如何计算在C / C ++ / Objective-C的X.509证书的SHA-1指纹? [英] How to calculate X.509 certificate's SHA-1 fingerprint in C/C++/Objective-C?
问题描述
背景:
我写一个客户端工具,它能够使用SSL / TLS连接到远程服务器。客户端使用的OpenSSL进行SSL / TLS交易,我想允许用户指定授权的CA证书(自签名的证书或私有CA设置的情况下)用来签署服务器的证书。我打算使用证书的指纹,通用名称,和有效日期,允许用户快速查看客户端用来验证服务器的证书。
I am writing a client utility which is capable of connecting to a remote server using SSL/TLS. The client uses OpenSSL to perform the SSL/TLS transactions and I would like to allow users to specify authorized CA Certs (in the case of self signed certs or private CA setups) used to sign the server's certificate. I plan on using the cert's fingerprint, common name, and validity dates to allow the user to quickly view the certs the client uses to validate servers.
问:
如何计算存储在使用C / C ++ / Objective-C的一个PEM文件中的X509证书的SHA1哈希/指纹?
How do you calculate the SHA1 hash/fingerprint of an X509 cert stored within a PEM file using C/C++/Objective-C?
在搜索和实验我发现了一个解决方案,将它张贴作为一个答案的日子,然而我欢迎更好或更正确的解决方案。
After days of search and experimenting I found a solution and will post it as an answer, however I welcome better or more correct solutions.
推荐答案
我发现下面产生相同的输出上面:
I found below to yield identical output to above:
+(NSData *)sha1:(SecCertificateRef) cert {
// fingerprint is over canonical DER rep.
CFDataRef data = SecCertificateCopyData(cert);
NSData * out = [[NSData dataWithBytes:CFDataGetBytePtr(data) length:CFDataGetLength(data)] sha1Digest];
CFRelease(data);
return out;
}
这是客观C.它需要下面的扩展的NSData / NSString的一个有点短,虽然亲近的Netscape,OSX或Windows格式。
which is a bit shorter in objective C. It needs the below extensions to NSData/NSString though to get the formatting close to Netscape, OSX or Windows.
- (NSData *)md5Digest
{
unsigned char result[CC_MD5_DIGEST_LENGTH];
CC_MD5([self bytes], (CC_LONG)[self length], result);
return [NSData dataWithBytes:result length:CC_MD5_DIGEST_LENGTH];
}
- (NSData *)sha1Digest
{
unsigned char result[CC_SHA1_DIGEST_LENGTH];
CC_SHA1([self bytes], (CC_LONG)[self length], result);
return [NSData dataWithBytes:result length:CC_SHA1_DIGEST_LENGTH];
}
- (NSString *)hexStringValue
{
NSMutableString *stringBuffer = [NSMutableString stringWithCapacity:([self length] * 2)];
const unsigned char *dataBuffer = [self bytes];
int i;
for (i = 0; i < [self length]; ++i)
{
[stringBuffer appendFormat:@"%02lx", (unsigned long)dataBuffer[i]];
}
return [stringBuffer copy];
}
- (NSString *)hexColonSeperatedStringValue
{
return [self hexColonSeperatedStringValueWithCapitals:YES];
}
- (NSString *)hexColonSeperatedStringValueWithCapitals:(BOOL)capitalize {
NSMutableString *stringBuffer = [NSMutableString stringWithCapacity:([self length] * 3)];
const unsigned char *dataBuffer = [self bytes];
NSString * format = capitalize ? @"%02X" : @"%02x";
int i;
for (i = 0; i < [self length]; ++i)
{
if (i)
[stringBuffer appendString:@":"];
[stringBuffer appendFormat:format, (unsigned long)dataBuffer[i]];
}
return [stringBuffer copy];
}
这篇关于如何计算在C / C ++ / Objective-C的X.509证书的SHA-1指纹?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!