1 /* 2 * Copyright (C) 2015 Red Hat, Inc. 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library. If not, see 16 * <http://www.gnu.org/licenses/>. 17 * 18 * Author: Daniel P. Berrange <berrange@redhat.com> 19 */ 20 21 #include <gnutls/gnutls.h> 22 #include <gnutls/x509.h> 23 24 #if !(defined WIN32) && \ 25 defined(CONFIG_TASN1) 26 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT 27 #endif 28 29 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT 30 # include <libtasn1.h> 31 32 33 /* 34 * This contains parameter about how to generate 35 * certificates. 36 */ 37 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq; 38 struct QCryptoTLSTestCertReq { 39 gnutls_x509_crt_t crt; 40 41 const char *filename; 42 43 /* Identifying information */ 44 const char *country; 45 const char *cn; 46 const char *altname1; 47 const char *altname2; 48 const char *ipaddr1; 49 const char *ipaddr2; 50 51 /* Basic constraints */ 52 bool basicConstraintsEnable; 53 bool basicConstraintsCritical; 54 bool basicConstraintsIsCA; 55 56 /* Key usage */ 57 bool keyUsageEnable; 58 bool keyUsageCritical; 59 int keyUsageValue; 60 61 /* Key purpose (aka Extended key usage) */ 62 bool keyPurposeEnable; 63 bool keyPurposeCritical; 64 const char *keyPurposeOID1; 65 const char *keyPurposeOID2; 66 67 /* zero for current time, or non-zero for hours from now */ 68 int start_offset; 69 /* zero for 24 hours from now, or non-zero for hours from now */ 70 int expire_offset; 71 }; 72 73 void test_tls_generate_cert(QCryptoTLSTestCertReq *req, 74 gnutls_x509_crt_t ca); 75 void test_tls_write_cert_chain(const char *filename, 76 gnutls_x509_crt_t *certs, 77 size_t ncerts); 78 void test_tls_discard_cert(QCryptoTLSTestCertReq *req); 79 80 void test_tls_init(const char *keyfile); 81 void test_tls_cleanup(const char *keyfile); 82 83 # define TLS_CERT_REQ(varname, cavarname, \ 84 country, commonname, \ 85 altname1, altname2, \ 86 ipaddr1, ipaddr2, \ 87 basicconsenable, basicconscritical, basicconsca, \ 88 keyusageenable, keyusagecritical, keyusagevalue, \ 89 keypurposeenable, keypurposecritical, \ 90 keypurposeoid1, keypurposeoid2, \ 91 startoffset, endoffset) \ 92 static QCryptoTLSTestCertReq varname = { \ 93 NULL, WORKDIR #varname "-ctx.pem", \ 94 country, commonname, altname1, altname2, \ 95 ipaddr1, ipaddr2, \ 96 basicconsenable, basicconscritical, basicconsca, \ 97 keyusageenable, keyusagecritical, keyusagevalue, \ 98 keypurposeenable, keypurposecritical, \ 99 keypurposeoid1, keypurposeoid2, \ 100 startoffset, endoffset \ 101 }; \ 102 test_tls_generate_cert(&varname, cavarname.crt) 103 104 # define TLS_ROOT_REQ(varname, \ 105 country, commonname, \ 106 altname1, altname2, \ 107 ipaddr1, ipaddr2, \ 108 basicconsenable, basicconscritical, basicconsca, \ 109 keyusageenable, keyusagecritical, keyusagevalue, \ 110 keypurposeenable, keypurposecritical, \ 111 keypurposeoid1, keypurposeoid2, \ 112 startoffset, endoffset) \ 113 static QCryptoTLSTestCertReq varname = { \ 114 NULL, WORKDIR #varname "-ctx.pem", \ 115 country, commonname, altname1, altname2, \ 116 ipaddr1, ipaddr2, \ 117 basicconsenable, basicconscritical, basicconsca, \ 118 keyusageenable, keyusagecritical, keyusagevalue, \ 119 keypurposeenable, keypurposecritical, \ 120 keypurposeoid1, keypurposeoid2, \ 121 startoffset, endoffset \ 122 }; \ 123 test_tls_generate_cert(&varname, NULL) 124 125 extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; 126 127 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */ 128