Add migration from CaCert NSS nicknames to PEM.

chromeos/network/network_state.cc

Index: chromeos/network/network_state.cc
diff --git a/chromeos/network/network_state.cc b/chromeos/network/network_state.cc
index 25407e2488ef86c365f456b21068e91019c7c0d8..80cd5d7f5f3ad1d9de018b2d259afdb475705280 100644
--- a/chromeos/network/network_state.cc
+++ b/chromeos/network/network_state.cc
@@ -66,7 +66,10 @@ NetworkState::NetworkState(const std::string& path)
       connectable_(false),
       passphrase_required_(false),
       activate_over_non_cellular_networks_(false),
-      cellular_out_of_credits_(false) {
+      cellular_out_of_credits_(false),
+      has_eap_ca_cert_nss_(false),
+      has_ipsec_ca_cert_nss_(false),
+      has_openvpn_ca_cert_nss_(false) {
 }
 
 NetworkState::~NetworkState() {
@@ -197,6 +200,35 @@ bool NetworkState::PropertyChanged(const std::string& key,
     // set, figure out whether we can use country_code_ with ConvertToUtf8().
     // crbug.com/233267.
     return GetStringValue(key, value, &country_code_);
+  } else if (key == flimflam::kEapCaCertNssProperty) {
+    std::string ca_cert_nss;
+    if (!value.GetAsString(&ca_cert_nss)) {
+      NET_LOG_ERROR("Failed to parse " + key, path());
+      return false;
+    }
+    has_eap_ca_cert_nss_ = !ca_cert_nss.empty();
+    return true;
+  } else if (key == flimflam::kL2tpIpsecCaCertNssProperty) {
+    std::string ca_cert_nss;
+    if (!value.GetAsString(&ca_cert_nss)) {
+      NET_LOG_ERROR("Failed to parse " + key, path());
+      return false;
+    }
+    has_ipsec_ca_cert_nss_ = !ca_cert_nss.empty();
+    return true;
+  } else if (key == flimflam::kProviderProperty) {
+    const DictionaryValue* dict = NULL;
+    value.GetAsDictionary(&dict);
+    if (!dict) {
+      NET_LOG_ERROR("Failed to parse " + key, path());
+      return false;
+    }
+
+    std::string ca_cert_nss;
+    dict->GetStringWithoutPathExpansion(flimflam::kOpenVPNCaCertNSSProperty,
+                                        &ca_cert_nss);
+    has_openvpn_ca_cert_nss_ = !ca_cert_nss.empty();
+    return true;
   }
   return false;
 }