Generate unique certificate nicknames on Linux/CrOS.

net/cert/x509_certificate_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <cert.h>
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <nss.h>
 #include <pk11pub.h>
 #include <prtime.h>
 #include <seccomon.h>
 #include <secder.h>
 #include <sechash.h>
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
+#include "base/stringprintf.h"
 #include "base/time.h"
 #include "crypto/nss_util.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/cert/x509_util_nss.h"
 
 namespace net {
 
 void X509Certificate::Initialize() {
   x509_util::ParsePrincipal(&cert_handle_->subject, &subject_);
@@ skipping 29 matching lines @@
 }
 
 std::string X509Certificate::GetDefaultNickname(CertType type) const {
   if (!default_nickname_.empty())
     return default_nickname_;
 
   std::string result;
   if (type == USER_CERT && cert_handle_->slot) {
     // Find the private key for this certificate and see if it has a
     // nickname.  If there is a private key, and it has a nickname, then
-    // we return that nickname.
+    // return that nickname.
     SECKEYPrivateKey* private_key = PK11_FindPrivateKeyFromCert(
         cert_handle_->slot,
         cert_handle_,
         NULL);  // wincx
     if (private_key) {
       char* private_key_nickname = PK11_GetPrivateKeyNickname(private_key);
       if (private_key_nickname) {
         result = private_key_nickname;
         PORT_Free(private_key_nickname);
         SECKEY_DestroyPrivateKey(private_key);
         return result;
       }
       SECKEY_DestroyPrivateKey(private_key);
     }
   }
 
   switch (type) {
     case CA_CERT: {
       char* nickname = CERT_MakeCANickname(cert_handle_);
       result = nickname;
       PORT_Free(nickname);
       break;
     }
     case USER_CERT: {

[wtc, 2013/05/22 20:58:45]

Nit: you can remove the curly braces for this case because
the local variables are gone.

[Ryan Sleevi, 2013/05/22 23:20:19]

Done.

-      // Create a nickname for a user certificate.
-      // We use the scheme used by Firefox:
-      // --> <subject's common name>'s <issuer's common name> ID.
-      // TODO(gspencer): internationalize this: it's wrong to
-      // hard code English.
-
-      std::string username, ca_name;
-      char* temp_username = CERT_GetCommonName(
-          &cert_handle_->subject);
-      char* temp_ca_name = CERT_GetCommonName(&cert_handle_->issuer);
-      if (temp_username) {
-        username = temp_username;
-        PORT_Free(temp_username);
-      }
-      if (temp_ca_name) {
-        ca_name = temp_ca_name;
-        PORT_Free(temp_ca_name);
-      }
-      result = username + "'s " + ca_name + " ID";
+      // TODO(gspencer): Internationalize this. It's wrong to assume English
+      // here.
+      result = base::StringPrintf("%s's %s ID",
+                                  subject_.GetDisplayName().c_str(),
+                                  issuer_.GetDisplayName().c_str());

[wtc, 2013/05/22 20:58:45]

Is this change to fix the problem that the common name may
be empty?

[Ryan Sleevi, 2013/05/22 23:20:19]

Yes. Made the code simpler to fix while I was here, and seemed "obviously" wrong
when compared with FF.

       break;
     }
     case SERVER_CERT:
       result = subject_.GetDisplayName();
       break;
     case UNKNOWN_CERT:
     default:
       break;
   }
   return result;
@@ skipping 170 matching lines @@
 }
 
 // static
 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
                                        size_t* size_bits,
                                        PublicKeyType* type) {
   x509_util::GetPublicKeyInfo(cert_handle, size_bits, type);
 }
 
 }  // namespace net