Bug 992972 - Add sha256SubjectPublicKeyInfoDigest attribute to nsIX509Cert. sr=bsmith
authorCamilo Viecco <cviecco@mozilla.com>
Mon, 07 Apr 2014 10:35:57 -0700
changeset 197652 2604efa5ae36d465301843fe9714863ede45dede
parent 197651 f854b5d978b59d65eb1b21f379b38338de5b270e
child 197653 7ee8d408e364def75e316ba70c09c0c63e32efe4
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmith
bugs992972
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 992972 - Add sha256SubjectPublicKeyInfoDigest attribute to nsIX509Cert. sr=bsmith
security/manager/ssl/public/nsIX509Cert.idl
security/manager/ssl/src/nsNSSCertificate.cpp
security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
--- a/security/manager/ssl/public/nsIX509Cert.idl
+++ b/security/manager/ssl/public/nsIX509Cert.idl
@@ -8,17 +8,17 @@
 
 interface nsIArray;
 interface nsIX509CertValidity;
 interface nsIASN1Object;
 
 /**
  * This represents a X.509 certificate.
  */
-[scriptable, uuid(45b24b0a-6189-4b05-af0b-8d4d66d57c59)]
+[scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)]
 interface nsIX509Cert : nsISupports {
 
   /**
    *  A nickname for the certificate.
    */
   readonly attribute AString nickname;
 
   /**
@@ -225,9 +225,15 @@ interface nsIX509Cert : nsISupports {
 
   /**
    *  Test whether two certificate instances represent the 
    *  same certificate.
    *
    *  @return Whether the certificates are equal
    */
   boolean equals(in nsIX509Cert other);
+
+  /**
+   * The base64 encoding of the DER encoded public key info using the specified
+   * digest.
+   */
+  readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
 };
--- a/security/manager/ssl/src/nsNSSCertificate.cpp
+++ b/security/manager/ssl/src/nsNSSCertificate.cpp
@@ -35,16 +35,17 @@
 #include "nsThreadUtils.h"
 #include "nsCertVerificationThread.h"
 #include "nsIObjectOutputStream.h"
 #include "nsIObjectInputStream.h"
 #include "nsIProgrammingLanguage.h"
 #include "nsXULAppAPI.h"
 #include "ScopedNSSTypes.h"
 #include "nsProxyRelease.h"
+#include "mozilla/Base64.h"
 
 #include "nspr.h"
 #include "certdb.h"
 #include "secerr.h"
 #include "nssb64.h"
 #include "secasn1.h"
 #include "secder.h"
 #include "ssl.h"
@@ -1073,16 +1074,41 @@ nsNSSCertificate::GetTokenName(nsAString
       if (NS_SUCCEEDED(rv))
         aTokenName = tok;
     }
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
+nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aSha256SPKIDigest.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mCert->derPublicKey.data,
+                                 mCert->derPublicKey.len);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  rv = Base64Encode(nsDependentCSubstring(
+                      reinterpret_cast<const char*> (digest.get().data),
+                      digest.get().len),
+                    aSha256SPKIDigest);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
 nsNSSCertificate::GetRawDER(uint32_t* aLength, uint8_t** aArray)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return NS_ERROR_NOT_AVAILABLE;
 
   if (mCert) {
     *aArray = (uint8_t*)nsMemory::Alloc(mCert->derCert.len);
--- a/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
@@ -226,16 +226,23 @@ nsNSSCertificateFakeTransport::GetASN1St
 NS_IMETHODIMP
 nsNSSCertificateFakeTransport::Equals(nsIX509Cert *other, bool *result)
 {
   NS_NOTREACHED("Unimplemented on content process");
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha256SubjectPublicKeyInfoDigest(nsACString_internal&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
 nsNSSCertificateFakeTransport::Write(nsIObjectOutputStream* aStream)
 {
   // On a non-chrome process we don't have mCert because we lack
   // nsNSSComponent.  nsNSSCertificateFakeTransport object is used only to carry the
   // certificate serialization.
 
   nsresult rv = aStream->Write32(mCertSerialization->len);
   if (NS_FAILED(rv)) {