qemu-e2k/tests/qemu-iotests/common.tls
Eric Blake 155af09d44 iotests: Skip 233 if certtool not installed
The use of TLS while building qemu is optional. While the
'certtool' binary should be available on every platform that
supports building against TLS, that does not imply that the
developer has installed it.  Make the test gracefully skip
in that case.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-11-21 15:17:37 +01:00

141 lines
4.0 KiB
Bash

#!/bin/bash
#
# Helpers for TLS related config
#
# Copyright (C) 2018 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
tls_dir="${TEST_DIR}/tls"
tls_x509_cleanup()
{
rm -f "${tls_dir}"/*.pem
rm -f "${tls_dir}"/*/*.pem
rmdir "${tls_dir}"/*
rmdir "${tls_dir}"
}
tls_x509_init()
{
(certtool --help) >/dev/null 2>&1 || \
_notrun "certtool utility not found, skipping test"
mkdir -p "${tls_dir}"
# use a fixed key so we don't waste system entropy on
# each test run
cat > "${tls_dir}/key.pem" <<EOF
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr
BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE
Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9
rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc
kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL
IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H
myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn
2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO
m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J
bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK
mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA
Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa
L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd
a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W
nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp
dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci
-----END PRIVATE KEY-----
EOF
}
tls_x509_create_root_ca()
{
name=${1:-ca-cert}
cat > "${tls_dir}/ca.info" <<EOF
cn = Cthulhu Dark Lord Enterprises $name
ca
cert_signing_key
EOF
certtool --generate-self-signed \
--load-privkey "${tls_dir}/key.pem" \
--template "${tls_dir}/ca.info" \
--outfile "${tls_dir}/$name-cert.pem" 2>&1 | head -1
rm -f "${tls_dir}/ca.info"
}
tls_x509_create_server()
{
caname=$1
name=$2
mkdir -p "${tls_dir}/$name"
cat > "${tls_dir}/cert.info" <<EOF
organization = Cthulhu Dark Lord Enterprises $name
cn = localhost
dns_name = localhost
dns_name = localhost.localdomain
ip_address = 127.0.0.1
ip_address = ::1
tls_www_server
encryption_key
signing_key
EOF
certtool --generate-certificate \
--load-ca-privkey "${tls_dir}/key.pem" \
--load-ca-certificate "${tls_dir}/$caname-cert.pem" \
--load-privkey "${tls_dir}/key.pem" \
--template "${tls_dir}/cert.info" \
--outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | head -1
ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem"
rm -f "${tls_dir}/cert.info"
}
tls_x509_create_client()
{
caname=$1
name=$2
mkdir -p "${tls_dir}/$name"
cat > "${tls_dir}/cert.info" <<EOF
country = South Pacific
locality = R'lyeh
organization = Cthulhu Dark Lord Enterprises $name
cn = localhost
tls_www_client
encryption_key
signing_key
EOF
certtool --generate-certificate \
--load-ca-privkey "${tls_dir}/key.pem" \
--load-ca-certificate "${tls_dir}/$caname-cert.pem" \
--load-privkey "${tls_dir}/key.pem" \
--template "${tls_dir}/cert.info" \
--outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | head -1
ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem"
rm -f "${tls_dir}/cert.info"
}