Documentation updates and a small test case addition.
diff --git a/doc/pyOpenSSL.tex b/doc/pyOpenSSL.tex
index 1a05e64..46f1936 100644
--- a/doc/pyOpenSSL.tex
+++ b/doc/pyOpenSSL.tex
@@ -524,6 +524,19 @@
PKCS12 objects have the following methods:
+\begin{methoddesc}[PKCS12]{export}{\optional{passphrase=None}\optional{, friendly_name=None}\optional{, iter=2000}\optional{, maciter=0}}
+Returns a PKCS12 object as a string.
+
+The optional \var{passphrase} must be a string not a callback.
+
+See also the man page for the C function \function{PKCS12_create}.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{get_ca_certificates}{}
+Return CA certificates within the PKCS12 object as a tuple. Returns
+\constant{None} if no CA certificates are present.
+\end{methoddesc}
+
\begin{methoddesc}[PKCS12]{get_certificate}{}
Return certificate portion of the PKCS12 structure.
\end{methoddesc}
@@ -532,9 +545,18 @@
Return private key portion of the PKCS12 structure
\end{methoddesc}
-\begin{methoddesc}[PKCS12]{get_ca_certificates}{}
-Return CA certificates within the PKCS12 object as a tuple. Returns
-None if no CA certificates are present.
+\begin{methoddesc}[PKCS12]{set_ca_certificates}{cacerts}
+Replace or set the CA certificates within the PKCS12 object with the sequence \var{cacerts}.
+
+Set \var{cacerts} to \constant{None} to remove all CA certificates.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{set_certificate}{cert}
+Replace or set the certificate portion of the PKCS12 structure.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{set_privatekey}{pkey}
+Replace or set private key portion of the PKCS12 structure
\end{methoddesc}
\subsubsection{X509Extension objects \label{openssl-509ext}}
diff --git a/src/crypto/pkcs12.c b/src/crypto/pkcs12.c
index c5c84b5..5df55d2 100644
--- a/src/crypto/pkcs12.c
+++ b/src/crypto/pkcs12.c
@@ -37,12 +37,11 @@
}
static char crypto_PKCS12_set_certificate_doc[] = "\n\
-Replace or set the certificate portion of the PKCS12 structure\n\
+Replace the certificate portion of the PKCS12 structure\n\
\n\
-Arguments: self - The PKCS12 object\n\
- args - The Python argument tuple \n\
- cert - The new certificate\n\
-Returns: self\n\
+@param cert: The new certificate.\n\
+@type cert: L{X509}\n\
+@return: X509 object containing the certificate\n\
";
static crypto_PKCS12Obj *
crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
@@ -86,12 +85,11 @@
}
static char crypto_PKCS12_set_privatekey_doc[] = "\n\
-Replace or set the privatekey portion of the PKCS12 structure\n\
+Replace or set the certificate portion of the PKCS12 structure\n\
\n\
-Arguments: self - The PKCS12 object\n\
- args - The Python argument tuple \n\
- pkey - The new private key\n\
-Returns: self\n\
+@param pkey: The new private key.\n\
+@type pkey: L{PKey}\n\
+@return: None\n\
";
static crypto_PKCS12Obj *
crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
@@ -135,12 +133,11 @@
}
static char crypto_PKCS12_set_ca_certificates_doc[] = "\n\
-Replace or set the ca_certificates portion of the PKCS12 structure\n\
+Replace or set the CA certificates withing the PKCS12 object.\n\
\n\
-Arguments: self - The PKCS12 object\n\
- args - The Python argument tuple \n\
- cacerts - The new ca_certificates\n\
-Returns: self\n\
+@param cacerts: The new CA certificates.\n\
+@type cacerts: Sequence of L{X509}\n\
+@return: None\n\
";
static crypto_PKCS12Obj *
crypto_PKCS12_set_ca_certificates(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
@@ -181,19 +178,19 @@
}
static char crypto_PKCS12_export_doc[] = "\n\
-Dump a PKCS12 object to a buffer string\n\
+export([passphrase=None][, friendly_name=None][, iter=2048][, maciter=1]\n\
+Dump a PKCS12 object as a string. See also \"man PKCS12_create\".\n\
\n\
-Arguments: self - The PKCS12 object\n\
- args - The Python argument tuple, should be:\n\
- passphrase - (optional) for encrypting the PKCS12 string\n\
- using 3DES-CBC\n\
- friendly_name - stored in the file for display\n\
- iter - number of iterations to use when encrypting\n\
- maciter - number of iterations to use when creating the MAC.\n\
- A special value of -1 means no MAC.\n\
-Returns: The buffer with the dumped pkcs12 in it\n\
+@param passphrase: used to encrypt the PKCS12\n\
+@type passphrase: L{str}\n\
+@param friendly_name: A descriptive comment\n\
+@type friendly_name: L{str}\n\
+@param iter: How many times to repeat the encryption\n\
+@type iter: L{int}\n\
+@param maciter: How many times to repeat the MAC\n\
+@type maciter: L{int}\n\
+@return: The string containing the PKCS12\n\
";
-
static PyObject *
crypto_PKCS12_export(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
{
@@ -205,7 +202,7 @@
EVP_PKEY *pkey = NULL;
STACK_OF(X509) *cacerts = NULL;
X509 *x509 = NULL;
- int iter = PKCS12_DEFAULT_ITER;
+ int iter = 0; /* defaults to PKCS12_DEFAULT_ITER */
int maciter = 0;
static char *kwlist[] = {"passphrase", "friendly_name", "iter", "maciter", NULL};
@@ -352,7 +349,7 @@
static char crypto_PKCS12_doc[] = "\n\
PKCS12() -> PKCS12 instance\n\
\n\
-Create a new PKCS12 object.\n\
+Create a new empty PKCS12 object.\n\
\n\
@returns: The PKCS12 object\n\
";
diff --git a/test/test_crypto.py b/test/test_crypto.py
index 0a283e6..097a75b 100644
--- a/test/test_crypto.py
+++ b/test/test_crypto.py
@@ -833,6 +833,11 @@
self.assertEqual(recovered_key[-len(server_key_pem):], server_key_pem)
# We can't load PKCS12 without MAC, because we use PCKS_parse()
#p12 = load_pkcs12(dumped_p12, passwd)
+ # Test export without any args
+ dumped_p12 = p12.export()
+ recovered_key = Popen(["openssl", "pkcs12", '-nodes', '-passin', 'pass:' ], \
+ stdin=PIPE, stdout=PIPE).communicate(input=str(dumped_p12))[0]
+ self.assertEqual(recovered_key[-len(server_key_pem):], server_key_pem)
def test_get_notAfter(self):