2 * Copyright (C) 2015 Red Hat, Inc.
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library. If not, see
16 * <http://www.gnu.org/licenses/>.
18 * Author: Daniel P. Berrange <berrange@redhat.com>
21 #include <gnutls/gnutls.h>
22 #include <gnutls/x509.h>
24 #if !(defined WIN32) && \
26 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT
29 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
30 # include <libtasn1.h>
34 * This contains parameter about how to generate
37 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq
;
38 struct QCryptoTLSTestCertReq
{
39 gnutls_x509_crt_t crt
;
43 /* Identifying information */
51 /* Basic constraints */
52 bool basicConstraintsEnable
;
53 bool basicConstraintsCritical
;
54 bool basicConstraintsIsCA
;
58 bool keyUsageCritical
;
61 /* Key purpose (aka Extended key usage) */
62 bool keyPurposeEnable
;
63 bool keyPurposeCritical
;
64 const char *keyPurposeOID1
;
65 const char *keyPurposeOID2
;
67 /* zero for current time, or non-zero for hours from now */
69 /* zero for 24 hours from now, or non-zero for hours from now */
73 void test_tls_generate_cert(QCryptoTLSTestCertReq
*req
,
74 gnutls_x509_crt_t ca
);
75 void test_tls_write_cert_chain(const char *filename
,
76 gnutls_x509_crt_t
*certs
,
78 void test_tls_discard_cert(QCryptoTLSTestCertReq
*req
);
80 void test_tls_init(const char *keyfile
);
81 void test_tls_cleanup(const char *keyfile
);
83 # define TLS_CERT_REQ(varname, cavarname, \
84 country, commonname, \
87 basicconsenable, basicconscritical, basicconsca, \
88 keyusageenable, keyusagecritical, keyusagevalue, \
89 keypurposeenable, keypurposecritical, \
90 keypurposeoid1, keypurposeoid2, \
91 startoffset, endoffset) \
92 static QCryptoTLSTestCertReq varname = { \
93 NULL, WORKDIR #varname "-ctx.pem", \
94 country, commonname, altname1, altname2, \
96 basicconsenable, basicconscritical, basicconsca, \
97 keyusageenable, keyusagecritical, keyusagevalue, \
98 keypurposeenable, keypurposecritical, \
99 keypurposeoid1, keypurposeoid2, \
100 startoffset, endoffset \
102 test_tls_generate_cert(&varname, cavarname.crt)
104 # define TLS_ROOT_REQ(varname, \
105 country, commonname, \
106 altname1, altname2, \
108 basicconsenable, basicconscritical, basicconsca, \
109 keyusageenable, keyusagecritical, keyusagevalue, \
110 keypurposeenable, keypurposecritical, \
111 keypurposeoid1, keypurposeoid2, \
112 startoffset, endoffset) \
113 static QCryptoTLSTestCertReq varname = { \
114 NULL, WORKDIR #varname "-ctx.pem", \
115 country, commonname, altname1, altname2, \
117 basicconsenable, basicconscritical, basicconsca, \
118 keyusageenable, keyusagecritical, keyusagevalue, \
119 keypurposeenable, keypurposecritical, \
120 keypurposeoid1, keypurposeoid2, \
121 startoffset, endoffset \
123 test_tls_generate_cert(&varname, NULL)
125 extern const ASN1_ARRAY_TYPE pkix_asn1_tab
[];
127 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */