Support IDNA 2008

chrome/common/net/x509_certificate_model.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/net/x509_certificate_model.h"
 
 #include <unicode/uidna.h>
 
 #include "base/strings/utf_string_conversions.h"
 #include "grit/generated_resources.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace x509_certificate_model {
 
 std::string ProcessIDN(const std::string& input) {

[Ryan Sleevi, 2013/09/19 20:21:02]

We should remove this.

We never handle IDN for the purposes of certificate name matching (that is, we
do not punycode the commonname as being done here), so it's arguably wrong.

Considering the push is to move away from common names, we should be able to
drop this code entirely. I'm happy to remove it now if that will make this patch
easier for you.

   // Convert the ASCII input to a string16 for ICU.
   string16 input16;
   input16.reserve(input.length());
   input16.insert(input16.end(), input.begin(), input.end());
 
   string16 output16;
   output16.resize(input.length());
 
+  // TODO(jungshik): Is this called from multiple threads?
+  static UIDNA* uidna = NULL; // will be leaked.
+  if (uidna == NULL) {
+    UErrorCode status = U_ZERO_ERROR;
+    // TODO(jungshik) : Review and change options as different
+    // parties (browsers, registrars, search engines) converge toward
+    // a consensus. Below is the most compatible with IDNA 2003 we used to use.
+    int32_t options = UIDNA_CHECK_BIDI;
+    uidna = uidna_openUTS46(options, &status);
+    if (U_FAILURE(status))
+      return input;
+  }
+
   UErrorCode status = U_ZERO_ERROR;
-  int output_chars = uidna_IDNToUnicode(input16.data(), input.length(),
-                                        &output16[0], output16.length(),
-                                        UIDNA_DEFAULT, NULL, &status);
-  if (status == U_ZERO_ERROR) {
+  UIDNAInfo idna_info = UIDNA_INFO_INITIALIZER;
+  int output_chars = uidna_nameToUnicode(uidna, input16.data(), input.length(),
+                                         &output16[0], output16.length(),
+                                         &idna_info, &status);
+  if (U_SUCCESS(status) && idna_info.errors == 0) {
     output16.resize(output_chars);
-  } else if (status != U_BUFFER_OVERFLOW_ERROR) {
+  } else if (status != U_BUFFER_OVERFLOW_ERROR || idna_info.errors != 0) {
     return input;
   } else {
     output16.resize(output_chars);
-    output_chars = uidna_IDNToUnicode(input16.data(), input.length(),
-                                      &output16[0], output16.length(),
-                                      UIDNA_DEFAULT, NULL, &status);
-    if (status != U_ZERO_ERROR)
+    output_chars = uidna_nameToUnicode(uidna, input16.data(), input.length(),
+                                       &output16[0], output16.length(),
+                                       &idna_info, &status);
+    if (U_FAILURE(status) || idna_info.errors != 0)
       return input;
     DCHECK_EQ(static_cast<size_t>(output_chars), output16.length());
     output16.resize(output_chars);  // Just to be safe.
   }
 
   if (input16 == output16)
     return input;  // Input did not contain any encoded data.
 
   // Input contained encoded data, return formatted string showing original and
   // decoded forms.
@@ skipping 34 matching lines @@
 std::string ProcessRawBytes(const unsigned char* data, size_t data_length) {
   return ProcessRawBytesWithSeparators(data, data_length, ' ', '\n');
 }
 
 #if defined(USE_NSS)
 std::string ProcessRawBits(const unsigned char* data, size_t data_length) {
   return ProcessRawBytes(data, (data_length + 7) / 8);
 }
 #endif  // USE_NSS
 
-}  // x509_certificate_model
+}  // namespace x509_certificate_model