xref: /aosp_15_r20/external/cronet/net/test/ct_test_util.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2013 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #include "net/test/ct_test_util.h"
6*6777b538SAndroid Build Coastguard Worker 
7*6777b538SAndroid Build Coastguard Worker #include <stdint.h>
8*6777b538SAndroid Build Coastguard Worker #include <string.h>
9*6777b538SAndroid Build Coastguard Worker 
10*6777b538SAndroid Build Coastguard Worker #include <string_view>
11*6777b538SAndroid Build Coastguard Worker #include <vector>
12*6777b538SAndroid Build Coastguard Worker 
13*6777b538SAndroid Build Coastguard Worker #include "base/base64.h"
14*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_number_conversions.h"
15*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_util.h"
16*6777b538SAndroid Build Coastguard Worker #include "base/strings/stringprintf.h"
17*6777b538SAndroid Build Coastguard Worker #include "net/base/hex_utils.h"
18*6777b538SAndroid Build Coastguard Worker #include "net/cert/ct_serialization.h"
19*6777b538SAndroid Build Coastguard Worker #include "net/cert/merkle_tree_leaf.h"
20*6777b538SAndroid Build Coastguard Worker #include "net/cert/signed_tree_head.h"
21*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate.h"
22*6777b538SAndroid Build Coastguard Worker 
23*6777b538SAndroid Build Coastguard Worker namespace net::ct {
24*6777b538SAndroid Build Coastguard Worker 
25*6777b538SAndroid Build Coastguard Worker namespace {
26*6777b538SAndroid Build Coastguard Worker 
27*6777b538SAndroid Build Coastguard Worker // The following test vectors are from
28*6777b538SAndroid Build Coastguard Worker // http://code.google.com/p/certificate-transparency
29*6777b538SAndroid Build Coastguard Worker 
30*6777b538SAndroid Build Coastguard Worker const char kDefaultDerCert[] =
31*6777b538SAndroid Build Coastguard Worker     "308202ca30820233a003020102020106300d06092a864886f70d01010505003055310b3009"
32*6777b538SAndroid Build Coastguard Worker     "06035504061302474231243022060355040a131b4365727469666963617465205472616e73"
33*6777b538SAndroid Build Coastguard Worker     "706172656e6379204341310e300c0603550408130557616c65733110300e06035504071307"
34*6777b538SAndroid Build Coastguard Worker     "4572772057656e301e170d3132303630313030303030305a170d3232303630313030303030"
35*6777b538SAndroid Build Coastguard Worker     "305a3052310b30090603550406130247423121301f060355040a1318436572746966696361"
36*6777b538SAndroid Build Coastguard Worker     "7465205472616e73706172656e6379310e300c0603550408130557616c65733110300e0603"
37*6777b538SAndroid Build Coastguard Worker     "55040713074572772057656e30819f300d06092a864886f70d010101050003818d00308189"
38*6777b538SAndroid Build Coastguard Worker     "02818100b1fa37936111f8792da2081c3fe41925008531dc7f2c657bd9e1de4704160b4c9f"
39*6777b538SAndroid Build Coastguard Worker     "19d54ada4470404c1c51341b8f1f7538dddd28d9aca48369fc5646ddcc7617f8168aae5b41"
40*6777b538SAndroid Build Coastguard Worker     "d43331fca2dadfc804d57208949061f9eef902ca47ce88c644e000f06eeeccabdc9dd2f68a"
41*6777b538SAndroid Build Coastguard Worker     "22ccb09dc76e0dbc73527765b1a37a8c676253dcc10203010001a381ac3081a9301d060355"
42*6777b538SAndroid Build Coastguard Worker     "1d0e041604146a0d982a3b62c44b6d2ef4e9bb7a01aa9cb798e2307d0603551d2304763074"
43*6777b538SAndroid Build Coastguard Worker     "80145f9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406"
44*6777b538SAndroid Build Coastguard Worker     "1302474231243022060355040a131b4365727469666963617465205472616e73706172656e"
45*6777b538SAndroid Build Coastguard Worker     "6379204341310e300c0603550408130557616c65733110300e060355040713074572772057"
46*6777b538SAndroid Build Coastguard Worker     "656e82010030090603551d1304023000300d06092a864886f70d010105050003818100171c"
47*6777b538SAndroid Build Coastguard Worker     "d84aac414a9a030f22aac8f688b081b2709b848b4e5511406cd707fed028597a9faefc2eee"
48*6777b538SAndroid Build Coastguard Worker     "2978d633aaac14ed3235197da87e0f71b8875f1ac9e78b281749ddedd007e3ecf50645f8cb"
49*6777b538SAndroid Build Coastguard Worker     "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972"
50*6777b538SAndroid Build Coastguard Worker     "7d24c4fccd249295795814d1dac0e6";
51*6777b538SAndroid Build Coastguard Worker 
52*6777b538SAndroid Build Coastguard Worker const char kDefaultIssuerKeyHash[] =
53*6777b538SAndroid Build Coastguard Worker     "02adddca08b8bf9861f035940c940156d8350fdff899a6239c6bd77255b8f8fc";
54*6777b538SAndroid Build Coastguard Worker 
55*6777b538SAndroid Build Coastguard Worker const char kDefaultDerTbsCert[] =
56*6777b538SAndroid Build Coastguard Worker     "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504"
57*6777b538SAndroid Build Coastguard Worker     "061302474231243022060355040a131b4365727469666963617465205472616e7370617265"
58*6777b538SAndroid Build Coastguard Worker     "6e6379204341310e300c0603550408130557616c65733110300e0603550407130745727720"
59*6777b538SAndroid Build Coastguard Worker     "57656e301e170d3132303630313030303030305a170d3232303630313030303030305a3052"
60*6777b538SAndroid Build Coastguard Worker     "310b30090603550406130247423121301f060355040a131843657274696669636174652054"
61*6777b538SAndroid Build Coastguard Worker     "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713"
62*6777b538SAndroid Build Coastguard Worker     "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100"
63*6777b538SAndroid Build Coastguard Worker     "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
64*6777b538SAndroid Build Coastguard Worker     "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410"
65*6777b538SAndroid Build Coastguard Worker     "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf"
66*6777b538SAndroid Build Coastguard Worker     "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416"
67*6777b538SAndroid Build Coastguard Worker     "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
68*6777b538SAndroid Build Coastguard Worker     "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742"
69*6777b538SAndroid Build Coastguard Worker     "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043"
70*6777b538SAndroid Build Coastguard Worker     "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201"
71*6777b538SAndroid Build Coastguard Worker     "0030090603551d1304023000";
72*6777b538SAndroid Build Coastguard Worker 
73*6777b538SAndroid Build Coastguard Worker const char kDefaultExtensions[] = "666f6f626172"; // "foobar"
74*6777b538SAndroid Build Coastguard Worker 
75*6777b538SAndroid Build Coastguard Worker const char kTestDigitallySigned[] =
76*6777b538SAndroid Build Coastguard Worker     "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53"
77*6777b538SAndroid Build Coastguard Worker     "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5"
78*6777b538SAndroid Build Coastguard Worker     "a5";
79*6777b538SAndroid Build Coastguard Worker 
80*6777b538SAndroid Build Coastguard Worker const char kTestSignedCertificateTimestamp[] =
81*6777b538SAndroid Build Coastguard Worker     "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d"
82*6777b538SAndroid Build Coastguard Worker     "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2"
83*6777b538SAndroid Build Coastguard Worker     "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456"
84*6777b538SAndroid Build Coastguard Worker     "89a2c0187ef5a5";
85*6777b538SAndroid Build Coastguard Worker 
86*6777b538SAndroid Build Coastguard Worker const char kEcP256PublicKey[] =
87*6777b538SAndroid Build Coastguard Worker     "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a"
88*6777b538SAndroid Build Coastguard Worker     "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f"
89*6777b538SAndroid Build Coastguard Worker     "b7b245eb4b420ef370210371a944beaceb";
90*6777b538SAndroid Build Coastguard Worker 
91*6777b538SAndroid Build Coastguard Worker const char kTestKeyId[] =
92*6777b538SAndroid Build Coastguard Worker     "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764";
93*6777b538SAndroid Build Coastguard Worker 
94*6777b538SAndroid Build Coastguard Worker const int64_t kTestTimestamp = INT64_C(1396877277237);
95*6777b538SAndroid Build Coastguard Worker 
96*6777b538SAndroid Build Coastguard Worker const char kTestSCTSignatureData[] =
97*6777b538SAndroid Build Coastguard Worker     "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202"
98*6777b538SAndroid Build Coastguard Worker     "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5";
99*6777b538SAndroid Build Coastguard Worker 
100*6777b538SAndroid Build Coastguard Worker const char kTestSCTPrecertSignatureData[] =
101*6777b538SAndroid Build Coastguard Worker     "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602"
102*6777b538SAndroid Build Coastguard Worker     "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08";
103*6777b538SAndroid Build Coastguard Worker 
104*6777b538SAndroid Build Coastguard Worker // A well-formed OCSP response with fake SCT contents. Does not come from
105*6777b538SAndroid Build Coastguard Worker // http://code.google.com/p/certificate-transparency, does not pertain to any
106*6777b538SAndroid Build Coastguard Worker // of the test certs here, and is only used to test extracting the extension
107*6777b538SAndroid Build Coastguard Worker // contents from the response.
108*6777b538SAndroid Build Coastguard Worker const char kFakeOCSPResponse[] =
109*6777b538SAndroid Build Coastguard Worker     "3082016e0a0100a08201673082016306092b060105050730010104820154308201503081ba"
110*6777b538SAndroid Build Coastguard Worker     "a21604144edfdf5ff9c90ffacfca66e7fbc436bc39ee3fc7180f3230313030313031303630"
111*6777b538SAndroid Build Coastguard Worker     "3030305a30818e30818b3049300906052b0e03021a050004141833a1e6a4f09577cca0e64c"
112*6777b538SAndroid Build Coastguard Worker     "e7d145ca4b93700904144edfdf5ff9c90ffacfca66e7fbc436bc39ee3fc7021001aef99bde"
113*6777b538SAndroid Build Coastguard Worker     "e0bb58c6f2b816bc3ae02f8000180f32303130303130313036303030305aa011180f323033"
114*6777b538SAndroid Build Coastguard Worker     "30303130313036303030305aa11830163014060a2b06010401d67902040504060404746573"
115*6777b538SAndroid Build Coastguard Worker     "74300d06092a864886f70d0101050500038181003586ffcf0794e64eb643d52a3d570a1c93"
116*6777b538SAndroid Build Coastguard Worker     "836395986a2f792dd4e9c70b05161186c55c1658e0607dc9ec0d0924ac37fb99506c870579"
117*6777b538SAndroid Build Coastguard Worker     "634be1de62ba2fced5f61f3b428f959fcee9bddf6f268c8e14c14fdf3b447786e638a5c8cc"
118*6777b538SAndroid Build Coastguard Worker     "b610893df17a60e4cff30f4780aeffe0086ef19910f0d9cd7414bc93d1945686f88ad0a3c3"
119*6777b538SAndroid Build Coastguard Worker     ;
120*6777b538SAndroid Build Coastguard Worker 
121*6777b538SAndroid Build Coastguard Worker const char kFakeOCSPResponseCert[] =
122*6777b538SAndroid Build Coastguard Worker     "3082022930820192a003020102021001aef99bdee0bb58c6f2b816bc3ae02f300d06092a86"
123*6777b538SAndroid Build Coastguard Worker     "4886f70d01010505003015311330110603550403130a54657374696e67204341301e170d31"
124*6777b538SAndroid Build Coastguard Worker     "30303130313036303030305a170d3332313230313036303030305a30373112301006035504"
125*6777b538SAndroid Build Coastguard Worker     "0313093132372e302e302e31310b300906035504061302585831143012060355040a130b54"
126*6777b538SAndroid Build Coastguard Worker     "657374696e67204f726730819d300d06092a864886f70d010101050003818b003081870281"
127*6777b538SAndroid Build Coastguard Worker     "8100a71998f2930bfe73d031a87f133d2f378eeeeed52a77e44d0fc9ff6f07ff32cbf3da99"
128*6777b538SAndroid Build Coastguard Worker     "9de4ed65832afcb0807f98787506539d258a0ce3c2c77967653099a9034a9b115a876c39a8"
129*6777b538SAndroid Build Coastguard Worker     "c4e4ed4acd0c64095946fb39eeeb47a0704dbb018acf48c3a1c4b895fc409fb4a340a986b1"
130*6777b538SAndroid Build Coastguard Worker     "afc45519ab9eca47c30185c771c64aa5ecf07d020103a35a3058303a06082b060105050701"
131*6777b538SAndroid Build Coastguard Worker     "01010100042b3029302706082b06010505073001861b687474703a2f2f3132372e302e302e"
132*6777b538SAndroid Build Coastguard Worker     "313a35353038312f6f637370301a0603551d200101000410300e300c060a2b06010401d679"
133*6777b538SAndroid Build Coastguard Worker     "020401300d06092a864886f70d01010505000381810065e04fadd3484197f3412479d917e1"
134*6777b538SAndroid Build Coastguard Worker     "9d8f7db57b526f2d0e4c046f86cebe643bf568ea0cd6570b228842aa057c6a7c79f209dfcd"
135*6777b538SAndroid Build Coastguard Worker     "3419a4d93b1ecfb1c0224f33083c7d4da023499fbd00d81d6711ad58ffcf65f1545247fe9d"
136*6777b538SAndroid Build Coastguard Worker     "83203425fd706b4fc5e797002af3d88151be5901eef56ec30aacdfc404be1bd35865ff1943"
137*6777b538SAndroid Build Coastguard Worker     "2516";
138*6777b538SAndroid Build Coastguard Worker 
139*6777b538SAndroid Build Coastguard Worker const char kFakeOCSPResponseIssuerCert[] =
140*6777b538SAndroid Build Coastguard Worker     "308201d13082013aa003020102020101300d06092a864886f70d0101050500301531133011"
141*6777b538SAndroid Build Coastguard Worker     "0603550403130a54657374696e67204341301e170d3130303130313036303030305a170d33"
142*6777b538SAndroid Build Coastguard Worker     "32313230313036303030305a3015311330110603550403130a54657374696e672043413081"
143*6777b538SAndroid Build Coastguard Worker     "9d300d06092a864886f70d010101050003818b0030818702818100a71998f2930bfe73d031"
144*6777b538SAndroid Build Coastguard Worker     "a87f133d2f378eeeeed52a77e44d0fc9ff6f07ff32cbf3da999de4ed65832afcb0807f9878"
145*6777b538SAndroid Build Coastguard Worker     "7506539d258a0ce3c2c77967653099a9034a9b115a876c39a8c4e4ed4acd0c64095946fb39"
146*6777b538SAndroid Build Coastguard Worker     "eeeb47a0704dbb018acf48c3a1c4b895fc409fb4a340a986b1afc45519ab9eca47c30185c7"
147*6777b538SAndroid Build Coastguard Worker     "71c64aa5ecf07d020103a333303130120603551d130101ff040830060101ff020100301b06"
148*6777b538SAndroid Build Coastguard Worker     "03551d200101000411300f300d060b2b06010401d6790201ce0f300d06092a864886f70d01"
149*6777b538SAndroid Build Coastguard Worker     "01050500038181003f4936f8d00e83fbdde331f2c64335dcf7dec8b1a2597683edeed61af0"
150*6777b538SAndroid Build Coastguard Worker     "fa862412fad848938fe7ab77f1f9a43671ff6fdb729386e26f49e7aca0c0ea216e5970d933"
151*6777b538SAndroid Build Coastguard Worker     "3ea1e11df2ccb357a5fed5220f9c6239e8946b9b7517707631d51ab996833d58a022cff5a6"
152*6777b538SAndroid Build Coastguard Worker     "2169ac9258ec110efee78da9ab4a641e3b3c9ee5e8bd291460";
153*6777b538SAndroid Build Coastguard Worker 
154*6777b538SAndroid Build Coastguard Worker const char kFakeOCSPExtensionValue[] = "74657374";  // "test"
155*6777b538SAndroid Build Coastguard Worker 
156*6777b538SAndroid Build Coastguard Worker // For the sample STH
157*6777b538SAndroid Build Coastguard Worker const char kSampleSTHSHA256RootHash[] =
158*6777b538SAndroid Build Coastguard Worker     "726467216167397babca293dca398e4ce6b621b18b9bc42f30c900d1f92ac1e4";
159*6777b538SAndroid Build Coastguard Worker const char kSampleSTHTreeHeadSignature[] =
160*6777b538SAndroid Build Coastguard Worker     "0403004730450220365a91a2a88f2b9332f41d8959fa7086da7e6d634b7b089bc9da066426"
161*6777b538SAndroid Build Coastguard Worker     "6c7a20022100e38464f3c0fd066257b982074f7ac87655e0c8f714768a050b4be9a7b441cb"
162*6777b538SAndroid Build Coastguard Worker     "d3";
163*6777b538SAndroid Build Coastguard Worker size_t kSampleSTHTreeSize = 21u;
164*6777b538SAndroid Build Coastguard Worker 
165*6777b538SAndroid Build Coastguard Worker }  // namespace
166*6777b538SAndroid Build Coastguard Worker 
GetX509CertSignedEntry(SignedEntryData * entry)167*6777b538SAndroid Build Coastguard Worker void GetX509CertSignedEntry(SignedEntryData* entry) {
168*6777b538SAndroid Build Coastguard Worker   entry->type = ct::SignedEntryData::LOG_ENTRY_TYPE_X509;
169*6777b538SAndroid Build Coastguard Worker   entry->leaf_certificate = HexDecode(kDefaultDerCert);
170*6777b538SAndroid Build Coastguard Worker }
171*6777b538SAndroid Build Coastguard Worker 
GetX509CertTreeLeaf(MerkleTreeLeaf * tree_leaf)172*6777b538SAndroid Build Coastguard Worker void GetX509CertTreeLeaf(MerkleTreeLeaf* tree_leaf) {
173*6777b538SAndroid Build Coastguard Worker   tree_leaf->timestamp =
174*6777b538SAndroid Build Coastguard Worker       base::Time::FromMillisecondsSinceUnixEpoch(kTestTimestamp);
175*6777b538SAndroid Build Coastguard Worker   GetX509CertSignedEntry(&tree_leaf->signed_entry);
176*6777b538SAndroid Build Coastguard Worker   tree_leaf->extensions = HexDecode(kDefaultExtensions);
177*6777b538SAndroid Build Coastguard Worker }
178*6777b538SAndroid Build Coastguard Worker 
GetDerEncodedX509Cert()179*6777b538SAndroid Build Coastguard Worker std::string GetDerEncodedX509Cert() {
180*6777b538SAndroid Build Coastguard Worker   return HexDecode(kDefaultDerCert);
181*6777b538SAndroid Build Coastguard Worker }
182*6777b538SAndroid Build Coastguard Worker 
GetPrecertSignedEntry(SignedEntryData * entry)183*6777b538SAndroid Build Coastguard Worker void GetPrecertSignedEntry(SignedEntryData* entry) {
184*6777b538SAndroid Build Coastguard Worker   entry->type = ct::SignedEntryData::LOG_ENTRY_TYPE_PRECERT;
185*6777b538SAndroid Build Coastguard Worker   std::string issuer_hash(HexDecode(kDefaultIssuerKeyHash));
186*6777b538SAndroid Build Coastguard Worker   memcpy(entry->issuer_key_hash.data, issuer_hash.data(), issuer_hash.size());
187*6777b538SAndroid Build Coastguard Worker   entry->tbs_certificate = HexDecode(kDefaultDerTbsCert);
188*6777b538SAndroid Build Coastguard Worker }
189*6777b538SAndroid Build Coastguard Worker 
GetPrecertTreeLeaf(MerkleTreeLeaf * tree_leaf)190*6777b538SAndroid Build Coastguard Worker void GetPrecertTreeLeaf(MerkleTreeLeaf* tree_leaf) {
191*6777b538SAndroid Build Coastguard Worker   tree_leaf->timestamp =
192*6777b538SAndroid Build Coastguard Worker       base::Time::FromMillisecondsSinceUnixEpoch(kTestTimestamp);
193*6777b538SAndroid Build Coastguard Worker   GetPrecertSignedEntry(&tree_leaf->signed_entry);
194*6777b538SAndroid Build Coastguard Worker   tree_leaf->extensions = HexDecode(kDefaultExtensions);
195*6777b538SAndroid Build Coastguard Worker }
196*6777b538SAndroid Build Coastguard Worker 
GetTestDigitallySigned()197*6777b538SAndroid Build Coastguard Worker std::string GetTestDigitallySigned() {
198*6777b538SAndroid Build Coastguard Worker   return HexDecode(kTestDigitallySigned);
199*6777b538SAndroid Build Coastguard Worker }
200*6777b538SAndroid Build Coastguard Worker 
GetTestSignedCertificateTimestamp()201*6777b538SAndroid Build Coastguard Worker std::string GetTestSignedCertificateTimestamp() {
202*6777b538SAndroid Build Coastguard Worker   return HexDecode(kTestSignedCertificateTimestamp);
203*6777b538SAndroid Build Coastguard Worker }
204*6777b538SAndroid Build Coastguard Worker 
GetTestPublicKey()205*6777b538SAndroid Build Coastguard Worker std::string GetTestPublicKey() {
206*6777b538SAndroid Build Coastguard Worker   return HexDecode(kEcP256PublicKey);
207*6777b538SAndroid Build Coastguard Worker }
208*6777b538SAndroid Build Coastguard Worker 
GetTestPublicKeyId()209*6777b538SAndroid Build Coastguard Worker std::string GetTestPublicKeyId() {
210*6777b538SAndroid Build Coastguard Worker   return HexDecode(kTestKeyId);
211*6777b538SAndroid Build Coastguard Worker }
212*6777b538SAndroid Build Coastguard Worker 
GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp> * sct_ref)213*6777b538SAndroid Build Coastguard Worker void GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp>* sct_ref) {
214*6777b538SAndroid Build Coastguard Worker   CHECK(sct_ref != nullptr);
215*6777b538SAndroid Build Coastguard Worker   *sct_ref = base::MakeRefCounted<SignedCertificateTimestamp>();
216*6777b538SAndroid Build Coastguard Worker   SignedCertificateTimestamp *const sct(sct_ref->get());
217*6777b538SAndroid Build Coastguard Worker   sct->version = ct::SignedCertificateTimestamp::V1;
218*6777b538SAndroid Build Coastguard Worker   sct->log_id = HexDecode(kTestKeyId);
219*6777b538SAndroid Build Coastguard Worker   // Time the log issued a SCT for this certificate, which is
220*6777b538SAndroid Build Coastguard Worker   // Fri Apr  5 10:04:16.089 2013
221*6777b538SAndroid Build Coastguard Worker   sct->timestamp =
222*6777b538SAndroid Build Coastguard Worker       base::Time::UnixEpoch() + base::Milliseconds(INT64_C(1365181456089));
223*6777b538SAndroid Build Coastguard Worker   sct->extensions.clear();
224*6777b538SAndroid Build Coastguard Worker 
225*6777b538SAndroid Build Coastguard Worker   sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
226*6777b538SAndroid Build Coastguard Worker   sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
227*6777b538SAndroid Build Coastguard Worker   sct->signature.signature_data = HexDecode(kTestSCTSignatureData);
228*6777b538SAndroid Build Coastguard Worker }
229*6777b538SAndroid Build Coastguard Worker 
GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp> * sct_ref)230*6777b538SAndroid Build Coastguard Worker void GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp>* sct_ref) {
231*6777b538SAndroid Build Coastguard Worker   CHECK(sct_ref != nullptr);
232*6777b538SAndroid Build Coastguard Worker   *sct_ref = base::MakeRefCounted<SignedCertificateTimestamp>();
233*6777b538SAndroid Build Coastguard Worker   SignedCertificateTimestamp *const sct(sct_ref->get());
234*6777b538SAndroid Build Coastguard Worker   sct->version = ct::SignedCertificateTimestamp::V1;
235*6777b538SAndroid Build Coastguard Worker   sct->log_id = HexDecode(kTestKeyId);
236*6777b538SAndroid Build Coastguard Worker   // Time the log issued a SCT for this Precertificate, which is
237*6777b538SAndroid Build Coastguard Worker   // Fri Apr  5 10:04:16.275 2013
238*6777b538SAndroid Build Coastguard Worker   sct->timestamp =
239*6777b538SAndroid Build Coastguard Worker       base::Time::UnixEpoch() + base::Milliseconds(INT64_C(1365181456275));
240*6777b538SAndroid Build Coastguard Worker   sct->extensions.clear();
241*6777b538SAndroid Build Coastguard Worker 
242*6777b538SAndroid Build Coastguard Worker   sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
243*6777b538SAndroid Build Coastguard Worker   sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
244*6777b538SAndroid Build Coastguard Worker   sct->signature.signature_data = HexDecode(kTestSCTPrecertSignatureData);
245*6777b538SAndroid Build Coastguard Worker }
246*6777b538SAndroid Build Coastguard Worker 
GetDefaultIssuerKeyHash()247*6777b538SAndroid Build Coastguard Worker std::string GetDefaultIssuerKeyHash() {
248*6777b538SAndroid Build Coastguard Worker   return HexDecode(kDefaultIssuerKeyHash);
249*6777b538SAndroid Build Coastguard Worker }
250*6777b538SAndroid Build Coastguard Worker 
GetDerEncodedFakeOCSPResponse()251*6777b538SAndroid Build Coastguard Worker std::string GetDerEncodedFakeOCSPResponse() {
252*6777b538SAndroid Build Coastguard Worker   return HexDecode(kFakeOCSPResponse);
253*6777b538SAndroid Build Coastguard Worker }
254*6777b538SAndroid Build Coastguard Worker 
GetFakeOCSPExtensionValue()255*6777b538SAndroid Build Coastguard Worker std::string GetFakeOCSPExtensionValue() {
256*6777b538SAndroid Build Coastguard Worker   return HexDecode(kFakeOCSPExtensionValue);
257*6777b538SAndroid Build Coastguard Worker }
258*6777b538SAndroid Build Coastguard Worker 
GetDerEncodedFakeOCSPResponseCert()259*6777b538SAndroid Build Coastguard Worker std::string GetDerEncodedFakeOCSPResponseCert() {
260*6777b538SAndroid Build Coastguard Worker   return HexDecode(kFakeOCSPResponseCert);
261*6777b538SAndroid Build Coastguard Worker }
262*6777b538SAndroid Build Coastguard Worker 
GetDerEncodedFakeOCSPResponseIssuerCert()263*6777b538SAndroid Build Coastguard Worker std::string GetDerEncodedFakeOCSPResponseIssuerCert() {
264*6777b538SAndroid Build Coastguard Worker   return HexDecode(kFakeOCSPResponseIssuerCert);
265*6777b538SAndroid Build Coastguard Worker }
266*6777b538SAndroid Build Coastguard Worker 
267*6777b538SAndroid Build Coastguard Worker // A sample, valid STH
GetSampleSignedTreeHead(SignedTreeHead * sth)268*6777b538SAndroid Build Coastguard Worker bool GetSampleSignedTreeHead(SignedTreeHead* sth) {
269*6777b538SAndroid Build Coastguard Worker   sth->version = SignedTreeHead::V1;
270*6777b538SAndroid Build Coastguard Worker   sth->timestamp = base::Time::UnixEpoch() + base::Milliseconds(kTestTimestamp);
271*6777b538SAndroid Build Coastguard Worker   sth->tree_size = kSampleSTHTreeSize;
272*6777b538SAndroid Build Coastguard Worker   std::string sha256_root_hash = GetSampleSTHSHA256RootHash();
273*6777b538SAndroid Build Coastguard Worker   memcpy(sth->sha256_root_hash, sha256_root_hash.c_str(), kSthRootHashLength);
274*6777b538SAndroid Build Coastguard Worker   sth->log_id = GetTestPublicKeyId();
275*6777b538SAndroid Build Coastguard Worker 
276*6777b538SAndroid Build Coastguard Worker   return GetSampleSTHTreeHeadDecodedSignature(&(sth->signature));
277*6777b538SAndroid Build Coastguard Worker }
278*6777b538SAndroid Build Coastguard Worker 
GetSampleEmptySignedTreeHead(SignedTreeHead * sth)279*6777b538SAndroid Build Coastguard Worker bool GetSampleEmptySignedTreeHead(SignedTreeHead* sth) {
280*6777b538SAndroid Build Coastguard Worker   sth->version = SignedTreeHead::V1;
281*6777b538SAndroid Build Coastguard Worker   sth->timestamp =
282*6777b538SAndroid Build Coastguard Worker       base::Time::UnixEpoch() + base::Milliseconds(INT64_C(1450443594920));
283*6777b538SAndroid Build Coastguard Worker   sth->tree_size = 0;
284*6777b538SAndroid Build Coastguard Worker   std::string empty_root_hash = HexDecode(
285*6777b538SAndroid Build Coastguard Worker       "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
286*6777b538SAndroid Build Coastguard Worker   memcpy(sth->sha256_root_hash, empty_root_hash.c_str(), kSthRootHashLength);
287*6777b538SAndroid Build Coastguard Worker   sth->log_id = GetTestPublicKeyId();
288*6777b538SAndroid Build Coastguard Worker 
289*6777b538SAndroid Build Coastguard Worker   std::string tree_head_signature = HexDecode(
290*6777b538SAndroid Build Coastguard Worker       "040300463044022046c26401de9416403da54762dc1f1687c38eafd791b15e484ab4c5f7"
291*6777b538SAndroid Build Coastguard Worker       "f52721fe02201bf537a3bbea47109fc76c2273fe0f3349f493a07de9335c266330105fb0"
292*6777b538SAndroid Build Coastguard Worker       "2a4a");
293*6777b538SAndroid Build Coastguard Worker   std::string_view sp(tree_head_signature);
294*6777b538SAndroid Build Coastguard Worker   return DecodeDigitallySigned(&sp, &(sth->signature)) && sp.empty();
295*6777b538SAndroid Build Coastguard Worker }
296*6777b538SAndroid Build Coastguard Worker 
GetBadEmptySignedTreeHead(SignedTreeHead * sth)297*6777b538SAndroid Build Coastguard Worker bool GetBadEmptySignedTreeHead(SignedTreeHead* sth) {
298*6777b538SAndroid Build Coastguard Worker   sth->version = SignedTreeHead::V1;
299*6777b538SAndroid Build Coastguard Worker   sth->timestamp =
300*6777b538SAndroid Build Coastguard Worker       base::Time::UnixEpoch() + base::Milliseconds(INT64_C(1450870952897));
301*6777b538SAndroid Build Coastguard Worker   sth->tree_size = 0;
302*6777b538SAndroid Build Coastguard Worker   memset(sth->sha256_root_hash, 'f', kSthRootHashLength);
303*6777b538SAndroid Build Coastguard Worker   sth->log_id = GetTestPublicKeyId();
304*6777b538SAndroid Build Coastguard Worker 
305*6777b538SAndroid Build Coastguard Worker   std::string tree_head_signature = HexDecode(
306*6777b538SAndroid Build Coastguard Worker       "04030046304402207cab04c62dee5d1cbc95fec30cd8417313f71587b75f133ad2e6f324"
307*6777b538SAndroid Build Coastguard Worker       "74f164d702205e2f3a9bce46f87d7e20e951a4e955da3cb502f8717a22fabd7c5d7e1bef"
308*6777b538SAndroid Build Coastguard Worker       "46ea");
309*6777b538SAndroid Build Coastguard Worker   std::string_view sp(tree_head_signature);
310*6777b538SAndroid Build Coastguard Worker   return DecodeDigitallySigned(&sp, &(sth->signature)) && sp.empty();
311*6777b538SAndroid Build Coastguard Worker }
312*6777b538SAndroid Build Coastguard Worker 
GetSampleSTHSHA256RootHash()313*6777b538SAndroid Build Coastguard Worker std::string GetSampleSTHSHA256RootHash() {
314*6777b538SAndroid Build Coastguard Worker   return HexDecode(kSampleSTHSHA256RootHash);
315*6777b538SAndroid Build Coastguard Worker }
316*6777b538SAndroid Build Coastguard Worker 
GetSampleSTHTreeHeadSignature()317*6777b538SAndroid Build Coastguard Worker std::string GetSampleSTHTreeHeadSignature() {
318*6777b538SAndroid Build Coastguard Worker   return HexDecode(kSampleSTHTreeHeadSignature);
319*6777b538SAndroid Build Coastguard Worker }
320*6777b538SAndroid Build Coastguard Worker 
GetSampleSTHTreeHeadDecodedSignature(DigitallySigned * signature)321*6777b538SAndroid Build Coastguard Worker bool GetSampleSTHTreeHeadDecodedSignature(DigitallySigned* signature) {
322*6777b538SAndroid Build Coastguard Worker   std::string tree_head_signature = HexDecode(kSampleSTHTreeHeadSignature);
323*6777b538SAndroid Build Coastguard Worker   std::string_view sp(tree_head_signature);
324*6777b538SAndroid Build Coastguard Worker   return DecodeDigitallySigned(&sp, signature) && sp.empty();
325*6777b538SAndroid Build Coastguard Worker }
326*6777b538SAndroid Build Coastguard Worker 
GetSampleSTHAsJson()327*6777b538SAndroid Build Coastguard Worker std::string GetSampleSTHAsJson() {
328*6777b538SAndroid Build Coastguard Worker   return CreateSignedTreeHeadJsonString(kSampleSTHTreeSize, kTestTimestamp,
329*6777b538SAndroid Build Coastguard Worker                                         GetSampleSTHSHA256RootHash(),
330*6777b538SAndroid Build Coastguard Worker                                         GetSampleSTHTreeHeadSignature());
331*6777b538SAndroid Build Coastguard Worker }
332*6777b538SAndroid Build Coastguard Worker 
CreateSignedTreeHeadJsonString(size_t tree_size,int64_t timestamp,std::string sha256_root_hash,std::string tree_head_signature)333*6777b538SAndroid Build Coastguard Worker std::string CreateSignedTreeHeadJsonString(size_t tree_size,
334*6777b538SAndroid Build Coastguard Worker                                            int64_t timestamp,
335*6777b538SAndroid Build Coastguard Worker                                            std::string sha256_root_hash,
336*6777b538SAndroid Build Coastguard Worker                                            std::string tree_head_signature) {
337*6777b538SAndroid Build Coastguard Worker   std::string sth_json =
338*6777b538SAndroid Build Coastguard Worker       std::string("{\"tree_size\":") + base::NumberToString(tree_size) +
339*6777b538SAndroid Build Coastguard Worker       std::string(",\"timestamp\":") + base::NumberToString(timestamp);
340*6777b538SAndroid Build Coastguard Worker 
341*6777b538SAndroid Build Coastguard Worker   if (!sha256_root_hash.empty()) {
342*6777b538SAndroid Build Coastguard Worker     std::string root_hash_b64 = base::Base64Encode(sha256_root_hash);
343*6777b538SAndroid Build Coastguard Worker     sth_json += base::StringPrintf(",\"sha256_root_hash\":\"%s\"",
344*6777b538SAndroid Build Coastguard Worker                                    root_hash_b64.c_str());
345*6777b538SAndroid Build Coastguard Worker   }
346*6777b538SAndroid Build Coastguard Worker   if (!tree_head_signature.empty()) {
347*6777b538SAndroid Build Coastguard Worker     std::string tree_head_signature_b64 =
348*6777b538SAndroid Build Coastguard Worker         base::Base64Encode(tree_head_signature);
349*6777b538SAndroid Build Coastguard Worker     sth_json += base::StringPrintf(",\"tree_head_signature\":\"%s\"",
350*6777b538SAndroid Build Coastguard Worker                                    tree_head_signature_b64.c_str());
351*6777b538SAndroid Build Coastguard Worker   }
352*6777b538SAndroid Build Coastguard Worker 
353*6777b538SAndroid Build Coastguard Worker   sth_json += "}";
354*6777b538SAndroid Build Coastguard Worker   return sth_json;
355*6777b538SAndroid Build Coastguard Worker }
356*6777b538SAndroid Build Coastguard Worker 
CreateConsistencyProofJsonString(const std::vector<std::string> & raw_nodes)357*6777b538SAndroid Build Coastguard Worker std::string CreateConsistencyProofJsonString(
358*6777b538SAndroid Build Coastguard Worker     const std::vector<std::string>& raw_nodes) {
359*6777b538SAndroid Build Coastguard Worker   std::string consistency_proof_json = std::string("{\"consistency\":[");
360*6777b538SAndroid Build Coastguard Worker 
361*6777b538SAndroid Build Coastguard Worker   for (auto it = raw_nodes.begin(); it != raw_nodes.end(); ++it) {
362*6777b538SAndroid Build Coastguard Worker     std::string proof_node_b64 = base::Base64Encode(*it);
363*6777b538SAndroid Build Coastguard Worker     consistency_proof_json +=
364*6777b538SAndroid Build Coastguard Worker         base::StringPrintf("\"%s\"", proof_node_b64.c_str());
365*6777b538SAndroid Build Coastguard Worker     if (it + 1 != raw_nodes.end())
366*6777b538SAndroid Build Coastguard Worker       consistency_proof_json += std::string(",");
367*6777b538SAndroid Build Coastguard Worker   }
368*6777b538SAndroid Build Coastguard Worker   consistency_proof_json += std::string("]}");
369*6777b538SAndroid Build Coastguard Worker 
370*6777b538SAndroid Build Coastguard Worker   return consistency_proof_json;
371*6777b538SAndroid Build Coastguard Worker }
372*6777b538SAndroid Build Coastguard Worker 
GetSCTListForTesting()373*6777b538SAndroid Build Coastguard Worker std::string GetSCTListForTesting() {
374*6777b538SAndroid Build Coastguard Worker   const std::string sct = ct::GetTestSignedCertificateTimestamp();
375*6777b538SAndroid Build Coastguard Worker   std::string sct_list;
376*6777b538SAndroid Build Coastguard Worker   ct::EncodeSCTListForTesting({sct}, &sct_list);
377*6777b538SAndroid Build Coastguard Worker   return sct_list;
378*6777b538SAndroid Build Coastguard Worker }
379*6777b538SAndroid Build Coastguard Worker 
GetSCTListWithInvalidSCT()380*6777b538SAndroid Build Coastguard Worker std::string GetSCTListWithInvalidSCT() {
381*6777b538SAndroid Build Coastguard Worker   std::string sct(ct::GetTestSignedCertificateTimestamp());
382*6777b538SAndroid Build Coastguard Worker 
383*6777b538SAndroid Build Coastguard Worker   // Change a byte inside the Log ID part of the SCT so it does not match the
384*6777b538SAndroid Build Coastguard Worker   // log used in the tests.
385*6777b538SAndroid Build Coastguard Worker   sct[15] = 't';
386*6777b538SAndroid Build Coastguard Worker 
387*6777b538SAndroid Build Coastguard Worker   std::string sct_list;
388*6777b538SAndroid Build Coastguard Worker   ct::EncodeSCTListForTesting({sct}, &sct_list);
389*6777b538SAndroid Build Coastguard Worker   return sct_list;
390*6777b538SAndroid Build Coastguard Worker }
391*6777b538SAndroid Build Coastguard Worker 
CheckForSingleVerifiedSCTInResult(const SignedCertificateTimestampAndStatusList & scts,const std::string & log_description)392*6777b538SAndroid Build Coastguard Worker bool CheckForSingleVerifiedSCTInResult(
393*6777b538SAndroid Build Coastguard Worker     const SignedCertificateTimestampAndStatusList& scts,
394*6777b538SAndroid Build Coastguard Worker     const std::string& log_description) {
395*6777b538SAndroid Build Coastguard Worker   return (scts.size() == 1 && scts[0].status == ct::SCT_STATUS_OK &&
396*6777b538SAndroid Build Coastguard Worker           scts[0].sct->log_description == log_description);
397*6777b538SAndroid Build Coastguard Worker }
398*6777b538SAndroid Build Coastguard Worker 
CheckForSCTOrigin(const SignedCertificateTimestampAndStatusList & scts,ct::SignedCertificateTimestamp::Origin origin)399*6777b538SAndroid Build Coastguard Worker bool CheckForSCTOrigin(const SignedCertificateTimestampAndStatusList& scts,
400*6777b538SAndroid Build Coastguard Worker                        ct::SignedCertificateTimestamp::Origin origin) {
401*6777b538SAndroid Build Coastguard Worker   for (const auto& sct_and_status : scts)
402*6777b538SAndroid Build Coastguard Worker     if (sct_and_status.status == SCT_STATUS_OK &&
403*6777b538SAndroid Build Coastguard Worker         sct_and_status.sct->origin == origin)
404*6777b538SAndroid Build Coastguard Worker       return true;
405*6777b538SAndroid Build Coastguard Worker 
406*6777b538SAndroid Build Coastguard Worker   return false;
407*6777b538SAndroid Build Coastguard Worker }
408*6777b538SAndroid Build Coastguard Worker 
409*6777b538SAndroid Build Coastguard Worker }  // namespace net::ct
410