Parse an application/x-x509-user-cert response with

net/base/cert_database_nss.cc

Index: net/base/cert_database_nss.cc
===================================================================
--- net/base/cert_database_nss.cc	(revision 134554)
+++ net/base/cert_database_nss.cc	(working copy)
@@ -76,6 +76,17 @@
     LOG(ERROR) << "Couldn't import user certificate.";
     return ERR_ADD_USER_CERT_FAILED;
   }
+  const X509Certificate::OSCertHandles& intermediate_certs =
+      cert_obj->GetIntermediateCertificates();
+  for (size_t i = 0; i < intermediate_certs.size(); ++i) {
+    CERTCertificate* intermediate_cert = intermediate_certs[i];
+    // TODO(wtc): skip intermediate_cert if it is a self-signed root cert?
+    // It is not useful to import a root cert without trust settings.
+    char* nickname = CERT_MakeCANickname(intermediate_cert);
+    PK11_ImportCert(slot, intermediate_cert, CK_INVALID_HANDLE, nickname,
+                    PR_FALSE);
+    PORT_Free(nickname);
+  }
   PK11_FreeSlot(slot);
   CertDatabase::NotifyObserversOfUserCertAdded(cert_obj);
   return OK;