// Perform a hash of the provided cert, then search in the RootHashes.inc data // structure for a matching bin number. int32_t RootCABinNumber(const SECItem* cert) { Digest digest; // Compute SHA256 hash of the certificate nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->data, cert->len); if (NS_WARN_IF(NS_FAILED(rv))) { return ROOT_CERTIFICATE_HASH_FAILURE; } // Compare against list of stored hashes size_t idx; MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug, ("pkpinTelem: First bytes %02x %02x %02x %02x\n", digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3])); if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE), BinaryHashSearchArrayComparator(static_cast<uint8_t*>(digest.get().data), digest.get().len), &idx)) { MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug, ("pkpinTelem: Telemetry index was %" PRIuSIZE ", bin is %d\n", idx, ROOT_TABLE[idx].binNumber)); return (int32_t) ROOT_TABLE[idx].binNumber; } // Didn't match. return ROOT_CERTIFICATE_UNKNOWN; }
// Perform a hash of the provided cert, then search in the RootHashes.inc data // structure for a matching bin number. int32_t RootCABinNumber(const SECItem* cert) { Digest digest; // Compute SHA256 hash of the certificate nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->data, cert->len); if (NS_WARN_IF(NS_FAILED(rv))) { return HASH_FAILURE; } // Compare against list of stored hashes size_t idx; PR_LOG(PublicKeyPinningTelemetryLog(), PR_LOG_DEBUG, ("pkpinTelem: First bytes %02hx %02hx %02hx %02hx\n", digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3])); if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE), BinaryHashSearchArrayComparator( reinterpret_cast<const uint8_t*>(digest.get().data), digest.get().len), &idx)) { PR_LOG(PublicKeyPinningTelemetryLog(), PR_LOG_DEBUG, ("pkpinTelem: Telemetry index was %lu, bin is %d\n", idx, ROOT_TABLE[idx].binNumber)); return (int32_t) ROOT_TABLE[idx].binNumber; } // Didn't match. return UNKNOWN_ROOT; }