@@ -57,6 +57,7 @@ INCLUDE('Root-CAs');
5757INCLUDE ( 'sha256' ) ;
5858INCLUDE ( 'X509ChainWhitelist' ) ;
5959INCLUDE ( 'NSS' ) ;
60+ INCLUDE ( 'md5' ) ;
6061
6162function SSLObservatory ( ) {
6263 this . prefs = CC [ "@mozilla.org/preferences-service;1" ]
@@ -292,9 +293,31 @@ SSLObservatory.prototype = {
292293 },
293294 */
294295
296+ // Calculate the MD5 fingerprint for a cert. This is the fingerprint of the
297+ // DER-encoded form, same as the result of
298+ // openssl x509 -md5 -fingerprint -noout
299+ // We use this because the SSL Observatory depends in many places on a special
300+ // fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint
301+ // is no longer available on the cert object.
302+ // Implementation cribbed from
303+ // https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash
304+ md5Fingerprint : function ( cert ) {
305+ var len = new Object ( ) ;
306+ var derData = cert . getRawDER ( len ) ;
307+ var ch = CC [ "@mozilla.org/security/hash;1" ] . createInstance ( CI . nsICryptoHash ) ;
308+ ch . init ( ch . MD5 ) ;
309+ ch . update ( derData , derData . length ) ;
310+ var h = ch . finish ( false ) ;
311+
312+ function toHexString ( charCode ) {
313+ return ( "0" + charCode . toString ( 16 ) ) . slice ( - 2 ) ;
314+ }
315+ return [ toHexString ( h . charCodeAt ( i ) ) for ( i in h ) ] . join ( "" ) . toUpperCase ( ) ;
316+ } ,
317+
295318 ourFingerprint : function ( cert ) {
296319 // Calculate our custom fingerprint from an nsIX509Cert
297- return ( cert . md5Fingerprint + cert . sha1Fingerprint ) . replace ( ":" , "" , "g" ) ;
320+ return ( this . md5Fingerprint ( cert ) + cert . sha1Fingerprint ) . replace ( ":" , "" , "g" ) ;
298321 } ,
299322
300323 observe : function ( subject , topic , data ) {
0 commit comments