2 * Copyright (C) 2015 Red Hat, Inc.
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library. If not, see
16 * <http://www.gnu.org/licenses/>.
18 * Author: Daniel P. Berrange <berrange@redhat.com>
21 #ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H
22 #define TESTS_CRYPTO_TLS_X509_HELPERS_H
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
27 #if !(defined WIN32) && \
29 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT
32 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
33 # include <libtasn1.h>
37 * This contains parameter about how to generate
40 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq
;
41 struct QCryptoTLSTestCertReq
{
42 gnutls_x509_crt_t crt
;
46 /* Identifying information */
54 /* Basic constraints */
55 bool basicConstraintsEnable
;
56 bool basicConstraintsCritical
;
57 bool basicConstraintsIsCA
;
61 bool keyUsageCritical
;
64 /* Key purpose (aka Extended key usage) */
65 bool keyPurposeEnable
;
66 bool keyPurposeCritical
;
67 const char *keyPurposeOID1
;
68 const char *keyPurposeOID2
;
70 /* zero for current time, or non-zero for hours from now */
72 /* zero for 24 hours from now, or non-zero for hours from now */
76 void test_tls_generate_cert(QCryptoTLSTestCertReq
*req
,
77 gnutls_x509_crt_t ca
);
78 void test_tls_write_cert_chain(const char *filename
,
79 gnutls_x509_crt_t
*certs
,
81 void test_tls_discard_cert(QCryptoTLSTestCertReq
*req
);
83 void test_tls_init(const char *keyfile
);
84 void test_tls_cleanup(const char *keyfile
);
86 # define TLS_CERT_REQ(varname, cavarname, \
87 country, commonname, \
90 basicconsenable, basicconscritical, basicconsca, \
91 keyusageenable, keyusagecritical, keyusagevalue, \
92 keypurposeenable, keypurposecritical, \
93 keypurposeoid1, keypurposeoid2, \
94 startoffset, endoffset) \
95 static QCryptoTLSTestCertReq varname = { \
96 NULL, WORKDIR #varname "-ctx.pem", \
97 country, commonname, altname1, altname2, \
99 basicconsenable, basicconscritical, basicconsca, \
100 keyusageenable, keyusagecritical, keyusagevalue, \
101 keypurposeenable, keypurposecritical, \
102 keypurposeoid1, keypurposeoid2, \
103 startoffset, endoffset \
105 test_tls_generate_cert(&varname, cavarname.crt)
107 # define TLS_ROOT_REQ(varname, \
108 country, commonname, \
109 altname1, altname2, \
111 basicconsenable, basicconscritical, basicconsca, \
112 keyusageenable, keyusagecritical, keyusagevalue, \
113 keypurposeenable, keypurposecritical, \
114 keypurposeoid1, keypurposeoid2, \
115 startoffset, endoffset) \
116 static QCryptoTLSTestCertReq varname = { \
117 NULL, WORKDIR #varname "-ctx.pem", \
118 country, commonname, altname1, altname2, \
120 basicconsenable, basicconscritical, basicconsca, \
121 keyusageenable, keyusagecritical, keyusagevalue, \
122 keypurposeenable, keypurposecritical, \
123 keypurposeoid1, keypurposeoid2, \
124 startoffset, endoffset \
126 test_tls_generate_cert(&varname, NULL)
128 extern const ASN1_ARRAY_TYPE pkix_asn1_tab
[];
130 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */