Re: [Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with TLS certificates

Fri, 16 Nov 2018 08:41:07 -0800 

On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:

Add helpers to common.tls for creating TLS certificates for a CA,
server and client.


MUCH appreciated!  We NEED this coverage, easily automated.



Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
  tests/qemu-iotests/common.tls | 139 ++++++++++++++++++++++++++++++++++
  1 file changed, 139 insertions(+)
  create mode 100644 tests/qemu-iotests/common.tls

diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
new file mode 100644



I was a bit surprised that this wasn't 100755, but this matches the fact 
that none of the other common.* are executable. And after thinking more, 
it makes sense - they aren't standalone scripts, but designed to be 
sourced, and 'source' doesn't care about execute bits.



+tls_dir="${TEST_DIR}/tls"
+
+function tls_x509_cleanup()
+{
+    rm -f ${tls_dir}/*.pem
+    rm -f ${tls_dir}/*/*.pem
+    rmdir ${tls_dir}/*
+    rmdir ${tls_dir}


Why not just:
rm -rf $tls_dir


Also, the quoting is a bit inconsistent. if ${TEST_DIR} can contain 
spaces, then all uses of ${tls_dir} need to be in "".



+}
+
+
+function tls_x509_init()
+{
+    mkdir "${tls_dir}"



And this just highlights the quoting inconsistency.  Should this use 
mkdir -p?



+
+function tls_x509_create_root_ca()
+{
+    name=$1
+
+    test -z "$name" && name=ca-cert


Could also be shortened as:

name=${1:-ca-cert}


+
+    cat > ${tls_dir}/ca.info <<EOF
+cn = Cthulu Dark Lord Enterprises $name



s/Cthulu/Cthulhu/ - after all, we don't want him coming after us just 
because we botched the spelling of his name :)



+ca
+cert_signing_key
+EOF
+
+    certtool --generate-self-signed \
+             --load-privkey ${tls_dir}/key.pem \
+             --template ${tls_dir}/ca.info \
+             --outfile ${tls_dir}/$name-cert.pem 2>&1 | head -1


More missing ""


+
+    rm -f ${tls_dir}/ca.info
+}
+
+
+function tls_x509_create_server()
+{
+    caname=$1
+    name=$2
+
+    mkdir ${tls_dir}/$name
+    cat > ${tls_dir}/cert.info <<EOF
+organization = Cthulu Dark Lord Enterprises $name


Matched spelling


+function tls_x509_create_client()
+{
+    caname=$1
+    name=$2
+
+    mkdir ${tls_dir}/$name
+    cat > ${tls_dir}/cert.info <<EOF
+country = South Pacific
+locality =  R'lyeh
+organization = Cthulu Dark Lord Enterprises $name


And again

Needs several touch-ups, but the idea itself is sound.

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org
























					Reply via email to