diff options
author | Alexey Melnikov <alexey.melnikov@isode.com> | 2012-02-28 14:55:06 (GMT) |
---|---|---|
committer | Kevin Smith <git@kismith.co.uk> | 2012-02-28 16:53:39 (GMT) |
commit | bca7e9a19e35ca4d64b66a7b6785197d91c5bffa (patch) | |
tree | 8a52fa9a69fc415fe5e5fe0fa82d4d8d2334683b /Swift | |
parent | 920fa6a454e921dd0480ae2675f195382fccf32a (diff) | |
download | swift-bca7e9a19e35ca4d64b66a7b6785197d91c5bffa.zip swift-bca7e9a19e35ca4d64b66a7b6785197d91c5bffa.tar.bz2 |
Changed certstore: URIs to use SHA1 hashes of certificates
Value of the certificate's subject DN leftmost RDN is not necessarily unique.
This change switches to using SHA1 hash of DER certificates,
which should guaranty uniqueness.
License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Diffstat (limited to 'Swift')
-rw-r--r-- | Swift/QtUI/CAPICertificateSelector.cpp | 69 |
1 files changed, 13 insertions, 56 deletions
diff --git a/Swift/QtUI/CAPICertificateSelector.cpp b/Swift/QtUI/CAPICertificateSelector.cpp index aa41d70..e7948ef 100644 --- a/Swift/QtUI/CAPICertificateSelector.cpp +++ b/Swift/QtUI/CAPICertificateSelector.cpp @@ -13,6 +13,7 @@ #include <WinCrypt.h> #include <cryptuiapi.h> +#include <Swiften/StringCodecs/Hexify.h> #include <boost/algorithm/string.hpp> namespace Swift { @@ -23,67 +24,23 @@ namespace Swift { #define exclude_columns CRYPTUI_SELECT_LOCATION_COLUMN \ |CRYPTUI_SELECT_INTENDEDUSE_COLUMN - +// Size of the SHA1 hash +#define SHA1_HASH_LEN 20 static std::string getCertUri(PCCERT_CONTEXT cert, const char * cert_store_name) { - DWORD required_size; - char * comma; - char * p_in; - char * p_out; - char * subject_name; - std::string ret = std::string("certstore:") + cert_store_name + ":"; - - required_size = CertNameToStrA(cert->dwCertEncodingType, - &cert->pCertInfo->Subject, - /* Discard attribute names: */ - CERT_SIMPLE_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, - NULL, - 0); - - subject_name = static_cast<char *>(malloc(required_size+1)); - - if (!CertNameToStrA(cert->dwCertEncodingType, - &cert->pCertInfo->Subject, - /* Discard attribute names: */ - CERT_SIMPLE_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, - subject_name, - required_size)) { + DWORD cbHash = SHA1_HASH_LEN; + BYTE aHash[SHA1_HASH_LEN]; + std::string ret = std::string("certstore:") + cert_store_name + ":" + "sha1:"; + + if (CertGetCertificateContextProperty(cert, + CERT_HASH_PROP_ID, + aHash, + &cbHash) == FALSE ) { return ""; } - /* Now search for the "," (ignoring escapes) - and truncate the rest of the string */ - if (subject_name[0] == '"') { - for (comma = subject_name + 1; comma[0]; comma++) { - if (comma[0] == '"') { - comma++; - if (comma[0] != '"') { - break; - } - } - } - } else { - comma = strchr(subject_name, ','); - } - - if (comma != NULL) { - *comma = '\0'; - } - - /* We now need to unescape the returned RDN */ - if (subject_name[0] == '"') { - for (p_in = subject_name + 1, p_out = subject_name; p_in[0]; p_in++, p_out++) { - if (p_in[0] == '"') { - p_in++; - } - - p_out[0] = p_in[0]; - } - p_out[0] = '\0'; - } - - ret += subject_name; - free(subject_name); + ByteArray byteArray = createByteArray((char *)(&aHash[0])); + ret += Hexify::hexify(byteArray); return ret; } |