Core: add method lasso_server_set_encryption_private_key_with_password

 * fixes #91.

3 files changed, 36 insertions, 7 deletions

diff --git a/docs/reference/lasso/lasso-sections.txt b/docs/reference/lasso/lasso-sections.txt
index 2e2908f0..2a317336 100644
--- a/docs/reference/lasso/lasso-sections.txt
+++ b/docs/reference/lasso/lasso-sections.txt
@@ -11,6 +11,7 @@ lasso_server_destroy
 lasso_server_dump
 lasso_server_get_provider
 lasso_server_set_encryption_private_key
+lasso_server_set_encryption_private_key_with_password
 lasso_server_load_affiliation
 lasso_server_saml2_assertion_setup_signature
 <SUBSECTION Standard>
diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c
index 6d646557..a4e2dadd 100644
--- a/lasso/id-ff/server.c
+++ b/lasso/id-ff/server.c
@@ -140,18 +140,44 @@ lasso_server_destroy(LassoServer *server)
 /**
  * lasso_server_set_encryption_private_key:
  * @server: a #LassoServer
- * @filename:(allow-none): file name of the encryption key to load
+ * @filename_or_buffer:(allow-none): file name of the encryption key to load or its content as a
+ * NULL-terminated string.
  *
  * Load an encryption private key from a file and set it in the server object
  *
+ * If @filename_or_buffer is NULL, it frees the currently setted key.
+ *
  * Return value: 0 on success; another value if an error occured.
+ * Deprecated: 2.3: Use lasso_server_set_encryption_private_key_with_password() instead.
  **/
 int
-lasso_server_set_encryption_private_key(LassoServer *server, const gchar *filename)
+lasso_server_set_encryption_private_key(LassoServer *server, const gchar *filename_or_buffer)
 {
-	/* FIXME: add a password argument */
-	if (filename) {
-		xmlSecKey *key = lasso_xmlsec_load_private_key(filename, NULL);
+	return lasso_server_set_encryption_private_key_with_password(server, filename_or_buffer,
+			NULL);
+}
+
+/**
+ * lasso_server_set_encryption_private_key_with_password:
+ * @server: a #LassoServer
+ * @filename_or_buffer:(allow-none): file name of the encryption key to load or its content as a
+ * NULL-terminated string.
+ * @password:(allow-none): an optional password to decrypt the encryption key.
+ *
+ * Load an encryption private key from a file and set it in the server object. If @password is
+ * non-NULL try to decrypt the key with it.
+ *
+ * If @filename_or_buffer is NULL, it frees the currently setted key.
+ *
+ * Return value: 0 on success; another value if an error occured.
+ * Since: 2.3
+ **/
+int
+lasso_server_set_encryption_private_key_with_password(LassoServer *server,
+		const gchar *filename_or_buffer, const gchar *password)
+{
+	if (filename_or_buffer) {
+		xmlSecKey *key = lasso_xmlsec_load_private_key(filename_or_buffer, password);
 		if (! key || ! (xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate)) {
 			return LASSO_SERVER_ERROR_SET_ENCRYPTION_PRIVATE_KEY_FAILED;
 		}
@@ -164,7 +190,6 @@ lasso_server_set_encryption_private_key(LassoServer *server, const gchar *filena
 	return 0;
 }
 
-
 /**
  * lasso_server_load_affiliation:
  * @server: a #LassoServer
diff --git a/lasso/id-ff/server.h b/lasso/id-ff/server.h
index fe8f5ae1..86c18cc4 100644
--- a/lasso/id-ff/server.h
+++ b/lasso/id-ff/server.h
@@ -96,10 +96,13 @@ LASSO_EXPORT LassoProvider* lasso_server_get_provider(const LassoServer *server,
 		const gchar *providerID);
 
 LASSO_EXPORT int lasso_server_set_encryption_private_key(LassoServer *server,
-		const gchar *filename);
+		const gchar *filename_or_buffer);
 
 LASSO_EXPORT int lasso_server_load_affiliation(LassoServer *server, const gchar* filename);
 
+LASSO_EXPORT int lasso_server_set_encryption_private_key_with_password(LassoServer *server,
+		const gchar *filename_or_buffer, const gchar *password);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */