1 /* 2 * Copyright (C) 2015 Red Hat, Inc. 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library. If not, see 16 * <http://www.gnu.org/licenses/>. 17 * 18 * Author: Daniel P. Berrange <berrange@redhat.com> 19 */ 20 21 #ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H 22 #define TESTS_CRYPTO_TLS_X509_HELPERS_H 23 24 #include <gnutls/gnutls.h> 25 #include <gnutls/x509.h> 26 #include <libtasn1.h> 27 28 29 /* 30 * This contains parameter about how to generate 31 * certificates. 32 */ 33 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq; 34 struct QCryptoTLSTestCertReq { 35 gnutls_x509_crt_t crt; 36 37 const char *filename; 38 39 /* Identifying information */ 40 const char *country; 41 const char *cn; 42 const char *altname1; 43 const char *altname2; 44 const char *ipaddr1; 45 const char *ipaddr2; 46 47 /* Basic constraints */ 48 bool basicConstraintsEnable; 49 bool basicConstraintsCritical; 50 bool basicConstraintsIsCA; 51 52 /* Key usage */ 53 bool keyUsageEnable; 54 bool keyUsageCritical; 55 int keyUsageValue; 56 57 /* Key purpose (aka Extended key usage) */ 58 bool keyPurposeEnable; 59 bool keyPurposeCritical; 60 const char *keyPurposeOID1; 61 const char *keyPurposeOID2; 62 63 /* zero for current time, or non-zero for hours from now */ 64 int start_offset; 65 /* zero for 24 hours from now, or non-zero for hours from now */ 66 int expire_offset; 67 }; 68 69 void test_tls_generate_cert(QCryptoTLSTestCertReq *req, 70 gnutls_x509_crt_t ca); 71 void test_tls_write_cert_chain(const char *filename, 72 gnutls_x509_crt_t *certs, 73 size_t ncerts); 74 void test_tls_discard_cert(QCryptoTLSTestCertReq *req); 75 76 void test_tls_init(const char *keyfile); 77 void test_tls_cleanup(const char *keyfile); 78 79 # define TLS_CERT_REQ(varname, cavarname, \ 80 country, commonname, \ 81 altname1, altname2, \ 82 ipaddr1, ipaddr2, \ 83 basicconsenable, basicconscritical, basicconsca, \ 84 keyusageenable, keyusagecritical, keyusagevalue, \ 85 keypurposeenable, keypurposecritical, \ 86 keypurposeoid1, keypurposeoid2, \ 87 startoffset, endoffset) \ 88 static QCryptoTLSTestCertReq varname = { \ 89 NULL, WORKDIR #varname "-ctx.pem", \ 90 country, commonname, altname1, altname2, \ 91 ipaddr1, ipaddr2, \ 92 basicconsenable, basicconscritical, basicconsca, \ 93 keyusageenable, keyusagecritical, keyusagevalue, \ 94 keypurposeenable, keypurposecritical, \ 95 keypurposeoid1, keypurposeoid2, \ 96 startoffset, endoffset \ 97 }; \ 98 test_tls_generate_cert(&varname, cavarname.crt) 99 100 # define TLS_ROOT_REQ(varname, \ 101 country, commonname, \ 102 altname1, altname2, \ 103 ipaddr1, ipaddr2, \ 104 basicconsenable, basicconscritical, basicconsca, \ 105 keyusageenable, keyusagecritical, keyusagevalue, \ 106 keypurposeenable, keypurposecritical, \ 107 keypurposeoid1, keypurposeoid2, \ 108 startoffset, endoffset) \ 109 static QCryptoTLSTestCertReq varname = { \ 110 NULL, WORKDIR #varname "-ctx.pem", \ 111 country, commonname, altname1, altname2, \ 112 ipaddr1, ipaddr2, \ 113 basicconsenable, basicconscritical, basicconsca, \ 114 keyusageenable, keyusagecritical, keyusagevalue, \ 115 keypurposeenable, keypurposecritical, \ 116 keypurposeoid1, keypurposeoid2, \ 117 startoffset, endoffset \ 118 }; \ 119 test_tls_generate_cert(&varname, NULL) 120 121 extern const asn1_static_node pkix_asn1_tab[]; 122 123 #endif 124