Feature to extract all certificates and private keys from pfxData.

[lpusok]

pfxData can contain more than one private key. One use case is exporting multiple codesigning certificates from macOS Keychain to one .p12 file. Would like to support this or any other use case when any number of certificates and private keys are present. Additional validation on the number of certificates and private keys is left to the user of the DecodeAll function.

Added DecodeAll function. Changed DecodeChain to call DecodeAll, retaining the existing validation.

[lpusok]

Hello @AGWA, Did you maybe have a chance to have a look? Let me know if you have any questions. Thanks.

[lpusok]

Hi @AGWA, Can you please have a look? Thank you.

[eksrha]

Hi, does anyone have an update on this PR? Thanks

[AGWA]

This PR is currently blocked on someone providing an example PKCS#12 file that can be used as a test case.

[eksrha]

Briefly for info @AGWA: Fortunately I made it with the 'DecodeChain' method, because I have a complete chain of certificates.

[AGWA]

Reading through the linked issues, it sounds like all of the problems were caused by people using Decode when they should have been using DecodeChain, or by making a mistake when exporting from the macOS Keychain.

Therefore I'm going to close this PR, but anyone who needs to decode a PKCS#12 file with multiple keys can open a new issue containing a description of the use case and an example PKCS#12 file.

[ofalvai]

Hey everyone! We at Bitrise still maintain our fork that adds this DecodeAll() feature because our use-case requires correctly parsing all user-provided PKCS files. The fork lives at https://github.com/bitrise-io/go-pkcs12

@AGWA the updated PR implementing this feature has a test p12 file you want to take a look. I created this file using macOS keychain (selecting multiple items, then clicking export): https://github.com/bitrise-io/go-pkcs12/pull/1/files#diff-682508f50871e0878ce2c00e0a6c9627f9dc9f32a8754ef3311c1f7e8a50b4c6