| Index: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
|
| diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
|
| index ec68c3433590d23a6bfbf425bba32d800499be72..2481f7b3d2046ffeb27440cef7f1fa6379ffc62e 100644
|
| --- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
|
| +++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
|
| @@ -126,8 +126,6 @@ SECOidTag eku_ms_lifetime_signing = SEC_OID_UNKNOWN;
|
| SECOidTag eku_ms_smart_card_logon = SEC_OID_UNKNOWN;
|
| SECOidTag eku_ms_key_recovery_agent = SEC_OID_UNKNOWN;
|
| SECOidTag eku_netscape_international_step_up = SEC_OID_UNKNOWN;
|
| -SECOidTag cert_attribute_business_category = SEC_OID_UNKNOWN;
|
| -SECOidTag cert_attribute_ev_incorporation_country = SEC_OID_UNKNOWN;
|
|
|
| class DynamicOidRegisterer {
|
| public:
|
| @@ -155,13 +153,6 @@ class DynamicOidRegisterer {
|
| eku_ms_key_recovery_agent = RegisterDynamicOid("1.3.6.1.4.1.311.21.6");
|
| eku_netscape_international_step_up = RegisterDynamicOid(
|
| "2.16.840.1.113730.4.1");
|
| -
|
| - // These two OIDs will be built-in as SEC_OID_BUSINESS_CATEGORY and
|
| - // SEC_OID_EV_INCORPORATION_COUNTRY starting in NSS 3.13. Until then,
|
| - // we need to add them dynamically.
|
| - cert_attribute_business_category = RegisterDynamicOid("2.5.4.15");
|
| - cert_attribute_ev_incorporation_country = RegisterDynamicOid(
|
| - "1.3.6.1.4.1.311.60.2.1.3");
|
| }
|
| };
|
|
|
| @@ -189,6 +180,7 @@ std::string GetOIDText(SECItem* oid) {
|
| int string_id;
|
| SECOidTag oid_tag = SECOID_FindOIDTag(oid);
|
| switch (oid_tag) {
|
| + // Distinguished Name fields:
|
| case SEC_OID_AVA_COMMON_NAME:
|
| string_id = IDS_CERT_OID_AVA_COMMON_NAME;
|
| break;
|
| @@ -225,6 +217,28 @@ std::string GetOIDText(SECItem* oid) {
|
| case SEC_OID_PKCS9_EMAIL_ADDRESS:
|
| string_id = IDS_CERT_OID_PKCS9_EMAIL_ADDRESS;
|
| break;
|
| +
|
| + // Extended Validation (EV) name fields:
|
| + case SEC_OID_BUSINESS_CATEGORY:
|
| + string_id = IDS_CERT_OID_BUSINESS_CATEGORY;
|
| + break;
|
| + case SEC_OID_EV_INCORPORATION_LOCALITY:
|
| + string_id = IDS_CERT_OID_EV_INCORPORATION_LOCALITY;
|
| + break;
|
| + case SEC_OID_EV_INCORPORATION_STATE:
|
| + string_id = IDS_CERT_OID_EV_INCORPORATION_STATE;
|
| + break;
|
| + case SEC_OID_EV_INCORPORATION_COUNTRY:
|
| + string_id = IDS_CERT_OID_EV_INCORPORATION_COUNTRY;
|
| + break;
|
| + case SEC_OID_AVA_STREET_ADDRESS:
|
| + string_id = IDS_CERT_OID_AVA_STREET_ADDRESS;
|
| + break;
|
| + case SEC_OID_AVA_POSTAL_CODE:
|
| + string_id = IDS_CERT_OID_AVA_POSTAL_CODE;
|
| + break;
|
| +
|
| + // Algorithm fields:
|
| case SEC_OID_PKCS1_RSA_ENCRYPTION:
|
| string_id = IDS_CERT_OID_PKCS1_RSA_ENCRYPTION;
|
| break;
|
| @@ -249,6 +263,32 @@ std::string GetOIDText(SECItem* oid) {
|
| case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
|
| string_id = IDS_CERT_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
|
| break;
|
| + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
|
| + string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
|
| + break;
|
| + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
|
| + string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
|
| + break;
|
| + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
|
| + string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
|
| + break;
|
| + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
|
| + string_id = IDS_CERT_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
|
| + break;
|
| + case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
|
| + string_id = IDS_CERT_OID_ANSIX962_EC_PUBLIC_KEY;
|
| + break;
|
| + case SEC_OID_SECG_EC_SECP256R1:
|
| + string_id = IDS_CERT_OID_SECG_EC_SECP256R1;
|
| + break;
|
| + case SEC_OID_SECG_EC_SECP384R1:
|
| + string_id = IDS_CERT_OID_SECG_EC_SECP384R1;
|
| + break;
|
| + case SEC_OID_SECG_EC_SECP521R1:
|
| + string_id = IDS_CERT_OID_SECG_EC_SECP521R1;
|
| + break;
|
| +
|
| + // Extension fields (including details of extensions):
|
| case SEC_OID_NS_CERT_EXT_CERT_TYPE:
|
| string_id = IDS_CERT_EXT_NS_CERT_TYPE;
|
| break;
|
| @@ -321,6 +361,14 @@ std::string GetOIDText(SECItem* oid) {
|
| case SEC_OID_X509_AUTH_INFO_ACCESS:
|
| string_id = IDS_CERT_X509_AUTH_INFO_ACCESS;
|
| break;
|
| + case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
|
| + string_id = IDS_CERT_PKIX_CPS_POINTER_QUALIFIER;
|
| + break;
|
| + case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
|
| + string_id = IDS_CERT_PKIX_USER_NOTICE_QUALIFIER;
|
| + break;
|
| +
|
| + // Extended Key Usages:
|
| case SEC_OID_EXT_KEY_USAGE_SERVER_AUTH:
|
| string_id = IDS_CERT_EKU_TLS_WEB_SERVER_AUTHENTICATION;
|
| break;
|
| @@ -339,18 +387,17 @@ std::string GetOIDText(SECItem* oid) {
|
| case SEC_OID_OCSP_RESPONDER:
|
| string_id = IDS_CERT_EKU_OCSP_SIGNING;
|
| break;
|
| - case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
|
| - string_id = IDS_CERT_PKIX_CPS_POINTER_QUALIFIER;
|
| - break;
|
| - case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
|
| - string_id = IDS_CERT_PKIX_USER_NOTICE_QUALIFIER;
|
| - break;
|
| +
|
| + // Explicitly handle UNKNOWN to avoid the conditional below.
|
| case SEC_OID_UNKNOWN:
|
| string_id = -1;
|
| break;
|
|
|
| - // There are a billionty other OIDs we could add here. I tried to get the
|
| - // important ones...
|
| + // OIDs that are not directly registered with NSS, and thus cannot be
|
| + // used as part of a switch tag. While there is a potentially boundless
|
| + // set here, only list ones that either other platforms list or which
|
| + // might otherwise be encountered in the Web PKI or mainstream Enterprise
|
| + // deployments.
|
| default:
|
| if (oid_tag == ms_cert_ext_certtype)
|
| string_id = IDS_CERT_EXT_MS_CERT_TYPE;
|
| @@ -390,10 +437,6 @@ std::string GetOIDText(SECItem* oid) {
|
| string_id = IDS_CERT_EKU_MS_KEY_RECOVERY_AGENT;
|
| else if (oid_tag == eku_netscape_international_step_up)
|
| string_id = IDS_CERT_EKU_NETSCAPE_INTERNATIONAL_STEP_UP;
|
| - else if (oid_tag == cert_attribute_business_category)
|
| - string_id = IDS_CERT_OID_BUSINESS_CATEGORY;
|
| - else if (oid_tag == cert_attribute_ev_incorporation_country)
|
| - string_id = IDS_CERT_OID_EV_INCORPORATION_COUNTRY;
|
| else
|
| string_id = -1;
|
| break;
|
|
|