Expose fingerproint from getPeerCertificate

Expose the SHA1 digest of the certificate as the fingerprint attribute in the object returned by getPeerCertificate()
RIno256 · Sep 10, 2010 · 9a701b0 · 9a701b0
1 parent 3a95703
commit 9a701b0
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 4 deletions.
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -25,6 +25,7 @@ static Persistent<String> subject_symbol;
 static Persistent<String> issuer_symbol;
 static Persistent<String> valid_from_symbol;
 static Persistent<String> valid_to_symbol;
+static Persistent<String> fingerprint_symbol;
 static Persistent<String> name_symbol;
 static Persistent<String> version_symbol;
 
@@ -548,6 +549,28 @@ Handle<Value> SecureStream::GetPeerCertificate(const Arguments& args) {
     BIO_free(bio);
     info->Set(valid_to_symbol, String::New(buf));
 
+    unsigned int md_size, i;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    if (X509_digest(peer_cert, EVP_sha1(), md, &md_size)) {
+      const char hex[] = "0123456789ABCDEF";
+      char fingerprint[EVP_MAX_MD_SIZE * 3];
+
+      for (i=0; i<md_size; i++) {
+        fingerprint[3*i] = hex[(md[i] & 0xf0) >> 4];
+        fingerprint[(3*i)+1] = hex[(md[i] & 0x0f)];
+        fingerprint[(3*i)+2] = ':';
+      }
+
+      if (md_size > 0) {
+        fingerprint[(3*(md_size-1))+2] = '\0';
+      }
+      else {
+        fingerprint[0] = '\0';
+      }
+
+      info->Set(fingerprint_symbol, String::New(fingerprint));
+    }
+
     X509_free(peer_cert);
   }
   return scope.Close(info);
@@ -2322,6 +2345,7 @@ void InitCrypto(Handle<Object> target) {
   issuer_symbol     = NODE_PSYMBOL("issuer");
   valid_from_symbol = NODE_PSYMBOL("valid_from");
   valid_to_symbol   = NODE_PSYMBOL("valid_to");
+  fingerprint_symbol   = NODE_PSYMBOL("fingerprint");
   name_symbol       = NODE_PSYMBOL("name");
   version_symbol    = NODE_PSYMBOL("version");
 }

diff --git a/test/simple/test-http-tls.js b/test/simple/test-http-tls.js
@@ -41,7 +41,8 @@ var https_server = http.createServer(function (req, res) {
      + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
      + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
      + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-     + '"Nov  6 09:52:22 2029 GMT"}');
+     + '"Nov  6 09:52:22 2029 GMT",'
+     + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');
 
   if (req.id == 0) {
     assert.equal("GET", req.method);
@@ -92,7 +93,8 @@ https_server.addListener("listening", function() {
         + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
         + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
         + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-        + '"Nov  6 09:52:22 2029 GMT"}');
+        + '"Nov  6 09:52:22 2029 GMT",'
+        + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');
     c.write( "GET /hello?hello=world&foo=b==ar HTTP/1.1\r\n\r\n" );
     requests_sent += 1;
   });

diff --git a/test/simple/test-net-tls.js b/test/simple/test-net-tls.js
@@ -41,7 +41,8 @@ var secureServer = net.createServer(function (connection) {
          + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
          + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
          + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-         + '"Nov  6 09:52:22 2029 GMT"}');
+         + '"Nov  6 09:52:22 2029 GMT",'
+         + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');
 
   });
 
@@ -76,7 +77,8 @@ secureServer.addListener("listening", function() {
       + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
       + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
       + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-      + '"Nov  6 09:52:22 2029 GMT"}');
+      + '"Nov  6 09:52:22 2029 GMT",'
+      + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');
 
     secureClient.write(testData);
     secureClient.end();