cert viewer: remove "verified usages" section
This was using the NSS certificate verifier to check whether the
certificate could be verified for various usages. This could be
misleading since we do not use the NSS verifier anymore, and further it
does not consider the actual chain and other context the certificate
was verified with.
Just remove it rather than converting to use our verifier, as it does
not add any real value anyway. At best it is redundant with the
information from the security state / page info from loading the page,
at worst it could actually have conflicting results if the exact same
input state isn't used.
(cherry picked from commit 2e12de37f1f7451b4568c68c58bb07c26ca61368)
Bug: 953425, 1278589
Change-Id: I719e266e9004c7d144370ce09b5ef6b67811ff88
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3291617
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: John Lee <johntlee@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#943266}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3335190
Reviewed-by: Rebekah Potter <rbpotter@chromium.org>
Cr-Commit-Position: refs/branch-heads/4664@{#1295}
Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 48174df..a73a7b0 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -3095,34 +3095,18 @@
<message name="IDS_CERT_INFO_DETAILS_TAB_LABEL" desc="Title of the notebook page displaying the details about the certificate">
&Details
</message>
- <message name="IDS_CERT_INFO_VERIFIED_USAGES_GROUP" desc="The label of the group in the general page of the certificate info dialog which lists the usages that the certificate is verified for">
- This certificate has been verified for the following usages:
- </message>
<message name="IDS_CERT_USAGE_SSL_CLIENT" desc="The description of a certificate that is verified for use as an SSL client">
SSL Client Certificate
</message>
<message name="IDS_CERT_USAGE_SSL_SERVER" desc="The description of a certificate that is verified for use as an SSL server">
SSL Server Certificate
</message>
- <message name="IDS_CERT_USAGE_SSL_SERVER_WITH_STEPUP" desc="The description of a certificate that is verified for use as an SSL server with step up">
- SSL Server with Step-up
- </message>
- <message name="IDS_CERT_USAGE_EMAIL_SIGNER" desc="The description of a certificate that is verified for signing emails">
- Email Signer Certificate
- </message>
- <message name="IDS_CERT_USAGE_EMAIL_RECEIVER" desc="The description of a
- certificate that is verified for encrypting email">
- Email Encryption Certificate
- </message>
<message name="IDS_CERT_USAGE_OBJECT_SIGNER" desc="The description of a certificate that is verified for signing executable code">
Code Signer
</message>
<message name="IDS_CERT_USAGE_SSL_CA" desc="The description of a certificate that is verified for use by an SSL certification authority">
SSL Certification Authority
</message>
- <message name="IDS_CERT_USAGE_STATUS_RESPONDER" desc="The description of a certificate that is verified for use as a status responder">
- Status Responder Certificate
- </message>
<message name="IDS_CERT_INFO_IDN_VALUE_FORMAT" desc="The format of values for Common Name and SubjectAltName fields in the certificate info dialog when a name is an Internationalized Domain Name (eg, παράδειγμα.δοκιμή).">
<ph name="ASCII_NAME">$1<ex>xn--hxajbheg2az3al.xn--jxalpdlp</ex></ph> (<ph name="UNICODE_NAME">$2<ex>see desc; only ASCII allowed in ph.</ex></ph>)
</message>
diff --git a/chrome/browser/resources/certificate_viewer/certificate_viewer.css b/chrome/browser/resources/certificate_viewer/certificate_viewer.css
index 933a6bb..034c87ab 100644
--- a/chrome/browser/resources/certificate_viewer/certificate_viewer.css
+++ b/chrome/browser/resources/certificate_viewer/certificate_viewer.css
@@ -20,12 +20,6 @@
margin-top: 17px;
}
-#usages-title {
- /* Workaround until webkit bug https://bugs.webkit.org/show_bug.cgi?id=80537
- * is resolved. */
- padding-top: 17px;
-}
-
#tabbox {
height: 100%;
width: 100%;
@@ -35,7 +29,6 @@
overflow: auto;
}
-#usages,
#cert-field-value {
padding-inline-start: 15px;
white-space: pre-wrap;
@@ -54,7 +47,6 @@
display: table-row;
}
-#usages,
.groups > div > div {
color: #616161;
line-height: 18px;
diff --git a/chrome/browser/resources/certificate_viewer/certificate_viewer.html b/chrome/browser/resources/certificate_viewer/certificate_viewer.html
index 2757c2b..686195f 100644
--- a/chrome/browser/resources/certificate_viewer/certificate_viewer.html
+++ b/chrome/browser/resources/certificate_viewer/certificate_viewer.html
@@ -22,10 +22,6 @@
<tabpanels id="tabpanels" class="new-style-tabs">
<!-- General -->
<tabpanel id="general" aria-labelledby="general-tab">
- <!-- Usages -->
- <h3 id="usages-title" role="heading">$i18n{usages}</h3>
- <div id="usages"></div>
-
<div class="groups">
<!-- Issued to -->
<div>
diff --git a/chrome/browser/ui/webui/certificate_viewer_ui.cc b/chrome/browser/ui/webui/certificate_viewer_ui.cc
index e1a28321..dd638f3 100644
--- a/chrome/browser/ui/webui/certificate_viewer_ui.cc
+++ b/chrome/browser/ui/webui/certificate_viewer_ui.cc
@@ -30,7 +30,6 @@
{"details", IDS_CERT_INFO_DETAILS_TAB_LABEL},
{"close", IDS_CLOSE},
{"export", IDS_CERT_DETAILS_EXPORT_CERTIFICATE},
- {"usages", IDS_CERT_INFO_VERIFIED_USAGES_GROUP},
{"issuedTo", IDS_CERT_INFO_SUBJECT_GROUP},
{"issuedBy", IDS_CERT_INFO_ISSUER_GROUP},
{"cn", IDS_CERT_INFO_COMMON_NAME_LABEL},
diff --git a/chrome/browser/ui/webui/certificate_viewer_webui.cc b/chrome/browser/ui/webui/certificate_viewer_webui.cc
index 8e5b57f5..1537e5bf 100644
--- a/chrome/browser/ui/webui/certificate_viewer_webui.cc
+++ b/chrome/browser/ui/webui/certificate_viewer_webui.cc
@@ -204,11 +204,6 @@
base::DictionaryValue cert_info;
CERTCertificate* cert_hnd = nss_certs_.front().get();
- // Certificate usage.
- std::vector<std::string> usages;
- x509_certificate_model::GetUsageStrings(cert_hnd, &usages);
- cert_info.SetString("general.usages", base::JoinString(usages, "\n"));
-
// Standard certificate details.
const std::string alternative_text =
l10n_util::GetStringUTF8(IDS_CERT_INFO_FIELD_NOT_PRESENT);
diff --git a/chrome/common/net/x509_certificate_model_nss.cc b/chrome/common/net/x509_certificate_model_nss.cc
index c47c08e..e9092aca2 100644
--- a/chrome/common/net/x509_certificate_model_nss.cc
+++ b/chrome/common/net/x509_certificate_model_nss.cc
@@ -28,7 +28,6 @@
#include "chrome/grit/generated_resources.h"
#include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
#include "chrome/third_party/mozilla_security_manager/nsNSSCertificate.h"
-#include "chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h"
#include "components/url_formatter/url_formatter.h"
#include "crypto/nss_key_util.h"
#include "crypto/nss_util.h"
@@ -144,11 +143,6 @@
return psm::GetCertType(cert_handle);
}
-void GetUsageStrings(CERTCertificate* cert_handle,
- std::vector<string>* usages) {
- psm::GetCertUsageStrings(cert_handle, usages);
-}
-
string GetSerialNumberHexified(CERTCertificate* cert_handle,
const string& alternative_text) {
return Stringize(CERT_Hexify(&cert_handle->serialNumber, true),
diff --git a/chrome/common/net/x509_certificate_model_nss.h b/chrome/common/net/x509_certificate_model_nss.h
index d9f0d85..befcd1e 100644
--- a/chrome/common/net/x509_certificate_model_nss.h
+++ b/chrome/common/net/x509_certificate_model_nss.h
@@ -30,9 +30,6 @@
net::CertType GetType(CERTCertificate* cert_handle);
-void GetUsageStrings(CERTCertificate* cert_handle,
- std::vector<std::string>* usages);
-
std::string GetSerialNumberHexified(CERTCertificate* cert_handle,
const std::string& alternative_text);
diff --git a/chrome/third_party/mozilla_security_manager/BUILD.gn b/chrome/third_party/mozilla_security_manager/BUILD.gn
index 327dcc5..88b13b4 100644
--- a/chrome/third_party/mozilla_security_manager/BUILD.gn
+++ b/chrome/third_party/mozilla_security_manager/BUILD.gn
@@ -8,8 +8,6 @@
"nsNSSCertHelper.h",
"nsNSSCertificate.cpp",
"nsNSSCertificate.h",
- "nsUsageArrayHelper.cpp",
- "nsUsageArrayHelper.h",
]
deps = [
diff --git a/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.cpp b/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.cpp
deleted file mode 100644
index ef2bd414..0000000
--- a/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.cpp
+++ /dev/null
@@ -1,76 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * John Gardiner Myers <jgmyers@speakeasy.net>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h"
-
-#include <stddef.h>
-
-#include "base/cxx17_backports.h"
-#include "chrome/grit/generated_resources.h"
-#include "ui/base/l10n/l10n_util.h"
-
-namespace mozilla_security_manager {
-
-void GetCertUsageStrings(CERTCertificate* cert, std::vector<std::string>* out) {
- SECCertificateUsage usages = 0;
- // TODO(wtc): See if we should use X509Certificate::Verify instead.
- if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), cert, PR_TRUE,
- certificateUsageCheckAllUsages,
- NULL, &usages) == SECSuccess) {
- static const struct {
- SECCertificateUsage usage;
- int string_id;
- } usage_string_map[] = {
- {certificateUsageSSLClient, IDS_CERT_USAGE_SSL_CLIENT},
- {certificateUsageSSLServer, IDS_CERT_USAGE_SSL_SERVER},
- {certificateUsageSSLServerWithStepUp,
- IDS_CERT_USAGE_SSL_SERVER_WITH_STEPUP},
- {certificateUsageEmailSigner, IDS_CERT_USAGE_EMAIL_SIGNER},
- {certificateUsageEmailRecipient, IDS_CERT_USAGE_EMAIL_RECEIVER},
- {certificateUsageObjectSigner, IDS_CERT_USAGE_OBJECT_SIGNER},
- {certificateUsageSSLCA, IDS_CERT_USAGE_SSL_CA},
- {certificateUsageStatusResponder, IDS_CERT_USAGE_STATUS_RESPONDER},
- };
- for (size_t i = 0; i < base::size(usage_string_map); ++i) {
- if (usages & usage_string_map[i].usage)
- out->push_back(l10n_util::GetStringUTF8(
- usage_string_map[i].string_id));
- }
- }
-}
-
-} // namespace mozilla_security_manager
diff --git a/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h b/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h
deleted file mode 100644
index 31ba550..0000000
--- a/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * John Gardiner Myers <jgmyers@speakeasy.net>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSUSAGEARRAYHELPER_H_
-#define CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSUSAGEARRAYHELPER_H_
-
-#include <cert.h>
-
-#include <string>
-#include <vector>
-
-namespace mozilla_security_manager {
-
-// Based on nsUsageArrayHelper::GetUsagesArray.
-void GetCertUsageStrings(CERTCertificate* cert, std::vector<std::string>* out);
-
-} // namespace mozilla_security_manager
-
-#endif // CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSUSAGEARRAYHELPER_H_