From 573ac2904aec055d1b4682f07b43b9c95b59d22f Mon Sep 17 00:00:00 2001
From: Deuce <shurd@sasktel.net>
Date: Tue, 26 Jan 2021 00:05:57 -0500
Subject: [PATCH] Add --import-pkcs12 and --export-pkcs12 options

To import, the private key and cert must be encrypted using the system
password.  On export, the cert/key are encrypted with the system password.
---
 exec/certtool.js | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/exec/certtool.js b/exec/certtool.js
index e9635d764a..49520db604 100644
--- a/exec/certtool.js
+++ b/exec/certtool.js
@@ -100,3 +100,40 @@ if (argv.indexOf('--import') > -1) {
 	print("Certificate imported, delete "+csr_fname+" after verifying.");
 	file_touch(recycle_sem);
 }
+if (argv.indexOf('--import-pkcs12') > -1) {
+	i = argv.indexOf('--import-pkcs12') + 1;
+	if (i>=argc)
+		throw("No cert filename specified");
+	ks = new CryptKeyset(argv[i], CryptKeyset.KEYOPT.READONLY);
+	rsa = ks.get_private_key("[none]", syspass);
+	ks.close();
+
+	for (i=0; i < 10; i++) {
+		if (file_remove(sks_fname))
+			break;
+		mswait(100);
+	}
+	if (i == 10)
+		throw("Unable to delete file "+sks_fname);
+
+	ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.CREATE);
+	ks.add_private_key(rsa, syspass);
+	ks.close();
+	print("Certificate imported.");
+	file_touch(recycle_sem);
+}
+if (argv.indexOf('--export-pkcs12') > -1) {
+	i = argv.indexOf('--export-pkcs12') + 1;
+	if (i>=argc)
+		throw("No cert filename specified");
+	if (argv[i].search(/\.p12$/) === -1)
+		throw("Filename must end in .p12");
+	ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.READONLY);
+	rsa = ks.get_private_key("ssl_cert", syspass);
+	ks.close();
+
+	ks = new CryptKeyset(argv[i], CryptKeyset.KEYOPT.CREATE);
+	ks.add_private_key(rsa, syspass);
+	ks.close();
+	print("Certificate exported.");
+}
-- 
GitLab