Revert "pkcs12: add a DecodeAll method"
This reverts commit bf88e3f4ba724b9852073e3d792ab18358069896.
Reason for revert: https://go-review.googlesource.com/c/crypto/+/105876/12#message-0dad31af2b487e895ee6926ded82f85ac81c74f8
Updates golang/go#14015
Change-Id: I8eb3ed73f78ac11841ad73435bba00a330d59b58
Reviewed-on: https://go-review.googlesource.com/c/160257
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/pkcs12/pkcs12.go b/pkcs12/pkcs12.go
index 29235e3..eff9ad3 100644
--- a/pkcs12/pkcs12.go
+++ b/pkcs12/pkcs12.go
@@ -267,45 +267,6 @@
return
}
-// DecodeAll extracts all certificate and private keys from pfxData.
-func DecodeAll(pfxData []byte, password string) (privateKeys []interface{}, certificates []*x509.Certificate, err error) {
- encodedPassword, err := bmpString(password)
- if err != nil {
- return nil, nil, err
- }
-
- bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword)
- if err != nil {
- return nil, nil, err
- }
-
- for _, bag := range bags {
- switch {
- case bag.Id.Equal(oidCertBag):
- certsData, err := decodeCertBag(bag.Value.Bytes)
- if err != nil {
- return nil, nil, err
- }
- certs, err := x509.ParseCertificates(certsData)
- if err != nil {
- return nil, nil, err
- }
- certificates = append(certificates, certs...)
-
- case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
- privateKey, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword)
-
- if err != nil {
- return nil, nil, err
- }
-
- privateKeys = append(privateKeys, privateKey)
- }
- }
-
- return
-}
-
func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword []byte, err error) {
pfx := new(pfxPdu)
if err := unmarshal(p12Data, pfx); err != nil {
diff --git a/pkcs12/pkcs12_test.go b/pkcs12/pkcs12_test.go
index cabaaeb..14dd2a6 100644
--- a/pkcs12/pkcs12_test.go
+++ b/pkcs12/pkcs12_test.go
@@ -31,34 +31,6 @@
}
}
-func TestPfxDecodeAll(t *testing.T) {
- for commonName, base64P12 := range testdata {
- p12, _ := base64.StdEncoding.DecodeString(base64P12)
-
- privs, certs, err := DecodeAll(p12, "")
-
- if err != nil {
- t.Fatal(err)
- }
-
- if len(privs) != 1 {
- t.Errorf("expected 1 private key, but got %d", len(privs))
- }
-
- if len(certs) != 1 {
- t.Errorf("expected 1 certificate, but got %d", len(certs))
- }
-
- if err := privs[0].(*rsa.PrivateKey).Validate(); err != nil {
- t.Errorf("error while validating private key: %v", err)
- }
-
- if certs[0].Subject.CommonName != commonName {
- t.Errorf("expected common name to be %q, but found %q", commonName, certs[0].Subject.CommonName)
- }
- }
-}
-
func TestPEM(t *testing.T) {
for commonName, base64P12 := range testdata {
p12, _ := base64.StdEncoding.DecodeString(base64P12)
