Refactor the client certificate code in chromeos/network/.

chromeos/network/network_connection_handler.cc

Index: chromeos/network/network_connection_handler.cc
diff --git a/chromeos/network/network_connection_handler.cc b/chromeos/network/network_connection_handler.cc
index 66e8d4fc4356a46466c07d010df7796da9c31b76..c765ee5bf122eb2f245214cbd342fcbc23ed8b17 100644
--- a/chromeos/network/network_connection_handler.cc
+++ b/chromeos/network/network_connection_handler.cc
@@ -11,7 +11,7 @@
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/shill_manager_client.h"
 #include "chromeos/dbus/shill_service_client.h"
-#include "chromeos/network/certificate_pattern_matcher.h"
+#include "chromeos/network/client_cert_util.h"
 #include "chromeos/network/managed_network_configuration_handler.h"
 #include "chromeos/network/network_configuration_handler.h"
 #include "chromeos/network/network_event_log.h"
@@ -420,8 +420,6 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect(
     // TODO(stevenjb): Remove this code once NetworkConfigurationHandler
     // handles this.
     NET_LOG_EVENT("Configuring Network", service_path);
-    const std::string& tpm_slot = cert_loader_->tpm_token_slot();
-    const std::string& tpm_pin = cert_loader_->tpm_user_pin();
     base::DictionaryValue config_properties;
     // Set configuration properties required by Shill to identify the network.
     config_properties.SetStringWithoutPathExpansion(
@@ -433,13 +431,17 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect(
     CopyStringFromDictionary(service_properties, flimflam::kGuidProperty,
                              &config_properties);
 
+    client_cert::ConfigType client_cert_type =
+        client_cert::CONFIG_TYPE_OPENVPN;      // Initialize to arbitrary
+                                               // value.

[stevenjb, 2013/08/07 19:24:47]

nit: Only 2 spaces before cpmment, and maybe use "Init" to fit trailing comment
on one line

[pneubeck (no reviews), 2013/08/08 11:28:29]

Done.

     if (type == flimflam::kTypeVPN) {
       // VPN Provider values are read from the "Provider" dictionary, not the
       // "Provider.Type", etc keys (which are used only to set the values).
       std::string provider_type;
-      const base::DictionaryValue* provider_properties;
-      if (service_properties.GetDictionaryWithoutPathExpansion(
-              flimflam::kProviderProperty, &provider_properties)) {
+      const base::DictionaryValue* provider_properties = NULL;
+      service_properties.GetDictionaryWithoutPathExpansion(
+          flimflam::kProviderProperty, &provider_properties);
+      if (provider_properties) {
         provider_properties->GetStringWithoutPathExpansion(
             flimflam::kTypeProperty, &provider_type);
       }
@@ -447,29 +449,18 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect(
         ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType);
         return;
       }
-      if (provider_type == flimflam::kProviderOpenVpn) {
-        config_properties.SetStringWithoutPathExpansion(
-            flimflam::kOpenVPNClientCertSlotProperty, tpm_slot);
-        config_properties.SetStringWithoutPathExpansion(
-            flimflam::kOpenVPNPinProperty, tpm_pin);
-        config_properties.SetStringWithoutPathExpansion(
-            flimflam::kOpenVPNClientCertIdProperty, pkcs11_id);
-      } else {
-        config_properties.SetStringWithoutPathExpansion(
-            flimflam::kL2tpIpsecClientCertSlotProperty, tpm_slot);
-        config_properties.SetStringWithoutPathExpansion(
-            flimflam::kL2tpIpsecPinProperty, tpm_pin);
-        config_properties.SetStringWithoutPathExpansion(
-            flimflam::kL2tpIpsecClientCertIdProperty, pkcs11_id);
-      }
+      if (provider_type == flimflam::kProviderOpenVpn)
+        client_cert_type = client_cert::CONFIG_TYPE_OPENVPN;
+      else
+        client_cert_type = client_cert::CONFIG_TYPE_IPSEC;
     } else if (type == flimflam::kTypeWifi) {
-      config_properties.SetStringWithoutPathExpansion(
-          flimflam::kEapPinProperty, cert_loader_->tpm_user_pin());
-      config_properties.SetStringWithoutPathExpansion(
-          flimflam::kEapCertIdProperty, pkcs11_id);
-      config_properties.SetStringWithoutPathExpansion(
-          flimflam::kEapKeyIdProperty, pkcs11_id);
+      client_cert_type = client_cert::CONFIG_TYPE_EAP;
     }
+    client_cert::SetShillProperties(client_cert_type,
+                                    cert_loader_->tpm_token_slot(),
+                                    cert_loader_->tpm_user_pin(),
+                                    pkcs11_id,
+                                    &config_properties);
     network_configuration_handler_->SetProperties(
         service_path,
         config_properties,
@@ -597,10 +588,11 @@ bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data,
 
   // Find the matching certificate.
   scoped_refptr<net::X509Certificate> matching_cert =
-      certificate_pattern::GetCertificateMatch(ui_data->certificate_pattern());
+      client_cert::GetCertificateMatch(ui_data->certificate_pattern());
   if (!matching_cert.get())
     return false;
-  *pkcs11_id = cert_loader_->GetPkcs11IdForCert(*matching_cert.get());
+  if (cert_loader_->IsHardwareBacked())
+    *pkcs11_id = CertLoader::GetPkcs11IdForCert(*matching_cert.get());
   return true;
 }