x509_certificate_model: remove unused code, move nss-only stuff out of public interface

chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 28 matching lines @@
  * ***** END LICENSE BLOCK ***** */
 
 #include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
 
 #include <certdb.h>
 #include <keyhi.h>
 #include <prprf.h>
 #include <unicode/uidna.h>
 
 #include "base/i18n/number_formatting.h"
+#include "base/lazy_instance.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/common/net/x509_certificate_model.h"
 #include "crypto/scoped_nss_types.h"
 #include "grit/generated_resources.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_util.h"
 #include "ui/base/l10n/l10n_util.h"
 
@@ skipping 38 matching lines @@
   }
   DCHECK_NE(rv, SEC_OID_UNKNOWN) << oid_string;
   return rv;
 }
 
 // Format a SECItem as a space separated string, with 16 bytes on each line.
 std::string ProcessRawBytes(SECItem* data) {
   return x509_certificate_model::ProcessRawBytes(data->data, data->len);
 }
 
-}  // namespace
-
-namespace mozilla_security_manager {
-
 SECOidTag ms_cert_ext_certtype = SEC_OID_UNKNOWN;
 SECOidTag ms_certsrv_ca_version = SEC_OID_UNKNOWN;
 SECOidTag ms_nt_principal_name = SEC_OID_UNKNOWN;
 SECOidTag ms_ntds_replication = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_individual_code_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_commercial_code_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_trust_list_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_time_stamping = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_server_gated_crypto = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_encrypting_file_system = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_file_recovery = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_windows_hardware_driver_verification = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_qualified_subordination = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_key_recovery = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_document_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_lifetime_signing = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_smart_card_logon = SEC_OID_UNKNOWN;
 SECOidTag eku_ms_key_recovery_agent = SEC_OID_UNKNOWN;
 SECOidTag eku_netscape_international_step_up = SEC_OID_UNKNOWN;
 SECOidTag cert_attribute_business_category = SEC_OID_UNKNOWN;
 SECOidTag cert_attribute_ev_incorporation_country = SEC_OID_UNKNOWN;
 
-void RegisterDynamicOids() {
-  if (ms_cert_ext_certtype != SEC_OID_UNKNOWN)
-    return;
+class DynamicOidRegisterer {
+ public:
+  DynamicOidRegisterer() {
+    ms_cert_ext_certtype = RegisterDynamicOid("1.3.6.1.4.1.311.20.2");
+    ms_certsrv_ca_version = RegisterDynamicOid("1.3.6.1.4.1.311.21.1");
+    ms_nt_principal_name = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.3");
+    ms_ntds_replication = RegisterDynamicOid("1.3.6.1.4.1.311.25.1");
 
-  ms_cert_ext_certtype = RegisterDynamicOid("1.3.6.1.4.1.311.20.2");
-  ms_certsrv_ca_version = RegisterDynamicOid("1.3.6.1.4.1.311.21.1");
-  ms_nt_principal_name = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.3");
-  ms_ntds_replication = RegisterDynamicOid("1.3.6.1.4.1.311.25.1");
+    eku_ms_individual_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.21");
+    eku_ms_commercial_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.22");
+    eku_ms_trust_list_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.1");
+    eku_ms_time_stamping = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.2");
+    eku_ms_server_gated_crypto = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.3");
+    eku_ms_encrypting_file_system = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4");
+    eku_ms_file_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4.1");
+    eku_ms_windows_hardware_driver_verification = RegisterDynamicOid(
+        "1.3.6.1.4.1.311.10.3.5");
+    eku_ms_qualified_subordination = RegisterDynamicOid(
+        "1.3.6.1.4.1.311.10.3.10");
+    eku_ms_key_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.11");
+    eku_ms_document_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.12");
+    eku_ms_lifetime_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.13");
+    eku_ms_smart_card_logon = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.2");
+    eku_ms_key_recovery_agent = RegisterDynamicOid("1.3.6.1.4.1.311.21.6");
+    eku_netscape_international_step_up = RegisterDynamicOid(
+        "2.16.840.1.113730.4.1");
 
-  eku_ms_individual_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.21");
-  eku_ms_commercial_code_signing = RegisterDynamicOid("1.3.6.1.4.1.311.2.1.22");
-  eku_ms_trust_list_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.1");
-  eku_ms_time_stamping = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.2");
-  eku_ms_server_gated_crypto = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.3");
-  eku_ms_encrypting_file_system = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4");
-  eku_ms_file_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.4.1");
-  eku_ms_windows_hardware_driver_verification = RegisterDynamicOid(
-      "1.3.6.1.4.1.311.10.3.5");
-  eku_ms_qualified_subordination = RegisterDynamicOid(
-      "1.3.6.1.4.1.311.10.3.10");
-  eku_ms_key_recovery = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.11");
-  eku_ms_document_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.12");
-  eku_ms_lifetime_signing = RegisterDynamicOid("1.3.6.1.4.1.311.10.3.13");
-  eku_ms_smart_card_logon = RegisterDynamicOid("1.3.6.1.4.1.311.20.2.2");
-  eku_ms_key_recovery_agent = RegisterDynamicOid("1.3.6.1.4.1.311.21.6");
-  eku_netscape_international_step_up = RegisterDynamicOid(
-      "2.16.840.1.113730.4.1");
+    // These two OIDs will be built-in as SEC_OID_BUSINESS_CATEGORY and
+    // SEC_OID_EV_INCORPORATION_COUNTRY starting in NSS 3.13.  Until then,
+    // we need to add them dynamically.
+    cert_attribute_business_category = RegisterDynamicOid("2.5.4.15");
+    cert_attribute_ev_incorporation_country = RegisterDynamicOid(
+        "1.3.6.1.4.1.311.60.2.1.3");
+  }
+};
 
-  // These two OIDs will be built-in as SEC_OID_BUSINESS_CATEGORY and
-  // SEC_OID_EV_INCORPORATION_COUNTRY starting in NSS 3.13.  Until then,
-  // we need to add them dynamically.
-  cert_attribute_business_category = RegisterDynamicOid("2.5.4.15");
-  cert_attribute_ev_incorporation_country = RegisterDynamicOid(
-      "1.3.6.1.4.1.311.60.2.1.3");
-}
+static base::LazyInstance<DynamicOidRegisterer>::Leaky
+    g_dynamic_oid_registerer = LAZY_INSTANCE_INITIALIZER;
+
+}  // namespace
+
+namespace mozilla_security_manager {
 
 std::string DumpOidString(SECItem* oid) {
   char* pr_string = CERT_GetOidString(oid);
   if (pr_string) {
     std::string rv = pr_string;
     PR_smprintf_free(pr_string);
     return rv;
   }
 
   return ProcessRawBytes(oid);
 }
 
 std::string GetOIDText(SECItem* oid) {
+  g_dynamic_oid_registerer.Get();
+
   int string_id;
   SECOidTag oid_tag = SECOID_FindOIDTag(oid);
   switch (oid_tag) {
     case SEC_OID_AVA_COMMON_NAME:
       string_id = IDS_CERT_OID_AVA_COMMON_NAME;
       break;
     case SEC_OID_AVA_STATE_OR_PROVINCE:
       string_id = IDS_CERT_OID_AVA_STATE_OR_PROVINCE;
       break;
     case SEC_OID_AVA_ORGANIZATION_NAME:
@@ skipping 272 matching lines @@
                                CERTGeneralName* current) {
   DCHECK(current);
 
   std::string key;
   std::string value;
 
   switch (current->type) {
     case certOtherName: {
       key = GetOIDText(&current->name.OthName.oid);
       SECOidTag oid_tag = SECOID_FindOIDTag(&current->name.OthName.oid);
       if (oid_tag == ms_nt_principal_name) {

[Ryan Sleevi, 2014/05/13 01:12:12]

Need to call the lazy instance before here

[mattm, 2014/05/13 01:52:33]

The GetOIDText should do it already, so I'll just add a comment to note that.

         // The type of this name is apparently nowhere explicitly
         // documented. However, in the generated templates, it is always
         // UTF-8. So try to decode this as UTF-8; if that fails, dump the
         // raw data.
         SECItem decoded;
         if (SEC_ASN1DecodeItem(arena, &decoded,
                                SEC_ASN1_GET(SEC_UTF8StringTemplate),
                                &current->name.OthName.name) == SECSuccess) {
           value = std::string(reinterpret_cast<char*>(decoded.data),
                               decoded.len);
@@ skipping 531 matching lines @@
     case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
     case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
     case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
     case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
     case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
     case SEC_OID_NS_CERT_EXT_COMMENT:
     case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
     case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
       return ProcessIA5String(extension_data);
     default:
       if (oid_tag == ms_cert_ext_certtype)

[Ryan Sleevi, 2014/05/13 01:12:12]

Need to call the lazy instance before here

[mattm, 2014/05/13 01:52:33]

Ah, right. I guess it actually needs to be done before the SECOID_FindOIDTag
call, so I changed the ProcessExtensionData signature to allow that.

         return ProcessBMPString(extension_data);
       return ProcessRawBytes(extension_data);
   }
 }
 
 std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) {
   std::string rv;
   SECKEYPublicKey* key = SECKEY_ExtractPublicKey(spki);
   if (key) {
     switch (key->keyType) {
@@ skipping 27 matching lines @@
     return net::USER_CERT;
   if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, NULL))
     return net::CA_CERT;
   // TODO(mattm): http://crbug.com/128633.
   if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
     return net::SERVER_CERT;
   return net::OTHER_CERT;
 }
 
 }  // namespace mozilla_security_manager