aboutsummaryrefslogtreecommitdiff
path: root/tests/qemu-iotests/common.tls
diff options
context:
space:
mode:
Diffstat (limited to 'tests/qemu-iotests/common.tls')
-rw-r--r--tests/qemu-iotests/common.tls202
1 files changed, 202 insertions, 0 deletions
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
new file mode 100644
index 0000000000..b9c5462986
--- /dev/null
+++ b/tests/qemu-iotests/common.tls
@@ -0,0 +1,202 @@
+#!/usr/bin/env bash
+#
+# Helpers for TLS related config
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+tls_dir="${TEST_DIR}/tls"
+
+tls_x509_cleanup()
+{
+ rm -f "${tls_dir}"/*.pem
+ rm -f "${tls_dir}"/*/*.pem
+ rm -f "${tls_dir}"/*/*.psk
+ rmdir "${tls_dir}"/*
+ rmdir "${tls_dir}"
+}
+
+
+tls_certtool()
+{
+ certtool "$@" 1>"${tls_dir}"/certtool.log 2>&1
+ if test "$?" = 0; then
+ head -1 "${tls_dir}"/certtool.log
+ else
+ cat "${tls_dir}"/certtool.log
+ fi
+ rm -f "${tls_dir}"/certtool.log
+}
+
+tls_psktool()
+{
+ psktool "$@" 1>"${tls_dir}"/psktool.log 2>&1
+ if test "$?" = 0; then
+ head -1 "${tls_dir}"/psktool.log
+ else
+ cat "${tls_dir}"/psktool.log
+ fi
+ rm -f "${tls_dir}"/psktool.log
+}
+
+
+tls_x509_init()
+{
+ (certtool --help) >/dev/null 2>&1 || \
+ _notrun "certtool utility not found, skipping test"
+
+ mkdir -p "${tls_dir}"
+
+ # use a fixed key so we don't waste system entropy on
+ # each test run
+ cat > "${tls_dir}/key.pem" <<EOF
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAyjWyLSNm5PZvYUKUcDWGqbLX10b2ood+YaFjWSnJrqx/q3qh
+rVGBJglD25AJENJsmZF3zPP1oMhfIxsXu63Hdkb6Rdlc2RUoUP34x9VC1izH25mR
+6c8DPDp1d6IraZ/llDMI1HsBFz0qGWtvOHgm815XG4PAr/N8rDsuqfv/cJ01KlnO
+0OdO5QRXCJf9g/dYd41MPu7wOXk9FqjQlmRoP59HgtJ+zUpE4z+Keruw9cMT9VJj
+0oT+pQ9ysenqeZ3gbT224T1khrEhT5kifhtFLNyDssRchUUWH0hiqoOO1vgb+850
+W6/1VdxvuPam48py4diSPi1Vip8NITCOBaX9FIpVp4Ruw4rTPVMNMjq9Cpx/DwMP
+9MbfXfnaVaZaMrmq67/zPhl0eVbUrecH2hQ3ZB9oIF4GkNskzlWF5+yPy6zqk304
+AKaiFR6jRyh3YfHo2XFqV8x/hxdsIEXOtEUGhSIcpynsW+ckUCartzu7xbhXjd4b
+kxJT89+riPFYij09AgMBAAECggGBAKyFkaZXXROeejrmHlV6JZGlp+fhgM38gkRz
++Jp7P7rLLAY3E7gXIPQ91WqAAmwazFNdvHPd9USfkCQYmnAi/VoZhrCPmlsQZRxt
+A5QjjOnEvSPMa6SrXZxGWDCg6R8uMCb4P+FhrPWR1thnRDZOtRTQ+crc50p3mHgt
+6ktXWIJRbqnag8zSfQqCYGtRmhe8sfsWT+Yl4El4+jjaAVU/B364u7+PLmaiphGp
+BdJfTsTwEpgtGkPj+osDmhzXcZkfq3V+fz5JLkemsCiQKmn4VJRpg8c3ZmE8NPNt
+gRtGWZ4W3WKDvhotT65WpQx4+6R8Duux/blNPBmH1Upmwd7kj7GYFBArbCjgd9PT
+xgfCSUZpgOZHHkcgSB+022a8XncXna7WYYij28SLtwImFyu0nNtqECFQHH5u+k6C
+LRYBSN+3t3At8dQuk01NVrJBndmjmXRfxpqUtTdeaNgVpdUYRY98s30G68NYGSra
+aEvhhRSghkcLNetkobpY9pUgeqW/tQKBwQDZHHK9nDMt/zk1TxtILeUSitPXcv1/
+8ufXqO0miHdH23XuXhIEA6Ef26RRVGDGgpjkveDJK/1w5feJ4H/ni4Vclil/cm38
+OwRqjjd7ElHJX6JQbsxEx/gNTk5/QW1iAL9TXUalgepsSXYT6AJ0/CJv0jmJSJ36
+YoKMOM8uqzb2KhN6i+RlJRi5iY53kUhWTJq5ArWvNhUzQNSYODI4bNxlsKSBL2Ik
+LZ5QKHuaEjQet0IlPlfIb4PzMm8CHa/urOcCgcEA7m3zW/lL5bIFoKPjWig5Lbn1
+aHfrG2ngqzWtgWtfZqMH8OkZc1Mdhhmvd46titjiLjeI+UP/uHXR0068PnrNngzl
+tTgwlakzu+bWzqhBm1F+3/341st/FEk07r0P/3/PhezVjwfO8c8Exj7pLxH4wrH0
+ROHgDbClmlJRu6OO78wk1+Vapf5DWa8YfA+q+fdvr7KvgGyytheKMT/b/dsqOq7y
+qZPjmaJKWAvV3RWG8lWHFSdHx2IAHMHfGr17Y/w7AoHBALzwZeYebeekiVucGSjq
+T8SgLhT7zCIx+JMUPjVfYzaUhP/Iu7Lkma6IzWm9nW6Drpy5pUpMzwUWDCLfzU9q
+eseFIl337kEn9wLn+t5OpgAyCqYmlftxbqvdrrBN9uvnrJjWvqk/8wsDrw9JxAGc
+fjeD4nBXUqvYWLXApoR9mZoGKedmoH9pFig4zlO9ig8YITnKYuQ0k6SD0b8agJHc
+Ir0YSUDnRGgpjvFBGbeOCe+FGbohk/EpItJc3IAh5740lwKBwAdXd2DjokSmYKn7
+oeqKxofz6+yVlLW5YuOiuX78sWlVp87xPolgi84vSEnkKM/Xsc8+goc6YstpRVa+
+W+mImoA9YW1dF5HkLeWhTAf9AlgoAEIhbeIfTgBv6KNZSv7RDrDPBBxtXx/vAfSg
+x0ldwk0scZsVYXLKd67yzfV7KdGUdaX4N/xYgfZm/9gCG3+q8NN2KxVHQ5F71BOE
+JeABOaGo9WvnU+DNMIDZjHJMUWVw4MHz/a/UArDf/2CxaPVBNQKBwASg6j4ohSTk
+J7aE6RQ3OBmmDDpixcoCJt9u9SjHVYMlbs5CEJGVSczk0SG3y8P1lOWNDSRnMksZ
+xWnHdP/ogcuYMuvK7UACNAF0zNddtzOhzcpNmejFj+WCHYY/UmPr2/Kf6t7Cxk2K
+3cZ4tqWsiTmBT8Bknmah7L5DrhS+ZBJliDeFAA8fZHdMH0Xjr4UBp9kF90EMTdW1
+Xr5uz7ZrMsYpYQI7mmyqV9SSjUg4iBXwVSoag1iDJ1K8Qg/L7Semgg==
+-----END RSA PRIVATE KEY-----
+EOF
+}
+
+
+tls_x509_create_root_ca()
+{
+ name=${1:-ca-cert}
+
+ cat > "${tls_dir}/ca.info" <<EOF
+cn = Cthulhu Dark Lord Enterprises $name
+ca
+cert_signing_key
+EOF
+
+ tls_certtool \
+ --generate-self-signed \
+ --load-privkey "${tls_dir}/key.pem" \
+ --template "${tls_dir}/ca.info" \
+ --outfile "${tls_dir}/$name-cert.pem"
+
+ rm -f "${tls_dir}/ca.info"
+}
+
+
+tls_x509_create_server()
+{
+ caname=$1
+ name=$2
+
+ # We don't include 'localhost' in the cert, as
+ # we want to keep it unlisted to let tests
+ # validate hostname override
+ mkdir -p "${tls_dir}/$name"
+ cat > "${tls_dir}/cert.info" <<EOF
+organization = Cthulhu Dark Lord Enterprises $name
+cn = iotests.qemu.org
+ip_address = 127.0.0.1
+ip_address = ::1
+tls_www_server
+encryption_key
+signing_key
+EOF
+
+ tls_certtool \
+ --generate-certificate \
+ --load-ca-privkey "${tls_dir}/key.pem" \
+ --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
+ --load-privkey "${tls_dir}/key.pem" \
+ --template "${tls_dir}/cert.info" \
+ --outfile "${tls_dir}/$name/server-cert.pem"
+
+ ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
+ ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem"
+
+ rm -f "${tls_dir}/cert.info"
+}
+
+
+tls_x509_create_client()
+{
+ caname=$1
+ name=$2
+
+ mkdir -p "${tls_dir}/$name"
+ cat > "${tls_dir}/cert.info" <<EOF
+country = South Pacific
+locality = R'lyeh
+organization = Cthulhu Dark Lord Enterprises $name
+cn = localhost
+tls_www_client
+encryption_key
+signing_key
+EOF
+
+ tls_certtool \
+ --generate-certificate \
+ --load-ca-privkey "${tls_dir}/key.pem" \
+ --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
+ --load-privkey "${tls_dir}/key.pem" \
+ --template "${tls_dir}/cert.info" \
+ --outfile "${tls_dir}/$name/client-cert.pem"
+
+ ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
+ ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem"
+
+ rm -f "${tls_dir}/cert.info"
+}
+
+tls_psk_create_creds()
+{
+ name=$1
+
+ mkdir -p "${tls_dir}/$name"
+
+ tls_psktool \
+ --pskfile "${tls_dir}/$name/keys.psk" \
+ --username "$name"
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 20:28:01 +0000