entd: Upon finding multiple matching certs, pick one

Instead of erroring out like there are no certs when multiple exist,
pick one assuming all are the same.  This may help some users who
get in cycles of needing to reinstall certs on every logout/login.
I think flimflam multiprofile will also fix them since Google-A
doesn't need to be re-setup every time you log in by entd.

1) it shows correct status when only one cert is installed
2) it shows "Installed." when multiple certs are installed

To install multiple certs:
Install certificate as usual
openssl pkcs12 -in /home/chronos/user/Downloads/clientCert.p12  -out file.pem
// split file.pem into a .crt and .key file by hand (pem format)
openssl rsa -in /tmp/foo.key -out /tmp/foo.keyder -outform der
openssl x509 -in /tmp/foo.crt -out /tmp/foo.der -outform der
pkcs11-tool --module=/usr/lib/opencryptoki/PKCS11_API.so -O -p 111111 -y privkey -w /tmp/foo.keyder -a 'whatever' -d 03
pkcs11-tool --module=/usr/lib/opencryptoki/PKCS11_API.so -O -p 111111 -y cert -w /tmp/foo.der -a 'whatever' -d 03

Unfortunately this installs a cert that won't work with Google-A.  In my testing, I believe WPA supplicant is picking
that cert and reject occurs.

Change-Id: Ia95e8a3bd3824457bc0bb4703850b308a889104e
Reviewed-on: http://gerrit.chromium.org/gerrit/4628
Reviewed-by: Robert Ginda <rginda@chromium.org>
Reviewed-by: Ken Mixter <kmixter@chromium.org>
Tested-by: Ken Mixter <kmixter@chromium.org>
1 file changed