// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef NET_CERT_CT_TEST_UTIL_H_ #define NET_CERT_CT_TEST_UTIL_H_ #include #include #include #include #include "base/memory/ref_counted.h" #include "net/cert/signed_certificate_timestamp.h" namespace net { namespace ct { struct CTVerifyResult; struct DigitallySigned; struct LogEntry; struct SignedTreeHead; // Note: unless specified otherwise, all test data is taken from Certificate // Transparency test data repository. // Fills |entry| with test data for an X.509 entry. void GetX509CertLogEntry(LogEntry* entry); // Returns a DER-encoded X509 cert. The SCT provided by // GetX509CertSCT is signed over this certificate. std::string GetDerEncodedX509Cert(); // Fills |entry| with test data for a Precertificate entry. void GetPrecertLogEntry(LogEntry* entry); // Returns the binary representation of a test DigitallySigned std::string GetTestDigitallySigned(); // Returns the binary representation of a test serialized SCT. std::string GetTestSignedCertificateTimestamp(); // Test log key std::string GetTestPublicKey(); // ID of test log key std::string GetTestPublicKeyId(); // SCT for the X509Certificate provided above. void GetX509CertSCT(scoped_refptr* sct); // SCT for the Precertificate log entry provided above. void GetPrecertSCT(scoped_refptr* sct); // Issuer key hash std::string GetDefaultIssuerKeyHash(); // Fake OCSP response with an embedded SCT list. std::string GetDerEncodedFakeOCSPResponse(); // The SCT list embedded in the response above. std::string GetFakeOCSPExtensionValue(); // The cert the OCSP response is for. std::string GetDerEncodedFakeOCSPResponseCert(); // The issuer of the previous cert. std::string GetDerEncodedFakeOCSPResponseIssuerCert(); // A sample, valid STH. bool GetSampleSignedTreeHead(SignedTreeHead* sth); // A valid STH for the empty tree. bool GetSampleEmptySignedTreeHead(SignedTreeHead* sth); // An STH for an empty tree where the root hash is not the hash of the empty // string, but the signature over the STH is valid. Such an STH is not valid // according to RFC6962. bool GetBadEmptySignedTreeHead(SignedTreeHead* sth); // The SHA256 root hash for the sample STH. std::string GetSampleSTHSHA256RootHash(); // The tree head signature for the sample STH. std::string GetSampleSTHTreeHeadSignature(); // The same signature as GetSampleSTHTreeHeadSignature, decoded. bool GetSampleSTHTreeHeadDecodedSignature(DigitallySigned* signature); // The sample STH in JSON form. std::string GetSampleSTHAsJson(); // Assembles, and returns, a sample STH in JSON format using // the provided parameters. std::string CreateSignedTreeHeadJsonString(size_t tree_size, int64_t timestamp, std::string sha256_root_hash, std::string tree_head_signature); // Assembles, and returns, a sample consistency proof in JSON format using // the provided raw nodes (i.e. the raw nodes will be base64-encoded). std::string CreateConsistencyProofJsonString( const std::vector& raw_nodes); // Returns SCTList for testing. std::string GetSCTListForTesting(); // Returns a corrupted SCTList. This is done by changing a byte inside the // Log ID part of the SCT so it does not match the log used in the tests. std::string GetSCTListWithInvalidSCT(); // Returns true if |log_description| is in the |result|'s |verified_scts| and // number of |verified_scts| in |result| is equal to 1. bool CheckForSingleVerifiedSCTInResult(const CTVerifyResult& result, const std::string& log_description); // Returns true if |origin| is in the |result|'s |verified_scts|. bool CheckForSCTOrigin(const CTVerifyResult& result, SignedCertificateTimestamp::Origin origin); } // namespace ct } // namespace net #endif // NET_CERT_CT_TEST_UTIL_H_