1use crate::error::{ErrorKind, Result};
2
3pub(crate) fn decrypt_private_key(pem_data: &[u8], password: &[u8]) -> Result<Vec<u8>> {
4 let pems = pem::parse_many(pem_data).map_err(|error| ErrorKind::InvalidTlsConfig {
5 message: format!("Could not parse pemfile: {}", error),
6 })?;
7 let mut iter = pems
8 .into_iter()
9 .filter(|pem| pem.tag() == "ENCRYPTED PRIVATE KEY");
10 let encrypted_bytes = match iter.next() {
11 Some(pem) => pem.into_contents(),
12 None => {
13 return Err(ErrorKind::InvalidTlsConfig {
14 message: "No encrypted private keys found".into(),
15 }
16 .into())
17 }
18 };
19 let encrypted_key = pkcs8::EncryptedPrivateKeyInfo::try_from(encrypted_bytes.as_slice())
20 .map_err(|error| ErrorKind::InvalidTlsConfig {
21 message: format!("Invalid encrypted private key: {}", error),
22 })?;
23 let decrypted_key =
24 encrypted_key
25 .decrypt(password)
26 .map_err(|error| ErrorKind::InvalidTlsConfig {
27 message: format!("Failed to decrypt private key: {}", error),
28 })?;
29 Ok(decrypted_key.as_bytes().to_vec())
30}