From 9a701b0a7031619853fb09da2b5bea190363075b Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Thu, 9 Sep 2010 23:27:17 -0700 Subject: [PATCH] Expose fingerproint from getPeerCertificate Expose the SHA1 digest of the certificate as the fingerprint attribute in the object returned by getPeerCertificate() --- src/node_crypto.cc | 24 ++++++++++++++++++++++++ test/simple/test-http-tls.js | 6 ++++-- test/simple/test-net-tls.js | 6 ++++-- 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 2934dfe7fa3..9ea5e8e5b76 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -25,6 +25,7 @@ static Persistent subject_symbol; static Persistent issuer_symbol; static Persistent valid_from_symbol; static Persistent valid_to_symbol; +static Persistent fingerprint_symbol; static Persistent name_symbol; static Persistent version_symbol; @@ -548,6 +549,28 @@ Handle SecureStream::GetPeerCertificate(const Arguments& args) { BIO_free(bio); info->Set(valid_to_symbol, String::New(buf)); + unsigned int md_size, i; + unsigned char md[EVP_MAX_MD_SIZE]; + if (X509_digest(peer_cert, EVP_sha1(), md, &md_size)) { + const char hex[] = "0123456789ABCDEF"; + char fingerprint[EVP_MAX_MD_SIZE * 3]; + + for (i=0; i> 4]; + fingerprint[(3*i)+1] = hex[(md[i] & 0x0f)]; + fingerprint[(3*i)+2] = ':'; + } + + if (md_size > 0) { + fingerprint[(3*(md_size-1))+2] = '\0'; + } + else { + fingerprint[0] = '\0'; + } + + info->Set(fingerprint_symbol, String::New(fingerprint)); + } + X509_free(peer_cert); } return scope.Close(info); @@ -2322,6 +2345,7 @@ void InitCrypto(Handle target) { issuer_symbol = NODE_PSYMBOL("issuer"); valid_from_symbol = NODE_PSYMBOL("valid_from"); valid_to_symbol = NODE_PSYMBOL("valid_to"); + fingerprint_symbol = NODE_PSYMBOL("fingerprint"); name_symbol = NODE_PSYMBOL("name"); version_symbol = NODE_PSYMBOL("version"); } diff --git a/test/simple/test-http-tls.js b/test/simple/test-http-tls.js index 373e4dde0e8..9f03d33fa6b 100644 --- a/test/simple/test-http-tls.js +++ b/test/simple/test-http-tls.js @@ -41,7 +41,8 @@ var https_server = http.createServer(function (req, res) { + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + '/OU=Test TLS Certificate/CN=localhost","valid_from":' + '"Nov 11 09:52:22 2009 GMT","valid_to":' - + '"Nov 6 09:52:22 2029 GMT"}'); + + '"Nov 6 09:52:22 2029 GMT",' + + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}'); if (req.id == 0) { assert.equal("GET", req.method); @@ -92,7 +93,8 @@ https_server.addListener("listening", function() { + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + '/OU=Test TLS Certificate/CN=localhost","valid_from":' + '"Nov 11 09:52:22 2009 GMT","valid_to":' - + '"Nov 6 09:52:22 2029 GMT"}'); + + '"Nov 6 09:52:22 2029 GMT",' + + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}'); c.write( "GET /hello?hello=world&foo=b==ar HTTP/1.1\r\n\r\n" ); requests_sent += 1; }); diff --git a/test/simple/test-net-tls.js b/test/simple/test-net-tls.js index 4054b052ddc..5d56bea1734 100644 --- a/test/simple/test-net-tls.js +++ b/test/simple/test-net-tls.js @@ -41,7 +41,8 @@ var secureServer = net.createServer(function (connection) { + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + '/OU=Test TLS Certificate/CN=localhost","valid_from":' + '"Nov 11 09:52:22 2009 GMT","valid_to":' - + '"Nov 6 09:52:22 2029 GMT"}'); + + '"Nov 6 09:52:22 2029 GMT",' + + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}'); }); @@ -76,7 +77,8 @@ secureServer.addListener("listening", function() { + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + '/OU=Test TLS Certificate/CN=localhost","valid_from":' + '"Nov 11 09:52:22 2009 GMT","valid_to":' - + '"Nov 6 09:52:22 2029 GMT"}'); + + '"Nov 6 09:52:22 2029 GMT",' + + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}'); secureClient.write(testData); secureClient.end();