From e78a1008a5768630bc3c2c128f22184af2ec00a1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 1 Jun 2012 11:58:42 +0100 Subject: [PATCH] Export parse_pkcs12() as gnutls_pkcs12_parse() Signed-off-by: Nikos Mavrogiannopoulos --- lib/gnutls_x509.c | 63 ++++++++++++++++++++++++++++++------ lib/includes/gnutls/pkcs12.h | 8 +++++ lib/libgnutls.map | 1 + 3 files changed, 62 insertions(+), 10 deletions(-) diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index b73a28c7ad..9e73d37aff 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1832,15 +1832,58 @@ gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, #include -static int -parse_pkcs12 (gnutls_certificate_credentials_t res, - gnutls_pkcs12_t p12, - const char *password, - gnutls_x509_privkey_t * key, - gnutls_x509_crt_t * cert, - gnutls_x509_crt_t ** extra_certs_ret, - unsigned int * extra_certs_ret_len, - gnutls_x509_crl_t * crl) +/** + * gnutls_pkcs12_parse: + * @res: is a #gnutls_certificate_credentials_t structure. + * @p12: the PKCS#12 blob. + * @password: optional password used to decrypt PKCS#12 blob, bags and keys. + * @key: a structure to store the parsed private key. + * @cert: a structure to store the parsed certificate. + * @extra_certs_ret: optional pointer to receive an array of additional + * certificates found in the PKCS#12 blob. + * @extra_certs_ret_len: will be updated with the number of additional + * certs. + * @crl: a structure to store the parsed CRL. + * + * This function parses a PKCS#12 blob in @p12blob and extracts the + * private key, the corresponding certificate, and any additional + * certificates and a CRL. + * + * The @extra_certs_ret and @extra_certs_ret_len parameters are optional + * and both may be set to %NULL. If either is non-%NULL, then both must + * be. + * + * MAC:ed PKCS#12 files are supported. Encrypted PKCS#12 bags are + * supported. Encrypted PKCS#8 private keys are supported. However, + * only password based security, and the same password for all + * operations, are supported. + * + * The private keys may be RSA PKCS#1 or DSA private keys encoded in + * the OpenSSL way. + * + * PKCS#12 file may contain many keys and/or certificates, and there + * is no way to identify which key/certificate pair you want. You + * should make sure the PKCS#12 file only contain one key/certificate + * pair and/or one CRL. + * + * It is believed that the limitations of this function is acceptable + * for most usage, and that any more flexibility would introduce + * complexity that would make it harder to use this functionality at + * all. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + * + * Since: 2.8.0 + **/ +int +gnutls_pkcs12_parse (gnutls_certificate_credentials_t res, + gnutls_pkcs12_t p12, + const char *password, + gnutls_x509_privkey_t * key, + gnutls_x509_crt_t * cert, + gnutls_x509_crt_t ** extra_certs_ret, + unsigned int * extra_certs_ret_len, + gnutls_x509_crl_t * crl) { gnutls_pkcs12_bag_t bag = NULL; gnutls_x509_crt_t *extra_certs = NULL; @@ -2302,7 +2345,7 @@ int } } - ret = parse_pkcs12 (res, p12, password, &key, &cert, NULL, NULL, &crl); + ret = gnutls_pkcs12_parse (res, p12, password, &key, &cert, NULL, NULL, &crl); gnutls_pkcs12_deinit (p12); if (ret < 0) { diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h index 91a1c69f9a..5fa007ffca 100644 --- a/lib/includes/gnutls/pkcs12.h +++ b/lib/includes/gnutls/pkcs12.h @@ -57,6 +57,14 @@ extern "C" int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass); int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, unsigned int flags); + int gnutls_pkcs12_parse (gnutls_certificate_credentials_t res, + gnutls_pkcs12_t p12, + const char *password, + gnutls_x509_privkey_t * key, + gnutls_x509_crt_t * cert, + gnutls_x509_crt_t ** extra_certs_ret, + unsigned int * extra_certs_ret_len, + gnutls_x509_crl_t * crl); /** * gnutls_pkcs12_bag_type_t: diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 7ac20a4ede..8a9b390c0a 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -797,6 +797,7 @@ GNUTLS_3_1_0 { gnutls_x509_trust_list_add_system_trust; gnutls_x509_trust_list_add_trust_file; gnutls_x509_trust_list_add_trust_mem; + gnutls_pkcs12_parse; } GNUTLS_3_0_0; GNUTLS_PRIVATE { -- 2.47.3