This applies GUIDs to certificate and key nicknames when

net/base/x509_certificate_nss.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include <cert.h>
 #include <cryptohi.h>
+#include <keyhi.h>

[wtc, 2011/12/08 00:07:43]

The new code you added doesn't seem to require <keyhi.h>.
So I believe this #include can be removed.

[Greg Spencer (Chromium), 2011/12/09 18:51:38]

Done.

 #include <nss.h>
 #include <pk11pub.h>
 #include <prerror.h>
 #include <prtime.h>
 #include <secder.h>
 #include <secerr.h>
 #include <sechash.h>
 #include <sslerr.h>
 
 #include "base/logging.h"
@@ skipping 640 matching lines @@
 void AppendPublicKeyHashes(CERTCertList* cert_list,
                            CERTCertificate* root_cert,
                            std::vector<SHA1Fingerprint>* hashes) {
   for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
        !CERT_LIST_END(node, cert_list);
        node = CERT_LIST_NEXT(node)) {
     hashes->push_back(CertPublicKeyHash(node->cert));
   }
   hashes->push_back(CertPublicKeyHash(root_cert));
 }
-

[wtc, 2011/12/08 00:07:43]

Nit: add this blank line back.  This matches the blank line
on line 35 above.

[Greg Spencer (Chromium), 2011/12/09 18:51:38]

Done.

 }  // namespace
 
 void X509Certificate::Initialize() {
   ParsePrincipal(&cert_handle_->subject, &subject_);
   ParsePrincipal(&cert_handle_->issuer, &issuer_);
 
   ParseDate(&cert_handle_->validity.notBefore, &valid_start_);
   ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_);
 
   fingerprint_ = CalculateFingerprint(cert_handle_);
   ca_fingerprint_ = CalculateCAFingerprint(intermediate_ca_certs_);
 
   serial_number_ = std::string(
       reinterpret_cast<char*>(cert_handle_->serialNumber.data),
       cert_handle_->serialNumber.len);
 }
 
 // static
+X509Certificate* X509Certificate::CreateFromBytesWithNickname(
+    const char* data,
+    int length,
+    const char* nickname) {
+  OSCertHandle cert_handle = CreateOSCertHandleFromBytesWithNickname(data,
+                                                                     length,
+                                                                     nickname);
+  if (!cert_handle)
+    return NULL;
+
+  X509Certificate* cert = CreateFromHandle(cert_handle, OSCertHandles());
+  FreeOSCertHandle(cert_handle);
+  return cert;
+}
+
+// static
 X509Certificate* X509Certificate::CreateSelfSigned(
     crypto::RSAPrivateKey* key,
     const std::string& subject,
     uint32 serial_number,
     base::TimeDelta valid_duration) {
   DCHECK(key);
 
   CERTCertificate* cert = x509_util::CreateSelfSignedCert(key->public_key(),
                                                           key->key(),
                                                           subject,
@@ skipping 217 matching lines @@
   DCHECK(a && b);
   if (a == b)
     return true;
   return a->derCert.len == b->derCert.len &&
       memcmp(a->derCert.data, b->derCert.data, a->derCert.len) == 0;
 }
 
 // static
 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
     const char* data, int length) {
+  return CreateOSCertHandleFromBytesWithNickname(data, length, NULL);
+}
+
+// static
+X509Certificate::OSCertHandle
+X509Certificate::CreateOSCertHandleFromBytesWithNickname(
+    const char* data, int length, const char* nickname) {
   if (length < 0)
     return NULL;
 
   crypto::EnsureNSSInit();
 
   if (!NSS_IsInitialized())
     return NULL;
 
   SECItem der_cert;
   der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
   der_cert.len  = length;
   der_cert.type = siDERCertBuffer;
 
   // Parse into a certificate structure.
-  return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL,
-                                 PR_FALSE, PR_TRUE);
+  X509Certificate::OSCertHandle result =
+      CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert,
+                              const_cast<char*>(nickname),
+                              PR_FALSE, PR_TRUE);
+
+  return result;
 }
 
 // static
 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
     const char* data, int length, Format format) {
   OSCertHandles results;
   if (length < 0)
     return results;
 
   crypto::EnsureNSSInit();
@@ skipping 88 matching lines @@
 
 // static
 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
                                                 Pickle* pickle) {
   return pickle->WriteData(
       reinterpret_cast<const char*>(cert_handle->derCert.data),
       cert_handle->derCert.len);
 }
 
 }  // namespace net