Source code
Revision control
Copy as Markdown
Other Tools
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#ifndef CTTestUtils_h
#define CTTestUtils_h
#include <iostream>
#include "mozpkix/Input.h"
#include "mozpkix/Time.h"
#include "seccomon.h"
#include "SignedCertificateTimestamp.h"
namespace mozilla {
namespace ct {
Buffer HexToBytes(const char* hexData);
// Note: unless specified otherwise, all test data is taken from
// Certificate Transparency test data repository at
// Fills |entry| with test data for an X.509 entry.
void GetX509CertLogEntry(LogEntry& entry);
// Returns a DER-encoded X509 cert. The SCT provided by
// GetX509CertSCT is signed over this certificate.
Buffer GetDEREncodedX509Cert();
// Fills |entry| with test data for a Precertificate entry.
void GetPrecertLogEntry(LogEntry& entry);
// Returns the binary representation of a test DigitallySigned.
Buffer GetTestDigitallySigned();
// Returns the source data of the test DigitallySigned.
Buffer GetTestDigitallySignedData();
// Returns the binary representation of a test serialized SCT.
Buffer GetTestSignedCertificateTimestamp();
// Returns the binary representation of a test serialized InclusionProof.
Buffer GetTestInclusionProof();
Buffer GetTestInclusionProofUnexpectedData();
Buffer GetTestInclusionProofInvalidHashSize();
Buffer GetTestInclusionProofInvalidHash();
Buffer GetTestInclusionProofMissingLogId();
Buffer GetTestInclusionProofNullPathLength();
Buffer GetTestInclusionProofPathLengthTooSmall();
Buffer GetTestInclusionProofPathLengthTooLarge();
Buffer GetTestInclusionProofNullTreeSize();
Buffer GetTestInclusionProofLeafIndexOutOfBounds();
Buffer GetTestInclusionProofExtraData();
// Returns the binary representation of test serialized node hashs from an
// inclusion proof.
Buffer GetTestNodeHash0();
Buffer GetTestNodeHash1();
// Test log key.
Buffer GetTestPublicKey();
// ID of test log key.
Buffer GetTestPublicKeyId();
// SCT for the X509Certificate provided above.
void GetX509CertSCT(SignedCertificateTimestamp& sct);
// SCT for the Precertificate log entry provided above.
void GetPrecertSCT(SignedCertificateTimestamp& sct);
// Issuer key hash.
Buffer GetDefaultIssuerKeyHash();
// The SHA256 root hash for the sample STH.
Buffer GetSampleSTHSHA256RootHash();
// The tree head signature for the sample STH.
Buffer GetSampleSTHTreeHeadSignature();
// The same signature as GetSampleSTHTreeHeadSignature, decoded.
void GetSampleSTHTreeHeadDecodedSignature(DigitallySigned& signature);
// Certificate with embedded SCT in an X509v3 extension.
Buffer GetDEREncodedTestEmbeddedCert();
// For the above certificate, the corresponsing TBSCertificate without
// the embedded SCT extension.
Buffer GetDEREncodedTestTbsCert();
// As above, but signed with an intermediate CA certificate containing
// the CT extended key usage OID 1.3.6.1.4.1.11129.2.4.4 for issuing precerts
// (i.e. signed with a "precert CA certificate").
Buffer GetDEREncodedTestEmbeddedWithPreCACert();
// The issuer of the above certificates (self-signed root CA certificate).
Buffer GetDEREncodedCACert();
// An intermediate CA certificate issued by the above CA.
Buffer GetDEREncodedIntermediateCert();
// Certificate with embedded SCT signed by the intermediate certificate above.
Buffer GetDEREncodedTestEmbeddedWithIntermediateCert();
// As above, but signed by the precert CA certificate.
Buffer GetDEREncodedTestEmbeddedWithIntermediatePreCACert();
// Given a DER-encoded certificate, returns its SubjectPublicKeyInfo.
Buffer ExtractCertSPKI(pkix::Input cert);
Buffer ExtractCertSPKI(const Buffer& cert);
// Extracts a SignedCertificateTimestampList from the provided leaf certificate
// (kept in X.509v3 extension with OID 1.3.6.1.4.1.11129.2.4.2).
void ExtractEmbeddedSCTList(pkix::Input cert, Buffer& result);
void ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result);
// Extracts a SignedCertificateTimestampList that has been embedded within
// an OCSP response as an extension with the OID 1.3.6.1.4.1.11129.2.4.5.
// The OCSP response is verified, and the verification must succeed for the
// extension to be extracted.
void ExtractSCTListFromOCSPResponse(pkix::Input cert, pkix::Input issuerSPKI,
pkix::Input encodedResponse,
pkix::Time time, Buffer& result);
// Returns Input for the data stored in the buffer, failing assertion on error.
pkix::Input InputForBuffer(const Buffer& buffer);
// Returns Input for the data stored in the item, failing assertion on error.
pkix::Input InputForSECItem(const SECItem& item);
} // namespace ct
} // namespace mozilla
#endif // CTTestUtils_h