1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_TEST_CERT_TEST_UTIL_H_
6#define NET_TEST_CERT_TEST_UTIL_H_
7
8#include <string>
9
10#include "base/memory/ref_counted.h"
11#include "net/cert/x509_cert_types.h"
12#include "net/cert/x509_certificate.h"
13#include "testing/gtest/include/gtest/gtest.h"
14
15#if defined(USE_NSS_CERTS)
16#include "net/cert/scoped_nss_types.h"
17
18// From <pk11pub.h>
19typedef struct PK11SlotInfoStr PK11SlotInfo;
20
21#include "net/cert/scoped_nss_types.h"
22#endif
23
24namespace base {
25class FilePath;
26}
27
28namespace net {
29
30class EVRootCAMetadata;
31
32#if defined(USE_NSS_CERTS)
33// Imports a private key from file |key_filename| in |dir| into |slot|. The file
34// must contain a PKCS#8 PrivateKeyInfo in DER encoding. Returns true on success
35// and false on failure.
36bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
37 const std::string& key_filename,
38 PK11SlotInfo* slot);
39
40bool ImportClientCertToSlot(CERTCertificate* cert, PK11SlotInfo* slot);
41
42ScopedCERTCertificate ImportClientCertToSlot(
43 const scoped_refptr<X509Certificate>& cert,
44 PK11SlotInfo* slot);
45
46scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
47 const base::FilePath& dir,
48 const std::string& cert_filename,
49 const std::string& key_filename,
50 PK11SlotInfo* slot,
51 ScopedCERTCertificate* nss_cert);
52scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
53 const base::FilePath& dir,
54 const std::string& cert_filename,
55 const std::string& key_filename,
56 PK11SlotInfo* slot);
57
58ScopedCERTCertificate ImportCERTCertificateFromFile(
59 const base::FilePath& certs_dir,
60 const std::string& cert_file);
61
62ScopedCERTCertificateList CreateCERTCertificateListFromFile(
63 const base::FilePath& certs_dir,
64 const std::string& cert_file,
65 int format);
66#endif
67
68// Imports all of the certificates in |cert_file|, a file in |certs_dir|, into a
69// CertificateList.
70CertificateList CreateCertificateListFromFile(const base::FilePath& certs_dir,
71 const std::string& cert_file,
72 int format);
73
74// Imports all the certificates given a list of filenames, and assigns the
75// result to |*certs|. The filenames are relative to the test certificates
76// directory.
77::testing::AssertionResult LoadCertificateFiles(
78 const std::vector<std::string>& cert_filenames,
79 CertificateList* certs);
80
81// Imports all of the certificates in |cert_file|, a file in |certs_dir|, into
82// a new X509Certificate. The first certificate in the chain will be used for
83// the returned cert, with any additional certificates configured as
84// intermediate certificates.
85scoped_refptr<X509Certificate> CreateCertificateChainFromFile(
86 const base::FilePath& certs_dir,
87 const std::string& cert_file,
88 int format);
89
90// Imports a single certificate from |cert_file|.
91// |certs_dir| represents the test certificates directory. |cert_file| is the
92// name of the certificate file. If cert_file contains multiple certificates,
93// the first certificate found will be returned.
94scoped_refptr<X509Certificate> ImportCertFromFile(const base::FilePath& certs_dir,
95 const std::string& cert_file);
96
97// ScopedTestEVPolicy causes certificates marked with |policy|, issued from a
98// root with the given fingerprint, to be treated as EV. |policy| is expressed
99// as a string of dotted numbers: i.e. "1.2.3.4".
100// This should only be used in unittests as adding a CA twice causes a CHECK
101// failure.
102class ScopedTestEVPolicy {
103 public:
104 ScopedTestEVPolicy(EVRootCAMetadata* ev_root_ca_metadata,
105 const SHA256HashValue& fingerprint,
106 const char* policy);
107 ~ScopedTestEVPolicy();
108
109 private:
110 SHA256HashValue fingerprint_;
111 EVRootCAMetadata* const ev_root_ca_metadata_;
112};
113
114} // namespace net
115
116#endif // NET_TEST_CERT_TEST_UTIL_H_
117