tests/qemu-iotests/common.tls

   1 #!/bin/bash
   2 #
   3 # Helpers for TLS related config
   4 #
   5 # Copyright (C) 2018 Red Hat, Inc.
   6 #
   7 # This program is free software; you can redistribute it and/or modify
   8 # it under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation; either version 2 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # This program is distributed in the hope that it will be useful,
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 # GNU General Public License for more details.
  16 #
  17 # You should have received a copy of the GNU General Public License
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 #
  20
  21 tls_dir="${TEST_DIR}/tls"
  22
  23 tls_x509_cleanup()
  24 {
  25     rm -f "${tls_dir}"/*.pem
  26     rm -f "${tls_dir}"/*/*.pem
  27     rmdir "${tls_dir}"/*
  28     rmdir "${tls_dir}"
  29 }
  30
  31
  32 tls_x509_init()
  33 {
  34     (certtool --help) >/dev/null 2>&1 || \
  35         _notrun "certtool utility not found, skipping test"
  36
  37     mkdir -p "${tls_dir}"
  38
  39     # use a fixed key so we don't waste system entropy on
  40     # each test run
  41     cat > "${tls_dir}/key.pem" <<EOF
  42 -----BEGIN PRIVATE KEY-----
  43 MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr
  44 BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE
  45 Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9
  46 rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc
  47 kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL
  48 IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H
  49 myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn
  50 2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO
  51 m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J
  52 bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK
  53 mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA
  54 Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa
  55 L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd
  56 a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W
  57 nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp
  58 dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci
  59 -----END PRIVATE KEY-----
  60 EOF
  61 }
  62
  63
  64 tls_x509_create_root_ca()
  65 {
  66     name=${1:-ca-cert}
  67
  68     cat > "${tls_dir}/ca.info" <<EOF
  69 cn = Cthulhu Dark Lord Enterprises $name
  70 ca
  71 cert_signing_key
  72 EOF
  73
  74     certtool --generate-self-signed \
  75              --load-privkey "${tls_dir}/key.pem" \
  76              --template "${tls_dir}/ca.info" \
  77              --outfile "${tls_dir}/$name-cert.pem" 2>&1 | head -1
  78
  79     rm -f "${tls_dir}/ca.info"
  80 }
  81
  82
  83 tls_x509_create_server()
  84 {
  85     caname=$1
  86     name=$2
  87
  88     mkdir -p "${tls_dir}/$name"
  89     cat > "${tls_dir}/cert.info" <<EOF
  90 organization = Cthulhu Dark Lord Enterprises $name
  91 cn = localhost
  92 dns_name = localhost
  93 dns_name = localhost.localdomain
  94 ip_address = 127.0.0.1
  95 ip_address = ::1
  96 tls_www_server
  97 encryption_key
  98 signing_key
  99 EOF
 100
 101     certtool --generate-certificate \
 102              --load-ca-privkey "${tls_dir}/key.pem" \
 103              --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
 104              --load-privkey "${tls_dir}/key.pem" \
 105              --template "${tls_dir}/cert.info" \
 106              --outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | head -1
 107     ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
 108     ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem"
 109
 110     rm -f "${tls_dir}/cert.info"
 111 }
 112
 113
 114 tls_x509_create_client()
 115 {
 116     caname=$1
 117     name=$2
 118
 119     mkdir -p "${tls_dir}/$name"
 120     cat > "${tls_dir}/cert.info" <<EOF
 121 country = South Pacific
 122 locality =  R'lyeh
 123 organization = Cthulhu Dark Lord Enterprises $name
 124 cn = localhost
 125 tls_www_client
 126 encryption_key
 127 signing_key
 128 EOF
 129
 130     certtool --generate-certificate \
 131              --load-ca-privkey "${tls_dir}/key.pem" \
 132              --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
 133              --load-privkey "${tls_dir}/key.pem" \
 134              --template "${tls_dir}/cert.info" \
 135              --outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | head -1
 136     ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
 137     ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem"
 138
 139     rm -f "${tls_dir}/cert.info"
 140 }