Copy some x509_certificate_model_nss functions to src/chromeos

chromeos/network/certificate_helper.cc

Index: chromeos/network/certificate_helper.cc
diff --git a/chromeos/network/certificate_helper.cc b/chromeos/network/certificate_helper.cc
new file mode 100644
index 0000000000000000000000000000000000000000..1d4728f47554ca3dc38f53cdd3bcdf9f11b5b3c8
--- /dev/null
+++ b/chromeos/network/certificate_helper.cc
@@ -0,0 +1,100 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/network/certificate_helper.h"
+
+#include <certdb.h>
+#include <pk11pub.h>
+#include <secport.h>
+
+#include "base/strings/string16.h"
+#include "base/strings/utf_string_conversions.h"
+#include "components/url_formatter/url_formatter.h"
+#include "net/cert/nss_cert_database_chromeos.h"
+
+namespace chromeos {
+namespace certificate {
+
+namespace {
+
+// Convert a char* return value from NSS into a std::string and free the NSS
+// memory.  If the arg is null, an empty string will be returned instead.

[pmarko, 2017/05/11 12:32:46]

- Please remove extra space
- I'd suggest |nss_text| instead of "the arg"
- the second part of the sentence seems to be false: |alternative_text| is
returned instead.

[stevenjb, 2017/05/12 19:27:50]

Done.

+std::string Stringize(char* nss_text, const std::string& alternative_text) {
+  if (!nss_text)
+    return alternative_text;
+
+  std::string s = nss_text;
+  PORT_Free(nss_text);
+  return s;
+}
+
+std::string GetNickname(net::X509Certificate::OSCertHandle cert_handle) {
+  if (!cert_handle->nickname)
+    return std::string();
+  std::string name = cert_handle->nickname;
+  // Hack copied from mozilla: Cut off text before first :, which seems to
+  // just be the token name.
+  size_t colon_pos = name.find(':');
+  if (colon_pos != std::string::npos)
+    name = name.substr(colon_pos + 1);
+  return name;
+}
+
+}  // namespace
+
+net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) {
+  CERTCertTrust trust = {0};
+  CERT_GetCertTrust(cert, &trust);
+
+  unsigned all_flags =
+      trust.sslFlags | trust.emailFlags | trust.objectSigningFlags;
+
+  if (cert->nickname && (all_flags & CERTDB_USER))
+    return net::USER_CERT;
+
+  if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, nullptr))
+    return net::CA_CERT;
+
+  // TODO(mattm): http://crbug.com/128633.
+  if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
+    return net::SERVER_CERT;
+
+  return net::OTHER_CERT;
+}
+
+std::string GetCertTokenName(CERTCertificate* cert) {
+  std::string token;
+  if (cert->slot)
+    token = PK11_GetTokenName(cert->slot);
+  return token;
+}
+
+std::string GetIssuerCommonName(net::X509Certificate::OSCertHandle cert_handle,
+                                const std::string& alternative_text) {
+  return Stringize(CERT_GetCommonName(&cert_handle->issuer), alternative_text);
+}
+
+std::string GetCertNameOrNickname(
+    net::X509Certificate::OSCertHandle cert_handle) {
+  std::string name;
+  std::string common_name =
+      Stringize(CERT_GetCommonName(&cert_handle->subject), std::string());
+  if (!common_name.empty())
+    name = base::UTF16ToUTF8(url_formatter::IDNToUnicode(common_name));
+  if (!name.empty())
+    return name;
+  return GetNickname(cert_handle);
+}
+
+std::string GetCertAsciiNameOrNickname(
+    net::X509Certificate::OSCertHandle cert_handle) {
+  std::string name =
+      Stringize(CERT_GetCommonName(&cert_handle->subject), std::string());

[pmarko, 2017/05/11 12:32:46]

Couldn't we pass GetNickname(cert_handle) here instead of doing the if thing
below? Or is this an optimization?

[stevenjb, 2017/05/12 19:27:50]

This was copied, but I think the extra simplicity is worth a small amount of
extra overhead so done (here and above).

+  if (!name.empty())
+    return name;
+  return GetNickname(cert_handle);
+}
+
+}  // namespace certificate
+}  // namespace chromeos