bug 857627 - 2/4: remove nsIX509Cert.nickname r=Cykesiopka,jcj

In general, any code that was using nsIX509Cert.nickname should be able to use
the attribute displayName (if using nickname for display purposes) or the
attribute dbKey (if using nickname as a unique identifier for a certificate).

MozReview-Commit-ID: G9CfMJDfLqe

--HG--
extra : rebase_source : 1c464dab8f028568cedd5a42cf87428b8bb63fc0

mobile/android/components/NSSDialogService.js

@@ -229,7 +229,7 @@ NSSDialogs.prototype = {
     for (let i = 0; i < certList.length; i++) {
       let cert = certList.queryElementAt(i, Ci.nsIX509Cert);
       certNickList.push(this.formatString("clientAuthAsk.nickAndSerial",
-                                          [cert.nickname, cert.serialNumber]));
+                                          [cert.displayName, cert.serialNumber]));
       certDetailsList.push(this.getCertDetails(cert));
     }
 

security/manager/locales/en-US/chrome/pipnss/pipnss.properties

@@ -284,7 +284,6 @@ certErrorCodePrefix2=Error code: <a id="errorCode" title="%1$S">%1$S</a>
 
 P12DefaultNickname=Imported Certificate
 CertUnknown=Unknown
-CertNoNickname=(no nickname)
 CertNoEmailAddress=(no email address)
 CaCertExists=This certificate is already installed as a certificate authority.
 NotACACert=This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.

security/manager/pki/resources/content/clientauthask.js

@@ -89,7 +89,7 @@ function onLoad() {
     let cert = certArray.queryElementAt(i, Ci.nsIX509Cert);
     let nickAndSerial =
       bundle.getFormattedString("clientAuthNickAndSerial",
-                                [cert.nickname, cert.serialNumber]);
+                                [cert.displayName, cert.serialNumber]);
     menuItemNode.setAttribute("value", i);
     menuItemNode.setAttribute("label", nickAndSerial); // This is displayed.
     selectElement.firstChild.appendChild(menuItemNode);

security/manager/ssl/nsCertTree.cpp

@@ -1075,30 +1075,9 @@ nsCertTree::GetCellText(int32_t row, nsITreeColumn* col,
 
   if (NS_LITERAL_STRING("certcol").Equals(colID)) {
     if (!cert) {
-      mNSSComponent->GetPIPNSSBundleString("CertNotStored", _retval);
-    }
-    else {
-      rv = cert->GetCommonName(_retval);
-      if (NS_FAILED(rv) || _retval.IsEmpty()) {
-        // kaie: I didn't invent the idea to cut off anything before 
-        //       the first colon. :-)
-        nsAutoString nick;
-        rv = cert->GetNickname(nick);
-        
-        nsAString::const_iterator start, end, end2;
-        nick.BeginReading(start);
-        nick.EndReading(end);
-        end2 = end;
-  
-        if (FindInReadable(NS_LITERAL_STRING(":"), start, end)) {
-          // found. end points to the first char after the colon,
-          // that's what we want.
-          _retval = Substring(end, end2);
-        }
-        else {
-          _retval = nick;
-        }
-      }
+      rv = mNSSComponent->GetPIPNSSBundleString("CertNotStored", _retval);
+    } else {
+      rv = cert->GetDisplayName(_retval);
     }
   } else if (NS_LITERAL_STRING("tokencol").Equals(colID) && cert) {
     rv = cert->GetTokenName(_retval);

security/manager/ssl/nsIX509Cert.idl

@@ -28,11 +28,6 @@ interface nsICertVerificationListener;
 [scriptable, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
 interface nsIX509Cert : nsISupports {
 
-  /**
-   *  A nickname for the certificate.
-   */
-  readonly attribute AString nickname;
-
   /**
    *  The primary email address of the certificate, if present.
    */

security/manager/ssl/nsNSSCertificate.cpp

@@ -435,26 +435,6 @@ nsNSSCertificate::GetDisplayName(nsAString& aDisplayName)
   return NS_OK;
 }
 
-NS_IMETHODIMP
-nsNSSCertificate::GetNickname(nsAString& aNickname)
-{
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown())
-    return NS_ERROR_NOT_AVAILABLE;
-
-  if (mCert->nickname) {
-    CopyUTF8toUTF16(mCert->nickname, aNickname);
-  } else {
-    nsresult rv;
-    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-    if (NS_FAILED(rv) || !nssComponent) {
-      return NS_ERROR_FAILURE;
-    }
-    nssComponent->GetPIPNSSBundleString("CertNoNickname", aNickname);
-  }
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress)
 {

security/manager/ssl/nsNSSCertificateFakeTransport.cpp

@@ -42,13 +42,6 @@ nsNSSCertificateFakeTransport::GetDisplayName(nsAString&)
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
-NS_IMETHODIMP
-nsNSSCertificateFakeTransport::GetNickname(nsAString&)
-{
-  NS_NOTREACHED("Unimplemented on content process");
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
-
 NS_IMETHODIMP
 nsNSSCertificateFakeTransport::GetEmailAddress(nsAString&)
 {

security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js

@@ -70,7 +70,7 @@ function checkDialogContents(win, notBefore, notAfter) {
                "Actual and expected issuer organization should be equal");
 
   Assert.equal(win.document.getElementById("nicknames").label,
-               "test client certificate [03]",
+               "Mochitest client [03]",
                "Actual and expected selected cert nickname and serial should " +
                "be equal");
 

security/manager/ssl/tests/unit/test_local_cert.js

@@ -49,11 +49,15 @@ add_task(function* () {
   ok(!certService.loginPromptRequired);
 
   let certA = yield getOrCreateCert(gNickname);
-  equal(certA.nickname, gNickname);
+  // The local cert service implementation takes the given nickname and uses it
+  // as the common name for the certificate it creates. nsIX509Cert.displayName
+  // uses the common name if it is present, so these should match. Should either
+  // implementation change to do something else, this won't necessarily work.
+  equal(certA.displayName, gNickname);
 
   // Getting again should give the same cert
   let certB = yield getOrCreateCert(gNickname);
-  equal(certB.nickname, gNickname);
+  equal(certB.displayName, gNickname);
 
   // Should be matching instances
   ok(certA.equals(certB));

security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js

@@ -45,8 +45,6 @@ function run_test() {
     "hD/h2nawrCFwc5gJW10aLJGFL/mcS7ViAIT9HCVk23j4TuBjsVmnZ0VKxB5edux+" +
     "LIEqtU428UVHZWU/I5ngLw==");
 
-  equal(cert.nickname, "(no nickname)",
-        "Actual and expected nickname should match");
   equal(cert.emailAddress, "ludek.rasek@centrum.cz",
         "Actual and expected emailAddress should match");
   equal(cert.subjectName, "serialNumber=ICA - 10003769,SN=Rašek,name=Luděk Rašek,initials=LR,givenName=Luděk,E=ludek.rasek@centrum.cz,L=\"Pacov, Nádražní 769\",ST=Vysočina,CN=Luděk Rašek,C=CZ",

security/manager/tools/dumpGoogleRoots.js

@@ -58,20 +58,11 @@ function downloadRoots() {
 }
 
 function makeFormattedNickname(cert) {
-  if (cert.nickname.startsWith("Builtin Object Token:")) {
-    return `"${cert.nickname.substring("Builtin Object Token:".length)}"`;
+  if (cert.isBuiltInRoot) {
+    return `"${cert.displayName}"`;
   }
   // Otherwise, this isn't a built-in and we have to comment it out.
-  if (cert.commonName) {
-    return `// "${cert.commonName}"`;
-  }
-  if (cert.organizationalUnit) {
-    return `// "${cert.organizationalUnit}"`;
-  }
-  if (cert.organization) {
-    return `// "${cert.organization}"`;
-  }
-  throw new Error(`couldn't make nickname for ${cert.subjectName}`);
+  return `// "${cert.displayName}"`;
 }
 
 var roots = downloadRoots();

security/manager/tools/genHPKPStaticPins.js

@@ -28,7 +28,6 @@ var { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
 var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
                 .getService(Ci.nsIX509CertDB);
 
-const BUILT_IN_NICK_PREFIX = "Builtin Object Token:";
 const SHA256_PREFIX = "sha256/";
 const GOOGLE_PIN_PREFIX = "GOOGLE_PIN_";
 
@@ -402,7 +401,7 @@ function loadNSSCertinfo(extraCertificates) {
     if (!isCertBuiltIn(cert)) {
       continue;
     }
-    let name = cert.nickname.substr(BUILT_IN_NICK_PREFIX.length);
+    let name = cert.displayName;
     let SKD = cert.sha256SubjectPublicKeyInfoDigest;
     certNameToSKD[name] = SKD;
     certSKDToName[SKD] = name;