added gnutls_pkcs12_bag_set_privkey()

Conflicts:
	lib/libgnutls.map

diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index 0465423bb769aa3f501a429743c282605e9429bc..1442b33bd99d7ab78fe655eea1fd97ccdbc39d31 100644 (file)
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -121,6 +121,11 @@ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag,
 int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag,
                              gnutls_x509_crt_t crt);
 
+int
+gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag,
+                             gnutls_x509_privkey_t privkey,
+                             const char *password, unsigned flags);
+
 int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag);
 void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag);
 int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag);

diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 26cae17b7f6b8c17f3550ec16d6f227e8077795c..0dd9de02464836759755f3241d0bc5282fc5e142 100644 (file)
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1059,6 +1059,7 @@ GNUTLS_3_1_0 {
        gnutls_aead_cipher_deinit;
        gnutls_dh_params_import_raw2;
        gnutls_memset;
+       gnutls_pkcs12_bag_set_privkey;
 } GNUTLS_3_0_0;
 
 GNUTLS_FIPS140 {

diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index 6a0e27a0c8682e2e364e44a3182ae7628f2cfb4d..c285ef533980a8defeb15dd9633cd1552f7900b2 100644 (file)
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -854,3 +854,53 @@ gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, unsign
 
        return 0;
 }
+
+/**
+ * gnutls_pkcs12_bag_set_privkey:
+ * @bag: The bag
+ * @privkey: the private key to be copied.
+ * @password: the password to protect the key with (may be %NULL)
+ * @flags: should be one of #gnutls_pkcs_encrypt_flags_t elements bitwise or'd
+ *
+ * This function will insert the given private key into the
+ * bag. This is just a wrapper over gnutls_pkcs12_bag_set_data().
+ *
+ * Returns: the index of the added bag on success, or a negative
+ * value on failure.
+ **/
+int
+gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag, gnutls_x509_privkey_t privkey,
+                             const char *password, unsigned flags)
+{
+       int ret;
+       gnutls_datum_t data = {NULL, 0};
+
+       if (bag == NULL) {
+               gnutls_assert();
+               return GNUTLS_E_INVALID_REQUEST;
+       }
+
+       ret = gnutls_x509_privkey_export2_pkcs8(privkey, GNUTLS_X509_FMT_DER,
+                                               password, flags, &data);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
+
+       if (password == NULL) {
+               ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_PKCS8_KEY, &data);
+               if (ret < 0) {
+                       gnutls_assert();
+                       goto cleanup;
+               }
+       } else {
+               ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
+               if (ret < 0) {
+                       gnutls_assert();
+                       goto cleanup;
+               }
+       }
+
+ cleanup:
+       _gnutls_free_datum(&data);
+
+       return ret;
+}