1431850 - simplify how nsCertTree chooses which certificates to display

Status: NEW

(Core :: Security: PSM, enhancement, P2)

Description

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

The way nsCertTree (the C++ backend for the certificate manager) chooses which certificates to add to its display is a bit more complicated than it needs to be. For one, nsCertTree::GetCertsByTypeFromCertList has a very tight coupling with nsCertOverrideService (to the point of casting the generic nsICertOverrideService to the concrete nsCertOverrideService). We should re-work this and be a bit more clear about what certificates are shown where. I'm thinking:

"Your Certificates": if there's a private key corresponding to a certificate, show it here

"People": if a certificate has an email address in its subject or san, show it here

"Servers": show all current certificate error overrides here

"Authorities": basically, if CERT_IsCACert returns true, show it here

(The "Others" tab will be removed in bug 1431791.)

Note that it may be possible for a single certificate to be shown in multiple tabs. This a) already happens (e.g. if a user imports a CA and also happens to have the private key for that CA) and b) is preferable to an overabundance of complicated code that attempts to prevent this.