Migrate Slot ID of client certs in network configuration.

chromeos/network/client_cert_util.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
 #define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 37 matching lines @@
   CertificatePattern pattern;
 };
 
 // Returns true only if any fields set in this pattern match exactly with
 // similar fields in the principal.  If organization_ or organizational_unit_
 // are set, then at least one of the organizations or units in the principal
 // must match.
 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,
                           const net::CertPrincipal& principal);
 
-// Returns the PKCS11 id part of |cert_id|, which is expected to be the value of
-// the Shill property kEapCertIdProperty or kEapKeyIdProperty.
-CHROMEOS_EXPORT std::string GetPkcs11IdFromEapCertId(
-    const std::string& cert_id);
+// Returns the PKCS11 and slot ID of |cert_id|, which is expected to be a
+// value of the Shill property kEapCertIdProperty or kEapKeyIdProperty, either
+// of format "<pkcs11_id>" or "<slot_id>:<pkcs11_id>".
+CHROMEOS_EXPORT std::string GetPkcs11AndSlotIdFromEapCertId(
+    const std::string& cert_id,
+    int* slot_id);
+
+// Reads the client certificate configuration from the Shill Service properties
+// |shill_properties|.
+// If such a configuration is found, the values |cert_config_type|, |tpm_slot|
+// and |pkcs11_id| are filled accordingly. In case of OpenVPN or because the
+// property was not set, |tpm_slot| will be set to -1.
+// If an error occurred or no client configuration is found, |cert_config_type|
+// will be set to CONFIG_TYPE_NONE, |tpm_slot| to -1 and |pkcs11_id| to the
+// empty string.
+CHROMEOS_EXPORT void GetClientCertFromShillProperties(
+    const base::DictionaryValue& shill_properties,
+    ConfigType* cert_config_type,
+    int* tpm_slot,
+    std::string* pkcs11_id);
 
 // Sets the properties of a client cert and the TPM slot that it's contained in.
 // |cert_config_type| determines which dictionary entries to set.
 CHROMEOS_EXPORT void SetShillProperties(const ConfigType cert_config_type,
                                         const int tpm_slot,
                                         const std::string& pkcs11_id,
                                         base::DictionaryValue* properties);
 
 // Like SetShillProperties but instead sets the properties to empty strings.
 // This should be used to clear previously set client certificate properties.
 CHROMEOS_EXPORT void SetEmptyShillProperties(const ConfigType cert_config_type,
                                              base::DictionaryValue* properties);
 
 // Returns true if all required configuration properties are set and not empty.
 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
                              const base::DictionaryValue& service_properties);
 
 // Determines the type of the CertificatePattern configuration, i.e. is it a
 // pattern within an EAP, IPsec or OpenVPN configuration.
 CHROMEOS_EXPORT void OncToClientCertConfig(
     const base::DictionaryValue& network_config,
     ClientCertConfig* cert_config);
 
 }  // namespace client_cert
 
 }  // namespace chromeos
 
 #endif  // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_