Copy some x509_certificate_model_nss functions to src/chromeos

chromeos/network/certificate_helper.cc

Index: chromeos/network/certificate_helper.cc
diff --git a/chromeos/network/certificate_helper.cc b/chromeos/network/certificate_helper.cc
new file mode 100644
index 0000000000000000000000000000000000000000..787b709c6a58f97f8c4760526ff43890b97038de
--- /dev/null
+++ b/chromeos/network/certificate_helper.cc
@@ -0,0 +1,93 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/network/certificate_helper.h"
+
+#include <certdb.h>
+#include <pk11pub.h>
+#include <secport.h>
+
+#include "base/strings/string16.h"
+#include "base/strings/utf_string_conversions.h"
+#include "components/url_formatter/url_formatter.h"
+#include "net/cert/nss_cert_database_chromeos.h"
+
+namespace chromeos {
+namespace certificate {
+
+namespace {
+
+// Convert a char* return value from NSS into a std::string and free the NSS
+// memory. If |nss_text| is null, |alternative_text| will be returned instead.
+std::string Stringize(char* nss_text, const std::string& alternative_text) {
+  if (!nss_text)
+    return alternative_text;
+
+  std::string s = nss_text;
+  PORT_Free(nss_text);
+  return s;
+}
+
+std::string GetNickname(net::X509Certificate::OSCertHandle cert_handle) {
+  if (!cert_handle->nickname)
+    return std::string();
+  std::string name = cert_handle->nickname;
+  // Hack copied from mozilla: Cut off text before first :, which seems to
+  // just be the token name.
+  size_t colon_pos = name.find(':');
+  if (colon_pos != std::string::npos)
+    name = name.substr(colon_pos + 1);
+  return name;
+}
+
+}  // namespace
+
+net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) {
+  CERTCertTrust trust = {0};
+  CERT_GetCertTrust(cert, &trust);
+
+  unsigned all_flags =
+      trust.sslFlags | trust.emailFlags | trust.objectSigningFlags;
+
+  if (cert->nickname && (all_flags & CERTDB_USER))
+    return net::USER_CERT;
+
+  if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, nullptr))
+    return net::CA_CERT;
+
+  // TODO(mattm): http://crbug.com/128633.
+  if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
+    return net::SERVER_CERT;
+
+  return net::OTHER_CERT;
+}
+
+std::string GetCertTokenName(CERTCertificate* cert) {
+  std::string token;
+  if (cert->slot)
+    token = PK11_GetTokenName(cert->slot);
+  return token;
+}
+
+std::string GetIssuerCommonName(net::X509Certificate::OSCertHandle cert_handle,
+                                const std::string& alternative_text) {
+  return Stringize(CERT_GetCommonName(&cert_handle->issuer), alternative_text);
+}
+
+std::string GetCertNameOrNickname(
+    net::X509Certificate::OSCertHandle cert_handle) {
+  std::string name = GetCertAsciiNameOrNickname(cert_handle);
+  if (!name.empty())
+    name = base::UTF16ToUTF8(url_formatter::IDNToUnicode(name));
+  return name;
+}
+
+std::string GetCertAsciiNameOrNickname(
+    net::X509Certificate::OSCertHandle cert_handle) {
+  std::string alternative_text = GetNickname(cert_handle);
+  return Stringize(CERT_GetCommonName(&cert_handle->subject), alternative_text);

[emaxx, 2017/05/15 14:14:20]

If CERT_GetCommonName() returns a non-null string that becomes empty after
stringizing, then this function will also return an empty string. Meanwhile the
x509_certificate_model analog seems to return the nickname in this case.
Is this an expected difference?

[stevenjb, 2017/05/15 15:40:58]

Stringize() just constructs a string() from a char* and frees the char*, so this
could only happen if the char* points to an empty string, which doesn't seem
likelikely, but I'll modify Stringize() to handle it.

Done.

+}
+
+}  // namespace certificate
+}  // namespace chromeos