/**
* gnutls_privkey_export_x509:
* @pkey: The private key
* @key: Location for the key to be exported.
*
* Converts the given abstract private key to a #gnutls_x509_privkey_t
* type. The key must be of type %GNUTLS_PRIVKEY_X509. The key returned
* in @key must be deinitialized with gnutls_x509_privkey_deinit().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.4.0
*/
int
gnutls_privkey_export_x509(gnutls_privkey_t pkey,
gnutls_x509_privkey_t *key)
{
int ret;
if (pkey->type != GNUTLS_PRIVKEY_X509) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gnutls_x509_privkey_init(key);
if (ret < 0)
return gnutls_assert_val(ret);
ret = gnutls_x509_privkey_cpy(*key, pkey->key.x509);
if (ret < 0) {
gnutls_x509_privkey_deinit(*key);
*key = NULL;
return gnutls_assert_val(ret);
}
return 0;
}
/**
* gnutls_privkey_import_x509:
* @pkey: The private key
* @key: The private key to be imported
* @flags: Flags for the import
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t type.
*
* The #gnutls_x509_privkey_t object must not be deallocated
* during the lifetime of this structure.
*
* @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
* and %GNUTLS_PRIVKEY_IMPORT_COPY.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 2.12.0
**/
int
gnutls_privkey_import_x509(gnutls_privkey_t pkey,
gnutls_x509_privkey_t key, unsigned int flags)
{
int ret;
ret = check_if_clean(pkey);
if (ret < 0) {
gnutls_assert();
return ret;
}
if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
ret = gnutls_x509_privkey_init(&pkey->key.x509);
if (ret < 0)
return gnutls_assert_val(ret);
ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
if (ret < 0) {
gnutls_x509_privkey_deinit(pkey->key.x509);
return gnutls_assert_val(ret);
}
} else
pkey->key.x509 = key;
pkey->type = GNUTLS_PRIVKEY_X509;
pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
pkey->flags = flags;
return 0;
}
/* Duplicate a client certificate, which must be in the decrypted state. */
static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc)
{
int ret;
ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc);
newcc->decrypted = 1;
if (cc->keyless) {
newcc->keyless = 1;
}
else {
ret = gnutls_x509_privkey_init(&newcc->pkey);
if (ret != 0) goto dup_error;
ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey);
if (ret != 0) goto dup_error;
}
newcc->cert.subject = x509_crt_copy(cc->cert.subject);
if (!newcc->cert.subject) goto dup_error;
if (cc->friendly_name) newcc->friendly_name = ne_strdup(cc->friendly_name);
populate_cert(&newcc->cert, newcc->cert.subject);
return newcc;
dup_error:
if (newcc->pkey) gnutls_x509_privkey_deinit(newcc->pkey);
if (newcc->cert.subject) gnutls_x509_crt_deinit(newcc->cert.subject);
ne_free(newcc);
return NULL;
}
static int import_pkcs12_privkey (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
const char* password, unsigned int flags)
{
int ret;
gnutls_pkcs12_t p12;
gnutls_x509_privkey_t newkey;
ret = gnutls_pkcs12_init(&p12);
if (ret < 0)
return gnutls_assert_val(ret);
ret = gnutls_pkcs12_import(p12, data, format, flags);
if (ret < 0)
{
gnutls_assert();
goto fail;
}
ret = gnutls_pkcs12_simple_parse (p12, password, &newkey, NULL, NULL, NULL, NULL, NULL, 0);
if (ret < 0)
{
gnutls_assert();
goto fail;
}
ret = gnutls_x509_privkey_cpy (key, newkey);
gnutls_x509_privkey_deinit (newkey);
if (ret < 0)
{
gnutls_assert();
goto fail;
}
ret = 0;
fail:
gnutls_pkcs12_deinit(p12);
return ret;
}
/**
* gnutls_rsa_params_cpy - This function will copy an RSA parameters structure
* @dst: Is the destination structure, which should be initialized.
* @src: Is the source structure
*
* This function will copy the RSA parameters structure from source
* to destination.
*
**/
int
gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
{
return gnutls_x509_privkey_cpy (dst, src);
}
