1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef CTTestUtils_h
#define CTTestUtils_h
#include <iostream>
#include "pkix/Input.h"
#include "pkix/Time.h"
#include "seccomon.h"
#include "SignedCertificateTimestamp.h"
#include "SignedTreeHead.h"
namespace mozilla { namespace ct {
// Note: unless specified otherwise, all test data is taken from
// Certificate Transparency test data repository at
// https://github.com/google/certificate-transparency/tree/master/test/testdata
// Fills |entry| with test data for an X.509 entry.
void GetX509CertLogEntry(LogEntry& entry);
// Returns a DER-encoded X509 cert. The SCT provided by
// GetX509CertSCT is signed over this certificate.
Buffer GetDEREncodedX509Cert();
// Fills |entry| with test data for a Precertificate entry.
void GetPrecertLogEntry(LogEntry& entry);
// Returns the binary representation of a test DigitallySigned.
Buffer GetTestDigitallySigned();
// Returns the source data of the test DigitallySigned.
Buffer GetTestDigitallySignedData();
// Returns the binary representation of a test serialized SCT.
Buffer GetTestSignedCertificateTimestamp();
// Test log key.
Buffer GetTestPublicKey();
// ID of test log key.
Buffer GetTestPublicKeyId();
// SCT for the X509Certificate provided above.
void GetX509CertSCT(SignedCertificateTimestamp& sct);
// SCT for the Precertificate log entry provided above.
void GetPrecertSCT(SignedCertificateTimestamp& sct);
// Issuer key hash.
Buffer GetDefaultIssuerKeyHash();
// A sample, valid STH.
void GetSampleSignedTreeHead(SignedTreeHead& sth);
// The SHA256 root hash for the sample STH.
Buffer GetSampleSTHSHA256RootHash();
// The tree head signature for the sample STH.
Buffer GetSampleSTHTreeHeadSignature();
// The same signature as GetSampleSTHTreeHeadSignature, decoded.
void GetSampleSTHTreeHeadDecodedSignature(DigitallySigned& signature);
// Certificate with embedded SCT in an X509v3 extension.
Buffer GetDEREncodedTestEmbeddedCert();
// For the above certificate, the corresponsing TBSCertificate without
// the embedded SCT extension.
Buffer GetDEREncodedTestTbsCert();
// As above, but signed with an intermediate CA certificate containing
// the CT extended key usage OID 1.3.6.1.4.1.11129.2.4.4 for issuing precerts
// (i.e. signed with a "precert CA certificate").
Buffer GetDEREncodedTestEmbeddedWithPreCACert();
// The issuer of the above certificates (self-signed root CA certificate).
Buffer GetDEREncodedCACert();
// An intermediate CA certificate issued by the above CA.
Buffer GetDEREncodedIntermediateCert();
// Certificate with embedded SCT signed by the intermediate certificate above.
Buffer GetDEREncodedTestEmbeddedWithIntermediateCert();
// As above, but signed by the precert CA certificate.
Buffer GetDEREncodedTestEmbeddedWithIntermediatePreCACert();
// Given a DER-encoded certificate, returns its SubjectPublicKeyInfo.
Buffer ExtractCertSPKI(pkix::Input cert);
Buffer ExtractCertSPKI(const Buffer& cert);
// Extracts a SignedCertificateTimestampList from the provided leaf certificate
// (kept in X.509v3 extension with OID 1.3.6.1.4.1.11129.2.4.2).
void ExtractEmbeddedSCTList(pkix::Input cert, Buffer& result);
void ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result);
// Extracts a SignedCertificateTimestampList that has been embedded within
// an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5.
// The OCSP response is verified, and the verification must succeed for the
// extension to be extracted.
void ExtractSCTListFromOCSPResponse(pkix::Input cert,
pkix::Input issuerSPKI,
pkix::Input encodedResponse,
pkix::Time time,
Buffer& result);
// We need this in tests code since mozilla::Vector only allows move assignment.
Buffer cloneBuffer(const Buffer& buffer);
// Returns Input for the data stored in the buffer, failing assertion on error.
pkix::Input InputForBuffer(const Buffer& buffer);
// Returns Input for the data stored in the item, failing assertion on error.
pkix::Input InputForSECItem(const SECItem& item);
} } // namespace mozilla::ct
namespace mozilla {
// GTest needs this to be in Buffer's namespace (i.e. in mozilla::Vector's).
std::ostream& operator<<(std::ostream& stream, const ct::Buffer& buf);
} // namespace mozilla
#endif // CTTestUtils_h
|