diff options
| author | eranm@google.com <eranm@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-01 01:42:03 +0000 |
|---|---|---|
| committer | eranm@google.com <eranm@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-01 01:42:03 +0000 |
| commit | 95ac16b0adc0c0b85dd2f2e66cd930bfaceaf30f (patch) | |
| tree | fe723da6a2d400e8f681989b65ee05d987f94450 /net/test | |
| parent | c457dcf77264057729d025b3f85921c669fc0e20 (diff) | |
| download | chromium_src-95ac16b0adc0c0b85dd2f2e66cd930bfaceaf30f.zip chromium_src-95ac16b0adc0c0b85dd2f2e66cd930bfaceaf30f.tar.gz chromium_src-95ac16b0adc0c0b85dd2f2e66cd930bfaceaf30f.tar.bz2 | |
CT: First step towards supporting Certificate Transparency in Chrome.
This patch adds Signed Certificate Timestamp (SCT) encoding/decoding.
SCT is the Certificate Transparency (CT) structure containing a proof
of a public log's commitment to adding a certificate to its public
repository.
The next patches would be extracting the SCTs when embedded in
certificates and verifying the signature from the SCT over them.
BUG=309578
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=232131
Review URL: https://codereview.chromium.org/37633002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232267 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/test')
| -rw-r--r-- | net/test/ct_test_util.cc | 112 | ||||
| -rw-r--r-- | net/test/ct_test_util.h | 35 |
2 files changed, 147 insertions, 0 deletions
diff --git a/net/test/ct_test_util.cc b/net/test/ct_test_util.cc new file mode 100644 index 0000000..cd014e4 --- /dev/null +++ b/net/test/ct_test_util.cc @@ -0,0 +1,112 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/test/ct_test_util.h" + +#include <string> +#include <vector> + +#include "base/strings/string_number_conversions.h" +#include "base/strings/string_piece.h" +#include "base/strings/string_util.h" +#include "net/cert/ct_serialization.h" +#include "net/cert/signed_certificate_timestamp.h" +#include "net/cert/x509_certificate.h" + +namespace net { + +namespace ct { + +namespace { + +std::string HexToBytes(const char* hex_data) { + std::vector<uint8> output; + std::string result; + if (base::HexStringToBytes(hex_data, &output)) + result.assign(reinterpret_cast<const char*>(&output[0]), output.size()); + return result; +} + +// The following test vectors are from +// http://code.google.com/p/certificate-transparency + +const char kDefaultDerCert[] = + "308202ca30820233a003020102020106300d06092a864886f70d01010505003055310b3009" + "06035504061302474231243022060355040a131b4365727469666963617465205472616e73" + "706172656e6379204341310e300c0603550408130557616c65733110300e06035504071307" + "4572772057656e301e170d3132303630313030303030305a170d3232303630313030303030" + "305a3052310b30090603550406130247423121301f060355040a1318436572746966696361" + "7465205472616e73706172656e6379310e300c0603550408130557616c65733110300e0603" + "55040713074572772057656e30819f300d06092a864886f70d010101050003818d00308189" + "02818100b1fa37936111f8792da2081c3fe41925008531dc7f2c657bd9e1de4704160b4c9f" + "19d54ada4470404c1c51341b8f1f7538dddd28d9aca48369fc5646ddcc7617f8168aae5b41" + "d43331fca2dadfc804d57208949061f9eef902ca47ce88c644e000f06eeeccabdc9dd2f68a" + "22ccb09dc76e0dbc73527765b1a37a8c676253dcc10203010001a381ac3081a9301d060355" + "1d0e041604146a0d982a3b62c44b6d2ef4e9bb7a01aa9cb798e2307d0603551d2304763074" + "80145f9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406" + "1302474231243022060355040a131b4365727469666963617465205472616e73706172656e" + "6379204341310e300c0603550408130557616c65733110300e060355040713074572772057" + "656e82010030090603551d1304023000300d06092a864886f70d010105050003818100171c" + "d84aac414a9a030f22aac8f688b081b2709b848b4e5511406cd707fed028597a9faefc2eee" + "2978d633aaac14ed3235197da87e0f71b8875f1ac9e78b281749ddedd007e3ecf50645f8cb" + "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972" + "7d24c4fccd249295795814d1dac0e6"; + +const char kDefaultKeyHash[] = + "2518ce9dcf869f18562d21cf7d040cbacc75371f019f8bea8cbe2f5f6619472d"; + +const char kDefaultDerTbsCert[] = + "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504" + "061302474231243022060355040a131b4365727469666963617465205472616e7370617265" + "6e6379204341310e300c0603550408130557616c65733110300e0603550407130745727720" + "57656e301e170d3132303630313030303030305a170d3232303630313030303030305a3052" + "310b30090603550406130247423121301f060355040a131843657274696669636174652054" + "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713" + "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100" + "bed8893cc8f177efc548df4961443f999aeda90471992f818bf8b61d0df19d6eec3d596c9b" + "43e60033a501c8cffcc438f49f5edb3662aaaecf180e7c9b59fc4bd465c18c406b3b70cdde" + "52d5dec42aaef913c2173592c76130f2399de6ccd6e75e04ccea7d7e4bdf4bacb16b5fe697" + "2974bca8bcb3e8468dec941e945fdf98310203010001a381ac3081a9301d0603551d0e0416" + "0414a4998f6b0abefd0e549bd56f221da976d0ce57d6307d0603551d230476307480143633" + "1299dbdc389d1cccfe31c08b8932501a8f7ca159a4573055310b3009060355040613024742" + "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043" + "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201" + "0030090603551d1304023000"; + +const char kTestDigitallySigned[] = + "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53" + "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5" + "a5"; + +const char kTestSignedCertificateTimestamp[] = + "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d" + "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2" + "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456" + "89a2c0187ef5a5"; + +} // namespace + +void GetX509CertLogEntry(LogEntry* entry) { + entry->type = ct::LogEntry::LOG_ENTRY_TYPE_X509; + entry->leaf_certificate = HexToBytes(kDefaultDerCert); +} + +void GetPrecertLogEntry(LogEntry* entry) { + entry->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT; + std::string issuer_hash(HexToBytes(kDefaultKeyHash)); + memcpy(entry->issuer_key_hash.data, issuer_hash.data(), issuer_hash.size()); + entry->tbs_certificate = HexToBytes(kDefaultDerTbsCert); +} + +std::string GetTestDigitallySigned() { + return HexToBytes(kTestDigitallySigned); +} + +std::string GetTestSignedCertificateTimestamp() { + return HexToBytes(kTestSignedCertificateTimestamp); +} + +} // namespace ct + +} // namespace net diff --git a/net/test/ct_test_util.h b/net/test/ct_test_util.h new file mode 100644 index 0000000..79881ce --- /dev/null +++ b/net/test/ct_test_util.h @@ -0,0 +1,35 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_CT_TEST_UTIL_H_ +#define NET_CERT_CT_TEST_UTIL_H_ + +#include <string> + +namespace net { + +class X509Certificate; + +namespace ct { + +struct LogEntry; +struct SignedCertificateTimestamp; + +// Fills |entry| with test data for an X.509 entry. +void GetX509CertLogEntry(LogEntry* entry); + +// Fills |entry| with test data for a Precertificate entry. +void GetPrecertLogEntry(LogEntry* entry); + +// Returns the binary representation of a test DigitallySigned +std::string GetTestDigitallySigned(); + +// Returns the binary representation of a test serialized SCT. +std::string GetTestSignedCertificateTimestamp(); + +} // namespace ct + +} // namespace net + +#endif // NET_CERT_CT_TEST_UTIL_H_ |