Generate unique certificate nicknames on Linux/CrOS.

net/cert/x509_util_nss.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_X509_UTIL_NSS_H_
 #define NET_CERT_X509_UTIL_NSS_H_
 
 #include <string>
 #include <vector>
 
 #include "base/time.h"
 #include "net/base/net_export.h"
 #include "net/cert/x509_certificate.h"
 
 class PickleIterator;
 
 typedef struct CERTCertificateStr CERTCertificate;
 typedef struct CERTNameStr CERTName;
 typedef struct PLArenaPool PLArenaPool;
 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
 typedef struct SECItemStr SECItem;
 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
+typedef struct PK11SlotInfoStr PK11SlotInfo;

[wtc, 2013/05/22 20:58:45]

Nit: list this typedef in sorted order. (The original list
is almost sorted.)

 
 namespace net {
 
 namespace x509_util {
 
 // Creates a self-signed certificate containing |public_key|.  Subject, serial
 // number and validity period are given as parameters.  The certificate is
 // signed by |private_key|. The hashing algorithm for the signature is SHA-1.
 // |subject| is a distinguished name defined in RFC4514.
 NET_EXPORT_PRIVATE CERTCertificate* CreateSelfSignedCert(
@@ skipping 53 matching lines @@
     std::vector<CERTName*>* out);
 
 // Returns true iff a certificate is issued by any of the issuers listed
 // by name in |valid_issuers|.
 // |cert_chain| is the certificate's chain.
 // |valid_issuers| is a list of strings, where each string contains
 // a DER-encoded X.509 Distinguished Name.
 bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain,
                            const std::vector<CERTName*>& valid_issuers);
 
+// Generates a unique nickname for |slot|, returning |nickname| if it is
+// already unique.
+//
+// Note: The nickname returned will NOT include the token name, and must
+// be prepended if calling an NSS function that expects <token>:<nickname>.

[wtc, 2013/05/22 20:58:45]

Nit: this should be
  ..., and the token name must be prepended ...
           ^^^^^^^^^^^^^^

Nit: document how the function uses the |subject| input.

+// TODO(gspencer): Internationalize this: it's wrong to hard-code English.

[wtc, 2013/05/22 20:58:45]

We need to describe how we make the nickname unique (by
appending "  #%d") to provide some context for this TODO
comment.  I guess #2, #3, etc. are only used in English?
(They are not used in Chinese.)

[Ryan Sleevi, 2013/05/22 23:20:19]

I wanted to try to avoid describing in the header what the format is, other than
"it's unique"

And the internationalization applies not only to the #1/#2, but things like RTL
and how numbers are expressed.

+std::string GetUniqueNicknameForSlot(const std::string& nickname,
+                                     SECItem* subject,

[wtc, 2013/05/22 20:58:45]

Nit: this should ideally be a const pointer. We will need
a const_cast when we pass this to the NSS function though.

[Ryan Sleevi, 2013/05/22 23:20:19]

Sure, fixed.

+                                     PK11SlotInfo* slot);
 #endif  // defined(USE_NSS) || defined(OS_IOS)
 
 } // namespace x509_util
 
 } // namespace net
 
 #endif  // NET_CERT_X509_UTIL_NSS_H_