/**
* gnutls_privkey_export_pkcs11:
* @pkey: The private key
* @key: Location for the key to be exported.
*
* Converts the given abstract private key to a #gnutls_pkcs11_privkey_t
* type. The key must be of type %GNUTLS_PRIVKEY_PKCS11. The key
* returned in @key must be deinitialized with
* gnutls_pkcs11_privkey_deinit().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.4.0
*/
int
gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t *key)
{
int ret;
if (pkey->type != GNUTLS_PRIVKEY_PKCS11) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gnutls_pkcs11_privkey_init(key);
if (ret < 0)
return gnutls_assert_val(ret);
ret = gnutls_pkcs11_privkey_cpy(*key, pkey->key.pkcs11);
if (ret < 0) {
gnutls_pkcs11_privkey_deinit(*key);
*key = NULL;
return gnutls_assert_val(ret);
}
return 0;
}
/**
* gnutls_privkey_deinit:
* @key: The key to be deinitialized
*
* This function will deinitialize a private key structure.
*
* Since: 2.12.0
**/
void gnutls_privkey_deinit(gnutls_privkey_t key)
{
if (key == NULL)
return;
if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
|| key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
switch (key->type) {
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
gnutls_openpgp_privkey_deinit(key->key.openpgp);
break;
#endif
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
break;
#endif
case GNUTLS_PRIVKEY_X509:
gnutls_x509_privkey_deinit(key->key.x509);
break;
case GNUTLS_PRIVKEY_EXT:
if (key->key.ext.deinit_func != NULL)
key->key.ext.deinit_func(key,
key->key.ext.userdata);
break;
default:
break;
}
gnutls_free(key);
}
void
pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int flags, common_info_st * info)
{
int ret;
gnutls_datum_t pubkey;
gnutls_pkcs11_privkey_t pkey;
pkcs11_common(info);
FIX(url, outfile, detailed, info);
CHECK_LOGIN_FLAG(flags);
if (outfile == stderr || outfile == stdout) {
fprintf(stderr, "warning: no --outfile was specified and the public key will be printed on screen.\n");
sleep(3);
}
ret = gnutls_pkcs11_privkey_init(&pkey);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_pkcs11_privkey_import_url(pkey, url, 0);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
exit(1);
}
ret =
gnutls_pkcs11_privkey_export_pubkey(pkey,
GNUTLS_X509_FMT_PEM, &pubkey,
flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
exit(1);
}
gnutls_pkcs11_privkey_deinit(pkey);
fwrite(pubkey.data, 1, pubkey.size, outfile);
gnutls_free(pubkey.data);
UNFIX;
return;
}
/**
* gnutls_privkey_deinit:
* @key: The structure to be deinitialized
*
* This function will deinitialize a private key structure.
**/
void
gnutls_privkey_deinit (gnutls_privkey_t key)
{
if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
switch (key->type)
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
return gnutls_openpgp_privkey_deinit (key->key.openpgp);
#endif
case GNUTLS_PRIVKEY_PKCS11:
return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
case GNUTLS_PRIVKEY_X509:
return gnutls_x509_privkey_deinit (key->key.x509);
}
gnutls_free (key);
}
static
int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, unsigned flags)
{
gnutls_pkcs11_privkey_t pkey;
int ret;
ret = gnutls_pkcs11_privkey_init(&pkey);
if (ret < 0) {
gnutls_assert();
return ret;
}
if (key->pin.cb)
gnutls_pkcs11_privkey_set_pin_function(pkey, key->pin.cb,
key->pin.data);
ret = gnutls_pkcs11_privkey_import_url(pkey, url, flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
gnutls_privkey_import_pkcs11(key, pkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
return 0;
cleanup:
gnutls_pkcs11_privkey_deinit(pkey);
return ret;
}
