Two new PKCS#12 demo programs.

Update PKCS12_parse().

Make the keyid in certificate aux info more usable.

3 files changed, 110 insertions, 0 deletions

diff --git a/demos/pkcs12/README b/demos/pkcs12/README
new file mode 100644
index 0000000000..c87434b04f
--- /dev/null
+++ b/demos/pkcs12/README
@@ -0,0 +1,3 @@
+PKCS#12 demo applications
+
+Written by Steve Henson.
diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c
new file mode 100644
index 0000000000..8e1b686312
--- /dev/null
+++ b/demos/pkcs12/pkread.c
@@ -0,0 +1,61 @@
+/* pkread.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file reader */
+
+int main(int argc, char **argv)
+{
+	FILE *fp;
+	EVP_PKEY *pkey;
+	X509 *cert;
+	STACK_OF(X509) *ca = NULL;
+	PKCS12 *p12;
+	int i;
+	if (argc != 4) {
+		fprintf(stderr, "Usage: pkread p12file password opfile\n");
+		exit (1);
+	}
+	SSLeay_add_all_algorithms();
+	ERR_load_crypto_strings();
+	if (!(fp = fopen(argv[1], "rb"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		exit(1);
+	}
+	p12 = d2i_PKCS12_fp(fp, NULL);
+	fclose (fp);
+	if (!p12) {
+		fprintf(stderr, "Error reading PKCS#12 file\n");
+		ERR_print_errors_fp(stderr);
+		exit (1);
+	}
+	if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
+		fprintf(stderr, "Error parsing PKCS#12 file\n");
+		ERR_print_errors_fp(stderr);
+		exit (1);
+	}
+	PKCS12_free(p12);
+	if (!(fp = fopen(argv[3], "w"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		exit(1);
+	}
+	if (pkey) {
+		fprintf(fp, "***Private Key***\n");
+		PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+	}
+	if (cert) {
+		fprintf(fp, "***User Certificate***\n");
+		PEM_write_X509_AUX(fp, cert);
+	}
+	if (ca && sk_num(ca)) {
+		fprintf(fp, "***Other Certificates***\n");
+		for (i = 0; i < sk_X509_num(ca); i++) 
+		    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
+	}
+	fclose(fp);
+	return 0;
+}
diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c
new file mode 100644
index 0000000000..15f839d1eb
--- /dev/null
+++ b/demos/pkcs12/pkwrite.c
@@ -0,0 +1,46 @@
+/* pkwrite.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file creator */
+
+int main(int argc, char **argv)
+{
+	FILE *fp;
+	EVP_PKEY *pkey;
+	X509 *cert;
+	PKCS12 *p12;
+	if (argc != 5) {
+		fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
+		exit(1);
+	}
+	SSLeay_add_all_algorithms();
+	ERR_load_crypto_strings();
+	if (!(fp = fopen(argv[1], "r"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		exit(1);
+	}
+	cert = PEM_read_X509(fp, NULL, NULL, NULL);
+	rewind(fp);
+	pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+	fclose(fp);
+	p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
+	if(!p12) {
+		fprintf(stderr, "Error creating PKCS#12 structure\n");
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	if (!(fp = fopen(argv[4], "wb"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	i2d_PKCS12_fp(fp, p12);
+	PKCS12_free(p12);
+	fclose(fp);
+	return 0;
+}