CRMFEncryptedKey *
CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
{
CRMFEncryptedKey *newEncrKey = NULL;
SECStatus rv;
PORT_Assert(inOpts != NULL);
if (inOpts == NULL ||
CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey) {
return NULL;
}
newEncrKey = PORT_ZNew(CRMFEncryptedKey);
if (newEncrKey == NULL) {
goto loser;
}
rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
newEncrKey);
if (rv != SECSuccess) {
goto loser;
}
return newEncrKey;
loser:
if (newEncrKey != NULL) {
CRMF_DestroyEncryptedKey(newEncrKey);
}
return NULL;
}
CRMFEncryptedKey *
CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
CERTCertificate *inCACert)
{
SECKEYPublicKey *caPubKey = NULL;
CRMFEncryptedKey *encKey = NULL;
PORT_Assert(inPrivKey != NULL && inCACert != NULL);
if (inPrivKey == NULL || inCACert == NULL) {
return NULL;
}
caPubKey = CERT_ExtractPublicKey(inCACert);
if (caPubKey == NULL) {
goto loser;
}
encKey = PORT_ZNew(CRMFEncryptedKey);
if (encKey == NULL) {
goto loser;
}
#ifdef DEBUG
{
CRMFEncryptedValue *dummy =
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
PORT_Assert(dummy == &encKey->value.encryptedValue);
}
#else
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
#endif
/* We won't add the der value here, but rather when it
* becomes part of a certificate request.
*/
SECKEY_DestroyPublicKey(caPubKey);
encKey->encKeyChoice = crmfEncryptedValueChoice;
return encKey;
loser:
if (encKey != NULL) {
CRMF_DestroyEncryptedKey(encKey);
}
if (caPubKey != NULL) {
SECKEY_DestroyPublicKey(caPubKey);
}
return NULL;
}