19a2fd434SDaniel P. Berrange /* 29a2fd434SDaniel P. Berrange * Copyright (C) 2015 Red Hat, Inc. 39a2fd434SDaniel P. Berrange * 49a2fd434SDaniel P. Berrange * This library is free software; you can redistribute it and/or 59a2fd434SDaniel P. Berrange * modify it under the terms of the GNU Lesser General Public 69a2fd434SDaniel P. Berrange * License as published by the Free Software Foundation; either 79a2fd434SDaniel P. Berrange * version 2.1 of the License, or (at your option) any later version. 89a2fd434SDaniel P. Berrange * 99a2fd434SDaniel P. Berrange * This library is distributed in the hope that it will be useful, 109a2fd434SDaniel P. Berrange * but WITHOUT ANY WARRANTY; without even the implied warranty of 119a2fd434SDaniel P. Berrange * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 129a2fd434SDaniel P. Berrange * Lesser General Public License for more details. 139a2fd434SDaniel P. Berrange * 149a2fd434SDaniel P. Berrange * You should have received a copy of the GNU Lesser General Public 159a2fd434SDaniel P. Berrange * License along with this library. If not, see 169a2fd434SDaniel P. Berrange * <http://www.gnu.org/licenses/>. 179a2fd434SDaniel P. Berrange * 189a2fd434SDaniel P. Berrange * Author: Daniel P. Berrange <berrange@redhat.com> 199a2fd434SDaniel P. Berrange */ 209a2fd434SDaniel P. Berrange 21f91005e1SMarkus Armbruster #ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H 22f91005e1SMarkus Armbruster #define TESTS_CRYPTO_TLS_X509_HELPERS_H 23f91005e1SMarkus Armbruster 249a2fd434SDaniel P. Berrange #include <gnutls/gnutls.h> 259a2fd434SDaniel P. Berrange #include <gnutls/x509.h> 269a2fd434SDaniel P. Berrange 279a2fd434SDaniel P. Berrange #if !(defined WIN32) && \ 28a0722409SDaniel P. Berrangé defined(CONFIG_TASN1) 299a2fd434SDaniel P. Berrange # define QCRYPTO_HAVE_TLS_TEST_SUPPORT 309a2fd434SDaniel P. Berrange #endif 319a2fd434SDaniel P. Berrange 329a2fd434SDaniel P. Berrange #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT 339a2fd434SDaniel P. Berrange # include <libtasn1.h> 349a2fd434SDaniel P. Berrange 359a2fd434SDaniel P. Berrange 369a2fd434SDaniel P. Berrange /* 379a2fd434SDaniel P. Berrange * This contains parameter about how to generate 389a2fd434SDaniel P. Berrange * certificates. 399a2fd434SDaniel P. Berrange */ 409a2fd434SDaniel P. Berrange typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq; 419a2fd434SDaniel P. Berrange struct QCryptoTLSTestCertReq { 429a2fd434SDaniel P. Berrange gnutls_x509_crt_t crt; 439a2fd434SDaniel P. Berrange 449a2fd434SDaniel P. Berrange const char *filename; 459a2fd434SDaniel P. Berrange 469a2fd434SDaniel P. Berrange /* Identifying information */ 479a2fd434SDaniel P. Berrange const char *country; 489a2fd434SDaniel P. Berrange const char *cn; 499a2fd434SDaniel P. Berrange const char *altname1; 509a2fd434SDaniel P. Berrange const char *altname2; 519a2fd434SDaniel P. Berrange const char *ipaddr1; 529a2fd434SDaniel P. Berrange const char *ipaddr2; 539a2fd434SDaniel P. Berrange 549a2fd434SDaniel P. Berrange /* Basic constraints */ 559a2fd434SDaniel P. Berrange bool basicConstraintsEnable; 569a2fd434SDaniel P. Berrange bool basicConstraintsCritical; 579a2fd434SDaniel P. Berrange bool basicConstraintsIsCA; 589a2fd434SDaniel P. Berrange 599a2fd434SDaniel P. Berrange /* Key usage */ 609a2fd434SDaniel P. Berrange bool keyUsageEnable; 619a2fd434SDaniel P. Berrange bool keyUsageCritical; 629a2fd434SDaniel P. Berrange int keyUsageValue; 639a2fd434SDaniel P. Berrange 649a2fd434SDaniel P. Berrange /* Key purpose (aka Extended key usage) */ 659a2fd434SDaniel P. Berrange bool keyPurposeEnable; 669a2fd434SDaniel P. Berrange bool keyPurposeCritical; 679a2fd434SDaniel P. Berrange const char *keyPurposeOID1; 689a2fd434SDaniel P. Berrange const char *keyPurposeOID2; 699a2fd434SDaniel P. Berrange 709a2fd434SDaniel P. Berrange /* zero for current time, or non-zero for hours from now */ 719a2fd434SDaniel P. Berrange int start_offset; 729a2fd434SDaniel P. Berrange /* zero for 24 hours from now, or non-zero for hours from now */ 739a2fd434SDaniel P. Berrange int expire_offset; 749a2fd434SDaniel P. Berrange }; 759a2fd434SDaniel P. Berrange 769a2fd434SDaniel P. Berrange void test_tls_generate_cert(QCryptoTLSTestCertReq *req, 779a2fd434SDaniel P. Berrange gnutls_x509_crt_t ca); 789a2fd434SDaniel P. Berrange void test_tls_write_cert_chain(const char *filename, 799a2fd434SDaniel P. Berrange gnutls_x509_crt_t *certs, 809a2fd434SDaniel P. Berrange size_t ncerts); 819a2fd434SDaniel P. Berrange void test_tls_discard_cert(QCryptoTLSTestCertReq *req); 829a2fd434SDaniel P. Berrange 839a2fd434SDaniel P. Berrange void test_tls_init(const char *keyfile); 849a2fd434SDaniel P. Berrange void test_tls_cleanup(const char *keyfile); 859a2fd434SDaniel P. Berrange 869a2fd434SDaniel P. Berrange # define TLS_CERT_REQ(varname, cavarname, \ 879a2fd434SDaniel P. Berrange country, commonname, \ 889a2fd434SDaniel P. Berrange altname1, altname2, \ 899a2fd434SDaniel P. Berrange ipaddr1, ipaddr2, \ 909a2fd434SDaniel P. Berrange basicconsenable, basicconscritical, basicconsca, \ 919a2fd434SDaniel P. Berrange keyusageenable, keyusagecritical, keyusagevalue, \ 929a2fd434SDaniel P. Berrange keypurposeenable, keypurposecritical, \ 939a2fd434SDaniel P. Berrange keypurposeoid1, keypurposeoid2, \ 949a2fd434SDaniel P. Berrange startoffset, endoffset) \ 959a2fd434SDaniel P. Berrange static QCryptoTLSTestCertReq varname = { \ 969a2fd434SDaniel P. Berrange NULL, WORKDIR #varname "-ctx.pem", \ 979a2fd434SDaniel P. Berrange country, commonname, altname1, altname2, \ 989a2fd434SDaniel P. Berrange ipaddr1, ipaddr2, \ 999a2fd434SDaniel P. Berrange basicconsenable, basicconscritical, basicconsca, \ 1009a2fd434SDaniel P. Berrange keyusageenable, keyusagecritical, keyusagevalue, \ 1019a2fd434SDaniel P. Berrange keypurposeenable, keypurposecritical, \ 1029a2fd434SDaniel P. Berrange keypurposeoid1, keypurposeoid2, \ 1039a2fd434SDaniel P. Berrange startoffset, endoffset \ 1049a2fd434SDaniel P. Berrange }; \ 1059a2fd434SDaniel P. Berrange test_tls_generate_cert(&varname, cavarname.crt) 1069a2fd434SDaniel P. Berrange 1079a2fd434SDaniel P. Berrange # define TLS_ROOT_REQ(varname, \ 1089a2fd434SDaniel P. Berrange country, commonname, \ 1099a2fd434SDaniel P. Berrange altname1, altname2, \ 1109a2fd434SDaniel P. Berrange ipaddr1, ipaddr2, \ 1119a2fd434SDaniel P. Berrange basicconsenable, basicconscritical, basicconsca, \ 1129a2fd434SDaniel P. Berrange keyusageenable, keyusagecritical, keyusagevalue, \ 1139a2fd434SDaniel P. Berrange keypurposeenable, keypurposecritical, \ 1149a2fd434SDaniel P. Berrange keypurposeoid1, keypurposeoid2, \ 1159a2fd434SDaniel P. Berrange startoffset, endoffset) \ 1169a2fd434SDaniel P. Berrange static QCryptoTLSTestCertReq varname = { \ 1179a2fd434SDaniel P. Berrange NULL, WORKDIR #varname "-ctx.pem", \ 1189a2fd434SDaniel P. Berrange country, commonname, altname1, altname2, \ 1199a2fd434SDaniel P. Berrange ipaddr1, ipaddr2, \ 1209a2fd434SDaniel P. Berrange basicconsenable, basicconscritical, basicconsca, \ 1219a2fd434SDaniel P. Berrange keyusageenable, keyusagecritical, keyusagevalue, \ 1229a2fd434SDaniel P. Berrange keypurposeenable, keypurposecritical, \ 1239a2fd434SDaniel P. Berrange keypurposeoid1, keypurposeoid2, \ 1249a2fd434SDaniel P. Berrange startoffset, endoffset \ 1259a2fd434SDaniel P. Berrange }; \ 1269a2fd434SDaniel P. Berrange test_tls_generate_cert(&varname, NULL) 1279a2fd434SDaniel P. Berrange 128*ecb98f5cSStefan Weil extern const asn1_static_node pkix_asn1_tab[]; 1299a2fd434SDaniel P. Berrange 1309a2fd434SDaniel P. Berrange #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */ 131f91005e1SMarkus Armbruster 132f91005e1SMarkus Armbruster #endif 133