use crate::{Error, PrivateKeyInfo, Result};
#[cfg(feature = "alloc")]
use der::SecretDocument;
#[cfg(feature = "encryption")]
use {
crate::EncryptedPrivateKeyInfo,
rand_core::{CryptoRng, RngCore},
};
#[cfg(feature = "pem")]
use {crate::LineEnding, alloc::string::String, der::zeroize::Zeroizing};
#[cfg(feature = "pem")]
use der::pem::PemLabel;
#[cfg(feature = "std")]
use std::path::Path;
pub trait DecodePrivateKey: Sized {
fn from_pkcs8_der(bytes: &[u8]) -> Result<Self>;
#[cfg(feature = "encryption")]
fn from_pkcs8_encrypted_der(bytes: &[u8], password: impl AsRef<[u8]>) -> Result<Self> {
let doc = EncryptedPrivateKeyInfo::try_from(bytes)?.decrypt(password)?;
Self::from_pkcs8_der(doc.as_bytes())
}
#[cfg(feature = "pem")]
fn from_pkcs8_pem(s: &str) -> Result<Self> {
let (label, doc) = SecretDocument::from_pem(s)?;
PrivateKeyInfo::validate_pem_label(label)?;
Self::from_pkcs8_der(doc.as_bytes())
}
#[cfg(all(feature = "encryption", feature = "pem"))]
fn from_pkcs8_encrypted_pem(s: &str, password: impl AsRef<[u8]>) -> Result<Self> {
let (label, doc) = SecretDocument::from_pem(s)?;
EncryptedPrivateKeyInfo::validate_pem_label(label)?;
Self::from_pkcs8_encrypted_der(doc.as_bytes(), password)
}
#[cfg(feature = "std")]
fn read_pkcs8_der_file(path: impl AsRef<Path>) -> Result<Self> {
Self::from_pkcs8_der(SecretDocument::read_der_file(path)?.as_bytes())
}
#[cfg(all(feature = "pem", feature = "std"))]
fn read_pkcs8_pem_file(path: impl AsRef<Path>) -> Result<Self> {
let (label, doc) = SecretDocument::read_pem_file(path)?;
PrivateKeyInfo::validate_pem_label(&label)?;
Self::from_pkcs8_der(doc.as_bytes())
}
}
impl<T> DecodePrivateKey for T
where
T: for<'a> TryFrom<PrivateKeyInfo<'a>, Error = Error>,
{
fn from_pkcs8_der(bytes: &[u8]) -> Result<Self> {
Self::try_from(PrivateKeyInfo::try_from(bytes)?)
}
}
#[cfg(feature = "alloc")]
pub trait EncodePrivateKey {
fn to_pkcs8_der(&self) -> Result<SecretDocument>;
#[cfg(feature = "encryption")]
fn to_pkcs8_encrypted_der(
&self,
rng: impl CryptoRng + RngCore,
password: impl AsRef<[u8]>,
) -> Result<SecretDocument> {
EncryptedPrivateKeyInfo::encrypt(rng, password, self.to_pkcs8_der()?.as_bytes())
}
#[cfg(feature = "pem")]
fn to_pkcs8_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
let doc = self.to_pkcs8_der()?;
Ok(doc.to_pem(PrivateKeyInfo::PEM_LABEL, line_ending)?)
}
#[cfg(all(feature = "encryption", feature = "pem"))]
fn to_pkcs8_encrypted_pem(
&self,
rng: impl CryptoRng + RngCore,
password: impl AsRef<[u8]>,
line_ending: LineEnding,
) -> Result<Zeroizing<String>> {
let doc = self.to_pkcs8_encrypted_der(rng, password)?;
Ok(doc.to_pem(EncryptedPrivateKeyInfo::PEM_LABEL, line_ending)?)
}
#[cfg(feature = "std")]
fn write_pkcs8_der_file(&self, path: impl AsRef<Path>) -> Result<()> {
Ok(self.to_pkcs8_der()?.write_der_file(path)?)
}
#[cfg(all(feature = "pem", feature = "std"))]
fn write_pkcs8_pem_file(&self, path: impl AsRef<Path>, line_ending: LineEnding) -> Result<()> {
let doc = self.to_pkcs8_der()?;
Ok(doc.write_pem_file(path, PrivateKeyInfo::PEM_LABEL, line_ending)?)
}
}