Return-Path: X-Original-To: apmail-subversion-commits-archive@minotaur.apache.org Delivered-To: apmail-subversion-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BA159114C9 for ; Fri, 27 Jun 2014 22:51:16 +0000 (UTC) Received: (qmail 29846 invoked by uid 500); 27 Jun 2014 22:51:16 -0000 Delivered-To: apmail-subversion-commits-archive@subversion.apache.org Received: (qmail 29817 invoked by uid 500); 27 Jun 2014 22:51:16 -0000 Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@subversion.apache.org Delivered-To: mailing list commits@subversion.apache.org Received: (qmail 29807 invoked by uid 99); 27 Jun 2014 22:51:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jun 2014 22:51:16 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jun 2014 22:51:15 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 142EA2388868; Fri, 27 Jun 2014 22:50:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1606262 - in /subversion/branches/svn-auth-x509/subversion: include/svn_x509.h libsvn_subr/x509parse.c svn/auth-cmd.c tests/libsvn_subr/x509-test.c Date: Fri, 27 Jun 2014 22:50:54 -0000 To: commits@subversion.apache.org From: breser@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140627225055.142EA2388868@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: breser Date: Fri Jun 27 22:50:54 2014 New Revision: 1606262 URL: http://svn.apache.org/r1606262 Log: On svn-auth-x509 branch, restore the fingerprint output for certs. * subversion/include/svn_x509.h (SVN_X509_CERTINFO_KEY_SHA1_DIGEST): New constant. * subversion/libsvn_subr/x509parse.c (svn_x509_parse_cert): Calculate the SHA1 fingerprint and store it in the certinfo hash. * subversion/svn/auth-cmd.c (show_cert): Display the SHA1 fingerprint. * subversion/tests/libsvn_subr/x509-test.c (x509_test): Add a sha1_digest field. (cert_tests): Add digests for the certificates. Modified: subversion/branches/svn-auth-x509/subversion/include/svn_x509.h subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c Modified: subversion/branches/svn-auth-x509/subversion/include/svn_x509.h URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/include/svn_x509.h?rev=1606262&r1=1606261&r2=1606262&view=diff ============================================================================== --- subversion/branches/svn-auth-x509/subversion/include/svn_x509.h (original) +++ subversion/branches/svn-auth-x509/subversion/include/svn_x509.h Fri Jun 27 22:50:54 2014 @@ -36,6 +36,7 @@ #define SVN_X509_CERTINFO_KEY_ISSUER "issuer" #define SVN_X509_CERTINFO_KEY_VALID_FROM "valid-from" #define SVN_X509_CERTINFO_KEY_VALID_TO "valid-to" +#define SVN_X509_CERTINFO_KEY_SHA1_DIGEST "sha1-digest" #ifdef __cplusplus extern "C" { Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1606262&r1=1606261&r2=1606262&view=diff ============================================================================== --- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c (original) +++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Fri Jun 27 22:50:54 2014 @@ -49,6 +49,7 @@ #include "svn_hash.h" #include "svn_string.h" #include "svn_time.h" +#include "svn_checksum.h" #include "svn_x509.h" #include "x509.h" @@ -641,6 +642,7 @@ svn_x509_parse_cert(apr_hash_t **certinf const unsigned char *end; x509_cert *crt; svn_stringbuf_t *name; + svn_checksum_t *sha1_digest; crt = apr_pcalloc(scratch_pool, sizeof(*crt)); p = (const unsigned char *)buf; @@ -796,6 +798,13 @@ svn_x509_parse_cert(apr_hash_t **certinf svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_VALID_TO, svn_time_to_human_cstring(crt->valid_to, result_pool)); + /* calculate the SHA1 digest of the certificate, otherwise known as the + * fingerprint */ + SVN_ERR(svn_checksum(&sha1_digest, svn_checksum_sha1, buf, buflen, + scratch_pool)); + svn_hash_sets(*certinfo, SVN_X509_CERTINFO_KEY_SHA1_DIGEST, + svn_checksum_to_cstring_display(sha1_digest, result_pool)); + return SVN_NO_ERROR; } Modified: subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c?rev=1606262&r1=1606261&r2=1606262&view=diff ============================================================================== --- subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c (original) +++ subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c Fri Jun 27 22:50:54 2014 @@ -190,6 +190,9 @@ show_cert(const svn_string_t *pem_cert, SVN_ERR(svn_cmdline_printf(scratch_pool, _("Issuer: %s\n"), (const char *)svn_hash_gets(certinfo, SVN_X509_CERTINFO_KEY_ISSUER))); + SVN_ERR(svn_cmdline_printf(scratch_pool, _("Fingerprint: %s\n"), + (const char *)svn_hash_gets(certinfo, + SVN_X509_CERTINFO_KEY_SHA1_DIGEST))); #if 0 SVN_ERR(svn_cmdline_printf(scratch_pool, _("Subject: %s\n"), cert->subject_id.p)); SVN_ERR(svn_cmdline_printf(iterpool, _("Issuer: %s\n"), value->data)); Modified: subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c?rev=1606262&r1=1606261&r2=1606262&view=diff ============================================================================== --- subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c (original) +++ subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c Fri Jun 27 22:50:54 2014 @@ -42,6 +42,7 @@ struct x509_test { * timezone. So we can't store exactly what the parser will output. */ const char *valid_from; const char *valid_to; + const char *sha1_digest; }; static struct x509_test cert_tests[] = { @@ -75,7 +76,8 @@ static struct x509_test cert_tests[] = { "hI5FdJWUWVSgnSw=", "C=US, O=Thawte, Inc., CN=Thawte SSL CA", "2014-04-11T00:00:00.000000Z", - "2016-04-07T23:59:59.000000Z" }, + "2016-04-07T23:59:59.000000Z", + "151d8ad1e1bac21466bc2836ba80b5fcf872f37c" }, /* the expiration is after 2049 so the expiration is in the * generalized format, while the start date is still in the UTC * format. Note this is actually a CA cert but that really doesn't @@ -103,7 +105,8 @@ static struct x509_test cert_tests[] = { "hj80N2fhS9QWoLyeKoMTNB2Do6VaNrLrCJiscZWrsnM1f+XBqV8hMuHX8A==", "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd", "2014-06-27T17:31:51.000000Z", - "2114-06-03T17:31:51.000000Z" }, + "2114-06-03T17:31:51.000000Z", + "db3a959e145acc2741f9eeecbeabce53cc5b7362" }, { NULL } }; @@ -172,6 +175,17 @@ compare_results(struct x509_test *xt, xt->cert_name, pool)); + v = svn_hash_gets(certinfo, SVN_X509_CERTINFO_KEY_SHA1_DIGEST); + if (!v) + return svn_error_createf(SVN_ERR_TEST_FAILED, NULL, + "No SHA1 digest for cert '%s'", xt->cert_name); + if (strcmp(v, xt->sha1_digest)) + return svn_error_createf(SVN_ERR_TEST_FAILED, NULL, + "SHA1 digest didn't match for cert '%s', " + "expected '%s', got '%s'", xt->cert_name, + xt->sha1_digest, v); + + return SVN_NO_ERROR; }