nts: split creating server and client credentials

nts_ke_client.c

@@ -281,7 +281,7 @@ NKC_CreateInstance(IPSockAddr *address, const char *name)
 
   /* Share the credentials with other client instances */
   if (!client_credentials)
-    client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile());
+    client_credentials = NKSN_CreateClientCertCredentials(CNF_GetNtsTrustedCertFile());
   client_credentials_refs++;
 
   return inst;

nts_ke_server.c

@@ -742,7 +742,7 @@ NKS_Initialise(void)
     return;
 
   if (helper_sock_fd == INVALID_SOCK_FD) {
-    server_credentials = NKSN_CreateCertCredentials(cert, key, NULL);
+    server_credentials = NKSN_CreateServerCertCredentials(cert, key);
     if (!server_credentials)
       return;
   } else {

nts_ke_session.c

@@ -641,8 +641,8 @@ deinit_gnutls(void)
 
 /* ================================================== */
 
-void *
+static void *
-NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs)
+create_credentials(const char *cert, const char *key, const char *trusted_certs)
 {
   gnutls_certificate_credentials_t credentials = NULL;
   int r;
@@ -654,11 +654,15 @@ NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs)
     goto error;
 
   if (cert && key) {
+    assert(!trusted_certs);
+
     r = gnutls_certificate_set_x509_key_file(credentials, cert, key,
                                              GNUTLS_X509_FMT_PEM);
     if (r < 0)
       goto error;
   } else {
+    assert(!cert && !key);
+
     if (!CNF_GetNoSystemCert()) {
       r = gnutls_certificate_set_x509_system_trust(credentials);
       if (r < 0)
@@ -687,6 +691,22 @@ error:
 
 /* ================================================== */
 
+void *
+NKSN_CreateServerCertCredentials(const char *cert, const char *key)
+{
+  return create_credentials(cert, key, NULL);
+}
+
+/* ================================================== */
+
+void *
+NKSN_CreateClientCertCredentials(const char *trusted_certs)
+{
+  return create_credentials(NULL, NULL, trusted_certs);
+}
+
+/* ================================================== */
+
 void
 NKSN_DestroyCertCredentials(void *credentials)
 {

nts_ke_session.h

@@ -36,10 +36,11 @@ typedef struct NKSN_Instance_Record *NKSN_Instance;
    the session. */
 typedef int (*NKSN_MessageHandler)(void *arg);
 
-/* Get client or server credentials using certificates of trusted CAs,
+/* Get server or client credentials using a server certificate and key,
-   or a server certificate and key.  The credentials may be shared between
+   or certificates of trusted CAs.  The credentials may be shared between
    different clients or servers. */
-extern void *NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs);
+extern void *NKSN_CreateServerCertCredentials(const char *cert, const char *key);
+extern void *NKSN_CreateClientCertCredentials(const char *trusted_certs);
 
 /* Destroy the credentials */
 extern void NKSN_DestroyCertCredentials(void *credentials);

test/unit/nts_ke_session.c

@@ -174,8 +174,8 @@ test_unit(void)
     server = NKSN_CreateInstance(1, NULL, handle_request, NULL);
     client = NKSN_CreateInstance(0, "test", handle_response, NULL);
 
-    server_cred = NKSN_CreateCertCredentials("nts_ke.crt", "nts_ke.key", NULL);
+    server_cred = NKSN_CreateServerCertCredentials("nts_ke.crt", "nts_ke.key");
-    client_cred = NKSN_CreateCertCredentials(NULL, NULL, "nts_ke.crt");
+    client_cred = NKSN_CreateClientCertCredentials("nts_ke.crt");
 
     TEST_CHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds) == 0);
     TEST_CHECK(fcntl(sock_fds[0], F_SETFL, O_NONBLOCK) == 0);