Expose fingerproint from getPeerCertificate

Expose the SHA1 digest of the certificate as the fingerprint attribute in the object returned by getPeerCertificate()
15 years ago · 9a701b0a70
3 changed files with 32 additions and 4 deletions
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@ -25,6 +25,7 @@ static Persistent<String> subject_symbol;
 static Persistent<String> issuer_symbol;
 static Persistent<String> valid_from_symbol;
 static Persistent<String> valid_to_symbol;
+static Persistent<String> fingerprint_symbol;
 static Persistent<String> name_symbol;
 static Persistent<String> version_symbol;

@ -548,6 +549,28 @@ Handle<Value> SecureStream::GetPeerCertificate(const Arguments& args) {
    BIO_free(bio);
    info->Set(valid_to_symbol, String::New(buf));

+    unsigned int md_size, i;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    if (X509_digest(peer_cert, EVP_sha1(), md, &md_size)) {
+      const char hex[] = "0123456789ABCDEF";
+      char fingerprint[EVP_MAX_MD_SIZE * 3];
+
+      for (i=0; i<md_size; i++) {
+        fingerprint[3*i] = hex[(md[i] & 0xf0) >> 4];
+        fingerprint[(3*i)+1] = hex[(md[i] & 0x0f)];
+        fingerprint[(3*i)+2] = ':';
+      }
+
+      if (md_size > 0) {
+        fingerprint[(3*(md_size-1))+2] = '\0';
+      }
+      else {
+        fingerprint[0] = '\0';
+      }
+
+      info->Set(fingerprint_symbol, String::New(fingerprint));
+    }
+
    X509_free(peer_cert);
  }
  return scope.Close(info);
@ -2322,6 +2345,7 @@ void InitCrypto(Handle<Object> target) {
  issuer_symbol     = NODE_PSYMBOL("issuer");
  valid_from_symbol = NODE_PSYMBOL("valid_from");
  valid_to_symbol   = NODE_PSYMBOL("valid_to");
+  fingerprint_symbol   = NODE_PSYMBOL("fingerprint");
  name_symbol       = NODE_PSYMBOL("name");
  version_symbol    = NODE_PSYMBOL("version");
 }
--- a/test/simple/test-http-tls.js
+++ b/test/simple/test-http-tls.js
@ -41,7 +41,8 @@ var https_server = http.createServer(function (req, res) {
     + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
     + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
     + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-     + '"Nov  6 09:52:22 2029 GMT"}');
+     + '"Nov  6 09:52:22 2029 GMT",'
+     + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');

  if (req.id == 0) {
    assert.equal("GET", req.method);
@ -92,7 +93,8 @@ https_server.addListener("listening", function() {
        + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
        + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
        + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-        + '"Nov  6 09:52:22 2029 GMT"}');
+        + '"Nov  6 09:52:22 2029 GMT",'
+        + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');
    c.write( "GET /hello?hello=world&foo=b==ar HTTP/1.1\r\n\r\n" );
    requests_sent += 1;
  });
--- a/test/simple/test-net-tls.js
+++ b/test/simple/test-net-tls.js
@ -41,7 +41,8 @@ var secureServer = net.createServer(function (connection) {
         + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
         + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
         + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-         + '"Nov  6 09:52:22 2029 GMT"}');
+         + '"Nov  6 09:52:22 2029 GMT",'
+         + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');

  });

@ -76,7 +77,8 @@ secureServer.addListener("listening", function() {
      + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js'
      + '/OU=Test TLS Certificate/CN=localhost","valid_from":'
      + '"Nov 11 09:52:22 2009 GMT","valid_to":'
-      + '"Nov  6 09:52:22 2029 GMT"}');
+      + '"Nov  6 09:52:22 2029 GMT",'
+      + '"fingerprint":"2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF"}');

    secureClient.write(testData);
    secureClient.end();