security/ct/tests/gtest/CTTestUtils.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef CTTestUtils_h
   8 #define CTTestUtils_h
   9
  10 #include <iostream>
  11
  12 #include "mozpkix/Input.h"
  13 #include "mozpkix/Time.h"
  14 #include "seccomon.h"
  15 #include "SignedCertificateTimestamp.h"
  16
  17 namespace mozilla {
  18 namespace ct {
  19
  20 Buffer HexToBytes(const char* hexData);
  21
  22 // Note: unless specified otherwise, all test data is taken from
  23 // Certificate Transparency test data repository at
  24 // https://github.com/google/certificate-transparency/tree/master/test/testdata
  25
  26 // Fills |entry| with test data for an X.509 entry.
  27 void GetX509CertLogEntry(LogEntry& entry);
  28
  29 // Returns a DER-encoded X509 cert. The SCT provided by
  30 // GetX509CertSCT is signed over this certificate.
  31 Buffer GetDEREncodedX509Cert();
  32
  33 // Fills |entry| with test data for a Precertificate entry.
  34 void GetPrecertLogEntry(LogEntry& entry);
  35
  36 // Returns the binary representation of a test DigitallySigned.
  37 Buffer GetTestDigitallySigned();
  38
  39 // Returns the source data of the test DigitallySigned.
  40 Buffer GetTestDigitallySignedData();
  41
  42 // Returns the binary representation of a test serialized SCT.
  43 Buffer GetTestSignedCertificateTimestamp();
  44
  45 // Returns the binary representation of a test serialized InclusionProof.
  46 Buffer GetTestInclusionProof();
  47 Buffer GetTestInclusionProofUnexpectedData();
  48 Buffer GetTestInclusionProofInvalidHashSize();
  49 Buffer GetTestInclusionProofInvalidHash();
  50 Buffer GetTestInclusionProofMissingLogId();
  51 Buffer GetTestInclusionProofNullPathLength();
  52 Buffer GetTestInclusionProofPathLengthTooSmall();
  53 Buffer GetTestInclusionProofPathLengthTooLarge();
  54 Buffer GetTestInclusionProofNullTreeSize();
  55 Buffer GetTestInclusionProofLeafIndexOutOfBounds();
  56 Buffer GetTestInclusionProofExtraData();
  57
  58 // Returns the binary representation of test serialized node hashs from an
  59 // inclusion proof.
  60 Buffer GetTestNodeHash0();
  61 Buffer GetTestNodeHash1();
  62
  63 // Test log key.
  64 Buffer GetTestPublicKey();
  65
  66 // ID of test log key.
  67 Buffer GetTestPublicKeyId();
  68
  69 // SCT for the X509Certificate provided above.
  70 void GetX509CertSCT(SignedCertificateTimestamp& sct);
  71
  72 // SCT for the Precertificate log entry provided above.
  73 void GetPrecertSCT(SignedCertificateTimestamp& sct);
  74
  75 // Issuer key hash.
  76 Buffer GetDefaultIssuerKeyHash();
  77
  78 // The SHA256 root hash for the sample STH.
  79 Buffer GetSampleSTHSHA256RootHash();
  80
  81 // The tree head signature for the sample STH.
  82 Buffer GetSampleSTHTreeHeadSignature();
  83
  84 // The same signature as GetSampleSTHTreeHeadSignature, decoded.
  85 void GetSampleSTHTreeHeadDecodedSignature(DigitallySigned& signature);
  86
  87 // Certificate with embedded SCT in an X509v3 extension.
  88 Buffer GetDEREncodedTestEmbeddedCert();
  89
  90 // For the above certificate, the corresponsing TBSCertificate without
  91 // the embedded SCT extension.
  92 Buffer GetDEREncodedTestTbsCert();
  93
  94 // As above, but signed with an intermediate CA certificate containing
  95 // the CT extended key usage OID 1.3.6.1.4.1.11129.2.4.4 for issuing precerts
  96 // (i.e. signed with a "precert CA certificate").
  97 Buffer GetDEREncodedTestEmbeddedWithPreCACert();
  98
  99 // The issuer of the above certificates (self-signed root CA certificate).
 100 Buffer GetDEREncodedCACert();
 101
 102 // An intermediate CA certificate issued by the above CA.
 103 Buffer GetDEREncodedIntermediateCert();
 104
 105 // Certificate with embedded SCT signed by the intermediate certificate above.
 106 Buffer GetDEREncodedTestEmbeddedWithIntermediateCert();
 107
 108 // As above, but signed by the precert CA certificate.
 109 Buffer GetDEREncodedTestEmbeddedWithIntermediatePreCACert();
 110
 111 // Given a DER-encoded certificate, returns its SubjectPublicKeyInfo.
 112 Buffer ExtractCertSPKI(pkix::Input cert);
 113 Buffer ExtractCertSPKI(const Buffer& cert);
 114
 115 // Extracts a SignedCertificateTimestampList from the provided leaf certificate
 116 // (kept in X.509v3 extension with OID 1.3.6.1.4.1.11129.2.4.2).
 117 void ExtractEmbeddedSCTList(pkix::Input cert, Buffer& result);
 118 void ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result);
 119
 120 // Extracts a SignedCertificateTimestampList that has been embedded within
 121 // an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5.
 122 // The OCSP response is verified, and the verification must succeed for the
 123 // extension to be extracted.
 124 void ExtractSCTListFromOCSPResponse(pkix::Input cert, pkix::Input issuerSPKI,
 125                                     pkix::Input encodedResponse,
 126                                     pkix::Time time, Buffer& result);
 127
 128 // Returns Input for the data stored in the buffer, failing assertion on error.
 129 pkix::Input InputForBuffer(const Buffer& buffer);
 130
 131 // Returns Input for the data stored in the item, failing assertion on error.
 132 pkix::Input InputForSECItem(const SECItem& item);
 133
 134 }  // namespace ct
 135 }  // namespace mozilla
 136
 137 #endif  // CTTestUtils_h