This applies GUIDs to certificate and key nicknames when

net/base/cert_database_nss.cc

Index: net/base/cert_database_nss.cc
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index 817372d28e0006e999973ec932dde3abd15a4054..a32f9ec1f763f17af25b7d52ff7eef6b204a3bbd 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -17,6 +17,7 @@
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/base/x509_certificate.h"
+#include "net/base/x509_util_nss.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
 #include "net/third_party/mozilla_security_manager/nsPKCS12Blob.h"
@@ -66,28 +67,12 @@ int CertDatabase::AddUserCert(X509Certificate* cert_obj) {
   PK11SlotInfo* slot = NULL;
   std::string nickname;
 
-  // Create a nickname for this certificate.
-  // We use the scheme used by Firefox:
-  // --> <subject's common name>'s <issuer's common name> ID.
-
-  std::string username, ca_name;
-  char* temp_username = CERT_GetCommonName(&cert->subject);
-  char* temp_ca_name = CERT_GetCommonName(&cert->issuer);
-  if (temp_username) {
-    username = temp_username;
-    PORT_Free(temp_username);
-  }
-  if (temp_ca_name) {
-    ca_name = temp_ca_name;
-    PORT_Free(temp_ca_name);
-  }
-  nickname = username + "'s " + ca_name + " ID";
-
   {
     crypto::AutoNSSWriteLock lock;
-    slot = PK11_ImportCertForKey(cert,
-                                 const_cast<char*>(nickname.c_str()),
-                                 NULL);
+    slot = PK11_ImportCertForKey(

[wtc, 2011/12/08 00:07:43]

Please add a CHECK (non-debug assertion) here to assert that
x509_util::GetCertType(root) is USER_CERT.

[Greg Spencer (Chromium), 2011/12/09 18:51:38]

Now that we are supplying the cert type to GetDefaultNickname (as it is now
called), I don't think the CHECK is needed.

+        cert,
+        x509_util::GetDefaultCertificateLabel(cert_obj).c_str(),
+        NULL);
   }
 
   if (!slot) {
@@ -161,11 +146,13 @@ int CertDatabase::ImportFromPKCS12(
     CryptoModule* module,
     const std::string& data,
     const string16& password,
-    bool is_extractable) {
+    bool is_extractable,
+    net::CertificateList* imported_certs) {
   int result = psm::nsPKCS12Blob_Import(module->os_module_handle(),
                                         data.data(), data.size(),
                                         password,
-                                        is_extractable);
+                                        is_extractable,
+                                        imported_certs);
   if (result == net::OK)
     CertDatabase::NotifyObserversOfUserCertAdded(NULL);
 
@@ -328,13 +315,6 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
   return true;
 }
 
-bool CertDatabase::DeleteCertAndKeyByLabel(const std::string& label) {
-  // TODO(gspencer):Find the certificate with the given CKA_LABEL
-  // (nickname), and delete it.
-  NOTIMPLEMENTED();
-  return false;
-}
-
 bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {
   PK11SlotInfo* slot = cert->os_cert_handle()->slot;
   return slot && PK11_IsReadOnly(slot);