpStr);
- return NS_OK;
}
- return NS_ERROR_FAILURE;
+
+ aFingerprint.Truncate();
+ Digest digest;
+ nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data,
+ mCert->derCert.len);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // CERT_Hexify's second argument is an int that is interpreted as a boolean
+ char* fpStr = CERT_Hexify(const_cast(&digest.get()), 1);
+ if (!fpStr) {
+ return NS_ERROR_FAILURE;
+ }
+
+ aFingerprint.AssignASCII(fpStr);
+ PORT_Free(fpStr);
+ return NS_OK;
}
NS_IMETHODIMP
-nsNSSCertificate::GetMd5Fingerprint(nsAString& _md5Fingerprint)
+nsNSSCertificate::GetSha256Fingerprint(nsAString& aSha256Fingerprint)
{
- nsNSSShutDownPreventionLock locker;
- if (isAlreadyShutDown())
- return NS_ERROR_NOT_AVAILABLE;
+ return GetCertificateHash(aSha256Fingerprint, SEC_OID_SHA256);
+}
- _md5Fingerprint.Truncate();
- unsigned char fingerprint[20];
- SECItem fpItem;
- memset(fingerprint, 0, sizeof fingerprint);
- PK11_HashBuf(SEC_OID_MD5, fingerprint,
- mCert->derCert.data, mCert->derCert.len);
- fpItem.data = fingerprint;
- fpItem.len = MD5_LENGTH;
- char* fpStr = CERT_Hexify(&fpItem, 1);
- if (fpStr) {
- _md5Fingerprint = NS_ConvertASCIItoUTF16(fpStr);
- PORT_Free(fpStr);
- return NS_OK;
- }
- return NS_ERROR_FAILURE;
+NS_IMETHODIMP
+nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
+{
+ return GetCertificateHash(_sha1Fingerprint, SEC_OID_SHA1);
}
NS_IMETHODIMP
diff --git a/security/manager/ssl/src/nsNSSCertificate.h b/security/manager/ssl/src/nsNSSCertificate.h
index 63b49a2e4237..997bfafa4716 100644
--- a/security/manager/ssl/src/nsNSSCertificate.h
+++ b/security/manager/ssl/src/nsNSSCertificate.h
@@ -65,6 +65,8 @@ private:
void destructorSafeDestroyNSSReference();
bool InitFromDER(char* certDER, int derLen); // return false on failure
+ nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);
+
enum {
ev_status_unknown = -1, ev_status_invalid = 0, ev_status_valid = 1
} mCachedEVStatus;
diff --git a/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp b/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
index 4179ded9ac17..4b3b20a4fbce 100644
--- a/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
@@ -162,14 +162,14 @@ nsNSSCertificateFakeTransport::GetSerialNumber(nsAString &_serialNumber)
}
NS_IMETHODIMP
-nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString &_sha1Fingerprint)
+nsNSSCertificateFakeTransport::GetSha256Fingerprint(nsAString& aSha256Fingerprint)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
-nsNSSCertificateFakeTransport::GetMd5Fingerprint(nsAString &_md5Fingerprint)
+nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString& aSha1Fingerprint)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
diff --git a/toolkit/mozapps/update/tests/chrome/test_0121_check_requireBuiltinCert.xul b/toolkit/mozapps/update/tests/chrome/test_0121_check_requireBuiltinCert.xul
index dd2eecef91c1..cc9dfe64db5f 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0121_check_requireBuiltinCert.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0121_check_requireBuiltinCert.xul
@@ -30,7 +30,7 @@ Components.utils.import("resource://gre/modules/CertUtils.jsm");
const CERT_ATTRS = ["nickname", "emailAddress", "subjectName", "commonName",
"organization", "organizationalUnit", "sha1Fingerprint",
- "md5Fingerprint", "tokenName", "issuerName", "serialNumber",
+ "sha256Fingerprint", "tokenName", "issuerName", "serialNumber",
"issuerCommonName", "issuerOrganization",
"issuerOrganizationUnit", "dbKey", "windowTitle"];
diff --git a/toolkit/mozapps/update/tests/chrome/test_0122_check_allowNonBuiltinCert_validCertAttrs.xul b/toolkit/mozapps/update/tests/chrome/test_0122_check_allowNonBuiltinCert_validCertAttrs.xul
index c3042d492ae3..f3e1d312c3f2 100644
--- a/toolkit/mozapps/update/tests/chrome/test_0122_check_allowNonBuiltinCert_validCertAttrs.xul
+++ b/toolkit/mozapps/update/tests/chrome/test_0122_check_allowNonBuiltinCert_validCertAttrs.xul
@@ -30,7 +30,7 @@ Components.utils.import("resource://gre/modules/CertUtils.jsm");
const CERT_ATTRS = ["nickname", "emailAddress", "subjectName", "commonName",
"organization", "organizationalUnit", "sha1Fingerprint",
- "md5Fingerprint", "tokenName", "issuerName", "serialNumber",
+ "sha256Fingerprint", "tokenName", "issuerName", "serialNumber",
"issuerCommonName", "issuerOrganization",
"issuerOrganizationUnit", "dbKey", "windowTitle"];