Summary:
X509_digest, or the "fingerprint" of the cert, is useful to identify
certificates with the same CN/SANs. This adds an API to get the SHA1 or SHA256
digest of a cert.
Reviewed By: yfeldblum
Differential Revision:
D6457917
fbshipit-source-id:
148a5a2270e938b39065e00d7947c2fc57cd7f75
return certs;
}
+std::array<uint8_t, SHA_DIGEST_LENGTH> OpenSSLCertUtils::getDigestSha1(
+ X509& x509) {
+ unsigned int len;
+ std::array<uint8_t, SHA_DIGEST_LENGTH> md;
+ int rc = X509_digest(&x509, EVP_sha1(), md.data(), &len);
+
+ if (rc <= 0) {
+ throw std::runtime_error("Could not calculate SHA1 digest for cert");
+ }
+ return md;
+}
+
+std::array<uint8_t, SHA256_DIGEST_LENGTH> OpenSSLCertUtils::getDigestSha256(
+ X509& x509) {
+ unsigned int len;
+ std::array<uint8_t, SHA256_DIGEST_LENGTH> md;
+ int rc = X509_digest(&x509, EVP_sha256(), md.data(), &len);
+
+ if (rc <= 0) {
+ throw std::runtime_error("Could not calculate SHA256 digest for cert");
+ }
+ return md;
+}
+
+
} // namespace ssl
} // namespace folly
*/
static std::vector<X509UniquePtr> readCertsFromBuffer(ByteRange);
+ /**
+ * Return the output of the X509_digest for chosen message-digest algo
+ * NOTE: The returned digest will be in binary, and may need to be
+ * hex-encoded
+ */
+ static std::array<uint8_t, SHA_DIGEST_LENGTH> getDigestSha1(X509& x509);
+ static std::array<uint8_t, SHA256_DIGEST_LENGTH> getDigestSha256(X509& x509);
+
private:
static std::string getDateTimeStr(const ASN1_TIME* time);
};
EXPECT_EQ(*identity, folly::sformat("test cert {}", i.index + 1));
}
}
+
+TEST_F(OpenSSLCertUtilsTest, TestX509Digest) {
+ auto x509 = readCertFromFile(kTestCertWithoutSan);
+ EXPECT_NE(x509, nullptr);
+
+ auto sha1Digest = folly::ssl::OpenSSLCertUtils::getDigestSha1(*x509);
+ EXPECT_EQ(
+ folly::hexlify(folly::range(sha1Digest)),
+ "b84e951d6c4e6cc70346357fab43d7ed73a07b0f");
+
+ auto sha2Digest = folly::ssl::OpenSSLCertUtils::getDigestSha256(*x509);
+ EXPECT_EQ(
+ folly::hexlify(folly::range(sha2Digest)),
+ "364d3a6a0b10d0635ce59b40c0b7f505ab2cd9fd0a06661cdc61d9cb8c9c9821");
+}