WiP: implement loadPkcs12 function

[nitram509]

fix issue #52

• Implement functions to read and parse .p12/.pfx files.
• Support password-protected PKCS#12 files
• handling incorrect passwords gracefully.
• Ability to extract private keys from the PKCS#12 container.
• Extract public certificates and certificate chains.
• Retrieve and manage keys and certificates using aliases (friendly names), similar to Java Keystore.
• Support PKCS#12 files containing multiple key entries.
• Support PKCS#12 files containing multiple certificate entries.
• Correctly parse and associate certificate chains with their respective private keys.
• Validate that PKCS#12 files generated by Java Keystore can be correctly decoded by the library.
• Validate that PKCS#12 files generated by OpenSSL can be correctly decoded by the library.
• Develop unit tests covering all decoding functionalities
• Perform tests with PKCS#12 files from Java Keystore to verify interoperability.
• Perform tests with PKCS#12 files from OpenSSL to verify interoperability.

Acceptance criteria

• Ability to read and parse password-protected PKCS#12 files.
• Successfully extract private keys, certificates, and certificate chains.
• Support for aliases and multiple entries within a PKCS#12 file.
• Successfully import PKCS#12 files generated by Java Keystore and OpenSSL.
• Unit tests cover at least 60% of the new decoding code.
• Interoperability tests with PKCS#12 files from other tools are documented and included.
• Squash all commits into one in your PR.

[nitram509]

I want to give a short status update...

• I have ticket the above checkmarks, reflecting the code in the branch can cover these use cases: namely reading truststores in pkcs12 format.
• there is one roadblock: when using a key pair (required for certificate chains), the library go-pkcs12 throws error pkcs12: expected exactly 1 items in the authenticated safe, but this file has 2

Thus I will open a PR at the library to further support that case.

Here's the underlying pkcs12 configuration (using keystore explorer).
You'll see an example certificate chain, with a root ca, an intermediate ca, and a signed server certificate.

The Golang test implementation looks like this (and reveals the above error)

//go:embed testdata/x.p12
var x_p12 []byte

func TestCertificateChain(t *testing.T) {
	password := []byte("password")
	selfSignedCert := bytes.NewReader(x_p12)

	keyStore := New()
	err := keyStore.Load(selfSignedCert, password)
	require.NoError(t, err)  // here the error is captured, originating from the go-pkcs12 lib.

	for _, alias := range keyStore.Aliases() {
		chain, err := keyStore.GetPrivateKeyEntryCertificateChain(alias)
		require.NoError(t, err)

		assert.NotNil(t, chain)
	}
}

[nitram509]

@pavlo-v-chernykh would you be open to split this feature?
I mean as a first step and release of keystore-goI could complete the features for reading certificate truststores only.
And at a later point in time, the ability/feature of reading certificate chains would be added.
What do you think?