x509_certificate_model: remove unused code, move nss-only stuff out of public interface

chrome/common/net/x509_certificate_model_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/net/x509_certificate_model.h"
 
 #include <cert.h>
 #include <cms.h>
 #include <hasht.h>
 #include <keyhi.h>  // SECKEY_DestroyPrivateKey
@@ skipping 53 matching lines @@
     const std::string& non_critical_label,
     CERTCertExtension* extension) {
   std::string criticality =
       extension->critical.data && extension->critical.data[0] ?
           critical_label : non_critical_label;
   return criticality + "\n" +
       psm::ProcessExtensionData(SECOID_FindOIDTag(&extension->id),
                                 &extension->value);
 }
 
+std::string GetNickname(net::X509Certificate::OSCertHandle cert_handle) {
+  std::string name;
+  if (cert_handle->nickname) {
+    name = cert_handle->nickname;
+    // Hack copied from mozilla: Cut off text before first :, which seems to
+    // just be the token name.
+    size_t colon_pos = name.find(':');
+    if (colon_pos != std::string::npos)
+      name = name.substr(colon_pos + 1);
+  }
+  return name;
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 // NSS certificate export functions.
 
 struct NSSCMSMessageDeleter {
   inline void operator()(NSSCMSMessage* x) const {
     NSS_CMSMessage_Destroy(x);
   }
 };
 typedef scoped_ptr<NSSCMSMessage, NSSCMSMessageDeleter> ScopedNSSCMSMessage;
 
@@ skipping 13 matching lines @@
 using std::string;
 
 string GetCertNameOrNickname(X509Certificate::OSCertHandle cert_handle) {
   string name = ProcessIDN(
       Stringize(CERT_GetCommonName(&cert_handle->subject), std::string()));
   if (!name.empty())
     return name;
   return GetNickname(cert_handle);
 }
 
-string GetNickname(X509Certificate::OSCertHandle cert_handle) {
-  string name;
-  if (cert_handle->nickname) {
-    name = cert_handle->nickname;
-    // Hack copied from mozilla: Cut off text before first :, which seems to
-    // just be the token name.
-    size_t colon_pos = name.find(':');
-    if (colon_pos != string::npos)
-      name = name.substr(colon_pos + 1);
-  }
-  return name;
-}
-
 string GetTokenName(X509Certificate::OSCertHandle cert_handle) {
   return psm::GetCertTokenName(cert_handle);
 }
 
 string GetVersion(X509Certificate::OSCertHandle cert_handle) {
   // If the version field is omitted from the certificate, the default
   // value is v1(0).
   unsigned long version = 0;
   if (cert_handle->version.len == 0 ||
       SEC_ASN1DecodeInteger(&cert_handle->version, &version) == SECSuccess) {
     return base::UintToString(version + 1);
   }
   return std::string();
 }
 
 net::CertType GetType(X509Certificate::OSCertHandle cert_handle) {
     return psm::GetCertType(cert_handle);
 }
 
-string GetEmailAddress(X509Certificate::OSCertHandle cert_handle) {
-  if (cert_handle->emailAddr)
-    return cert_handle->emailAddr;
-  return std::string();
-}
-
 void GetUsageStrings(X509Certificate::OSCertHandle cert_handle,
                      std::vector<string>* usages) {
   psm::GetCertUsageStrings(cert_handle, usages);
 }
 
-string GetKeyUsageString(X509Certificate::OSCertHandle cert_handle) {
-  SECItem key_usage;
-  key_usage.data = NULL;
-  string key_usage_str;
-  if (CERT_FindKeyUsageExtension(cert_handle, &key_usage) == SECSuccess) {
-    key_usage_str = psm::ProcessKeyUsageBitString(&key_usage, ',');
-    PORT_Free(key_usage.data);
-  }
-  return key_usage_str;
-}
-
 string GetSerialNumberHexified(X509Certificate::OSCertHandle cert_handle,
                                const string& alternative_text) {
   return Stringize(CERT_Hexify(&cert_handle->serialNumber, true),
                    alternative_text);
 }
 
 string GetIssuerCommonName(X509Certificate::OSCertHandle cert_handle,
                            const string& alternative_text) {
   return Stringize(CERT_GetCommonName(&cert_handle->issuer), alternative_text);
 }
@@ skipping 40 matching lines @@
 }
 
 string GetIssuerName(X509Certificate::OSCertHandle cert_handle) {
   return psm::ProcessName(&cert_handle->issuer);
 }
 
 string GetSubjectName(X509Certificate::OSCertHandle cert_handle) {
   return psm::ProcessName(&cert_handle->subject);
 }
 
-void GetEmailAddresses(X509Certificate::OSCertHandle cert_handle,
-                       std::vector<string>* email_addresses) {
-  for (const char* addr = CERT_GetFirstEmailAddress(cert_handle);
-       addr; addr = CERT_GetNextEmailAddress(cert_handle, addr)) {
-    // The first email addr (from Subject) may be duplicated in Subject
-    // Alternative Name, so check subsequent addresses are not equal to the
-    // first one before adding to the list.
-    if (!email_addresses->size() || (*email_addresses)[0] != addr)
-      email_addresses->push_back(addr);
-  }
-}
-
-void GetNicknameStringsFromCertList(
-    const std::vector<scoped_refptr<X509Certificate> >& certs,
-    const string& cert_expired,
-    const string& cert_not_yet_valid,
-    std::vector<string>* nick_names) {
-  CERTCertList* cert_list = CERT_NewCertList();
-  for (size_t i = 0; i < certs.size(); ++i) {
-    CERT_AddCertToListTail(
-        cert_list,
-        CERT_DupCertificate(certs[i]->os_cert_handle()));
-  }
-  // Would like to use CERT_GetCertNicknameWithValidity on each cert
-  // individually instead of having to build a CERTCertList for this, but that
-  // function is not exported.
-  CERTCertNicknames* cert_nicknames = CERT_NicknameStringsFromCertList(
-      cert_list,
-      const_cast<char*>(cert_expired.c_str()),
-      const_cast<char*>(cert_not_yet_valid.c_str()));
-  DCHECK_EQ(cert_nicknames->numnicknames,
-            static_cast<int>(certs.size()));
-
-  for (int i = 0; i < cert_nicknames->numnicknames; ++i)
-    nick_names->push_back(cert_nicknames->nicknames[i]);
-
-  CERT_FreeNicknames(cert_nicknames);
-  CERT_DestroyCertList(cert_list);
-}
-
 void GetExtensions(
     const string& critical_label,
     const string& non_critical_label,
     X509Certificate::OSCertHandle cert_handle,
     Extensions* extensions) {
   if (cert_handle->extensions) {
+    psm::RegisterDynamicOids();

[Ryan Sleevi, 2014/05/08 00:34:38]

This needs to be called before getting the subject/issuer name as well, since
there are EV subject attributes.

We should also (ideally) only call this once, as a lazy instance - avoids some
additional table searches within NSS.

[mattm, 2014/05/13 00:57:40]

Hm, seems easiest to just move it to GetOIDText, wdyt?
The RegisterDynamicOids basically does that already, though not in a thread safe
way. I guess since the functions aren't otherwise thread unsafe I'll use the
lazy instance.

     for (size_t i = 0; cert_handle->extensions[i] != NULL; ++i) {
       Extension extension;
       extension.name = psm::GetOIDText(&cert_handle->extensions[i]->id);
       extension.value = ProcessExtension(
           critical_label, non_critical_label, cert_handle->extensions[i]);
       extensions->push_back(extension);
     }
   }
 }
 
@@ skipping 99 matching lines @@
 
 string ProcessSubjectPublicKeyInfo(X509Certificate::OSCertHandle cert_handle) {
   return psm::ProcessSubjectPublicKeyInfo(&cert_handle->subjectPublicKeyInfo);
 }
 
 string ProcessRawBitsSignatureWrap(X509Certificate::OSCertHandle cert_handle) {
   return ProcessRawBits(cert_handle->signatureWrap.signature.data,
                         cert_handle->signatureWrap.signature.len);
 }
 
-void RegisterDynamicOids() {
-  psm::RegisterDynamicOids();
-}
-
 }  // namespace x509_certificate_model