OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

tests: add more helper macros for creating TLS x509 certs 

These macros are more suited to the general consumers of certs in the
test suite, where we don't need to exercise every single possible
permutation.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220426160048.812266-3-berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2022-04-26 17:00:41 +01:00 committed by Dr. David Alan Gilbert
parent c98ce274db
commit 5bc6364bfb
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
tests/unit/crypto-tls-x509-helpers.h
View File

@ -26,6 +26,9 @@
#include <libtasn1.h>
#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client"
#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client"
/*
* This contains parameter about how to generate
* certificates.
@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile);
}; \
test_tls_generate_cert(&varname, NULL)
# define TLS_ROOT_REQ_SIMPLE(varname, fname) \
QCryptoTLSTestCertReq varname = { \
.filename = fname, \
.cn = "qemu-CA", \
.basicConstraintsEnable = true, \
.basicConstraintsCritical = true, \
.basicConstraintsIsCA = true, \
.keyUsageEnable = true, \
.keyUsageCritical = true, \
.keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \
}; \
test_tls_generate_cert(&varname, NULL)
# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \
QCryptoTLSTestCertReq varname = { \
.filename = fname, \
.cn = cname, \
.basicConstraintsEnable = true, \
.basicConstraintsCritical = true, \
.basicConstraintsIsCA = false, \
.keyUsageEnable = true, \
.keyUsageCritical = true, \
.keyUsageValue = \
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
.keyPurposeEnable = true, \
.keyPurposeCritical = true, \
.keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \
}; \
test_tls_generate_cert(&varname, cavarname.crt)
# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \
hostname, ipaddr) \
QCryptoTLSTestCertReq varname = { \
.filename = fname, \
.cn = hostname ? hostname : ipaddr, \
.altname1 = hostname, \
.ipaddr1 = ipaddr, \
.basicConstraintsEnable = true, \
.basicConstraintsCritical = true, \
.basicConstraintsIsCA = false, \
.keyUsageEnable = true, \
.keyUsageCritical = true, \
.keyUsageValue = \
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
.keyPurposeEnable = true, \
.keyPurposeCritical = true, \
.keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \
}; \
test_tls_generate_cert(&varname, cavarname.crt)
extern const asn1_static_node pkix_asn1_tab[];
#endif