This applies GUIDs to certificate and key nicknames when

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 04d0b8e42175d639f286720d1290190078f77c21..3922b8839ce4260c6b54fbbef5ba56840ad3cc7e 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -31,6 +31,7 @@
 typedef struct x509_st X509;
 typedef struct x509_store_st X509_STORE;
 #elif defined(USE_NSS)
+#include "net/base/cert_type.h"

[wtc, 2011/12/08 00:07:43]

Remove this #include.

[Greg Spencer (Chromium), 2011/12/09 18:51:38]

Done.

 // Forward declaration; real one in <cert.h>
 struct CERTCertificateStr;
 #endif
@@ -147,6 +148,20 @@ class NET_EXPORT X509Certificate
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
   static X509Certificate* CreateFromBytes(const char* data, int length);
 
+#if defined(USE_NSS)
+  // Create an X509Certificate from the DER-encoded representation.
+  // |nickname| can be NULL if an auto-generated nickname is desired.
+  // Returns NULL on failure.
+  // This function differs from CreateFromBytesWithNickname in that it takes a

[wtc, 2011/12/08 00:07:43]

Typo: CreateFromBytesWithNickname => CreateFromBytes

[Greg Spencer (Chromium), 2011/12/09 18:51:38]

Done.

+  // nickname that will be used to set the PKCS#11 CKA_LABEL attribute on the
+  // created certificate.  NSS is the only certificate store that supports
+  // nicknames.

[wtc, 2011/12/08 00:07:43]

"NSS is the only certificate store that supports nicknames"
is confusing because the Windows system certificate store
also supports certificate nicknames (called "friendly names").

[Greg Spencer (Chromium), 2011/12/09 18:51:38]

I removed that statement from the comment.

+  // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
+  static X509Certificate* CreateFromBytesWithNickname(const char* data,
+                                                      int length,
+                                                      const char* nickname);
+#endif
+
   // Create an X509Certificate from the representation stored in the given
   // pickle.  The data for this object is found relative to the given
   // pickle_iter, which should be passed to the pickle's various Read* methods.
@@ -414,15 +429,27 @@ class NET_EXPORT X509Certificate
   // Returns true if two OSCertHandles refer to identical certificates.
   static bool IsSameOSCert(OSCertHandle a, OSCertHandle b);
 
-  // Creates an OS certificate handle from the BER-encoded representation.
+  // Creates an OS certificate handle from the DER-encoded representation.
   // Returns NULL on failure.
   static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
                                                   int length);
 
+#if defined(USE_NSS)
+  // Creates an OS certificate handle from the DER-encoded representation,
+  // with the given nickname.  NULL nickname will do the same thing as
+  // CreateOSCertHandleFromBytes.  Returns NULL on failure.
+  static OSCertHandle CreateOSCertHandleFromBytesWithNickname(
+      const char* data,
+      int length,
+      const char* nickname);
+#endif
+
   // Creates all possible OS certificate handles from |data| encoded in a
   // specific |format|. Returns an empty collection on failure.
   static OSCertHandles CreateOSCertHandlesFromBytes(
-      const char* data, int length, Format format);
+      const char* data,
+      int length,
+      Format format);
 
   // Duplicates (or adds a reference to) an OS certificate handle.
   static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);