Implement DecodeChains function that accepts multiple key bags

### Discussed in https://github.com/SSLMate/go-pkcs12/discussions/61

According to the [PKCS#12 v1.1. standard](https://datatracker.ietf.org/doc/html/rfc7292), a PKCS#12 file may have multiple key bags.

Use case: an application uses a PKCS#12 keystore to connect to two other apps in the cluster, one asks for one key, another for another (there is mTLS). During the deployment of an application, keystores are meant to be read and generated.

API proposal (by @AGWA):
```
type Chain struct {
        FriendlyName string
        PrivateKey   crypto.PrivateKey
        Leaf         *x509.Certificate
        CACerts      []*x509.Certificate
}

func DecodeChains(pfxData []byte, password string) ([]Chain, error)
```

Details:
- `FriendlyName` attribute is extracted from attributes of each bag via `convertAttributes`
- for every private key, find the corresponding certificate, and then build a chain by recursively finding the issuer; `FriendlyName`s should match; build a chain via `x509.Certificate.Verify(opts)` perhaps?

This resolves https://github.com/SSLMate/go-pkcs12/issues/54, and the use case of https://github.com/SSLMate/go-pkcs12/issues/49.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Implement DecodeChains function that accepts multiple key bags #62

Discussed in #61

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Implement DecodeChains function that accepts multiple key bags #62

Description

Discussed in #61

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions