p12 password support

diff --git a/ldid.cpp b/ldid.cpp
index c2f7e0a7a66b5d67bf3380a737623b257dd3e16a..b664441397c1c87068707dcae7668b5f980b9f1d 100644 (file)
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -48,6 +48,7 @@
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pkcs12.h>
+#include <openssl/ui.h>
 #endif
 
 #ifdef __APPLE__
@@ -142,6 +143,10 @@
 #define _packed \
     __attribute__((packed))
 
+#ifndef LDID_NOSMIME
+std::string password;
+#endif
+
 template <typename Type_>
 struct Iterator_ {
     typedef typename Type_::const_iterator Result;
@@ -1787,8 +1792,14 @@ class Stuff {
         ca_(NULL)
     {
         _assert(value_ != NULL);
-        _assert(PKCS12_parse(value_, "", &key_, &cert_, &ca_) != 0);
 
+        if (!PKCS12_verify_mac(value_, "", 0) && password.empty()) {
+            char passbuf[2048];
+            UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0);
+            password = passbuf;
+        }
+
+        _assert(PKCS12_parse(value_, password.c_str(), &key_, &cert_, &ca_) != 0);
         _assert(key_ != NULL);
         _assert(cert_ != NULL);
 
@@ -3284,6 +3295,10 @@ int main(int argc, char *argv[]) {
                 flag_M = true;
             break;
 
+            case 'U':
+                password = argv[argi] + 2;
+            break;
+
             case 'K':
                 if (argv[argi][2] != '\0')
                     key.open(argv[argi] + 2, O_RDONLY, PROT_READ, MAP_PRIVATE);