如何计算在C / C ++ / Objective-C的X.509证书的SHA-1指纹？ [英] How to calculate X.509 certificate's SHA-1 fingerprint in C/C++/Objective-C?

问题描述

背景：

我写一个客户端工具，它能够使用SSL / TLS连接到远程服务器。客户端使用的OpenSSL进行SSL / TLS交易，我想允许用户指定授权的CA证书（自签名的证书或私有CA设置的情况下）用来签署服务器的证书。我打算使用证书的指纹，通用名称，和有效日期，允许用户快速查看客户端用来验证服务器的证书。

I am writing a client utility which is capable of connecting to a remote server using SSL/TLS. The client uses OpenSSL to perform the SSL/TLS transactions and I would like to allow users to specify authorized CA Certs (in the case of self signed certs or private CA setups) used to sign the server's certificate. I plan on using the cert's fingerprint, common name, and validity dates to allow the user to quickly view the certs the client uses to validate servers.

问：

如何计算存储在使用C / C ++ / Objective-C的一个PEM文件中的X509证书的SHA1哈希/指纹？

How do you calculate the SHA1 hash/fingerprint of an X509 cert stored within a PEM file using C/C++/Objective-C?

在搜索和实验我发现了一个解决方案，将它张贴作为一个答案的日子，然而我欢迎更好或更正确的解决方案。

After days of search and experimenting I found a solution and will post it as an answer, however I welcome better or more correct solutions.

推荐答案

我发现下面产生相同的输出上面：

I found below to yield identical output to above:

+(NSData *)sha1:(SecCertificateRef) cert {
    // fingerprint is over canonical DER rep.
    CFDataRef data = SecCertificateCopyData(cert);
    NSData * out = [[NSData dataWithBytes:CFDataGetBytePtr(data) length:CFDataGetLength(data)] sha1Digest];
    CFRelease(data);
    return out;
}

这是客观C.它需要下面的扩展的NSData / NSString的一个有点短，虽然亲近的Netscape，OSX或Windows格式。

which is a bit shorter in objective C. It needs the below extensions to NSData/NSString though to get the formatting close to Netscape, OSX or Windows.

- (NSData *)md5Digest
{
    unsigned char result[CC_MD5_DIGEST_LENGTH];

    CC_MD5([self bytes], (CC_LONG)[self length], result);
    return [NSData dataWithBytes:result length:CC_MD5_DIGEST_LENGTH];
}

- (NSData *)sha1Digest
{
    unsigned char result[CC_SHA1_DIGEST_LENGTH];

    CC_SHA1([self bytes], (CC_LONG)[self length], result);
    return [NSData dataWithBytes:result length:CC_SHA1_DIGEST_LENGTH];
}

- (NSString *)hexStringValue
{
    NSMutableString *stringBuffer = [NSMutableString stringWithCapacity:([self length] * 2)];

    const unsigned char *dataBuffer = [self bytes];
    int i;

    for (i = 0; i < [self length]; ++i)
    {
        [stringBuffer appendFormat:@"%02lx", (unsigned long)dataBuffer[i]];
    }

    return [stringBuffer copy];
}


- (NSString *)hexColonSeperatedStringValue
{
    return [self hexColonSeperatedStringValueWithCapitals:YES];
}

- (NSString *)hexColonSeperatedStringValueWithCapitals:(BOOL)capitalize {
    NSMutableString *stringBuffer = [NSMutableString stringWithCapacity:([self length] * 3)];

    const unsigned char *dataBuffer = [self bytes];
    NSString * format = capitalize ? @"%02X" : @"%02x";
    int i;

    for (i = 0; i < [self length]; ++i)
    {
        if (i) 
            [stringBuffer appendString:@":"];
        [stringBuffer appendFormat:format, (unsigned long)dataBuffer[i]];
    }

    return [stringBuffer copy];
}

这篇关于如何计算在C / C ++ / Objective-C的X.509证书的SHA-1指纹？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！