1*d9f75844SAndroid Build Coastguard Worker /*
2*d9f75844SAndroid Build Coastguard Worker * Copyright 2012 The WebRTC Project Authors. All rights reserved.
3*d9f75844SAndroid Build Coastguard Worker *
4*d9f75844SAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license
5*d9f75844SAndroid Build Coastguard Worker * that can be found in the LICENSE file in the root of the source
6*d9f75844SAndroid Build Coastguard Worker * tree. An additional intellectual property rights grant can be found
7*d9f75844SAndroid Build Coastguard Worker * in the file PATENTS. All contributing project authors may
8*d9f75844SAndroid Build Coastguard Worker * be found in the AUTHORS file in the root of the source tree.
9*d9f75844SAndroid Build Coastguard Worker */
10*d9f75844SAndroid Build Coastguard Worker
11*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_fingerprint.h"
12*d9f75844SAndroid Build Coastguard Worker
13*d9f75844SAndroid Build Coastguard Worker #include <ctype.h>
14*d9f75844SAndroid Build Coastguard Worker
15*d9f75844SAndroid Build Coastguard Worker #include <cstdint>
16*d9f75844SAndroid Build Coastguard Worker #include <memory>
17*d9f75844SAndroid Build Coastguard Worker #include <string>
18*d9f75844SAndroid Build Coastguard Worker
19*d9f75844SAndroid Build Coastguard Worker #include "absl/algorithm/container.h"
20*d9f75844SAndroid Build Coastguard Worker #include "absl/strings/string_view.h"
21*d9f75844SAndroid Build Coastguard Worker #include "api/array_view.h"
22*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/logging.h"
23*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/message_digest.h"
24*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/rtc_certificate.h"
25*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_certificate.h"
26*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_identity.h"
27*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/string_encode.h"
28*d9f75844SAndroid Build Coastguard Worker
29*d9f75844SAndroid Build Coastguard Worker namespace rtc {
30*d9f75844SAndroid Build Coastguard Worker
Create(absl::string_view algorithm,const rtc::SSLIdentity * identity)31*d9f75844SAndroid Build Coastguard Worker SSLFingerprint* SSLFingerprint::Create(absl::string_view algorithm,
32*d9f75844SAndroid Build Coastguard Worker const rtc::SSLIdentity* identity) {
33*d9f75844SAndroid Build Coastguard Worker return CreateUnique(algorithm, *identity).release();
34*d9f75844SAndroid Build Coastguard Worker }
35*d9f75844SAndroid Build Coastguard Worker
CreateUnique(absl::string_view algorithm,const rtc::SSLIdentity & identity)36*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLFingerprint> SSLFingerprint::CreateUnique(
37*d9f75844SAndroid Build Coastguard Worker absl::string_view algorithm,
38*d9f75844SAndroid Build Coastguard Worker const rtc::SSLIdentity& identity) {
39*d9f75844SAndroid Build Coastguard Worker return Create(algorithm, identity.certificate());
40*d9f75844SAndroid Build Coastguard Worker }
41*d9f75844SAndroid Build Coastguard Worker
Create(absl::string_view algorithm,const rtc::SSLCertificate & cert)42*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLFingerprint> SSLFingerprint::Create(
43*d9f75844SAndroid Build Coastguard Worker absl::string_view algorithm,
44*d9f75844SAndroid Build Coastguard Worker const rtc::SSLCertificate& cert) {
45*d9f75844SAndroid Build Coastguard Worker uint8_t digest_val[64];
46*d9f75844SAndroid Build Coastguard Worker size_t digest_len;
47*d9f75844SAndroid Build Coastguard Worker bool ret = cert.ComputeDigest(algorithm, digest_val, sizeof(digest_val),
48*d9f75844SAndroid Build Coastguard Worker &digest_len);
49*d9f75844SAndroid Build Coastguard Worker if (!ret) {
50*d9f75844SAndroid Build Coastguard Worker return nullptr;
51*d9f75844SAndroid Build Coastguard Worker }
52*d9f75844SAndroid Build Coastguard Worker return std::make_unique<SSLFingerprint>(
53*d9f75844SAndroid Build Coastguard Worker algorithm, ArrayView<const uint8_t>(digest_val, digest_len));
54*d9f75844SAndroid Build Coastguard Worker }
55*d9f75844SAndroid Build Coastguard Worker
CreateFromRfc4572(absl::string_view algorithm,absl::string_view fingerprint)56*d9f75844SAndroid Build Coastguard Worker SSLFingerprint* SSLFingerprint::CreateFromRfc4572(
57*d9f75844SAndroid Build Coastguard Worker absl::string_view algorithm,
58*d9f75844SAndroid Build Coastguard Worker absl::string_view fingerprint) {
59*d9f75844SAndroid Build Coastguard Worker return CreateUniqueFromRfc4572(algorithm, fingerprint).release();
60*d9f75844SAndroid Build Coastguard Worker }
61*d9f75844SAndroid Build Coastguard Worker
CreateUniqueFromRfc4572(absl::string_view algorithm,absl::string_view fingerprint)62*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLFingerprint> SSLFingerprint::CreateUniqueFromRfc4572(
63*d9f75844SAndroid Build Coastguard Worker absl::string_view algorithm,
64*d9f75844SAndroid Build Coastguard Worker absl::string_view fingerprint) {
65*d9f75844SAndroid Build Coastguard Worker if (algorithm.empty() || !rtc::IsFips180DigestAlgorithm(algorithm))
66*d9f75844SAndroid Build Coastguard Worker return nullptr;
67*d9f75844SAndroid Build Coastguard Worker
68*d9f75844SAndroid Build Coastguard Worker if (fingerprint.empty())
69*d9f75844SAndroid Build Coastguard Worker return nullptr;
70*d9f75844SAndroid Build Coastguard Worker
71*d9f75844SAndroid Build Coastguard Worker char value[rtc::MessageDigest::kMaxSize];
72*d9f75844SAndroid Build Coastguard Worker size_t value_len =
73*d9f75844SAndroid Build Coastguard Worker rtc::hex_decode_with_delimiter(ArrayView<char>(value), fingerprint, ':');
74*d9f75844SAndroid Build Coastguard Worker if (!value_len)
75*d9f75844SAndroid Build Coastguard Worker return nullptr;
76*d9f75844SAndroid Build Coastguard Worker
77*d9f75844SAndroid Build Coastguard Worker return std::make_unique<SSLFingerprint>(
78*d9f75844SAndroid Build Coastguard Worker algorithm,
79*d9f75844SAndroid Build Coastguard Worker ArrayView<const uint8_t>(reinterpret_cast<uint8_t*>(value), value_len));
80*d9f75844SAndroid Build Coastguard Worker }
81*d9f75844SAndroid Build Coastguard Worker
CreateFromCertificate(const RTCCertificate & cert)82*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLFingerprint> SSLFingerprint::CreateFromCertificate(
83*d9f75844SAndroid Build Coastguard Worker const RTCCertificate& cert) {
84*d9f75844SAndroid Build Coastguard Worker std::string digest_alg;
85*d9f75844SAndroid Build Coastguard Worker if (!cert.GetSSLCertificate().GetSignatureDigestAlgorithm(&digest_alg)) {
86*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_ERROR)
87*d9f75844SAndroid Build Coastguard Worker << "Failed to retrieve the certificate's digest algorithm";
88*d9f75844SAndroid Build Coastguard Worker return nullptr;
89*d9f75844SAndroid Build Coastguard Worker }
90*d9f75844SAndroid Build Coastguard Worker
91*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLFingerprint> fingerprint =
92*d9f75844SAndroid Build Coastguard Worker CreateUnique(digest_alg, *cert.identity());
93*d9f75844SAndroid Build Coastguard Worker if (!fingerprint) {
94*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_ERROR) << "Failed to create identity fingerprint, alg="
95*d9f75844SAndroid Build Coastguard Worker << digest_alg;
96*d9f75844SAndroid Build Coastguard Worker }
97*d9f75844SAndroid Build Coastguard Worker return fingerprint;
98*d9f75844SAndroid Build Coastguard Worker }
99*d9f75844SAndroid Build Coastguard Worker
SSLFingerprint(absl::string_view algorithm,ArrayView<const uint8_t> digest_view)100*d9f75844SAndroid Build Coastguard Worker SSLFingerprint::SSLFingerprint(absl::string_view algorithm,
101*d9f75844SAndroid Build Coastguard Worker ArrayView<const uint8_t> digest_view)
102*d9f75844SAndroid Build Coastguard Worker : algorithm(algorithm), digest(digest_view.data(), digest_view.size()) {}
103*d9f75844SAndroid Build Coastguard Worker
SSLFingerprint(absl::string_view algorithm,const uint8_t * digest_in,size_t digest_len)104*d9f75844SAndroid Build Coastguard Worker SSLFingerprint::SSLFingerprint(absl::string_view algorithm,
105*d9f75844SAndroid Build Coastguard Worker const uint8_t* digest_in,
106*d9f75844SAndroid Build Coastguard Worker size_t digest_len)
107*d9f75844SAndroid Build Coastguard Worker : SSLFingerprint(algorithm, MakeArrayView(digest_in, digest_len)) {}
108*d9f75844SAndroid Build Coastguard Worker
operator ==(const SSLFingerprint & other) const109*d9f75844SAndroid Build Coastguard Worker bool SSLFingerprint::operator==(const SSLFingerprint& other) const {
110*d9f75844SAndroid Build Coastguard Worker return algorithm == other.algorithm && digest == other.digest;
111*d9f75844SAndroid Build Coastguard Worker }
112*d9f75844SAndroid Build Coastguard Worker
GetRfc4572Fingerprint() const113*d9f75844SAndroid Build Coastguard Worker std::string SSLFingerprint::GetRfc4572Fingerprint() const {
114*d9f75844SAndroid Build Coastguard Worker std::string fingerprint = rtc::hex_encode_with_delimiter(
115*d9f75844SAndroid Build Coastguard Worker absl::string_view(digest.data<char>(), digest.size()), ':');
116*d9f75844SAndroid Build Coastguard Worker absl::c_transform(fingerprint, fingerprint.begin(), ::toupper);
117*d9f75844SAndroid Build Coastguard Worker return fingerprint;
118*d9f75844SAndroid Build Coastguard Worker }
119*d9f75844SAndroid Build Coastguard Worker
ToString() const120*d9f75844SAndroid Build Coastguard Worker std::string SSLFingerprint::ToString() const {
121*d9f75844SAndroid Build Coastguard Worker std::string fp_str = algorithm;
122*d9f75844SAndroid Build Coastguard Worker fp_str.append(" ");
123*d9f75844SAndroid Build Coastguard Worker fp_str.append(GetRfc4572Fingerprint());
124*d9f75844SAndroid Build Coastguard Worker return fp_str;
125*d9f75844SAndroid Build Coastguard Worker }
126*d9f75844SAndroid Build Coastguard Worker
127*d9f75844SAndroid Build Coastguard Worker } // namespace rtc
128