libnm: move dependency to libnm-crypto out of libnm-core's "nm-utils.c"

libnm-core is also used by the daemon, thus currently dragging in
libnm-crypto there. But could we ever drop that dependency?

One use of the libnm-crypto is in functions like nm_utils_file_is_certificate()
in "nm-utils.h". These are part of the public API of libnm.

But this is not used by the daemon. Move it to "libnm-client-core"
to be closer to where it's actually used.

As we have unit tests in "libnm-core-impl/tests" that test this function,
those unit tests also would need to move to "libnm-client-impl".
Instead, add the actual implementation of these function to "libnm-crypto"
and test it there.

This patch moves forward declarations from public header "nm-utils.h" to
"nm-client.h". Arguably, "nm-client.h" is not a great name, but we don't
have a general purpose header in "libnm-client-public", so use this.
Note that libnm users can only include <NetworkManager.h> and including
individual files is not supported (and even prevented). Thus moving
the declarations won't break any users.

2 files changed, 54 insertions, 0 deletions

diff --git a/src/libnm-crypto/nm-crypto.c b/src/libnm-crypto/nm-crypto.c
index 56f297e605..0480105120 100644
--- a/src/libnm-crypto/nm-crypto.c
+++ b/src/libnm-crypto/nm-crypto.c
@@ -1042,3 +1042,54 @@ nmtst_crypto_rsa_key_encrypt(const guint8 *data,
     NM_SET_OUT(out_password, g_strdup(tmp_password));
     return nm_secret_buf_to_gbytes_take(ret, ret_len);
 }
+
+/*****************************************************************************/
+
+static gboolean
+file_has_extension(const char *filename, const char *extensions[])
+{
+    const char *ext;
+    gsize       i;
+
+    ext = strrchr(filename, '.');
+    if (!ext)
+        return FALSE;
+
+    for (i = 0; extensions[i]; i++) {
+        if (!g_ascii_strcasecmp(ext, extensions[i]))
+            return TRUE;
+    }
+
+    return FALSE;
+}
+
+gboolean
+nm_crypto_utils_file_is_certificate(const char *filename)
+{
+    const char        *extensions[] = {".der", ".pem", ".crt", ".cer", NULL};
+    NMCryptoFileFormat file_format;
+
+    nm_assert(filename);
+
+    if (!file_has_extension(filename, extensions))
+        return FALSE;
+
+    if (!nm_crypto_load_and_verify_certificate(filename, &file_format, NULL, NULL))
+        return FALSE;
+    return file_format = NM_CRYPTO_FILE_FORMAT_X509;
+}
+
+gboolean
+nm_crypto_utils_file_is_private_key(const char *filename, gboolean *out_encrypted)
+{
+    const char *extensions[] = {".der", ".pem", ".p12", ".key", NULL};
+
+    nm_assert(filename);
+
+    NM_SET_OUT(out_encrypted, FALSE);
+    if (!file_has_extension(filename, extensions))
+        return FALSE;
+
+    return nm_crypto_verify_private_key(filename, NULL, out_encrypted, NULL)
+           != NM_CRYPTO_FILE_FORMAT_UNKNOWN;
+}
diff --git a/src/libnm-crypto/nm-crypto.h b/src/libnm-crypto/nm-crypto.h
index a740c43c5b..48c7c6b7ab 100644
--- a/src/libnm-crypto/nm-crypto.h
+++ b/src/libnm-crypto/nm-crypto.h
@@ -93,4 +93,7 @@ guint8 *nmtst_crypto_make_des_aes_key(NMCryptoCipherType cipher,
 
 /*****************************************************************************/
 
+gboolean nm_crypto_utils_file_is_certificate(const char *filename);
+gboolean nm_crypto_utils_file_is_private_key(const char *filename, gboolean *out_encrypted);
+
 #endif /* __NM_CRYPTO_H__ */