• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_TEST_CERT_TEST_UTIL_H_
6 #define NET_TEST_CERT_TEST_UTIL_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include "base/memory/raw_ptr.h"
12 #include "base/memory/scoped_refptr.h"
13 #include "base/strings/string_piece.h"
14 #include "crypto/crypto_buildflags.h"
15 #include "net/base/hash_value.h"
16 #include "net/cert/x509_certificate.h"
17 #include "testing/gtest/include/gtest/gtest.h"
18 
19 #if BUILDFLAG(USE_NSS_CERTS)
20 #include "net/cert/scoped_nss_types.h"
21 
22 // From <pk11pub.h>
23 typedef struct PK11SlotInfoStr PK11SlotInfo;
24 
25 #include "net/cert/scoped_nss_types.h"
26 #endif
27 
28 namespace base {
29 class FilePath;
30 }
31 
32 namespace net {
33 
34 class EVRootCAMetadata;
35 
36 #if BUILDFLAG(USE_NSS_CERTS)
37 // Imports a private key from file |key_filename| in |dir| into |slot|. The file
38 // must contain a PKCS#8 PrivateKeyInfo in DER encoding. Returns true on success
39 // and false on failure.
40 bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
41                                 base::StringPiece key_filename,
42                                 PK11SlotInfo* slot);
43 
44 bool ImportClientCertToSlot(CERTCertificate* cert, PK11SlotInfo* slot);
45 
46 ScopedCERTCertificate ImportClientCertToSlot(
47     const scoped_refptr<X509Certificate>& cert,
48     PK11SlotInfo* slot);
49 
50 scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
51     const base::FilePath& dir,
52     base::StringPiece cert_filename,
53     base::StringPiece key_filename,
54     PK11SlotInfo* slot,
55     ScopedCERTCertificate* nss_cert);
56 scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
57     const base::FilePath& dir,
58     base::StringPiece cert_filename,
59     base::StringPiece key_filename,
60     PK11SlotInfo* slot);
61 
62 ScopedCERTCertificate ImportCERTCertificateFromFile(
63     const base::FilePath& certs_dir,
64     base::StringPiece cert_file);
65 
66 ScopedCERTCertificateList CreateCERTCertificateListFromFile(
67     const base::FilePath& certs_dir,
68     base::StringPiece cert_file,
69     int format);
70 
71 // Returns an NSS built-in root certificate which is trusted for issuing TLS
72 // server certificates. If multiple ones are available, it is not specified
73 // which one is returned. If none are available, returns nullptr.
74 ScopedCERTCertificate GetAnNssBuiltinSslTrustedRoot();
75 #endif
76 
77 // Imports all of the certificates in |cert_file|, a file in |certs_dir|, into a
78 // CertificateList.
79 CertificateList CreateCertificateListFromFile(const base::FilePath& certs_dir,
80                                               base::StringPiece cert_file,
81                                               int format);
82 
83 // Imports all the certificates given a list of filenames, and assigns the
84 // result to |*certs|. The filenames are relative to the test certificates
85 // directory.
86 ::testing::AssertionResult LoadCertificateFiles(
87     const std::vector<std::string>& cert_filenames,
88     CertificateList* certs);
89 
90 // Imports all of the certificates in |cert_file|, a file in |certs_dir|, into
91 // a new X509Certificate. The first certificate in the chain will be used for
92 // the returned cert, with any additional certificates configured as
93 // intermediate certificates.
94 scoped_refptr<X509Certificate> CreateCertificateChainFromFile(
95     const base::FilePath& certs_dir,
96     base::StringPiece cert_file,
97     int format);
98 
99 // Imports a single certificate from |cert_path|.
100 // If the file contains multiple certificates, the first certificate found
101 // will be returned.
102 scoped_refptr<X509Certificate> ImportCertFromFile(
103     const base::FilePath& cert_path);
104 
105 // Imports a single certificate from |cert_file|.
106 // |certs_dir| represents the test certificates directory. |cert_file| is the
107 // name of the certificate file. If cert_file contains multiple certificates,
108 // the first certificate found will be returned.
109 scoped_refptr<X509Certificate> ImportCertFromFile(
110     const base::FilePath& certs_dir,
111     base::StringPiece cert_file);
112 
113 // ScopedTestEVPolicy causes certificates marked with |policy|, issued from a
114 // root with the given fingerprint, to be treated as EV. |policy| is expressed
115 // as a string of dotted numbers: i.e. "1.2.3.4".
116 // This should only be used in unittests as adding a CA twice causes a CHECK
117 // failure.
118 class ScopedTestEVPolicy {
119  public:
120   ScopedTestEVPolicy(EVRootCAMetadata* ev_root_ca_metadata,
121                      const SHA256HashValue& fingerprint,
122                      const char* policy);
123   ~ScopedTestEVPolicy();
124 
125  private:
126   SHA256HashValue fingerprint_;
127   const raw_ptr<EVRootCAMetadata> ev_root_ca_metadata_;
128 };
129 
130 }  // namespace net
131 
132 #endif  // NET_TEST_CERT_TEST_UTIL_H_
133