Reland: Fix imported server certs being distrusted in NSS 3.13.

chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 22 matching lines @@
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 
 #include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
 
+#include <certdb.h>
 #include <keyhi.h>
 #include <prprf.h>
 #include <unicode/uidna.h>
 
 #include "base/i18n/number_formatting.h"
 #include "base/string_number_conversions.h"
 #include "base/stringprintf.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/common/net/x509_certificate_model.h"
 #include "crypto/scoped_nss_types.h"
 #include "grit/generated_resources.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_util.h"
-#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
 #include "ui/base/l10n/l10n_util.h"
 
+#if !defined(CERTDB_TERMINAL_RECORD)
+/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD
+ * and marks CERTDB_VALID_PEER as deprecated.
+ * If we're using an older version, rename it ourselves.
+ */
+#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
+#endif
+
 namespace {
 
 std::string BMPtoUTF8(PRArenaPool* arena, unsigned char* data,
                       unsigned int len) {
   if (len % 2 != 0)
     return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR);
 
   unsigned int utf8_val_len = len * 3 + 1;
   std::vector<unsigned char> utf8_val(utf8_val_len);
   if (!PORT_UCS2_UTF8Conversion(PR_FALSE, data, len,
@@ skipping 962 matching lines @@
         rv = x509_certificate_model::ProcessRawBits(
             spki->subjectPublicKey.data, spki->subjectPublicKey.len);
         break;
     }
     SECKEY_DestroyPublicKey(key);
   }
   return rv;
 }
 
 net::CertType GetCertType(CERTCertificate *cert) {
-  nsNSSCertTrust trust(cert->trust);
-  if (cert->nickname && trust.HasAnyUser())
+  CERTCertTrust trust = {0};
+  CERT_GetCertTrust(cert, &trust);
+
+  unsigned all_flags = trust.sslFlags | trust.emailFlags |
+      trust.objectSigningFlags;
+
+  if (cert->nickname && (all_flags & CERTDB_USER))
     return net::USER_CERT;
-  if (trust.HasAnyCA() || CERT_IsCACert(cert, NULL))
+  if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, NULL))
     return net::CA_CERT;
-  if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
+  // TODO(mattm): http://crbug.com/128633.
+  if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
     return net::SERVER_CERT;
   return net::UNKNOWN_CERT;
 }
 
 }  // namespace mozilla_security_manager