Skip to content

Commit 8048085

Browse files
jshajsha
committed
Implement MD5 hashing in ssl-observatory.js
Cherry-pick from master into 4.0. Conflicts: makexpi.sh src/components/ssl-observatory.js
1 parent c4b999d commit 8048085

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

makexpi.sh

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,12 @@ fi
5252
# =============== BEGIN VALIDATION ================
5353
# Unless we're in a hurry, validate the ruleset library & locales
5454

55-
if [ "$1" != "--fast" ] ; then
55+
die() {
56+
echo >&2 "ERROR:" "$@"
57+
exit 1
58+
}
59+
60+
if [ "$1" != "--fast" -a -z "$FAST" ] ; then
5661
if [ -f utils/trivial-validate.py ]; then
5762
VALIDATE="python2.7 ./utils/trivial-validate.py --ignoredups google --ignoredups facebook"
5863
elif [ -f trivial-validate.py ] ; then

src/components/ssl-observatory.js

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ INCLUDE('Root-CAs');
5757
INCLUDE('sha256');
5858
INCLUDE('X509ChainWhitelist');
5959
INCLUDE('NSS');
60+
INCLUDE('md5');
6061

6162
function SSLObservatory() {
6263
this.prefs = CC["@mozilla.org/preferences-service;1"]
@@ -285,9 +286,31 @@ SSLObservatory.prototype = {
285286
},
286287
*/
287288

289+
// Calculate the MD5 fingerprint for a cert. This is the fingerprint of the
290+
// DER-encoded form, same as the result of
291+
// openssl x509 -md5 -fingerprint -noout
292+
// We use this because the SSL Observatory depends in many places on a special
293+
// fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint
294+
// is no longer available on the cert object.
295+
// Implementation cribbed from
296+
// https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash
297+
md5Fingerprint: function(cert) {
298+
var len = new Object();
299+
var derData = cert.getRawDER(len);
300+
var ch = CC["@mozilla.org/security/hash;1"].createInstance(CI.nsICryptoHash);
301+
ch.init(ch.MD5);
302+
ch.update(derData,derData.length);
303+
var h = ch.finish(false);
304+
305+
function toHexString(charCode) {
306+
return ("0" + charCode.toString(16)).slice(-2);
307+
}
308+
return [toHexString(h.charCodeAt(i)) for (i in h)].join("").toUpperCase();
309+
},
310+
288311
ourFingerprint: function(cert) {
289312
// Calculate our custom fingerprint from an nsIX509Cert
290-
return cert.sha1Fingerprint.replace(":", "", "g");
313+
return (this.md5Fingerprint(cert)+cert.sha1Fingerprint).replace(":", "", "g");
291314
},
292315

293316
observe: function(subject, topic, data) {

0 commit comments

Comments
 (0)