[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 2/9] tests: add more helper macros for creating TLS x509 certs
|
From: |
Daniel P . Berrangé |
|
Subject: |
[PATCH v3 2/9] tests: add more helper macros for creating TLS x509 certs |
|
Date: |
Tue, 26 Apr 2022 17:00:41 +0100 |
These macros are more suited to the general consumers of certs in the
test suite, where we don't need to exercise every single possible
permutation.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/unit/crypto-tls-x509-helpers.h | 53 ++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/tests/unit/crypto-tls-x509-helpers.h
b/tests/unit/crypto-tls-x509-helpers.h
index cf6329e653..247e7160eb 100644
--- a/tests/unit/crypto-tls-x509-helpers.h
+++ b/tests/unit/crypto-tls-x509-helpers.h
@@ -26,6 +26,9 @@
#include <libtasn1.h>
+#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client"
+#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client"
+
/*
* This contains parameter about how to generate
* certificates.
@@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile);
}; \
test_tls_generate_cert(&varname, NULL)
+# define TLS_ROOT_REQ_SIMPLE(varname, fname) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = "qemu-CA", \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = true, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \
+ }; \
+ test_tls_generate_cert(&varname, NULL)
+
+# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = cname, \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = false, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = \
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
+ .keyPurposeEnable = true, \
+ .keyPurposeCritical = true, \
+ .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \
+ }; \
+ test_tls_generate_cert(&varname, cavarname.crt)
+
+# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \
+ hostname, ipaddr) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = hostname ? hostname : ipaddr, \
+ .altname1 = hostname, \
+ .ipaddr1 = ipaddr, \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = false, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = \
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
+ .keyPurposeEnable = true, \
+ .keyPurposeCritical = true, \
+ .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \
+ }; \
+ test_tls_generate_cert(&varname, cavarname.crt)
+
extern const asn1_static_node pkix_asn1_tab[];
#endif
--
2.35.1
- [PATCH v3 0/9] tests: introduce testing coverage for TLS with migration, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 1/9] tests: fix encoding of IP addresses in x509 certs, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 9/9] tests: ensure migration status isn't reported as failed, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 3/9] tests: add migration tests of TLS with PSK credentials, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 4/9] tests: add migration tests of TLS with x509 credentials, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 8/9] tests: add multifd migration tests of TLS with x509 credentials, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 2/9] tests: add more helper macros for creating TLS x509 certs,
Daniel P . Berrangé <=
- [PATCH v3 6/9] tests: convert multifd migration tests to use common helper, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 7/9] tests: add multifd migration tests of TLS with PSK credentials, Daniel P . Berrangé, 2022/04/26
- [PATCH v3 5/9] tests: convert XBZRLE migration test to use common helper, Daniel P . Berrangé, 2022/04/26
- Re: [PATCH v3 0/9] tests: introduce testing coverage for TLS with migration, Dr. David Alan Gilbert, 2022/04/28