1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_TEST_CT_TEST_UTIL_H_
6#define NET_TEST_CT_TEST_UTIL_H_
7
8#include <stddef.h>
9#include <stdint.h>
10
11#include <string>
12#include <vector>
13
14#include "base/memory/ref_counted.h"
15#include "net/cert/signed_certificate_timestamp.h"
16#include "net/cert/signed_certificate_timestamp_and_status.h"
17
18namespace net {
19
20namespace ct {
21
22struct DigitallySigned;
23struct MerkleTreeLeaf;
24struct SignedEntryData;
25struct SignedTreeHead;
26
27// Note: unless specified otherwise, all test data is taken from Certificate
28// Transparency test data repository.
29
30// Fills |entry| with test data for an X.509 entry.
31void GetX509CertSignedEntry(SignedEntryData* entry);
32
33// Fills |tree_leaf| with test data for an X.509 Merkle tree leaf.
34void GetX509CertTreeLeaf(MerkleTreeLeaf* tree_leaf);
35
36// Returns a DER-encoded X509 cert. The SCT provided by
37// GetX509CertSCT is signed over this certificate.
38std::string GetDerEncodedX509Cert();
39
40// Fills |entry| with test data for a Precertificate entry.
41void GetPrecertSignedEntry(SignedEntryData* entry);
42
43// Fills |tree_leaf| with test data for a Precertificate Merkle tree leaf.
44void GetPrecertTreeLeaf(MerkleTreeLeaf* tree_leaf);
45
46// Returns the binary representation of a test DigitallySigned
47std::string GetTestDigitallySigned();
48
49// Returns the binary representation of a test serialized SCT.
50std::string GetTestSignedCertificateTimestamp();
51
52// Test log key
53std::string GetTestPublicKey();
54
55// ID of test log key
56std::string GetTestPublicKeyId();
57
58// SCT for the X509Certificate provided above.
59void GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp>* sct);
60
61// SCT for the Precertificate log entry provided above.
62void GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp>* sct);
63
64// Issuer key hash
65std::string GetDefaultIssuerKeyHash();
66
67// Fake OCSP response with an embedded SCT list.
68std::string GetDerEncodedFakeOCSPResponse();
69
70// The SCT list embedded in the response above.
71std::string GetFakeOCSPExtensionValue();
72
73// The cert the OCSP response is for.
74std::string GetDerEncodedFakeOCSPResponseCert();
75
76// The issuer of the previous cert.
77std::string GetDerEncodedFakeOCSPResponseIssuerCert();
78
79// A sample, valid STH.
80bool GetSampleSignedTreeHead(SignedTreeHead* sth);
81
82// A valid STH for the empty tree.
83bool GetSampleEmptySignedTreeHead(SignedTreeHead* sth);
84
85// An STH for an empty tree where the root hash is not the hash of the empty
86// string, but the signature over the STH is valid. Such an STH is not valid
87// according to RFC6962.
88bool GetBadEmptySignedTreeHead(SignedTreeHead* sth);
89
90// The SHA256 root hash for the sample STH.
91std::string GetSampleSTHSHA256RootHash();
92
93// The tree head signature for the sample STH.
94std::string GetSampleSTHTreeHeadSignature();
95
96// The same signature as GetSampleSTHTreeHeadSignature, decoded.
97bool GetSampleSTHTreeHeadDecodedSignature(DigitallySigned* signature);
98
99// The sample STH in JSON form.
100std::string GetSampleSTHAsJson();
101
102// Assembles, and returns, a sample STH in JSON format using
103// the provided parameters.
104std::string CreateSignedTreeHeadJsonString(size_t tree_size,
105 int64_t timestamp,
106 std::string sha256_root_hash,
107 std::string tree_head_signature);
108
109// Assembles, and returns, a sample consistency proof in JSON format using
110// the provided raw nodes (i.e. the raw nodes will be base64-encoded).
111std::string CreateConsistencyProofJsonString(
112 const std::vector<std::string>& raw_nodes);
113
114// Returns SCTList for testing.
115std::string GetSCTListForTesting();
116
117// Returns a corrupted SCTList. This is done by changing a byte inside the
118// Log ID part of the SCT so it does not match the log used in the tests.
119std::string GetSCTListWithInvalidSCT();
120
121// Returns true if |log_description| is in the |result|'s |verified_scts| and
122// number of |verified_scts| in |result| is equal to 1.
123bool CheckForSingleVerifiedSCTInResult(
124 const SignedCertificateTimestampAndStatusList& scts,
125 const std::string& log_description);
126
127// Returns true if |origin| is in the |result|'s |verified_scts|.
128bool CheckForSCTOrigin(const SignedCertificateTimestampAndStatusList& scts,
129 SignedCertificateTimestamp::Origin origin);
130
131} // namespace ct
132
133} // namespace net
134
135#endif // NET_TEST_CT_TEST_UTIL_H_
136