This applies GUIDs to certificate and key nicknames when

chrome/browser/chromeos/cros/onc_network_parser.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_CROS_ONC_NETWORK_PARSER_H_
 #define CHROME_BROWSER_CHROMEOS_CROS_ONC_NETWORK_PARSER_H_
 #pragma once
 
 #include <string>
 
 #include "base/compiler_specific.h"  // for OVERRIDE
+#include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/cros/network_parser.h"
 
 namespace base {
 class DictionaryValue;
 class ListValue;
 class Value;
 }
 
+namespace net {
+class X509Certificate;
+typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
+}
+
 namespace chromeos {
 
 // This is a simple representation of the signature of an ONC typed
 // field, used in validation and translation.  It could be extended
 // to include more complex rules of when the field is required/optional,
 // as well as to handle "enum" types, which are strings with a small
 // static set of possible values.
 struct OncValueSignature {
   const char* field;
   PropertyIndex index;
@@ skipping 13 matching lines @@
                                 const base::Value&,
                                 Network*);
 
   explicit OncNetworkParser(const std::string& onc_blob);
   virtual ~OncNetworkParser();
   static const EnumMapper<PropertyIndex>* property_mapper();
 
   // Returns the number of networks in the "NetworkConfigs" list.
   int GetNetworkConfigsSize() const;
 
-  // Returns the number of certificates in the "Certificates" list.
-  int GetCertificatesSize() const;
-
   // Call to create the network by parsing network config in the nth position.
   // (0-based). Returns NULL if there's a parse error or if n is out of range.
   Network* ParseNetwork(int n);
 
+  // Returns the number of certificates in the "Certificates" list.
+  int GetCertificatesSize() const;
+
   // Call to parse and import the nth certificate in the certificate
-  // list.  Returns false on failure.
-  bool ParseCertificate(int n);
+  // list into the certificate store.  Returns a NULL refptr if
+  // there's a parse error or if n is out of range.
+  scoped_refptr<net::X509Certificate> ParseCertificate(int n);
 
   virtual Network* CreateNetworkFromInfo(const std::string& service_path,
       const base::DictionaryValue& info) OVERRIDE;
 
   // Parses a nested ONC object with the given mapper and parser function.
   // If Value is not the proper type or there is an error in parsing
   // any individual field, VLOGs diagnostics, and returns false.
   bool ParseNestedObject(Network* network,
                          const std::string& onc_type,
                          const base::Value& value,
@@ skipping 22 matching lines @@
                                              PropertyIndex index,
                                              const base::Value& value,
                                              Network* network);
 
   // Issue a diagnostic and return false if a type mismatch is found.
   static bool CheckNetworkType(Network* network,
                                ConnectionType expected,
                                const std::string& onc_type);
 
  private:
-  bool ParseServerOrCaCertificate(
+  FRIEND_TEST_ALL_PREFIXES(OncNetworkParserTest, TestAddClientCertificate);
+  FRIEND_TEST_ALL_PREFIXES(OncNetworkParserTest, TestAddServerCertificate);
+  FRIEND_TEST_ALL_PREFIXES(OncNetworkParserTest, TestAddAuthorityCertificate);
+  scoped_refptr<net::X509Certificate> ParseServerOrCaCertificate(
     int cert_index,
     const std::string& cert_type,
+    const std::string& guid,
     base::DictionaryValue* certificate);
-  bool ParseClientCertificate(
+  scoped_refptr<net::X509Certificate> ParseClientCertificate(
     int cert_index,
+    const std::string& guid,
     base::DictionaryValue* certificate);
 
+  // This lists the certificates that have the string |label| as their
+  // certificate nickname (exact match).
+  static void ListCertsWithNickname(const std::string& label,
+                                    net::CertificateList* result);

[wtc, 2011/12/10 00:58:43]

Nit: you should also rename the first input parameter to
|nickname| in these two functions, now that you have renamed
the functions.

Nit: I think "exact match" doesn't need to be mentioned.
(A substring match would be non-obvious.)

+  // This deletes any certificate that has the string |label| as its
+  // nickname (exact match).
+  static bool DeleteCertAndKeyByNickname(const std::string& label);
+
   // Error message from the JSON parser, if applicable.
   std::string parse_error_;
 
   scoped_ptr<base::DictionaryValue> root_dict_;
   base::ListValue* network_configs_;
   base::ListValue* certificates_;
 
   DISALLOW_COPY_AND_ASSIGN(OncNetworkParser);
 };
 
@@ skipping 71 matching lines @@
                                 const base::Value& value,
                                 Network* network);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(OncVirtualNetworkParser);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_CROS_ONC_NETWORK_PARSER_H_