summaryrefslogblamecommitdiffstats
path: root/include/crypto/tlscredsx509.h
blob: e1542e5c8cba1d05c6a11f988e6197ec149c3b64 (plain) (tree)
1
2
3
4
5
6
7
8
9







                                                                
                                                                     










                                                                               

                              















































































                                                                         
                     
                     







                                      
                                   
/*
 * QEMU crypto TLS x509 credential support
 *
 * Copyright (c) 2015 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#ifndef QCRYPTO_TLSCREDSX509_H
#define QCRYPTO_TLSCREDSX509_H

#include "crypto/tlscreds.h"

#define TYPE_QCRYPTO_TLS_CREDS_X509 "tls-creds-x509"
#define QCRYPTO_TLS_CREDS_X509(obj)                  \
    OBJECT_CHECK(QCryptoTLSCredsX509, (obj), TYPE_QCRYPTO_TLS_CREDS_X509)

typedef struct QCryptoTLSCredsX509 QCryptoTLSCredsX509;
typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX509Class;

#define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
#define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
#define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
#define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
#define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
#define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"


/**
 * QCryptoTLSCredsX509:
 *
 * The QCryptoTLSCredsX509 object provides a representation
 * of x509 credentials used to perform a TLS handshake.
 *
 * This is a user creatable object, which can be instantiated
 * via object_new_propv():
 *
 * <example>
 *   <title>Creating x509 TLS credential objects in code</title>
 *   <programlisting>
 *   Object *obj;
 *   Error *err = NULL;
 *   obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_X509,
 *                          "tlscreds0",
 *                          &err,
 *                          "endpoint", "server",
 *                          "dir", "/path/x509/cert/dir",
 *                          "verify-peer", "yes",
 *                          NULL);
 *   </programlisting>
 * </example>
 *
 * Or via QMP:
 *
 * <example>
 *   <title>Creating x509 TLS credential objects via QMP</title>
 *   <programlisting>
 *    {
 *       "execute": "object-add", "arguments": {
 *          "id": "tlscreds0",
 *          "qom-type": "tls-creds-x509",
 *          "props": {
 *             "endpoint": "server",
 *             "dir": "/path/to/x509/cert/dir",
 *             "verify-peer": false
 *          }
 *       }
 *    }
 *   </programlisting>
 * </example>
 *
 *
 * Or via the CLI:
 *
 * <example>
 *   <title>Creating x509 TLS credential objects via CLI</title>
 *   <programlisting>
 *  qemu-system-x86_64 -object tls-creds-x509,id=tlscreds0,\
 *          endpoint=server,verify-peer=off,\
 *          dir=/path/to/x509/certdir/
 *   </programlisting>
 * </example>
 *
 */

struct QCryptoTLSCredsX509 {
    QCryptoTLSCreds parent_obj;
#ifdef CONFIG_GNUTLS
    gnutls_certificate_credentials_t data;
#endif
    bool sanityCheck;
    char *passwordid;
};


struct QCryptoTLSCredsX509Class {
    QCryptoTLSCredsClass parent_class;
};


#endif /* QCRYPTO_TLSCREDSX509_H */