This applies GUIDs to certificate and key nicknames when

net/base/x509_certificate.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 #pragma once
 
 #include <string.h>
 
 #include <string>
 #include <vector>
 
 #include "base/gtest_prod_util.h"
 #include "base/memory/ref_counted.h"
 #include "base/string_piece.h"
 #include "base/time.h"
+#include "net/base/cert_type.h"
 #include "net/base/net_export.h"
 #include "net/base/x509_cert_types.h"
 
 #if defined(OS_WIN)
 #include <windows.h>
 #include <wincrypt.h>
 #elif defined(OS_MACOSX)
 #include <CoreFoundation/CFArray.h>
 #include <Security/SecBase.h>
 
@@ skipping 111 matching lines @@
   // scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromDERCertChain(
       const std::vector<base::StringPiece>& der_certs);
 
   // Create an X509Certificate from the DER-encoded representation.
   // Returns NULL on failure.
   //
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromBytes(const char* data, int length);
 
+#if defined(USE_NSS)
+  // Create an X509Certificate from the DER-encoded representation.
+  // |nickname| can be NULL if an auto-generated nickname is desired.
+  // Returns NULL on failure.  The returned pointer must be stored in a
+  // scoped_refptr<X509Certificate>.
+  //
+  // This function differs from CreateFromBytes in that it takes a
+  // nickname that will be used when the certificate is imported into PKCS#11.
+  static X509Certificate* CreateFromBytesWithNickname(const char* data,
+                                                      int length,
+                                                      const char* nickname);
+
+  // The default nickname of the certificate, based on the certificate type
+  // passed in.  If this object was created using CreateFromBytesWithNickname,
+  // then this will return the nickname specified upon creation.
+  std::string GetDefaultNickname(CertType type) const;
+#endif
+
   // Create an X509Certificate from the representation stored in the given
   // pickle.  The data for this object is found relative to the given
   // pickle_iter, which should be passed to the pickle's various Read* methods.
   // Returns NULL on failure.
   //
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromPickle(const Pickle& pickle,
                                            void** pickle_iter,
                                            PickleType type);
 
@@ skipping 247 matching lines @@
   // Returns the OSCertHandle of this object. Because of caching, this may
   // differ from the OSCertHandle originally supplied during initialization.
   // Note: On Windows, CryptoAPI may return unexpected results if this handle
   // is used across multiple threads. For more details, see
   // CreateOSCertChainForCert().
   OSCertHandle os_cert_handle() const { return cert_handle_; }
 
   // Returns true if two OSCertHandles refer to identical certificates.
   static bool IsSameOSCert(OSCertHandle a, OSCertHandle b);
 
-  // Creates an OS certificate handle from the BER-encoded representation.
+  // Creates an OS certificate handle from the DER-encoded representation.
   // Returns NULL on failure.
   static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
                                                   int length);
 
+#if defined(USE_NSS)
+  // Creates an OS certificate handle from the DER-encoded representation.
+  // Returns NULL on failure.  Sets the default nickname if |nickname| is
+  // non-NULL.
+  static OSCertHandle CreateOSCertHandleFromBytesWithNickname(
+      const char* data,
+      int length,
+      const char* nickname);
+#endif
+
   // Creates all possible OS certificate handles from |data| encoded in a
   // specific |format|. Returns an empty collection on failure.
   static OSCertHandles CreateOSCertHandlesFromBytes(
-      const char* data, int length, Format format);
+      const char* data,
+      int length,
+      Format format);
 
   // Duplicates (or adds a reference to) an OS certificate handle.
   static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);
 
   // Frees (or releases a reference to) an OS certificate handle.
   static void FreeOSCertHandle(OSCertHandle cert_handle);
 
   // Calculates the SHA-1 fingerprint of the certificate.  Returns an empty
   // (all zero) fingerprint on failure.
   static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle);
@@ skipping 111 matching lines @@
   // The serial number of this certificate, DER encoded.
   std::string serial_number_;
 
   // A handle to the certificate object in the underlying crypto library.
   OSCertHandle cert_handle_;
 
   // Untrusted intermediate certificates associated with this certificate
   // that may be needed for chain building.
   OSCertHandles intermediate_ca_certs_;
 
+#if defined(USE_NSS)
+  // This stores any default nickname that has been set on the certificate
+  // at creation time with CreateFromBytesWithNickname.
+  // If this is empty, then GetDefaultNickname will return a generated name
+  // based on the type of the certificate.
+  std::string default_nickname_;
+#endif
+
 #if defined(OS_MACOSX)
   // Blocks multiple threads from verifying the cert simultaneously.
   // (Marked mutable because it's used in a const method.)
   mutable base::Lock verification_lock_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_