Revert "pkcs12: add a DecodeAll method"

FiloSottile · FiloSottile · commit 54b0dbbbf449 · 2019-01-29T20:08:51.000Z
This reverts commit bf88e3f. Reason for revert: https://go-review.googlesource.com/c/crypto/+/105876/12#message-0dad31af2b487e895ee6926ded82f85ac81c74f8 Updates golang/go#14015 Change-Id: I8eb3ed73f78ac11841ad73435bba00a330d59b58 Reviewed-on: https://go-review.googlesource.com/c/160257 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/pkcs12/pkcs12.go b/pkcs12/pkcs12.go
@@ -267,45 +267,6 @@ func Decode(pfxData []byte, password string) (privateKey interface{}, certificat
 	return
 }
 
-// DecodeAll extracts all certificate and private keys from pfxData.
-func DecodeAll(pfxData []byte, password string) (privateKeys []interface{}, certificates []*x509.Certificate, err error) {
-	encodedPassword, err := bmpString(password)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	for _, bag := range bags {
-		switch {
-		case bag.Id.Equal(oidCertBag):
-			certsData, err := decodeCertBag(bag.Value.Bytes)
-			if err != nil {
-				return nil, nil, err
-			}
-			certs, err := x509.ParseCertificates(certsData)
-			if err != nil {
-				return nil, nil, err
-			}
-			certificates = append(certificates, certs...)
-
-		case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
-			privateKey, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword)
-
-			if err != nil {
-				return nil, nil, err
-			}
-
-			privateKeys = append(privateKeys, privateKey)
-		}
-	}
-
-	return
-}
-
 func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword []byte, err error) {
 	pfx := new(pfxPdu)
 	if err := unmarshal(p12Data, pfx); err != nil {
diff --git a/pkcs12/pkcs12_test.go b/pkcs12/pkcs12_test.go
@@ -31,34 +31,6 @@ func TestPfx(t *testing.T) {
 	}
 }
 
-func TestPfxDecodeAll(t *testing.T) {
-	for commonName, base64P12 := range testdata {
-		p12, _ := base64.StdEncoding.DecodeString(base64P12)
-
-		privs, certs, err := DecodeAll(p12, "")
-
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if len(privs) != 1 {
-			t.Errorf("expected 1 private key, but got %d", len(privs))
-		}
-
-		if len(certs) != 1 {
-			t.Errorf("expected 1 certificate, but got %d", len(certs))
-		}
-
-		if err := privs[0].(*rsa.PrivateKey).Validate(); err != nil {
-			t.Errorf("error while validating private key: %v", err)
-		}
-
-		if certs[0].Subject.CommonName != commonName {
-			t.Errorf("expected common name to be %q, but found %q", commonName, certs[0].Subject.CommonName)
-		}
-	}
-}
-
 func TestPEM(t *testing.T) {
 	for commonName, base64P12 := range testdata {
 		p12, _ := base64.StdEncoding.DecodeString(base64P12)
