Check configuration for L2TP/IPsec+certificate VPN network with UIData.

In the LT2P/IPsec + user certificate VPN flow, if the UIData does not
contain any certificate properties, it is possible that the certificate
properties are still configured by shill (e.g. the properties were
previously configured and saved in the shill profile). However,
client_cert::IsCertificateConfigured() did not take that into account,
which caused NetworkConnectionHandler::VerifyConfiguredAndConnect() to
always throw a 'configuration required' error and the VPN configuration
dialog to pop up even when all the credentials information was
available. Also, VPNRequiresCredentials didn't check the from the
Provider.PassphraseRequired property to see if shill expects a user
passphrase for the VPN connection. This CL fixes these issues.

BUG=307665
TEST=Verified the following scenarios:
1. Add a 'L2TP/IPsec + user certificate' VPN with 'Save identity and
   password' unchecked. Connect to the VPN once and then reboot the system.
   Reconnect to the VPN and verify that it prompts for credentials.
2. Repeat 1 but with 'Save identity and password' checked and verify
   that it reconnects without prompting for credentials.

R=pneubeck@chromium.org, stevenjb@chromium.org

Review URL: https://codereview.chromium.org/166063003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251410 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 15 insertions, 4 deletions

diff --git a/chromeos/network/client_cert_util.cc b/chromeos/network/client_cert_util.cc
index c62c9ab..ee1325c0 100644
--- a/chromeos/network/client_cert_util.cc
+++ b/chromeos/network/client_cert_util.cc
@@ -259,9 +259,15 @@ bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
       // OpenVPN generally requires a passphrase and we don't know whether or
       // not one is required, so always return false here.
       return false;
-    case CONFIG_TYPE_IPSEC:
-      // IPSec may require a passphrase, so return false here also.
-      return false;
+    case CONFIG_TYPE_IPSEC: {
+      if (!provider_properties)
+        return false;
+
+      std::string client_cert_id;
+      provider_properties->GetStringWithoutPathExpansion(
+          shill::kL2tpIpsecClientCertIdProperty, &client_cert_id);
+      return !client_cert_id.empty();
+    }
     case CONFIG_TYPE_EAP: {
       std::string cert_id = GetStringFromDictionary(
           service_properties, shill::kEapCertIdProperty);
diff --git a/chromeos/network/network_connection_handler.cc b/chromeos/network/network_connection_handler.cc
index db4b560..decccfd 100644
--- a/chromeos/network/network_connection_handler.cc
+++ b/chromeos/network/network_connection_handler.cc
@@ -70,13 +70,18 @@ bool VPNRequiresCredentials(const std::string& service_path,
     NET_LOG_EVENT("OpenVPN Is Configured", service_path);
   } else {
     bool passphrase_required = false;
-    std::string passphrase;
     provider_properties.GetBooleanWithoutPathExpansion(
         shill::kL2tpIpsecPskRequiredProperty, &passphrase_required);
     if (passphrase_required) {
       NET_LOG_EVENT("VPN: PSK Required", service_path);
       return true;
     }
+    provider_properties.GetBooleanWithoutPathExpansion(
+        shill::kPassphraseRequiredProperty, &passphrase_required);
+    if (passphrase_required) {
+      NET_LOG_EVENT("VPN: Passphrase Required", service_path);
+      return true;
+    }
     NET_LOG_EVENT("VPN Is Configured", service_path);
   }
   return false;