Bug 622332 - Show cert SHA-256 fingerprint and remove MD5 fingerprint. r=keeler

This commit is contained in:
Cykesiopka 2014-05-22 00:52:00 +02:00
Родитель 866b818108
Коммит d0a5ea9350
11 изменённых файлов: 54 добавлений и 58 удалений

Просмотреть файл

@ -141,8 +141,8 @@ NSSDialogs.prototype = {
["certmgr.begins", aCert.validity.notBeforeLocalDay,
"certmgr.expires", aCert.validity.notAfterLocalDay])})
.addLabel({ label: this.certInfoSection("certmgr.fingerprints.label",
["certmgr.certdetail.sha1fingerprint", aCert.sha1Fingerprint,
"certmgr.certdetail.md5fingerprint", aCert.md5Fingerprint], false) });
["certmgr.certdetail.sha256fingerprint", aCert.sha256Fingerprint,
"certmgr.certdetail.sha1fingerprint", aCert.sha1Fingerprint], false) });
this.showPrompt(p);
},

Просмотреть файл

@ -35,7 +35,7 @@ certmgr.certdetail.cn=Common Name (CN)
certmgr.certdetail.o=Organization (O)
certmgr.certdetail.ou=Organizational Unit (OU)
certmgr.certdetail.serialnumber=Serial Number
certmgr.certdetail.sha256fingerprint=SHA-256 Fingerprint
certmgr.certdetail.sha1fingerprint=SHA1 Fingerprint
certmgr.certdetail.md5fingerprint=MD5 Fingerprint
certmgr.begins=Begins On
certmgr.expires=Expires On

Просмотреть файл

@ -34,8 +34,8 @@
<!ENTITY certmgr.certdetail.o "Organization (O)">
<!ENTITY certmgr.certdetail.ou "Organizational Unit (OU)">
<!ENTITY certmgr.certdetail.serialnumber "Serial Number">
<!ENTITY certmgr.certdetail.sha256fingerprint "SHA-256 Fingerprint">
<!ENTITY certmgr.certdetail.sha1fingerprint "SHA1 Fingerprint">
<!ENTITY certmgr.certdetail.md5fingerprint "MD5 Fingerprint">
<!ENTITY certmgr.editcert.title "Edit Security Certificate Settings">
<!ENTITY certmgr.editcacert.title "Edit CA certificate trust settings">

Просмотреть файл

@ -241,10 +241,10 @@ function DisplayGeneralDataFromCert(cert)
addAttributeFromCert('orgunit', cert.organizationalUnit);
// Serial Number
addAttributeFromCert('serialnumber',cert.serialNumber);
// SHA-256 Fingerprint
addAttributeFromCert('sha256fingerprint', cert.sha256Fingerprint);
// SHA1 Fingerprint
addAttributeFromCert('sha1fingerprint',cert.sha1Fingerprint);
// MD5 Fingerprint
addAttributeFromCert('md5fingerprint',cert.md5Fingerprint);
// Validity start
addAttributeFromCert('validitystart', cert.validity.notBeforeLocalDay);
// Validity end

Просмотреть файл

@ -87,12 +87,15 @@
<spacer/>
</row>
<row>
<label value="&certmgr.certdetail.sha1fingerprint;"/>
<textbox id="sha1fingerprint" class="plain" readonly="true" style="min-width:34em;"/>
<label value="&certmgr.certdetail.sha256fingerprint;"/>
<hbox>
<textbox id="sha256fingerprint" class="plain" readonly="true" multiline="true"
style="height: 6ex; width: 48ch; font-family: monospace;"/>
</hbox>
</row>
<row>
<label value="&certmgr.certdetail.md5fingerprint;"/>
<textbox id="md5fingerprint" class="plain" readonly="true"/>
<label value="&certmgr.certdetail.sha1fingerprint;"/>
<textbox id="sha1fingerprint" class="plain" readonly="true" style="min-width:34em;"/>
</row>
</rows>
</grid>

Просмотреть файл

@ -13,7 +13,7 @@ interface nsIASN1Object;
/**
* This represents a X.509 certificate.
*/
[scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)]
[scriptable, uuid(900d6442-d8bc-11e3-aa51-0800273c564f)]
interface nsIX509Cert : nsISupports {
/**
@ -67,18 +67,18 @@ interface nsIX509Cert : nsISupports {
*/
readonly attribute AString organizationalUnit;
/**
* The fingerprint of the certificate's DER encoding,
* calculated using the SHA-256 algorithm.
*/
readonly attribute AString sha256Fingerprint;
/**
* The fingerprint of the certificate's public key,
* calculated using the SHA1 algorithm.
*/
readonly attribute AString sha1Fingerprint;
/**
* The fingerprint of the certificate's public key,
* calculated using the MD5 algorithm.
*/
readonly attribute AString md5Fingerprint;
/**
* A human readable name identifying the hardware or
* software token the certificate is stored on.

Просмотреть файл

@ -997,52 +997,43 @@ nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber)
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
nsresult
nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown())
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
_sha1Fingerprint.Truncate();
unsigned char fingerprint[20];
SECItem fpItem;
memset(fingerprint, 0, sizeof fingerprint);
PK11_HashBuf(SEC_OID_SHA1, fingerprint,
mCert->derCert.data, mCert->derCert.len);
fpItem.data = fingerprint;
fpItem.len = SHA1_LENGTH;
char* fpStr = CERT_Hexify(&fpItem, 1);
if (fpStr) {
_sha1Fingerprint = NS_ConvertASCIItoUTF16(fpStr);
PORT_Free(fpStr);
return NS_OK;
}
return NS_ERROR_FAILURE;
aFingerprint.Truncate();
Digest digest;
nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data,
mCert->derCert.len);
if (NS_FAILED(rv)) {
return rv;
}
// CERT_Hexify's second argument is an int that is interpreted as a boolean
char* fpStr = CERT_Hexify(const_cast<SECItem*>(&digest.get()), 1);
if (!fpStr) {
return NS_ERROR_FAILURE;
}
aFingerprint.AssignASCII(fpStr);
PORT_Free(fpStr);
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificate::GetMd5Fingerprint(nsAString& _md5Fingerprint)
nsNSSCertificate::GetSha256Fingerprint(nsAString& aSha256Fingerprint)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
return GetCertificateHash(aSha256Fingerprint, SEC_OID_SHA256);
}
_md5Fingerprint.Truncate();
unsigned char fingerprint[20];
SECItem fpItem;
memset(fingerprint, 0, sizeof fingerprint);
PK11_HashBuf(SEC_OID_MD5, fingerprint,
mCert->derCert.data, mCert->derCert.len);
fpItem.data = fingerprint;
fpItem.len = MD5_LENGTH;
char* fpStr = CERT_Hexify(&fpItem, 1);
if (fpStr) {
_md5Fingerprint = NS_ConvertASCIItoUTF16(fpStr);
PORT_Free(fpStr);
return NS_OK;
}
return NS_ERROR_FAILURE;
NS_IMETHODIMP
nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
{
return GetCertificateHash(_sha1Fingerprint, SEC_OID_SHA1);
}
NS_IMETHODIMP

Просмотреть файл

@ -65,6 +65,8 @@ private:
void destructorSafeDestroyNSSReference();
bool InitFromDER(char* certDER, int derLen); // return false on failure
nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);
enum {
ev_status_unknown = -1, ev_status_invalid = 0, ev_status_valid = 1
} mCachedEVStatus;

Просмотреть файл

@ -162,14 +162,14 @@ nsNSSCertificateFakeTransport::GetSerialNumber(nsAString &_serialNumber)
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString &_sha1Fingerprint)
nsNSSCertificateFakeTransport::GetSha256Fingerprint(nsAString& aSha256Fingerprint)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::GetMd5Fingerprint(nsAString &_md5Fingerprint)
nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString& aSha1Fingerprint)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;

Просмотреть файл

@ -30,7 +30,7 @@ Components.utils.import("resource://gre/modules/CertUtils.jsm");
const CERT_ATTRS = ["nickname", "emailAddress", "subjectName", "commonName",
"organization", "organizationalUnit", "sha1Fingerprint",
"md5Fingerprint", "tokenName", "issuerName", "serialNumber",
"sha256Fingerprint", "tokenName", "issuerName", "serialNumber",
"issuerCommonName", "issuerOrganization",
"issuerOrganizationUnit", "dbKey", "windowTitle"];

Просмотреть файл

@ -30,7 +30,7 @@ Components.utils.import("resource://gre/modules/CertUtils.jsm");
const CERT_ATTRS = ["nickname", "emailAddress", "subjectName", "commonName",
"organization", "organizationalUnit", "sha1Fingerprint",
"md5Fingerprint", "tokenName", "issuerName", "serialNumber",
"sha256Fingerprint", "tokenName", "issuerName", "serialNumber",
"issuerCommonName", "issuerOrganization",
"issuerOrganizationUnit", "dbKey", "windowTitle"];