From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Juan Quintela" <quintela@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Peter Xu" <peterx@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: [PATCH v3 2/9] tests: add more helper macros for creating TLS x509 certs
Date: Tue, 26 Apr 2022 17:00:41 +0100 [thread overview]
Message-ID: <20220426160048.812266-3-berrange@redhat.com> (raw)
In-Reply-To: <20220426160048.812266-1-berrange@redhat.com>
These macros are more suited to the general consumers of certs in the
test suite, where we don't need to exercise every single possible
permutation.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/unit/crypto-tls-x509-helpers.h | 53 ++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x509-helpers.h
index cf6329e653..247e7160eb 100644
--- a/tests/unit/crypto-tls-x509-helpers.h
+++ b/tests/unit/crypto-tls-x509-helpers.h
@@ -26,6 +26,9 @@
#include <libtasn1.h>
+#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client"
+#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client"
+
/*
* This contains parameter about how to generate
* certificates.
@@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile);
}; \
test_tls_generate_cert(&varname, NULL)
+# define TLS_ROOT_REQ_SIMPLE(varname, fname) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = "qemu-CA", \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = true, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \
+ }; \
+ test_tls_generate_cert(&varname, NULL)
+
+# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = cname, \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = false, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = \
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
+ .keyPurposeEnable = true, \
+ .keyPurposeCritical = true, \
+ .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \
+ }; \
+ test_tls_generate_cert(&varname, cavarname.crt)
+
+# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \
+ hostname, ipaddr) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = hostname ? hostname : ipaddr, \
+ .altname1 = hostname, \
+ .ipaddr1 = ipaddr, \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = false, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = \
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
+ .keyPurposeEnable = true, \
+ .keyPurposeCritical = true, \
+ .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \
+ }; \
+ test_tls_generate_cert(&varname, cavarname.crt)
+
extern const asn1_static_node pkix_asn1_tab[];
#endif
--
2.35.1
next prev parent reply other threads:[~2022-04-26 16:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 16:00 [PATCH v3 0/9] tests: introduce testing coverage for TLS with migration Daniel P. Berrangé
2022-04-26 16:00 ` [PATCH v3 1/9] tests: fix encoding of IP addresses in x509 certs Daniel P. Berrangé
2022-04-28 9:46 ` Dr. David Alan Gilbert
2022-04-26 16:00 ` Daniel P. Berrangé [this message]
2022-04-28 13:09 ` [PATCH v3 2/9] tests: add more helper macros for creating TLS " Eric Blake
2022-04-26 16:00 ` [PATCH v3 3/9] tests: add migration tests of TLS with PSK credentials Daniel P. Berrangé
2022-04-28 13:46 ` Eric Blake
2022-05-09 13:29 ` Dr. David Alan Gilbert
2022-04-26 16:00 ` [PATCH v3 4/9] tests: add migration tests of TLS with x509 credentials Daniel P. Berrangé
2022-04-28 13:59 ` Eric Blake
2022-04-26 16:00 ` [PATCH v3 5/9] tests: convert XBZRLE migration test to use common helper Daniel P. Berrangé
2022-04-26 16:00 ` [PATCH v3 6/9] tests: convert multifd migration tests " Daniel P. Berrangé
2022-04-26 16:00 ` [PATCH v3 7/9] tests: add multifd migration tests of TLS with PSK credentials Daniel P. Berrangé
2022-04-28 14:05 ` Eric Blake
2022-04-26 16:00 ` [PATCH v3 8/9] tests: add multifd migration tests of TLS with x509 credentials Daniel P. Berrangé
2022-04-28 14:13 ` Eric Blake
2022-04-26 16:00 ` [PATCH v3 9/9] tests: ensure migration status isn't reported as failed Daniel P. Berrangé
2022-04-28 11:40 ` [PATCH v3 0/9] tests: introduce testing coverage for TLS with migration Dr. David Alan Gilbert
2022-05-09 14:11 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220426160048.812266-3-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).