Give keys friendly names in NSS and OS X

net/third_party/mozilla_security_manager/nsKeygenHandler.cpp

 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
@@ skipping 30 matching lines @@
 #include "net/third_party/mozilla_security_manager/nsKeygenHandler.h"
 
 #include <pk11pub.h>
 #include <prerror.h>   // PR_GetError()
 #include <secmod.h>
 #include <secder.h>    // DER_Encode()
 #include <cryptohi.h>  // SEC_DerSignData()
 #include <keyhi.h>     // SECKEY_CreateSubjectPublicKeyInfo()
 
 #include "base/base64.h"
+#include "base/logging.h"
 #include "base/nss_util_internal.h"
 #include "base/nss_util.h"
-#include "base/logging.h"
+#include "base/string_util.h"
+#include "googleurl/src/gurl.h"
 
 namespace {
 
 // Template for creating the signed public key structure to be sent to the CA.
 DERTemplate SECAlgorithmIDTemplate[] = {
   { DER_SEQUENCE,
     0, NULL, sizeof(SECAlgorithmID) },
   { DER_OBJECT_ID,
     offsetof(SECAlgorithmID, algorithm), },
   { DER_OPTIONAL | DER_ANY,
@@ skipping 23 matching lines @@
 };
 
 }  // namespace
 
 namespace mozilla_security_manager {
 
 // This function is based on the nsKeygenFormProcessor::GetPublicKey function
 // in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp.
 std::string GenKeyAndSignChallenge(int key_size_in_bits,
                                    const std::string& challenge,
+                                   const GURL& url,
                                    bool stores_key) {
   // Key pair generation mechanism - only RSA is supported at present.
   PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;  // from nss/pkcs11t.h
 
   // Temporary structures used for generating the result
   // in the right format.
   PK11SlotInfo *slot = NULL;
   PK11RSAGenParams rsaKeyGenParams;  // Keygen parameters.
   SECOidTag algTag;  // used by SEC_DerSignData().
   SECKEYPrivateKey *privateKey = NULL;
@@ skipping 57 matching lines @@
                                       NULL);
   }
   LOG(INFO) << "done.";
 
   if (!privateKey) {
     LOG(INFO) << "Generation of Keypair failed!";
     isSuccess = false;
     goto failure;
   }
 
+  // Set friendly names for the keys.
+  if (url.has_host()) {
+    // TODO(davidben): Use something like "Key generated for
+    // example.com", but localize it.
+    const std::string& label = url.host();
+    {
+      base::AutoNSSWriteLock lock;
+      PK11_SetPublicKeyNickname(publicKey, label.c_str());
+      PK11_SetPrivateKeyNickname(privateKey, label.c_str());
+    }
+  }
+
   // The CA expects the signed public key in a specific format
   // Let's create that now.
 
   // Create a subject public key info from the public key.
   spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
   if (!spkInfo) {
     LOG(ERROR) << "Couldn't create SubjectPublicKeyInfo from public key";
     isSuccess = false;
     goto failure;
   }
@@ skipping 77 matching lines @@
     PORT_FreeArena(arena, PR_TRUE);
   }
   if (slot != NULL) {
     PK11_FreeSlot(slot);
   }
 
   return (isSuccess ? result_blob : std::string());
 }
 
 }  // namespace mozilla_security_manager