Remove thumbprint allocation in ManagedCertificateFinder

dotnet · Jun 2, 2022 · fe2c1ed · fe2c1ed
1 parent c835dc2
commit fe2c1ed
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/...ryptography/src/System/Security/Cryptography/X509Certificates/ManagedCertificateFinder.cs b/...ryptography/src/System/Security/Cryptography/X509Certificates/ManagedCertificateFinder.cs
@@ -39,7 +39,27 @@ public string NormalizeOid(string maybeOid, OidGroup expectedGroup)
 
         public void FindByThumbprint(byte[] thumbprint)
         {
-            FindCore(thumbprint, static (thumbprint, cert) => cert.GetCertHash().ContentsEqual(thumbprint));
+            static bool FindPredicate(byte[] thumbprint, X509Certificate2 certificate)
+            {
+                // Bail up front if the length is incorrect to avoid any hash work.
+                if (thumbprint.Length != SHA1.HashSizeInBytes)
+                {
+                    return false;
+                }
+
+                Span<byte> hashBuffer = stackalloc byte[SHA1.HashSizeInBytes];
+
+                if (!certificate.TryGetCertHash(HashAlgorithmName.SHA1, hashBuffer, out int hashBytesWritten) ||
+                    hashBytesWritten != SHA1.HashSizeInBytes)
+                {
+                    Debug.Fail("Presized hash buffer was not the correct size.");
+                    throw new CryptographicException();
+                }
+
+                return hashBuffer.SequenceEqual(thumbprint);
+            }
+
+            FindCore(thumbprint, FindPredicate);
         }
 
         public void FindBySubjectName(string subjectName)