crypto-tls-x509-helpers.h (5277B)
1/* 2 * Copyright (C) 2015 Red Hat, Inc. 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library. If not, see 16 * <http://www.gnu.org/licenses/>. 17 * 18 * Author: Daniel P. Berrange <berrange@redhat.com> 19 */ 20 21#ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H 22#define TESTS_CRYPTO_TLS_X509_HELPERS_H 23 24#include <gnutls/gnutls.h> 25#include <gnutls/x509.h> 26#include <libtasn1.h> 27 28 29/* 30 * This contains parameter about how to generate 31 * certificates. 32 */ 33typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq; 34struct QCryptoTLSTestCertReq { 35 gnutls_x509_crt_t crt; 36 37 const char *filename; 38 39 /* Identifying information */ 40 const char *country; 41 const char *cn; 42 const char *altname1; 43 const char *altname2; 44 const char *ipaddr1; 45 const char *ipaddr2; 46 47 /* Basic constraints */ 48 bool basicConstraintsEnable; 49 bool basicConstraintsCritical; 50 bool basicConstraintsIsCA; 51 52 /* Key usage */ 53 bool keyUsageEnable; 54 bool keyUsageCritical; 55 int keyUsageValue; 56 57 /* Key purpose (aka Extended key usage) */ 58 bool keyPurposeEnable; 59 bool keyPurposeCritical; 60 const char *keyPurposeOID1; 61 const char *keyPurposeOID2; 62 63 /* zero for current time, or non-zero for hours from now */ 64 int start_offset; 65 /* zero for 24 hours from now, or non-zero for hours from now */ 66 int expire_offset; 67}; 68 69void test_tls_generate_cert(QCryptoTLSTestCertReq *req, 70 gnutls_x509_crt_t ca); 71void test_tls_write_cert_chain(const char *filename, 72 gnutls_x509_crt_t *certs, 73 size_t ncerts); 74void test_tls_discard_cert(QCryptoTLSTestCertReq *req); 75 76void test_tls_init(const char *keyfile); 77void test_tls_cleanup(const char *keyfile); 78 79# define TLS_CERT_REQ(varname, cavarname, \ 80 country, commonname, \ 81 altname1, altname2, \ 82 ipaddr1, ipaddr2, \ 83 basicconsenable, basicconscritical, basicconsca, \ 84 keyusageenable, keyusagecritical, keyusagevalue, \ 85 keypurposeenable, keypurposecritical, \ 86 keypurposeoid1, keypurposeoid2, \ 87 startoffset, endoffset) \ 88 static QCryptoTLSTestCertReq varname = { \ 89 NULL, WORKDIR #varname "-ctx.pem", \ 90 country, commonname, altname1, altname2, \ 91 ipaddr1, ipaddr2, \ 92 basicconsenable, basicconscritical, basicconsca, \ 93 keyusageenable, keyusagecritical, keyusagevalue, \ 94 keypurposeenable, keypurposecritical, \ 95 keypurposeoid1, keypurposeoid2, \ 96 startoffset, endoffset \ 97 }; \ 98 test_tls_generate_cert(&varname, cavarname.crt) 99 100# define TLS_ROOT_REQ(varname, \ 101 country, commonname, \ 102 altname1, altname2, \ 103 ipaddr1, ipaddr2, \ 104 basicconsenable, basicconscritical, basicconsca, \ 105 keyusageenable, keyusagecritical, keyusagevalue, \ 106 keypurposeenable, keypurposecritical, \ 107 keypurposeoid1, keypurposeoid2, \ 108 startoffset, endoffset) \ 109 static QCryptoTLSTestCertReq varname = { \ 110 NULL, WORKDIR #varname "-ctx.pem", \ 111 country, commonname, altname1, altname2, \ 112 ipaddr1, ipaddr2, \ 113 basicconsenable, basicconscritical, basicconsca, \ 114 keyusageenable, keyusagecritical, keyusagevalue, \ 115 keypurposeenable, keypurposecritical, \ 116 keypurposeoid1, keypurposeoid2, \ 117 startoffset, endoffset \ 118 }; \ 119 test_tls_generate_cert(&varname, NULL) 120 121extern const asn1_static_node pkix_asn1_tab[]; 122 123#endif