1 /*
2  * Copyright (C) 2015 Red Hat, Inc.
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library.  If not, see
16  * <http://www.gnu.org/licenses/>.
17  *
18  * Author: Daniel P. Berrange <berrange@redhat.com>
19  */
20 
21 #ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H
22 #define TESTS_CRYPTO_TLS_X509_HELPERS_H
23 
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
26 #include <libtasn1.h>
27 
28 
29 /*
30  * This contains parameter about how to generate
31  * certificates.
32  */
33 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
34 struct QCryptoTLSTestCertReq {
35     gnutls_x509_crt_t crt;
36 
37     const char *filename;
38 
39     /* Identifying information */
40     const char *country;
41     const char *cn;
42     const char *altname1;
43     const char *altname2;
44     const char *ipaddr1;
45     const char *ipaddr2;
46 
47     /* Basic constraints */
48     bool basicConstraintsEnable;
49     bool basicConstraintsCritical;
50     bool basicConstraintsIsCA;
51 
52     /* Key usage */
53     bool keyUsageEnable;
54     bool keyUsageCritical;
55     int keyUsageValue;
56 
57     /* Key purpose (aka Extended key usage) */
58     bool keyPurposeEnable;
59     bool keyPurposeCritical;
60     const char *keyPurposeOID1;
61     const char *keyPurposeOID2;
62 
63     /* zero for current time, or non-zero for hours from now */
64     int start_offset;
65     /* zero for 24 hours from now, or non-zero for hours from now */
66     int expire_offset;
67 };
68 
69 void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
70                             gnutls_x509_crt_t ca);
71 void test_tls_write_cert_chain(const char *filename,
72                                gnutls_x509_crt_t *certs,
73                                size_t ncerts);
74 void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
75 
76 void test_tls_init(const char *keyfile);
77 void test_tls_cleanup(const char *keyfile);
78 
79 # define TLS_CERT_REQ(varname, cavarname,                               \
80                       country, commonname,                              \
81                       altname1, altname2,                               \
82                       ipaddr1, ipaddr2,                                 \
83                       basicconsenable, basicconscritical, basicconsca,  \
84                       keyusageenable, keyusagecritical, keyusagevalue,  \
85                       keypurposeenable, keypurposecritical,             \
86                       keypurposeoid1, keypurposeoid2,                   \
87                       startoffset, endoffset)                           \
88     static QCryptoTLSTestCertReq varname = {                            \
89         NULL, WORKDIR #varname "-ctx.pem",                              \
90         country, commonname, altname1, altname2,                        \
91         ipaddr1, ipaddr2,                                               \
92         basicconsenable, basicconscritical, basicconsca,                \
93         keyusageenable, keyusagecritical, keyusagevalue,                \
94         keypurposeenable, keypurposecritical,                           \
95         keypurposeoid1, keypurposeoid2,                                 \
96         startoffset, endoffset                                          \
97     };                                                                  \
98     test_tls_generate_cert(&varname, cavarname.crt)
99 
100 # define TLS_ROOT_REQ(varname,                                          \
101                       country, commonname,                              \
102                       altname1, altname2,                               \
103                       ipaddr1, ipaddr2,                                 \
104                       basicconsenable, basicconscritical, basicconsca,  \
105                       keyusageenable, keyusagecritical, keyusagevalue,  \
106                       keypurposeenable, keypurposecritical,             \
107                       keypurposeoid1, keypurposeoid2,                   \
108                       startoffset, endoffset)                           \
109     static QCryptoTLSTestCertReq varname = {                            \
110         NULL, WORKDIR #varname "-ctx.pem",                              \
111         country, commonname, altname1, altname2,                        \
112         ipaddr1, ipaddr2,                                               \
113         basicconsenable, basicconscritical, basicconsca,                \
114         keyusageenable, keyusagecritical, keyusagevalue,                \
115         keypurposeenable, keypurposecritical,                           \
116         keypurposeoid1, keypurposeoid2,                                 \
117         startoffset, endoffset                                          \
118     };                                                                  \
119     test_tls_generate_cert(&varname, NULL)
120 
121 extern const asn1_static_node pkix_asn1_tab[];
122 
123 #endif
124