summaryrefslogtreecommitdiff
path: root/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
diff options
context:
space:
mode:
Diffstat (limited to 'data/extensions/https-everywhere@eff.org/components/ssl-observatory.js')
-rw-r--r--data/extensions/https-everywhere@eff.org/components/ssl-observatory.js24
1 files changed, 23 insertions, 1 deletions
diff --git a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
index 15df1db..a783a72 100644
--- a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
+++ b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js
@@ -285,9 +285,31 @@ SSLObservatory.prototype = {
},
*/
+ // Calculate the MD5 fingerprint for a cert. This is the fingerprint of the
+ // DER-encoded form, same as the result of
+ // openssl x509 -md5 -fingerprint -noout
+ // We use this because the SSL Observatory depends in many places on a special
+ // fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint
+ // is no longer available on the cert object.
+ // Implementation cribbed from
+ // https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash
+ md5Fingerprint: function(cert) {
+ var len = new Object();
+ var derData = cert.getRawDER(len);
+ var ch = CC["@mozilla.org/security/hash;1"].createInstance(CI.nsICryptoHash);
+ ch.init(ch.MD5);
+ ch.update(derData,derData.length);
+ var h = ch.finish(false);
+
+ function toHexString(charCode) {
+ return ("0" + charCode.toString(16)).slice(-2);
+ }
+ return [toHexString(h.charCodeAt(i)) for (i in h)].join("").toUpperCase();
+ },
+
ourFingerprint: function(cert) {
// Calculate our custom fingerprint from an nsIX509Cert
- return (cert.md5Fingerprint+cert.sha1Fingerprint).replace(":", "", "g");
+ return (this.md5Fingerprint(cert)+cert.sha1Fingerprint).replace(":", "", "g");
},
observe: function(subject, topic, data) {
home website