CTTestUtils.h (5325B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef CTTestUtils_h 8 #define CTTestUtils_h 9 10 #include <iostream> 11 12 #include "mozpkix/Input.h" 13 #include "mozpkix/Time.h" 14 #include "seccomon.h" 15 #include "SignedCertificateTimestamp.h" 16 17 namespace mozilla { 18 namespace ct { 19 20 Buffer HexToBytes(const char* hexData); 21 22 // Note: unless specified otherwise, all test data is taken from 23 // Certificate Transparency test data repository at 24 // https://github.com/google/certificate-transparency/tree/master/test/testdata 25 26 // Fills |entry| with test data for an X.509 entry. 27 void GetX509CertLogEntry(LogEntry& entry); 28 29 // Returns a DER-encoded X509 cert. The SCT provided by 30 // GetX509CertSCT is signed over this certificate. 31 Buffer GetDEREncodedX509Cert(); 32 33 // Fills |entry| with test data for a Precertificate entry. 34 void GetPrecertLogEntry(LogEntry& entry); 35 36 // Returns the binary representation of a test DigitallySigned. 37 Buffer GetTestDigitallySigned(); 38 39 // Returns the source data of the test DigitallySigned. 40 Buffer GetTestDigitallySignedData(); 41 42 // Returns the binary representation of various test SCTs. 43 Buffer GetTestSignedCertificateTimestamp(); 44 Buffer GetTestSignedCertificateTimestampWithLeafIndexExtension(); 45 Buffer GetTestSignedCertificateTimestampWithTwoLeafIndexExtensions(); 46 Buffer GetTestSignedCertificateTimestampWithUnknownExtension(); 47 Buffer GetTestSignedCertificateTimestampWithUnknownAndLeafIndexExtensions(); 48 Buffer GetTestSignedCertificateTimestampWithTooShortExtension(); 49 50 // Returns the binary representation of a test serialized InclusionProof. 51 Buffer GetTestInclusionProof(); 52 Buffer GetTestInclusionProofUnexpectedData(); 53 Buffer GetTestInclusionProofInvalidHashSize(); 54 Buffer GetTestInclusionProofInvalidHash(); 55 Buffer GetTestInclusionProofMissingLogId(); 56 Buffer GetTestInclusionProofNullPathLength(); 57 Buffer GetTestInclusionProofPathLengthTooSmall(); 58 Buffer GetTestInclusionProofPathLengthTooLarge(); 59 Buffer GetTestInclusionProofNullTreeSize(); 60 Buffer GetTestInclusionProofLeafIndexOutOfBounds(); 61 Buffer GetTestInclusionProofExtraData(); 62 63 // Returns the binary representation of test serialized node hashs from an 64 // inclusion proof. 65 Buffer GetTestNodeHash0(); 66 Buffer GetTestNodeHash1(); 67 68 // Test log key. 69 Buffer GetTestPublicKey(); 70 71 // ID of test log key. 72 Buffer GetTestPublicKeyId(); 73 74 // SCT for the X509Certificate provided above. 75 void GetX509CertSCT(SignedCertificateTimestamp& sct); 76 77 // SCT for the Precertificate log entry provided above. 78 void GetPrecertSCT(SignedCertificateTimestamp& sct); 79 80 // Issuer key hash. 81 Buffer GetDefaultIssuerKeyHash(); 82 83 // The SHA256 root hash for the sample STH. 84 Buffer GetSampleSTHSHA256RootHash(); 85 86 // The tree head signature for the sample STH. 87 Buffer GetSampleSTHTreeHeadSignature(); 88 89 // The same signature as GetSampleSTHTreeHeadSignature, decoded. 90 void GetSampleSTHTreeHeadDecodedSignature(DigitallySigned& signature); 91 92 // Certificate with embedded SCT in an X509v3 extension. 93 Buffer GetDEREncodedTestEmbeddedCert(); 94 95 // For the above certificate, the corresponsing TBSCertificate without 96 // the embedded SCT extension. 97 Buffer GetDEREncodedTestTbsCert(); 98 99 // As above, but signed with an intermediate CA certificate containing 100 // the CT extended key usage OID 1.3.6.1.4.1.11129.2.4.4 for issuing precerts 101 // (i.e. signed with a "precert CA certificate"). 102 Buffer GetDEREncodedTestEmbeddedWithPreCACert(); 103 104 // The issuer of the above certificates (self-signed root CA certificate). 105 Buffer GetDEREncodedCACert(); 106 107 // An intermediate CA certificate issued by the above CA. 108 Buffer GetDEREncodedIntermediateCert(); 109 110 // Certificate with embedded SCT signed by the intermediate certificate above. 111 Buffer GetDEREncodedTestEmbeddedWithIntermediateCert(); 112 113 // As above, but signed by the precert CA certificate. 114 Buffer GetDEREncodedTestEmbeddedWithIntermediatePreCACert(); 115 116 // Given a DER-encoded certificate, returns its SubjectPublicKeyInfo. 117 Buffer ExtractCertSPKI(pkix::Input cert); 118 Buffer ExtractCertSPKI(const Buffer& cert); 119 120 // Extracts a SignedCertificateTimestampList from the provided leaf certificate 121 // (kept in X.509v3 extension with OID 1.3.6.1.4.1.11129.2.4.2). 122 void ExtractEmbeddedSCTList(pkix::Input cert, Buffer& result); 123 void ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result); 124 125 // Extracts a SignedCertificateTimestampList that has been embedded within 126 // an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5. 127 // The OCSP response is verified, and the verification must succeed for the 128 // extension to be extracted. 129 void ExtractSCTListFromOCSPResponse(pkix::Input cert, pkix::Input issuerSPKI, 130 pkix::Input encodedResponse, 131 pkix::Time time, Buffer& result); 132 133 // Returns Input for the data stored in the buffer, failing assertion on error. 134 pkix::Input InputForBuffer(const Buffer& buffer); 135 136 // Returns Input for the data stored in the item, failing assertion on error. 137 pkix::Input InputForSECItem(const SECItem& item); 138 139 } // namespace ct 140 } // namespace mozilla 141 142 #endif // CTTestUtils_h