Use correct slot id for client certs in network config.

- Now all client cert related Shill properties are set through client_cert_util.*
- Slot id is obtained from the slot in which the private key is stored
- All client cert pattern resolution now happens in ClientCertResolver

BUG=358366

Review URL: https://codereview.chromium.org/421113002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@286583 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 9 deletions

diff --git a/chromeos/cert_loader.cc b/chromeos/cert_loader.cc
index 8c222795..337c70e 100644
--- a/chromeos/cert_loader.cc
+++ b/chromeos/cert_loader.cc
@@ -84,14 +84,6 @@ void CertLoader::RemoveObserver(CertLoader::Observer* observer) {
   observers_.RemoveObserver(observer);
 }
 
-int CertLoader::TPMTokenSlotID() const {
-  if (!database_)
-    return -1;
-  crypto::ScopedPK11Slot slot(database_->GetPrivateSlot());
-  DCHECK(slot);
-  return static_cast<int>(PK11_GetSlotID(slot.get()));
-}
-
 bool CertLoader::IsHardwareBacked() const {
   if (force_hardware_backed_for_test_)
     return true;
@@ -122,13 +114,19 @@ bool CertLoader::CertificatesLoading() const {
 // is shared between a certificate and its associated private and public
 // keys.  I tried to implement this with PK11_GetLowLevelKeyIDForCert(),
 // but that always returns NULL on Chrome OS for me.
-std::string CertLoader::GetPkcs11IdForCert(const net::X509Certificate& cert) {
+std::string CertLoader::GetPkcs11IdAndSlotForCert(
+    const net::X509Certificate& cert,
+    int* slot_id) {
+  DCHECK(slot_id);
+
   CERTCertificateStr* cert_handle = cert.os_cert_handle();
   SECKEYPrivateKey *priv_key =
       PK11_FindKeyByAnyCert(cert_handle, NULL /* wincx */);
   if (!priv_key)
     return std::string();
 
+  *slot_id = static_cast<int>(PK11_GetSlotID(priv_key->pkcs11Slot));
+
   // Get the CKA_ID attribute for a key.
   SECItem* sec_item = PK11_GetLowLevelKeyIDForPrivateKey(priv_key);
   std::string pkcs11_id;