[gnutls-devel] [PATCH 3/9] Add API to retrieve a X.509 or OpenPGP certificate from a gnutls_pcert_t

Armin Burgmeier armin at arbur.net
Wed Sep 17 18:26:47 CEST 2014


Signed-off-by: Armin Burgmeier <armin at arbur.net>
---
 lib/gnutls_pcert.c             | 100 +++++++++++++++++++++++++++++++++++++++++
 lib/includes/gnutls/abstract.h |   6 +++
 lib/libgnutls.map              |   3 ++
 3 files changed, 109 insertions(+)

diff --git a/lib/gnutls_pcert.c b/lib/gnutls_pcert.c
index 83fbfda..a0510f5 100644
--- a/lib/gnutls_pcert.c
+++ b/lib/gnutls_pcert.c
@@ -339,6 +339,106 @@ int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
 #endif
 
 /**
+ * gnutls_pcert_get_type:
+ * @pcert: The pcert structure.
+ *
+ * Returns the certificate type of @pcert, one of X.509 or OpenPGP.
+ *
+ * Returns: The certificate type.
+ *
+ * Since: 3.4.0
+ */
+gnutls_certificate_type_t
+gnutls_pcert_get_type(gnutls_pcert_st * pcert)
+{
+	return pcert->type;
+}
+
+/**
+ * gnutls_pcert_export_x509:
+ * @pcert: The pcert structure.
+ * @crt: An initialized #gnutls_x509_crt_t.
+ *
+ * Converts the given #gnutls_pcert_t structure into a #gnutls_x509_crt_t.
+ * This function only works if the type of @pcert is %GNUTLS_CRT_X509.
+ * When successful, the value written to @crt must be freed with
+ * gnutls_x509_crt_deinit() when no longer needed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.4.0
+ */
+int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
+                             gnutls_x509_crt_t * crt)
+{
+	int ret;
+
+	if (pcert->type != GNUTLS_CRT_X509) {
+		gnutls_assert();
+		return GNUTLS_E_INVALID_REQUEST;
+	}
+
+	ret = gnutls_x509_crt_init(crt);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	ret = gnutls_x509_crt_import(*crt, &pcert->cert, GNUTLS_X509_FMT_DER);
+	if (ret < 0) {
+		gnutls_x509_crt_deinit(*crt);
+		*crt = NULL;
+
+		return gnutls_assert_val(ret);
+	}
+
+	return 0;
+}
+
+#ifdef ENABLE_OPENPGP
+
+/**
+ * gnutls_pcert_export_x509:
+ * @pcert: The pcert structure.
+ * @crt: An initialized #gnutls_openpgp_crt_t.
+ *
+ * Converts the given #gnutls_pcert_t structure into a #gnutls_openpgp_crt_t.
+ * This function only works if the type of @pcert is %GNUTLS_CRT_OPENPGP.
+ * When successful, the value written to @crt must be freed with
+ * gnutls_openpgp_crt_deinit() when no longer needed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.4.0
+ */
+int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert,
+                                gnutls_openpgp_crt_t * crt)
+{
+	int ret;
+
+	if (pcert->type != GNUTLS_CRT_OPENPGP) {
+		gnutls_assert();
+		return GNUTLS_E_INVALID_REQUEST;
+	}
+
+	ret = gnutls_openpgp_crt_init(crt);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	ret = gnutls_openpgp_crt_import(*crt, &pcert->cert, GNUTLS_OPENPGP_FMT_RAW);
+	if (ret < 0) {
+		gnutls_openpgp_crt_deinit(*crt);
+		*crt = NULL;
+
+		return gnutls_assert_val(ret);
+	}
+
+	return 0;
+}
+
+#endif
+
+/**
  * gnutls_pcert_deinit:
  * @pcert: The structure to be deinitialized
  *
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index d9aa560..835fdb7 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -437,6 +437,9 @@ typedef struct gnutls_pcert_st {
 int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
 			     gnutls_x509_crt_t crt, unsigned int flags);
 
+int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
+                             gnutls_x509_crt_t * crt);
+
 int
 gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
 				  unsigned int *pcert_max,
@@ -460,6 +463,9 @@ int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
 				gnutls_openpgp_crt_t crt,
 				unsigned int flags);
 
+int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert,
+                                gnutls_openpgp_crt_t * crt);
+
 void gnutls_pcert_deinit(gnutls_pcert_st * pcert);
 
 /* For certificate credentials */
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index eabf261..f3a0582 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -684,6 +684,9 @@ GNUTLS_3_0_0 {
 	gnutls_pcert_import_x509_raw;
 	gnutls_pcert_import_openpgp;
 	gnutls_pcert_import_openpgp_raw;
+	gnutls_pcert_get_type;
+	gnutls_pcert_export_x509;
+	gnutls_pcert_export_openpgp;
 	gnutls_pubkey_get_openpgp_key_id;
 	gnutls_certificate_set_retrieve_function2;
 	gnutls_x509_trust_list_get_issuer;
-- 
2.1.0




More information about the Gnutls-devel mailing list