diff --git a/core/crypto/crypto.cpp b/core/crypto/crypto.cpp
index 939c1c298fb..6b1c2a9cb2c 100644
--- a/core/crypto/crypto.cpp
+++ b/core/crypto/crypto.cpp
@@ -63,6 +63,8 @@ X509Certificate *X509Certificate::create() {
void X509Certificate::_bind_methods() {
ClassDB::bind_method(D_METHOD("save", "path"), &X509Certificate::save);
ClassDB::bind_method(D_METHOD("load", "path"), &X509Certificate::load);
+ ClassDB::bind_method(D_METHOD("save_to_string"), &X509Certificate::save_to_string);
+ ClassDB::bind_method(D_METHOD("load_from_string", "string"), &X509Certificate::load_from_string);
}
/// TLSOptions
diff --git a/core/crypto/crypto.h b/core/crypto/crypto.h
index 999fe076d60..4b5bf8305fc 100644
--- a/core/crypto/crypto.h
+++ b/core/crypto/crypto.h
@@ -65,6 +65,8 @@ public:
virtual Error load(String p_path) = 0;
virtual Error load_from_memory(const uint8_t *p_buffer, int p_len) = 0;
virtual Error save(String p_path) = 0;
+ virtual String save_to_string() = 0;
+ virtual Error load_from_string(const String &string) = 0;
};
class TLSOptions : public RefCounted {
diff --git a/doc/classes/X509Certificate.xml b/doc/classes/X509Certificate.xml
index a55e7d09b98..05a9d522f0c 100644
--- a/doc/classes/X509Certificate.xml
+++ b/doc/classes/X509Certificate.xml
@@ -17,6 +17,13 @@
Loads a certificate from [param path] ("*.crt" file).
+
+
+
+
+ Loads a certificate from the given [param string].
+
+
@@ -24,5 +31,11 @@
Saves a certificate to the given [param path] (should be a "*.crt" file).
+
+
+
+ Returns a string representation of the certificate, or an empty string if the certificate is invalid.
+
+
diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp
index 5b52af30682..6ae36daffe9 100644
--- a/modules/mbedtls/crypto_mbedtls.cpp
+++ b/modules/mbedtls/crypto_mbedtls.cpp
@@ -42,6 +42,7 @@
#endif
#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
#define PEM_END_CRT "-----END CERTIFICATE-----\n"
+#define PEM_MIN_SIZE 54
#include
#include
@@ -181,6 +182,35 @@ Error X509CertificateMbedTLS::save(String p_path) {
return OK;
}
+String X509CertificateMbedTLS::save_to_string() {
+ String buffer;
+ mbedtls_x509_crt *crt = &cert;
+ while (crt) {
+ unsigned char w[4096];
+ size_t wrote = 0;
+ int ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, cert.raw.p, cert.raw.len, w, sizeof(w), &wrote);
+ ERR_FAIL_COND_V_MSG(ret != 0 || wrote == 0, String(), "Error saving the certificate.");
+
+ buffer += String((char *)w, wrote);
+ crt = crt->next;
+ }
+ if (buffer.length() <= PEM_MIN_SIZE) {
+ // When the returned value of variable 'buffer' would consist of no Base-64 data, return an empty String instead.
+ return String();
+ }
+ return buffer;
+}
+
+Error X509CertificateMbedTLS::load_from_string(const String &p_string_key) {
+ ERR_FAIL_COND_V_MSG(locks, ERR_ALREADY_IN_USE, "Certificate is in use");
+ CharString cs = p_string_key.utf8();
+
+ int ret = mbedtls_x509_crt_parse(&cert, (const unsigned char *)cs.get_data(), cs.size());
+ ERR_FAIL_COND_V_MSG(ret, FAILED, "Error parsing some certificates: " + itos(ret));
+
+ return OK;
+}
+
bool HMACContextMbedTLS::is_md_type_allowed(mbedtls_md_type_t p_md_type) {
switch (p_md_type) {
case MBEDTLS_MD_SHA1:
diff --git a/modules/mbedtls/crypto_mbedtls.h b/modules/mbedtls/crypto_mbedtls.h
index 7422ebad3e9..0168e1f6632 100644
--- a/modules/mbedtls/crypto_mbedtls.h
+++ b/modules/mbedtls/crypto_mbedtls.h
@@ -85,6 +85,8 @@ public:
virtual Error load(String p_path);
virtual Error load_from_memory(const uint8_t *p_buffer, int p_len);
virtual Error save(String p_path);
+ virtual String save_to_string();
+ virtual Error load_from_string(const String &p_string_key);
X509CertificateMbedTLS() {
mbedtls_x509_crt_init(&cert);