static int _gnutls_privkey_export2_pkcs8(gnutls_privkey_t key, gnutls_x509_crt_fmt_t f,
const char *password, unsigned flags, gnutls_datum_t *out)
{
gnutls_x509_privkey_t xkey;
int ret;
ret = gnutls_privkey_export_x509(key, &xkey);
if (ret < 0)
fail("error in gnutls_privkey_export_x509\n");
assert(gnutls_x509_privkey_fix(xkey)>=0);
ret = gnutls_x509_privkey_export2_pkcs8(xkey, f, password, 0, out);
gnutls_x509_privkey_deinit(xkey);
return ret;
}
/**
* gnutls_pkcs12_bag_set_privkey:
* @bag: The bag
* @privkey: the private key to be copied.
* @password: the password to protect the key with (may be %NULL)
* @flags: should be one of #gnutls_pkcs_encrypt_flags_t elements bitwise or'd
*
* This function will insert the given private key into the
* bag. This is just a wrapper over gnutls_pkcs12_bag_set_data().
*
* Returns: the index of the added bag on success, or a negative
* value on failure.
**/
int
gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag, gnutls_x509_privkey_t privkey,
const char *password, unsigned flags)
{
int ret;
gnutls_datum_t data = {NULL, 0};
if (bag == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gnutls_x509_privkey_export2_pkcs8(privkey, GNUTLS_X509_FMT_DER,
password, flags, &data);
if (ret < 0)
return gnutls_assert_val(ret);
if (password == NULL) {
ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_PKCS8_KEY, &data);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
cleanup:
_gnutls_free_datum(&data);
return ret;
}
