1 /*
2  * Copyright (C) 2015 Red Hat, Inc.
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library.  If not, see
16  * <http://www.gnu.org/licenses/>.
17  *
18  * Author: Daniel P. Berrange <berrange@redhat.com>
19  */
20 
21 #ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H
22 #define TESTS_CRYPTO_TLS_X509_HELPERS_H
23 
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
26 
27 #if !(defined WIN32) && \
28     defined(CONFIG_TASN1)
29 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT
30 #endif
31 
32 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
33 # include <libtasn1.h>
34 
35 
36 /*
37  * This contains parameter about how to generate
38  * certificates.
39  */
40 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
41 struct QCryptoTLSTestCertReq {
42     gnutls_x509_crt_t crt;
43 
44     const char *filename;
45 
46     /* Identifying information */
47     const char *country;
48     const char *cn;
49     const char *altname1;
50     const char *altname2;
51     const char *ipaddr1;
52     const char *ipaddr2;
53 
54     /* Basic constraints */
55     bool basicConstraintsEnable;
56     bool basicConstraintsCritical;
57     bool basicConstraintsIsCA;
58 
59     /* Key usage */
60     bool keyUsageEnable;
61     bool keyUsageCritical;
62     int keyUsageValue;
63 
64     /* Key purpose (aka Extended key usage) */
65     bool keyPurposeEnable;
66     bool keyPurposeCritical;
67     const char *keyPurposeOID1;
68     const char *keyPurposeOID2;
69 
70     /* zero for current time, or non-zero for hours from now */
71     int start_offset;
72     /* zero for 24 hours from now, or non-zero for hours from now */
73     int expire_offset;
74 };
75 
76 void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
77                             gnutls_x509_crt_t ca);
78 void test_tls_write_cert_chain(const char *filename,
79                                gnutls_x509_crt_t *certs,
80                                size_t ncerts);
81 void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
82 
83 void test_tls_init(const char *keyfile);
84 void test_tls_cleanup(const char *keyfile);
85 
86 # define TLS_CERT_REQ(varname, cavarname,                               \
87                       country, commonname,                              \
88                       altname1, altname2,                               \
89                       ipaddr1, ipaddr2,                                 \
90                       basicconsenable, basicconscritical, basicconsca,  \
91                       keyusageenable, keyusagecritical, keyusagevalue,  \
92                       keypurposeenable, keypurposecritical,             \
93                       keypurposeoid1, keypurposeoid2,                   \
94                       startoffset, endoffset)                           \
95     static QCryptoTLSTestCertReq varname = {                            \
96         NULL, WORKDIR #varname "-ctx.pem",                              \
97         country, commonname, altname1, altname2,                        \
98         ipaddr1, ipaddr2,                                               \
99         basicconsenable, basicconscritical, basicconsca,                \
100         keyusageenable, keyusagecritical, keyusagevalue,                \
101         keypurposeenable, keypurposecritical,                           \
102         keypurposeoid1, keypurposeoid2,                                 \
103         startoffset, endoffset                                          \
104     };                                                                  \
105     test_tls_generate_cert(&varname, cavarname.crt)
106 
107 # define TLS_ROOT_REQ(varname,                                          \
108                       country, commonname,                              \
109                       altname1, altname2,                               \
110                       ipaddr1, ipaddr2,                                 \
111                       basicconsenable, basicconscritical, basicconsca,  \
112                       keyusageenable, keyusagecritical, keyusagevalue,  \
113                       keypurposeenable, keypurposecritical,             \
114                       keypurposeoid1, keypurposeoid2,                   \
115                       startoffset, endoffset)                           \
116     static QCryptoTLSTestCertReq varname = {                            \
117         NULL, WORKDIR #varname "-ctx.pem",                              \
118         country, commonname, altname1, altname2,                        \
119         ipaddr1, ipaddr2,                                               \
120         basicconsenable, basicconscritical, basicconsca,                \
121         keyusageenable, keyusagecritical, keyusagevalue,                \
122         keypurposeenable, keypurposecritical,                           \
123         keypurposeoid1, keypurposeoid2,                                 \
124         startoffset, endoffset                                          \
125     };                                                                  \
126     test_tls_generate_cert(&varname, NULL)
127 
128 extern const asn1_static_node pkix_asn1_tab[];
129 
130 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
131 
132 #endif
133