X509Certificate::GetDefaultNickname should handle a user certificate

whose Subject field doesn't have a common name (but has an email
address).

This was previously https://codereview.chromium.org/10341005/

R=rsleevi@chromium.org
BUG=126023
TEST=new unit test X509CertificateTest.GetDefaultNickname, only if
USE_NSS is defined.

Review URL: https://chromiumcodereview.appspot.com/17093010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206844 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 136 insertions, 3 deletions

diff --git a/net/cert/x509_certificate_nss.cc b/net/cert/x509_certificate_nss.cc
index 27cb205..bbc448f 100644
--- a/net/cert/x509_certificate_nss.cc
+++ b/net/cert/x509_certificate_nss.cc
@@ -91,13 +91,19 @@ std::string X509Certificate::GetDefaultNickname(CertType type) const {
       PORT_Free(nickname);
       break;
     }
-    case USER_CERT:
+    case USER_CERT: {
+      std::string subject_name = subject_.GetDisplayName();
+      if (subject_name.empty()) {
+        const char* email = CERT_GetFirstEmailAddress(cert_handle_);
+        if (email)
+          subject_name = email;
+      }
       // TODO(gspencer): Internationalize this. It's wrong to assume English
       // here.
-      result = base::StringPrintf("%s's %s ID",
-                                  subject_.GetDisplayName().c_str(),
+      result = base::StringPrintf("%s's %s ID", subject_name.c_str(),
                                   issuer_.GetDisplayName().c_str());
       break;
+    }
     case SERVER_CERT:
       result = subject_.GetDisplayName();
       break;
diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
index 191e23b..427431d 100644
--- a/net/cert/x509_certificate_unittest.cc
+++ b/net/cert/x509_certificate_unittest.cc
@@ -781,6 +781,20 @@ TEST(X509CertificateTest, IsIssuedByEncodedWithIntermediates) {
   EXPECT_FALSE(cert_chain->IsIssuedByEncoded(issuers));
 }
 
+#if defined(USE_NSS)
+TEST(X509CertificateTest, GetDefaultNickname) {
+  base::FilePath certs_dir = GetTestCertsDirectory();
+
+  scoped_refptr<X509Certificate> test_cert(
+      ImportCertFromFile(certs_dir, "no_subject_common_name_cert.pem"));
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
+
+  std::string nickname = test_cert->GetDefaultNickname(USER_CERT);
+  EXPECT_EQ("wtc@google.com's COMODO Client Authentication and "
+            "Secure Email CA ID", nickname);
+}
+#endif
+
 #if !defined(OS_IOS)  // TODO(ios): Unable to create certificates.
 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
 // This test creates a self-signed cert from a private key and then verify the
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README
index 8f9e4a7..22a9d31 100644
--- a/net/data/ssl/certificates/README
+++ b/net/data/ssl/certificates/README
@@ -208,3 +208,7 @@ unit tests.
      chain that was issued under the Baltimore root. Combined, these
      certificates can be used to test real-world cross-signing; in practice,
      they are used to test certain workarounds for OS X's chain building code.
+
+- no_subject_common_name_cert.pem: Used to test the function that generates a
+  NSS certificate nickname for a user certificate. This certificate's Subject
+  field doesn't have a common name.
diff --git a/net/data/ssl/certificates/no_subject_common_name_cert.pem b/net/data/ssl/certificates/no_subject_common_name_cert.pem
new file mode 100644
index 0000000..f9d582e
--- /dev/null
+++ b/net/data/ssl/certificates/no_subject_common_name_cert.pem
@@ -0,0 +1,109 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f0:1e:87:f4:fe:b6:f0:10:dc:7e:65:da:f4:fb:8f:e3
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Client Authentication and Secure Email CA
+        Validity
+            Not Before: Apr 25 00:00:00 2012 GMT
+            Not After : Apr 25 23:59:59 2013 GMT
+        Subject: emailAddress=wtc@google.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:f6:50:cf:80:32:ee:05:1b:6a:07:c5:5f:71:bc:
+                    67:81:40:63:46:35:a4:23:6c:77:32:57:ec:c8:b0:
+                    0b:16:0e:5f:b7:42:6e:de:6f:de:84:9f:cf:81:73:
+                    ee:30:a9:ac:47:8c:47:27:78:89:eb:d1:14:e9:a9:
+                    fd:08:74:01:2c:dc:ea:4f:0a:30:82:cd:b5:02:65:
+                    54:42:9c:af:14:18:a7:56:c7:c4:00:7d:c0:f6:4d:
+                    97:58:80:57:f5:fc:2c:36:78:69:d6:e3:7f:05:05:
+                    ff:08:26:1e:f5:d5:60:3f:15:5d:06:16:28:11:a5:
+                    5d:b5:d0:59:d1:27:ab:38:8e:6b:68:b6:3d:c3:cb:
+                    f5:0d:42:35:a1:6e:f5:3f:73:12:33:9f:47:a5:43:
+                    2f:f3:dc:00:61:18:3f:4a:74:e4:d2:e8:37:e7:19:
+                    18:84:34:49:78:d2:b5:4d:90:65:4e:6f:a0:13:5b:
+                    2f:47:3e:0c:04:2f:fe:bd:9c:c1:d1:d1:f2:36:fe:
+                    df:07:e6:ec:b8:48:c7:1f:24:f6:af:9a:35:2a:a8:
+                    12:db:a9:a2:50:cc:0c:28:a4:fc:66:f2:28:a8:c2:
+                    d1:fb:ea:1e:58:c3:14:70:e0:18:a4:2a:04:54:8c:
+                    d3:f3:09:2e:b7:76:a3:eb:07:7a:f4:e8:3a:e3:2e:
+                    6b:b7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                keyid:7A:13:4E:00:74:5B:C6:78:63:64:27:C1:2F:E2:A0:5B:BC:79:C5:7B
+
+            X509v3 Subject Key Identifier: 
+                D7:D3:09:C6:62:34:E3:2A:2D:5D:F3:E9:B4:B0:DA:73:55:E9:75:28
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Extended Key Usage: 
+                E-mail Protection, 1.3.6.1.4.1.6449.1.3.5.2
+            Netscape Cert Type: 
+                S/MIME
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6449.1.2.1.1.1
+                  CPS: https://secure.comodo.net/CPS
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crl
+
+            Authority Information Access: 
+                CA Issuers - URI:http://crt.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crt
+                OCSP - URI:http://ocsp.comodoca.com
+
+            X509v3 Subject Alternative Name: 
+                email:wtc@google.com
+    Signature Algorithm: sha1WithRSAEncryption
+         62:4c:6b:d9:de:0e:56:66:74:ac:b2:08:ef:d4:9f:f7:02:d7:
+         f0:80:7a:ad:91:19:d4:4e:1e:76:1d:34:fb:f9:c5:c3:5b:55:
+         83:af:5f:da:12:43:bf:e2:d2:4a:3b:aa:91:d6:0e:07:4b:ab:
+         57:c9:b8:d7:6b:cc:f9:33:85:d4:ea:40:06:09:30:15:8f:e9:
+         1a:0f:9d:b7:a4:4b:b5:a1:f5:3a:90:71:93:ae:ab:e1:84:1c:
+         d8:d5:1c:2c:87:df:3a:5e:e8:5a:75:21:d8:45:41:5e:db:ba:
+         9c:f3:50:c9:08:1f:e5:d5:e7:55:0a:25:cd:86:88:41:83:2f:
+         b3:ee:39:02:a6:34:52:fe:64:0a:72:6e:65:41:eb:f9:10:34:
+         65:40:3d:93:3e:68:6a:ea:68:c5:cb:09:09:78:be:a7:1e:fa:
+         6f:21:d8:0e:e3:8d:74:08:57:ef:17:f1:6d:50:66:a2:73:78:
+         10:81:65:bf:96:e4:82:8d:46:7b:e8:a1:fa:6f:33:90:d8:4f:
+         ec:1f:fe:6f:4b:bf:b1:67:2d:cc:e3:90:ef:87:d3:af:ef:d7:
+         3b:d7:14:56:b7:7a:1a:96:e4:8c:de:2b:a3:95:9d:a9:e5:31:
+         7b:c9:2c:ec:1f:82:06:7c:80:fa:14:da:71:3b:d1:47:84:8f:
+         01:e6:5a:8a
+-----BEGIN CERTIFICATE-----
+MIIFHjCCBAagAwIBAgIRAPAeh/T+tvAQ3H5l2vT7j+MwDQYJKoZIhvcNAQEFBQAw
+gZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYD
+VQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
+aWwgQ0EwHhcNMTIwNDI1MDAwMDAwWhcNMTMwNDI1MjM1OTU5WjAfMR0wGwYJKoZI
+hvcNAQkBFg53dGNAZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAPZQz4Ay7gUbagfFX3G8Z4FAY0Y1pCNsdzJX7MiwCxYOX7dCbt5v3oSf
+z4Fz7jCprEeMRyd4ievRFOmp/Qh0ASzc6k8KMILNtQJlVEKcrxQYp1bHxAB9wPZN
+l1iAV/X8LDZ4adbjfwUF/wgmHvXVYD8VXQYWKBGlXbXQWdEnqziOa2i2PcPL9Q1C
+NaFu9T9zEjOfR6VDL/PcAGEYP0p05NLoN+cZGIQ0SXjStU2QZU5voBNbL0c+DAQv
+/r2cwdHR8jb+3wfm7LhIxx8k9q+aNSqoEtupolDMDCik/GbyKKjC0fvqHljDFHDg
+GKQqBFSM0/MJLrd2o+sHevToOuMua7cCAwEAAaOCAd4wggHaMB8GA1UdIwQYMBaA
+FHoTTgB0W8Z4Y2QnwS/ioFu8ecV7MB0GA1UdDgQWBBTX0wnGYjTjKi1d8+m0sNpz
+Vel1KDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr
+BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/
+MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJl
+LmNvbW9kby5uZXQvQ1BTMFcGA1UdHwRQME4wTKBKoEiGRmh0dHA6Ly9jcmwuY29t
+b2RvY2EuY29tL0NPTU9ET0NsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1h
+aWxDQS5jcmwwgYgGCCsGAQUFBwEBBHwwejBSBggrBgEFBQcwAoZGaHR0cDovL2Ny
+dC5jb21vZG9jYS5jb20vQ09NT0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
+cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2Eu
+Y29tMBkGA1UdEQQSMBCBDnd0Y0Bnb29nbGUuY29tMA0GCSqGSIb3DQEBBQUAA4IB
+AQBiTGvZ3g5WZnSssgjv1J/3AtfwgHqtkRnUTh52HTT7+cXDW1WDr1/aEkO/4tJK
+O6qR1g4HS6tXybjXa8z5M4XU6kAGCTAVj+kaD523pEu1ofU6kHGTrqvhhBzY1Rws
+h986XuhadSHYRUFe27qc81DJCB/l1edVCiXNhohBgy+z7jkCpjRS/mQKcm5lQev5
+EDRlQD2TPmhq6mjFywkJeL6nHvpvIdgO4410CFfvF/FtUGaic3gQgWW/luSCjUZ7
+6KH6bzOQ2E/sH/5vS7+xZy3M45Dvh9Ov79c71xRWt3oaluSM3iujlZ2p5TF7ySzs
+H4IGfID6FNpxO9FHhI8B5lqK
+-----END CERTIFICATE-----