2 files changed, 60 insertions, 0 deletions

diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 86f117d..4f06ecf 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -768,6 +768,10 @@ Add or interpose a store class method. Returns the previous method, if any.
 
 Returns a PKCS \#12 binary encoded string.
 
+\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}}
+
+Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil.
+
 \end{Module}
 
 
diff --git a/src/openssl.c b/src/openssl.c
index 8fd51d3..5a8e03f 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -7434,6 +7434,61 @@ static int p12_interpose(lua_State *L) {
 } /* p12_interpose() */
 
 
+static int p12_parse(lua_State *L) {
+        /* parse a p12 binary string and return the parts */
+
+        EVP_PKEY *pkey;
+        X509 *cert;
+        STACK_OF(X509) *ca = NULL;
+        PKCS12 *p12;
+
+        /* gather input parameters */
+        size_t len;
+        const char *blob = luaL_checklstring(L, 1, &len);
+        const char *passphrase = luaL_optstring(L, 2, NULL);
+
+        /* prepare return values */
+        EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
+        X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
+        STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
+        /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */
+
+        /* read PKCS#12 data into OpenSSL memory buffer */
+        BIO *bio = BIO_new_mem_buf((void*)blob, len);
+        if (!bio)
+                return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        p12 = d2i_PKCS12_bio(bio, NULL);
+        BIO_free(bio);
+        if (!p12)
+                return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+
+        /* the p12 pointer holds the data we're interested in */
+        int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
+        PKCS12_free(p12);
+        if (!rc)
+                auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+
+        /* replace the return values by nil if the ud pointers are NULL */
+        if (*ud_pkey == NULL) {
+                lua_pushnil(L);
+                lua_replace(L, -4);
+        }
+
+        if (*ud_cert == NULL) {
+                lua_pushnil(L);
+                lua_replace(L, -3);
+        }
+
+        /* other certificates (a chain, STACK_OF(X509) *) */
+        if (*ud_chain == NULL) {
+                lua_pop(L, 1);
+                lua_pushnil(L);
+        }
+
+        return 3;
+} /* p12_parse() */
+
+
 static int p12__tostring(lua_State *L) {
         PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
         BIO *bio = getbio(L);
@@ -7477,6 +7532,7 @@ static const auxL_Reg p12_metatable[] = {
 static const auxL_Reg p12_globals[] = {
         { "new",       &p12_new },
         { "interpose", &p12_interpose },
+        { "parse",     &p12_parse },
         { NULL,        NULL },
 };