Update WebUI Cert Viewer with additional algorithms

chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 108 matching lines @@
 SECOidTag eku_ms_encrypting_file_system = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_file_recovery = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_windows_hardware_driver_verification = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_qualified_subordination = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_key_recovery = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_document_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_lifetime_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_smart_card_logon = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_key_recovery_agent = SEC_OID_UNKNOWN;
 SECOidTag eku_netscape_international_step_up = SEC_OID_UNKNOWN;
-SECOidTag cert_attribute_business_category = SEC_OID_UNKNOWN;
-SECOidTag cert_attribute_ev_incorporation_country = SEC_OID_UNKNOWN;
 
 class DynamicOidRegisterer {
  public:
   DynamicOidRegisterer() {
     ms_cert_ext_certtype = RegisterDynamicOid("1.3.6.1.4.1.311.20.2");
     ms_certsrv_ca_version = RegisterDynamicOid("1.3.6.1.4.1.311.21.1");
     ms_nt_principal_name = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.3");
     ms_ntds_replication = RegisterDynamicOid("1.3.6.1.4.1.311.25.1");
 
     eku_ms_individual_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.21");
     eku_ms_commercial_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.22");
     eku_ms_trust_list_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.1");
     eku_ms_time_stamping = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.2");
     eku_ms_server_gated_crypto = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.3");
     eku_ms_encrypting_file_system = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4");
     eku_ms_file_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4.1");
     eku_ms_windows_hardware_driver_verification = RegisterDynamicOid(
         "1.3.6.1.4.1.311.10.3.5");
     eku_ms_qualified_subordination = RegisterDynamicOid(
         "1.3.6.1.4.1.311.10.3.10");
     eku_ms_key_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.11");
     eku_ms_document_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.12");
     eku_ms_lifetime_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.13");
     eku_ms_smart_card_logon = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.2");
     eku_ms_key_recovery_agent = RegisterDynamicOid("1.3.6.1.4.1.311.21.6");
     eku_netscape_international_step_up = RegisterDynamicOid(
         "2.16.840.1.113730.4.1");
-
-    // These two OIDs will be built-in as SEC_OID_BUSINESS_CATEGORY and
-    // SEC_OID_EV_INCORPORATION_COUNTRY starting in NSS 3.13.  Until then,
-    // we need to add them dynamically.
-    cert_attribute_business_category = RegisterDynamicOid("2.5.4.15");
-    cert_attribute_ev_incorporation_country = RegisterDynamicOid(
-        "1.3.6.1.4.1.311.60.2.1.3");
   }
 };
 
 static base::LazyInstance<DynamicOidRegisterer>::Leaky
     g_dynamic_oid_registerer = LAZY_INSTANCE_INITIALIZER;
 
 }  // namespace
 
 namespace mozilla_security_manager {
 
 std::string DumpOidString(SECItem* oid) {
   char* pr_string = CERT_GetOidString(oid);
   if (pr_string) {
     std::string rv = pr_string;
     PR_smprintf_free(pr_string);
     return rv;
   }
 
   return ProcessRawBytes(oid);
 }
 
 std::string GetOIDText(SECItem* oid) {
   g_dynamic_oid_registerer.Get();
 
   int string_id;
   SECOidTag oid_tag = SECOID_FindOIDTag(oid);
   switch (oid_tag) {
+    // Distinguished Name fields:
     case SEC_OID_AVA_COMMON_NAME:
       string_id = IDS_CERT_OID_AVA_COMMON_NAME;
       break;
     case SEC_OID_AVA_STATE_OR_PROVINCE:
       string_id = IDS_CERT_OID_AVA_STATE_OR_PROVINCE;
       break;
     case SEC_OID_AVA_ORGANIZATION_NAME:
       string_id = IDS_CERT_OID_AVA_ORGANIZATION_NAME;
       break;
     case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
@@ skipping 16 matching lines @@
       break;
     case SEC_OID_RFC1274_MAIL:
       string_id = IDS_CERT_OID_RFC1274_MAIL;
       break;
     case SEC_OID_RFC1274_UID:
       string_id = IDS_CERT_OID_RFC1274_UID;
       break;
     case SEC_OID_PKCS9_EMAIL_ADDRESS:
       string_id = IDS_CERT_OID_PKCS9_EMAIL_ADDRESS;
       break;
+
+    // Extended Validation (EV) name fields:
+    case SEC_OID_BUSINESS_CATEGORY:
+      string_id = IDS_CERT_OID_BUSINESS_CATEGORY;
+      break;
+    case SEC_OID_EV_INCORPORATION_LOCALITY:
+      string_id = IDS_CERT_OID_EV_INCORPORATION_LOCALITY;
+      break;
+    case SEC_OID_EV_INCORPORATION_STATE:
+      string_id = IDS_CERT_OID_EV_INCORPORATION_STATE;
+      break;
+    case SEC_OID_EV_INCORPORATION_COUNTRY:
+      string_id = IDS_CERT_OID_EV_INCORPORATION_COUNTRY;
+      break;
+    case SEC_OID_AVA_STREET_ADDRESS:
+      string_id = IDS_CERT_OID_AVA_STREET_ADDRESS;
+      break;
+    case SEC_OID_AVA_POSTAL_CODE:
+      string_id = IDS_CERT_OID_AVA_POSTAL_CODE;
+      break;
+
+    // Algorithm fields:
     case SEC_OID_PKCS1_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
       break;
     case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
       string_id = IDS_CERT_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
       break;
+    case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+      string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
+      break;
+    case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+      string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
+      break;
+    case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+      string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+      break;
+    case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+      string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
+      break;
+    case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+      string_id = IDS_CERT_OID_ANSIX962_EC_PUBLIC_KEY;
+      break;
+    case SEC_OID_SECG_EC_SECP256R1:
+      string_id = IDS_CERT_OID_SECG_EC_SECP256R1;
+      break;
+    case SEC_OID_SECG_EC_SECP384R1:
+      string_id = IDS_CERT_OID_SECG_EC_SECP384R1;
+      break;
+    case SEC_OID_SECG_EC_SECP521R1:
+      string_id = IDS_CERT_OID_SECG_EC_SECP521R1;
+      break;
+
+    // Extension fields (including details of extensions):
     case SEC_OID_NS_CERT_EXT_CERT_TYPE:
       string_id = IDS_CERT_EXT_NS_CERT_TYPE;
       break;
     case SEC_OID_NS_CERT_EXT_BASE_URL:
       string_id = IDS_CERT_EXT_NS_CERT_BASE_URL;
       break;
     case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
       string_id = IDS_CERT_EXT_NS_CERT_REVOCATION_URL;
       break;
     case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
@@ skipping 52 matching lines @@
       break;
     case SEC_OID_X509_AUTH_KEY_ID:
       string_id = IDS_CERT_X509_AUTH_KEYID;
       break;
     case SEC_OID_X509_EXT_KEY_USAGE:
       string_id = IDS_CERT_X509_EXT_KEY_USAGE;
       break;
     case SEC_OID_X509_AUTH_INFO_ACCESS:
       string_id = IDS_CERT_X509_AUTH_INFO_ACCESS;
       break;
+    case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
+      string_id = IDS_CERT_PKIX_CPS_POINTER_QUALIFIER;
+      break;
+    case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
+      string_id = IDS_CERT_PKIX_USER_NOTICE_QUALIFIER;
+      break;
+
+    // Extended Key Usages:
     case SEC_OID_EXT_KEY_USAGE_SERVER_AUTH:
       string_id = IDS_CERT_EKU_TLS_WEB_SERVER_AUTHENTICATION;
       break;
     case SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH:
       string_id = IDS_CERT_EKU_TLS_WEB_CLIENT_AUTHENTICATION;
       break;
     case SEC_OID_EXT_KEY_USAGE_CODE_SIGN:
       string_id = IDS_CERT_EKU_CODE_SIGNING;
       break;
     case SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT:
       string_id = IDS_CERT_EKU_EMAIL_PROTECTION;
       break;
     case SEC_OID_EXT_KEY_USAGE_TIME_STAMP:
       string_id = IDS_CERT_EKU_TIME_STAMPING;
       break;
     case SEC_OID_OCSP_RESPONDER:
       string_id = IDS_CERT_EKU_OCSP_SIGNING;
       break;
-    case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
-      string_id = IDS_CERT_PKIX_CPS_POINTER_QUALIFIER;
-      break;
-    case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
-      string_id = IDS_CERT_PKIX_USER_NOTICE_QUALIFIER;
-      break;
+
+    // Explicitly handle UNKNOWN to avoid the conditional below.
     case SEC_OID_UNKNOWN:
       string_id = -1;
       break;
 
-    // There are a billionty other OIDs we could add here.  I tried to get the
-    // important ones...
+    // OIDs that are not directly registered with NSS, and thus cannot be
+    // used as part of a switch tag. While there is a potentially boundless
+    // set here, only list ones that either other platforms list or which
+    // might otherwise be encountered in the Web PKI or mainstream Enterprise
+    // deployments.
     default:
       if (oid_tag == ms_cert_ext_certtype)
         string_id = IDS_CERT_EXT_MS_CERT_TYPE;
       else if (oid_tag == ms_certsrv_ca_version)
         string_id = IDS_CERT_EXT_MS_CA_VERSION;
       else if (oid_tag == ms_nt_principal_name)
         string_id = IDS_CERT_EXT_MS_NT_PRINCIPAL_NAME;
       else if (oid_tag == ms_ntds_replication)
         string_id = IDS_CERT_EXT_MS_NTDS_REPLICATION;
       else if (oid_tag == eku_ms_individual_code_signing)
@@ skipping 19 matching lines @@
       else if (oid_tag == eku_ms_document_signing)
         string_id = IDS_CERT_EKU_MS_DOCUMENT_SIGNING;
       else if (oid_tag == eku_ms_lifetime_signing)
         string_id = IDS_CERT_EKU_MS_LIFETIME_SIGNING;
       else if (oid_tag == eku_ms_smart_card_logon)
         string_id = IDS_CERT_EKU_MS_SMART_CARD_LOGON;
       else if (oid_tag == eku_ms_key_recovery_agent)
         string_id = IDS_CERT_EKU_MS_KEY_RECOVERY_AGENT;
       else if (oid_tag == eku_netscape_international_step_up)
         string_id = IDS_CERT_EKU_NETSCAPE_INTERNATIONAL_STEP_UP;
-      else if (oid_tag == cert_attribute_business_category)
-        string_id = IDS_CERT_OID_BUSINESS_CATEGORY;
-      else if (oid_tag == cert_attribute_ev_incorporation_country)
-        string_id = IDS_CERT_OID_EV_INCORPORATION_COUNTRY;
       else
         string_id = -1;
       break;
   }
   if (string_id >= 0)
     return l10n_util::GetStringUTF8(string_id);
 
   return DumpOidString(oid);
 }
 
@@ skipping 666 matching lines @@
     return net::USER_CERT;
   if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, NULL))
     return net::CA_CERT;
   // TODO(mattm): http://crbug.com/128633.
   if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
     return net::SERVER_CERT;
   return net::OTHER_CERT;
 }
 
 }  // namespace mozilla_security_manager