1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_CERT_CT_TEST_UTIL_H_
#define NET_CERT_CT_TEST_UTIL_H_
#include <stddef.h>
#include <stdint.h>
#include <string>
#include <vector>
#include "base/memory/ref_counted.h"
#include "net/cert/signed_certificate_timestamp.h"
namespace net {
namespace ct {
struct CTVerifyResult;
struct DigitallySigned;
struct LogEntry;
struct SignedTreeHead;
// Note: unless specified otherwise, all test data is taken from Certificate
// Transparency test data repository.
// Fills |entry| with test data for an X.509 entry.
void GetX509CertLogEntry(LogEntry* entry);
// Returns a DER-encoded X509 cert. The SCT provided by
// GetX509CertSCT is signed over this certificate.
std::string GetDerEncodedX509Cert();
// Fills |entry| with test data for a Precertificate entry.
void GetPrecertLogEntry(LogEntry* entry);
// Returns the binary representation of a test DigitallySigned
std::string GetTestDigitallySigned();
// Returns the binary representation of a test serialized SCT.
std::string GetTestSignedCertificateTimestamp();
// Test log key
std::string GetTestPublicKey();
// ID of test log key
std::string GetTestPublicKeyId();
// SCT for the X509Certificate provided above.
void GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp>* sct);
// SCT for the Precertificate log entry provided above.
void GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp>* sct);
// Issuer key hash
std::string GetDefaultIssuerKeyHash();
// Fake OCSP response with an embedded SCT list.
std::string GetDerEncodedFakeOCSPResponse();
// The SCT list embedded in the response above.
std::string GetFakeOCSPExtensionValue();
// The cert the OCSP response is for.
std::string GetDerEncodedFakeOCSPResponseCert();
// The issuer of the previous cert.
std::string GetDerEncodedFakeOCSPResponseIssuerCert();
// A sample, valid STH.
bool GetSampleSignedTreeHead(SignedTreeHead* sth);
// A valid STH for the empty tree.
bool GetSampleEmptySignedTreeHead(SignedTreeHead* sth);
// An STH for an empty tree where the root hash is not the hash of the empty
// string, but the signature over the STH is valid. Such an STH is not valid
// according to RFC6962.
bool GetBadEmptySignedTreeHead(SignedTreeHead* sth);
// The SHA256 root hash for the sample STH.
std::string GetSampleSTHSHA256RootHash();
// The tree head signature for the sample STH.
std::string GetSampleSTHTreeHeadSignature();
// The same signature as GetSampleSTHTreeHeadSignature, decoded.
bool GetSampleSTHTreeHeadDecodedSignature(DigitallySigned* signature);
// The sample STH in JSON form.
std::string GetSampleSTHAsJson();
// Assembles, and returns, a sample STH in JSON format using
// the provided parameters.
std::string CreateSignedTreeHeadJsonString(size_t tree_size,
int64_t timestamp,
std::string sha256_root_hash,
std::string tree_head_signature);
// Assembles, and returns, a sample consistency proof in JSON format using
// the provided raw nodes (i.e. the raw nodes will be base64-encoded).
std::string CreateConsistencyProofJsonString(
const std::vector<std::string>& raw_nodes);
// Returns SCTList for testing.
std::string GetSCTListForTesting();
// Returns a corrupted SCTList. This is done by changing a byte inside the
// Log ID part of the SCT so it does not match the log used in the tests.
std::string GetSCTListWithInvalidSCT();
// Returns true if |log_description| is in the |result|'s |verified_scts| and
// number of |verified_scts| in |result| is equal to 1.
bool CheckForSingleVerifiedSCTInResult(const CTVerifyResult& result,
const std::string& log_description);
// Returns true if |origin| is in the |result|'s |verified_scts|.
bool CheckForSCTOrigin(const CTVerifyResult& result,
SignedCertificateTimestamp::Origin origin);
} // namespace ct
} // namespace net
#endif // NET_CERT_CT_TEST_UTIL_H_
|
