1 // Copyright 2013 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_TEST_CT_TEST_UTIL_H_ 6 #define NET_TEST_CT_TEST_UTIL_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <string> 12 #include <vector> 13 14 #include "base/memory/scoped_refptr.h" 15 #include "net/cert/signed_certificate_timestamp.h" 16 #include "net/cert/signed_certificate_timestamp_and_status.h" 17 18 namespace net::ct { 19 20 struct DigitallySigned; 21 struct MerkleTreeLeaf; 22 struct SignedEntryData; 23 struct SignedTreeHead; 24 25 // Note: unless specified otherwise, all test data is taken from Certificate 26 // Transparency test data repository. 27 28 // Fills |entry| with test data for an X.509 entry. 29 void GetX509CertSignedEntry(SignedEntryData* entry); 30 31 // Fills |tree_leaf| with test data for an X.509 Merkle tree leaf. 32 void GetX509CertTreeLeaf(MerkleTreeLeaf* tree_leaf); 33 34 // Returns a DER-encoded X509 cert. The SCT provided by 35 // GetX509CertSCT is signed over this certificate. 36 std::string GetDerEncodedX509Cert(); 37 38 // Fills |entry| with test data for a Precertificate entry. 39 void GetPrecertSignedEntry(SignedEntryData* entry); 40 41 // Fills |tree_leaf| with test data for a Precertificate Merkle tree leaf. 42 void GetPrecertTreeLeaf(MerkleTreeLeaf* tree_leaf); 43 44 // Returns the binary representation of a test DigitallySigned 45 std::string GetTestDigitallySigned(); 46 47 // Returns the binary representation of a test serialized SCT. 48 std::string GetTestSignedCertificateTimestamp(); 49 50 // Test log key 51 std::string GetTestPublicKey(); 52 53 // ID of test log key 54 std::string GetTestPublicKeyId(); 55 56 // SCT for the X509Certificate provided above. 57 void GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp>* sct); 58 59 // SCT for the Precertificate log entry provided above. 60 void GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp>* sct); 61 62 // Issuer key hash 63 std::string GetDefaultIssuerKeyHash(); 64 65 // Fake OCSP response with an embedded SCT list. 66 std::string GetDerEncodedFakeOCSPResponse(); 67 68 // The SCT list embedded in the response above. 69 std::string GetFakeOCSPExtensionValue(); 70 71 // The cert the OCSP response is for. 72 std::string GetDerEncodedFakeOCSPResponseCert(); 73 74 // The issuer of the previous cert. 75 std::string GetDerEncodedFakeOCSPResponseIssuerCert(); 76 77 // A sample, valid STH. 78 bool GetSampleSignedTreeHead(SignedTreeHead* sth); 79 80 // A valid STH for the empty tree. 81 bool GetSampleEmptySignedTreeHead(SignedTreeHead* sth); 82 83 // An STH for an empty tree where the root hash is not the hash of the empty 84 // string, but the signature over the STH is valid. Such an STH is not valid 85 // according to RFC6962. 86 bool GetBadEmptySignedTreeHead(SignedTreeHead* sth); 87 88 // The SHA256 root hash for the sample STH. 89 std::string GetSampleSTHSHA256RootHash(); 90 91 // The tree head signature for the sample STH. 92 std::string GetSampleSTHTreeHeadSignature(); 93 94 // The same signature as GetSampleSTHTreeHeadSignature, decoded. 95 bool GetSampleSTHTreeHeadDecodedSignature(DigitallySigned* signature); 96 97 // The sample STH in JSON form. 98 std::string GetSampleSTHAsJson(); 99 100 // Assembles, and returns, a sample STH in JSON format using 101 // the provided parameters. 102 std::string CreateSignedTreeHeadJsonString(size_t tree_size, 103 int64_t timestamp, 104 std::string sha256_root_hash, 105 std::string tree_head_signature); 106 107 // Assembles, and returns, a sample consistency proof in JSON format using 108 // the provided raw nodes (i.e. the raw nodes will be base64-encoded). 109 std::string CreateConsistencyProofJsonString( 110 const std::vector<std::string>& raw_nodes); 111 112 // Returns SCTList for testing. 113 std::string GetSCTListForTesting(); 114 115 // Returns a corrupted SCTList. This is done by changing a byte inside the 116 // Log ID part of the SCT so it does not match the log used in the tests. 117 std::string GetSCTListWithInvalidSCT(); 118 119 // Returns true if |log_description| is in the |result|'s |verified_scts| and 120 // number of |verified_scts| in |result| is equal to 1. 121 bool CheckForSingleVerifiedSCTInResult( 122 const SignedCertificateTimestampAndStatusList& scts, 123 const std::string& log_description); 124 125 // Returns true if |origin| is in the |result|'s |verified_scts|. 126 bool CheckForSCTOrigin(const SignedCertificateTimestampAndStatusList& scts, 127 SignedCertificateTimestamp::Origin origin); 128 129 } // namespace net::ct 130 131 #endif // NET_TEST_CT_TEST_UTIL_H_ 132