



@deftypefun {int} {gnutls_pkcs12_simple_parse} (gnutls_pkcs12_t @var{p12}, const char * @var{password}, gnutls_x509_privkey_t * @var{key}, gnutls_x509_crt_t ** @var{chain}, unsigned int * @var{chain_len}, gnutls_x509_crt_t ** @var{extra_certs}, unsigned int * @var{extra_certs_len}, gnutls_x509_crl_t * @var{crl}, unsigned int @var{flags})
@var{p12}: the PKCS@code{12}  blob.

@var{password}: optional password used to decrypt PKCS@code{12}  blob, bags and keys.

@var{key}: a structure to store the parsed private key.

@var{chain}: the corresponding to key certificate chain

@var{chain_len}: will be updated with the number of additional

@var{extra_certs}: optional pointer to receive an array of additional
certificates found in the PKCS@code{12}  blob.

@var{extra_certs_len}: will be updated with the number of additional
certs.

@var{crl}: an optional structure to store the parsed CRL.

@var{flags}: should be zero or one of GNUTLS_PKCS12_SP_*

This function parses a PKCS@code{12}  blob in  @code{p12blob} and extracts the
private key, the corresponding certificate chain, and any additional
certificates and a CRL.

The  @code{extra_certs_ret} and  @code{extra_certs_ret_len} parameters are optional
and both may be set to @code{NULL} . If either is non-@code{NULL} , then both must
be.

@strong{MAC:} ed PKCS@code{12}  files are supported.  Encrypted PKCS@code{12}  bags are
supported.  Encrypted PKCS@code{8}  private keys are supported.  However,
only password based security, and the same password for all
operations, are supported.

PKCS@code{12}  file may contain many keys and/or certificates, and there
is no way to identify which key/certificate pair you want.  You
should make sure the PKCS@code{12}  file only contain one key/certificate
pair and/or one CRL.

It is believed that the limitations of this function is acceptable
for most usage, and that any more flexibility would introduce
complexity that would make it harder to use this functionality at
all.

If the provided structure has encrypted fields but no password
is provided then this function returns @code{GNUTLS_E_DECRYPTION_FAILED} .

Note that normally the chain constructed does not include self signed
certificates, to comply with TLS' requirements. If, however, the flag 
@code{GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED}  is specified then
self signed certificates will be included in the chain.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.1
@end deftypefun
