oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: support reading private keys from PEM files

Browse Source 
This commit adds:

 - hx509_cert_init_private_key() for creating an hx509_cert object that
   has just a private key

 - hx509_cert_have_private_key_only() for checking whether an hx509_cert
   object has just a private key

This also generalizes the get_key() internal function in hxtool, which
is tasked with reding or generating a private key for use in signing
CSRs.  Now hxtool request-create can read/write private keys to/from PEM
files, not just DER files.

This is needed to support key types other than just RSA for CSRs and
certificates.
This commit is contained in:
Nicolas Williams
2019-07-01 21:38:27 -05:00
parent 8d232aa87d
commit 252487dfe4
4 changed files with 99 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/hx509/ks_file.c
View File

@@ -535,19 +535,28 @@ store_func(hx509_context context, void *ctx, hx509_cert c)
heim_octet_string data;
int ret;
ret = hx509_cert_binary(context, c, &data);
if (ret)
return ret;
if (hx509_cert_have_private_key_only(c)) {
data.length = 0;
data.data = NULL;
} else {
ret = hx509_cert_binary(context, c, &data);
if (ret)
return ret;
}
switch (sc->format) {
case USE_DER:
fwrite(data.data, data.length, 1, sc->f);
free(data.data);
if (data.data) {
fwrite(data.data, data.length, 1, sc->f);
free(data.data);
} /* XXX else write private key instead */
break;
case USE_PEM:
hx509_pem_write(context, "CERTIFICATE", NULL, sc->f,
data.data, data.length);
free(data.data);
if (data.data) {
hx509_pem_write(context, "CERTIFICATE", NULL, sc->f,
data.data, data.length);
free(data.data);
}
if (_hx509_cert_private_key_exportable(c)) {
hx509_private_key key = _hx509_cert_private_key(c);
ret = _hx509_private_key_export(context, key,