subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1606262 - in /subversion/branches/svn-auth-x509/subversion: include/svn_x509.h libsvn_subr/x509parse.c svn/auth-cmd.c tests/libsvn_subr/x509-test.c
Date Fri, 27 Jun 2014 22:50:54 GMT
Author: breser
Date: Fri Jun 27 22:50:54 2014
New Revision: 1606262

URL: http://svn.apache.org/r1606262
Log:
On svn-auth-x509 branch, restore the fingerprint output for certs.

* subversion/include/svn_x509.h
  (SVN_X509_CERTINFO_KEY_SHA1_DIGEST): New constant.

* subversion/libsvn_subr/x509parse.c
  (svn_x509_parse_cert): Calculate the SHA1 fingerprint and store it in the
    certinfo hash.

* subversion/svn/auth-cmd.c
  (show_cert): Display the SHA1 fingerprint.

* subversion/tests/libsvn_subr/x509-test.c
  (x509_test): Add a sha1_digest field.
  (cert_tests): Add digests for the certificates.

Modified:
    subversion/branches/svn-auth-x509/subversion/include/svn_x509.h
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
    subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c
    subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c

Modified: subversion/branches/svn-auth-x509/subversion/include/svn_x509.h
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/include/svn_x509.h?rev=1606262&r1=1606261&r2=1606262&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/include/svn_x509.h (original)
+++ subversion/branches/svn-auth-x509/subversion/include/svn_x509.h Fri Jun 27 22:50:54 2014
@@ -36,6 +36,7 @@
 #define SVN_X509_CERTINFO_KEY_ISSUER      "issuer"
 #define SVN_X509_CERTINFO_KEY_VALID_FROM  "valid-from"
 #define SVN_X509_CERTINFO_KEY_VALID_TO    "valid-to"
+#define SVN_X509_CERTINFO_KEY_SHA1_DIGEST "sha1-digest"
 
 #ifdef __cplusplus
 extern "C" {

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1606262&r1=1606261&r2=1606262&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Fri Jun 27 22:50:54
2014
@@ -49,6 +49,7 @@
 #include "svn_hash.h"
 #include "svn_string.h"
 #include "svn_time.h"
+#include "svn_checksum.h"
 #include "svn_x509.h"
 
 #include "x509.h"
@@ -641,6 +642,7 @@ svn_x509_parse_cert(apr_hash_t **certinf
   const unsigned char *end;
   x509_cert *crt;
   svn_stringbuf_t *name;
+  svn_checksum_t *sha1_digest;
 
   crt = apr_pcalloc(scratch_pool, sizeof(*crt));
   p = (const unsigned char *)buf;
@@ -796,6 +798,13 @@ svn_x509_parse_cert(apr_hash_t **certinf
   svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_VALID_TO,
                 svn_time_to_human_cstring(crt->valid_to, result_pool));
 
+  /* calculate the SHA1 digest of the certificate, otherwise known as the
+   * fingerprint */
+  SVN_ERR(svn_checksum(&sha1_digest, svn_checksum_sha1, buf, buflen,
+                       scratch_pool));
+  svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_SHA1_DIGEST,
+                svn_checksum_to_cstring_display(sha1_digest, result_pool));
+
   return SVN_NO_ERROR;
 }
 

Modified: subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c?rev=1606262&r1=1606261&r2=1606262&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c (original)
+++ subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c Fri Jun 27 22:50:54 2014
@@ -190,6 +190,9 @@ show_cert(const svn_string_t *pem_cert, 
   SVN_ERR(svn_cmdline_printf(scratch_pool, _("Issuer: %s\n"),
                              (const char *)svn_hash_gets(certinfo,
                                              SVN_X509_CERTINFO_KEY_ISSUER)));
+  SVN_ERR(svn_cmdline_printf(scratch_pool, _("Fingerprint: %s\n"),
+                             (const char *)svn_hash_gets(certinfo,
+                                             SVN_X509_CERTINFO_KEY_SHA1_DIGEST)));
 #if 0
   SVN_ERR(svn_cmdline_printf(scratch_pool, _("Subject: %s\n"), cert->subject_id.p));
   SVN_ERR(svn_cmdline_printf(iterpool, _("Issuer: %s\n"), value->data));

Modified: subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c?rev=1606262&r1=1606261&r2=1606262&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c (original)
+++ subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c Fri Jun 27
22:50:54 2014
@@ -42,6 +42,7 @@ struct x509_test {
    * timezone.  So we can't store exactly what the parser will output. */
   const char *valid_from;
   const char *valid_to;
+  const char *sha1_digest;
 };
 
 static struct x509_test cert_tests[] = {
@@ -75,7 +76,8 @@ static struct x509_test cert_tests[] = {
     "hI5FdJWUWVSgnSw=",
     "C=US, O=Thawte, Inc., CN=Thawte SSL CA",
     "2014-04-11T00:00:00.000000Z",
-    "2016-04-07T23:59:59.000000Z" },
+    "2016-04-07T23:59:59.000000Z",
+    "151d8ad1e1bac21466bc2836ba80b5fcf872f37c" },
   /* the expiration is after 2049 so the expiration is in the
    * generalized format, while the start date is still in the UTC
    * format. Note this is actually a CA cert but that really doesn't
@@ -103,7 +105,8 @@ static struct x509_test cert_tests[] = {
     "hj80N2fhS9QWoLyeKoMTNB2Do6VaNrLrCJiscZWrsnM1f+XBqV8hMuHX8A==",
     "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
     "2014-06-27T17:31:51.000000Z",
-    "2114-06-03T17:31:51.000000Z" },
+    "2114-06-03T17:31:51.000000Z",
+    "db3a959e145acc2741f9eeecbeabce53cc5b7362" },
   { NULL }
 };
 
@@ -172,6 +175,17 @@ compare_results(struct x509_test *xt,
                         xt->cert_name,
                         pool));
 
+  v = svn_hash_gets(certinfo, SVN_X509_CERTINFO_KEY_SHA1_DIGEST);
+  if (!v)
+    return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+                             "No SHA1 digest for cert '%s'", xt->cert_name);
+  if (strcmp(v, xt->sha1_digest))
+    return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+                             "SHA1 digest didn't match for cert '%s', "
+                             "expected '%s', got '%s'", xt->cert_name,
+                             xt->sha1_digest, v);
+
+
   return SVN_NO_ERROR;
 }
 



Mime
View raw message