bug 1300305 - update preloaded HPKP information to deal with "Equifax Secure CA" removal DONTBUILD NPOTB r=Cykesiopka

The root with the nickname "Equifax Secure CA" was removed from NSS in bug 1296689 (confusingly, "Equifax Secure CA" doesn't appear in the subject DN of that certificate, which is "OU=Equifax Secure Certificate Authority,O=Equifax,C=US"). This removes the dependency on that root as well as fixes dumpGoogleRoots.js to automatically handle this sort of thing in the future. MozReview-Commit-ID: KIEPBnliufX --HG-- extra : rebase_source : 819b0168e28d73c66f2e23d19f513cce214bcc78
2016-09-06 10:45:48 -07:00 · 2016-09-06 10:45:48 -07:00 · 3b0bef8abb
--- a/security/manager/tools/PreloadedHPKPins.json
+++ b/security/manager/tools/PreloadedHPKPins.json
@ -150,7 +150,7 @@
        "Entrust Root Certification Authority - EC1",
        "Entrust Root Certification Authority - G2",
        "Entrust.net Premium 2048 Secure Server CA",
-        "Equifax Secure CA",
+        // "Equifax Secure Certificate Authority",
        "GeoTrust Global CA",
        "GeoTrust Global CA 2",
        "GeoTrust Primary Certification Authority",
--- a/security/manager/tools/dumpGoogleRoots.js
+++ b/security/manager/tools/dumpGoogleRoots.js
@ -57,14 +57,31 @@ function downloadRoots() {
  return roots;
 }

+function makeFormattedNickname(cert) {
+  if (cert.nickname.startsWith("Builtin Object Token:")) {
+    return `"${cert.nickname.substring("Builtin Object Token:".length)}"`;
+  }
+  // Otherwise, this isn't a built-in and we have to comment it out.
+  if (cert.commonName) {
+    return `// "${cert.commonName}"`;
+  }
+  if (cert.organizationalUnit) {
+    return `// "${cert.organizationalUnit}"`;
+  }
+  if (cert.organization) {
+    return `// "${cert.organization}"`;
+  }
+  throw new Error(`couldn't make nickname for ${cert.subjectName}`);
+}
+
 var roots = downloadRoots();
 var rootNicknames = [];
 for (var root of roots) {
-  rootNicknames.push(root.nickname.substring("Builtin Object Token:".length));
+  rootNicknames.push(makeFormattedNickname(root));
 }
 rootNicknames.sort(function(rootA, rootB) {
-  let rootALowercase = rootA.toLowerCase();
-  let rootBLowercase = rootB.toLowerCase();
+  let rootALowercase = rootA.toLowerCase().replace(/(^[^"]*")|"/g, "");
+  let rootBLowercase = rootB.toLowerCase().replace(/(^[^"]*")|"/g, "");
  if (rootALowercase < rootBLowercase) {
    return -1;
  }
@ -82,7 +99,7 @@ for (var nickname of rootNicknames) {
    dump(",\n");
  }
  first = false;
-  dump("        \"" + nickname + "\"");
+  dump("        " + nickname);
 }
 dump("\n");
 dump("      ]\n");