Home | History | Annotate | Download | only in test 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/test/ct_test_util.h"
      6 
      7 #include <string>
      8 #include <vector>
      9 
     10 #include "base/strings/string_number_conversions.h"
     11 #include "base/strings/string_piece.h"
     12 #include "base/strings/string_util.h"
     13 #include "net/cert/ct_serialization.h"
     14 #include "net/cert/signed_certificate_timestamp.h"
     15 #include "net/cert/signed_tree_head.h"
     16 #include "net/cert/x509_certificate.h"
     17 
     18 namespace net {
     19 
     20 namespace ct {
     21 
     22 namespace {
     23 
     24 std::string HexToBytes(const char* hex_data) {
     25   std::vector<uint8> output;
     26   std::string result;
     27   if (base::HexStringToBytes(hex_data, &output))
     28     result.assign(reinterpret_cast<const char*>(&output[0]), output.size());
     29   return result;
     30 }
     31 
     32 // The following test vectors are from
     33 // http://code.google.com/p/certificate-transparency
     34 
     35 const char kDefaultDerCert[] =
     36     "308202ca30820233a003020102020106300d06092a864886f70d01010505003055310b3009"
     37     "06035504061302474231243022060355040a131b4365727469666963617465205472616e73"
     38     "706172656e6379204341310e300c0603550408130557616c65733110300e06035504071307"
     39     "4572772057656e301e170d3132303630313030303030305a170d3232303630313030303030"
     40     "305a3052310b30090603550406130247423121301f060355040a1318436572746966696361"
     41     "7465205472616e73706172656e6379310e300c0603550408130557616c65733110300e0603"
     42     "55040713074572772057656e30819f300d06092a864886f70d010101050003818d00308189"
     43     "02818100b1fa37936111f8792da2081c3fe41925008531dc7f2c657bd9e1de4704160b4c9f"
     44     "19d54ada4470404c1c51341b8f1f7538dddd28d9aca48369fc5646ddcc7617f8168aae5b41"
     45     "d43331fca2dadfc804d57208949061f9eef902ca47ce88c644e000f06eeeccabdc9dd2f68a"
     46     "22ccb09dc76e0dbc73527765b1a37a8c676253dcc10203010001a381ac3081a9301d060355"
     47     "1d0e041604146a0d982a3b62c44b6d2ef4e9bb7a01aa9cb798e2307d0603551d2304763074"
     48     "80145f9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406"
     49     "1302474231243022060355040a131b4365727469666963617465205472616e73706172656e"
     50     "6379204341310e300c0603550408130557616c65733110300e060355040713074572772057"
     51     "656e82010030090603551d1304023000300d06092a864886f70d010105050003818100171c"
     52     "d84aac414a9a030f22aac8f688b081b2709b848b4e5511406cd707fed028597a9faefc2eee"
     53     "2978d633aaac14ed3235197da87e0f71b8875f1ac9e78b281749ddedd007e3ecf50645f8cb"
     54     "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972"
     55     "7d24c4fccd249295795814d1dac0e6";
     56 
     57 const char kDefaultIssuerKeyHash[] =
     58     "02adddca08b8bf9861f035940c940156d8350fdff899a6239c6bd77255b8f8fc";
     59 
     60 const char kDefaultDerTbsCert[] =
     61     "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504"
     62     "061302474231243022060355040a131b4365727469666963617465205472616e7370617265"
     63     "6e6379204341310e300c0603550408130557616c65733110300e0603550407130745727720"
     64     "57656e301e170d3132303630313030303030305a170d3232303630313030303030305a3052"
     65     "310b30090603550406130247423121301f060355040a131843657274696669636174652054"
     66     "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713"
     67     "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100"
     68     "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
     69     "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410"
     70     "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf"
     71     "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416"
     72     "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
     73     "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742"
     74     "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043"
     75     "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201"
     76     "0030090603551d1304023000";
     77 
     78 const char kTestDigitallySigned[] =
     79     "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53"
     80     "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5"
     81     "a5";
     82 
     83 const char kTestSignedCertificateTimestamp[] =
     84     "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d"
     85     "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2"
     86     "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456"
     87     "89a2c0187ef5a5";
     88 
     89 const char kEcP256PublicKey[] =
     90     "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a"
     91     "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f"
     92     "b7b245eb4b420ef370210371a944beaceb";
     93 
     94 const char kTestKeyId[] =
     95     "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764";
     96 
     97 const char kTestSCTSignatureData[] =
     98     "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202"
     99     "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5";
    100 
    101 const char kTestSCTPrecertSignatureData[] =
    102     "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602"
    103     "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08";
    104 
    105 // A well-formed OCSP response with fake SCT contents. Does not come from
    106 // http://code.google.com/p/certificate-transparency, does not pertain to any
    107 // of the test certs here, and is only used to test extracting the extension
    108 // contents from the response.
    109 const char kFakeOCSPResponse[] =
    110     "3082016e0a0100a08201673082016306092b060105050730010104820154308201503081ba"
    111     "a21604144edfdf5ff9c90ffacfca66e7fbc436bc39ee3fc7180f3230313030313031303630"
    112     "3030305a30818e30818b3049300906052b0e03021a050004141833a1e6a4f09577cca0e64c"
    113     "e7d145ca4b93700904144edfdf5ff9c90ffacfca66e7fbc436bc39ee3fc7021001aef99bde"
    114     "e0bb58c6f2b816bc3ae02f8000180f32303130303130313036303030305aa011180f323033"
    115     "30303130313036303030305aa11830163014060a2b06010401d67902040504060404746573"
    116     "74300d06092a864886f70d0101050500038181003586ffcf0794e64eb643d52a3d570a1c93"
    117     "836395986a2f792dd4e9c70b05161186c55c1658e0607dc9ec0d0924ac37fb99506c870579"
    118     "634be1de62ba2fced5f61f3b428f959fcee9bddf6f268c8e14c14fdf3b447786e638a5c8cc"
    119     "b610893df17a60e4cff30f4780aeffe0086ef19910f0d9cd7414bc93d1945686f88ad0a3c3"
    120     ;
    121 
    122 const char kFakeOCSPResponseCert[] =
    123     "3082022930820192a003020102021001aef99bdee0bb58c6f2b816bc3ae02f300d06092a86"
    124     "4886f70d01010505003015311330110603550403130a54657374696e67204341301e170d31"
    125     "30303130313036303030305a170d3332313230313036303030305a30373112301006035504"
    126     "0313093132372e302e302e31310b300906035504061302585831143012060355040a130b54"
    127     "657374696e67204f726730819d300d06092a864886f70d010101050003818b003081870281"
    128     "8100a71998f2930bfe73d031a87f133d2f378eeeeed52a77e44d0fc9ff6f07ff32cbf3da99"
    129     "9de4ed65832afcb0807f98787506539d258a0ce3c2c77967653099a9034a9b115a876c39a8"
    130     "c4e4ed4acd0c64095946fb39eeeb47a0704dbb018acf48c3a1c4b895fc409fb4a340a986b1"
    131     "afc45519ab9eca47c30185c771c64aa5ecf07d020103a35a3058303a06082b060105050701"
    132     "01010100042b3029302706082b06010505073001861b687474703a2f2f3132372e302e302e"
    133     "313a35353038312f6f637370301a0603551d200101000410300e300c060a2b06010401d679"
    134     "020401300d06092a864886f70d01010505000381810065e04fadd3484197f3412479d917e1"
    135     "9d8f7db57b526f2d0e4c046f86cebe643bf568ea0cd6570b228842aa057c6a7c79f209dfcd"
    136     "3419a4d93b1ecfb1c0224f33083c7d4da023499fbd00d81d6711ad58ffcf65f1545247fe9d"
    137     "83203425fd706b4fc5e797002af3d88151be5901eef56ec30aacdfc404be1bd35865ff1943"
    138     "2516";
    139 
    140 const char kFakeOCSPResponseIssuerCert[] =
    141     "308201d13082013aa003020102020101300d06092a864886f70d0101050500301531133011"
    142     "0603550403130a54657374696e67204341301e170d3130303130313036303030305a170d33"
    143     "32313230313036303030305a3015311330110603550403130a54657374696e672043413081"
    144     "9d300d06092a864886f70d010101050003818b0030818702818100a71998f2930bfe73d031"
    145     "a87f133d2f378eeeeed52a77e44d0fc9ff6f07ff32cbf3da999de4ed65832afcb0807f9878"
    146     "7506539d258a0ce3c2c77967653099a9034a9b115a876c39a8c4e4ed4acd0c64095946fb39"
    147     "eeeb47a0704dbb018acf48c3a1c4b895fc409fb4a340a986b1afc45519ab9eca47c30185c7"
    148     "71c64aa5ecf07d020103a333303130120603551d130101ff040830060101ff020100301b06"
    149     "03551d200101000411300f300d060b2b06010401d6790201ce0f300d06092a864886f70d01"
    150     "01050500038181003f4936f8d00e83fbdde331f2c64335dcf7dec8b1a2597683edeed61af0"
    151     "fa862412fad848938fe7ab77f1f9a43671ff6fdb729386e26f49e7aca0c0ea216e5970d933"
    152     "3ea1e11df2ccb357a5fed5220f9c6239e8946b9b7517707631d51ab996833d58a022cff5a6"
    153     "2169ac9258ec110efee78da9ab4a641e3b3c9ee5e8bd291460";
    154 
    155 
    156 const char kFakeOCSPExtensionValue[] = "74657374";  // "test"
    157 
    158 // For the sample STH
    159 const char kSampleSTHSHA256RootHash[] =
    160     "726467216167397babca293dca398e4ce6b621b18b9bc42f30c900d1f92ac1e4";
    161 const char kSampleSTHTreeHeadSignature[] =
    162     "0403004730450220365a91a2a88f2b9332f41d8959fa7086da7e6d634b7b089bc9da066426"
    163     "6c7a20022100e38464f3c0fd066257b982074f7ac87655e0c8f714768a050b4be9a7b441cb"
    164     "d3";
    165 
    166 }  // namespace
    167 
    168 void GetX509CertLogEntry(LogEntry* entry) {
    169   entry->type = ct::LogEntry::LOG_ENTRY_TYPE_X509;
    170   entry->leaf_certificate = HexToBytes(kDefaultDerCert);
    171 }
    172 
    173 std::string GetDerEncodedX509Cert() { return HexToBytes(kDefaultDerCert); }
    174 
    175 void GetPrecertLogEntry(LogEntry* entry) {
    176   entry->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT;
    177   std::string issuer_hash(HexToBytes(kDefaultIssuerKeyHash));
    178   memcpy(entry->issuer_key_hash.data, issuer_hash.data(), issuer_hash.size());
    179   entry->tbs_certificate = HexToBytes(kDefaultDerTbsCert);
    180 }
    181 
    182 std::string GetTestDigitallySigned() {
    183   return HexToBytes(kTestDigitallySigned);
    184 }
    185 
    186 std::string GetTestSignedCertificateTimestamp() {
    187   return HexToBytes(kTestSignedCertificateTimestamp);
    188 }
    189 
    190 std::string GetTestPublicKey() {
    191   return HexToBytes(kEcP256PublicKey);
    192 }
    193 
    194 std::string GetTestPublicKeyId() {
    195   return HexToBytes(kTestKeyId);
    196 }
    197 
    198 void GetX509CertSCT(scoped_refptr<SignedCertificateTimestamp>* sct_ref) {
    199   CHECK(sct_ref != NULL);
    200   *sct_ref = new SignedCertificateTimestamp();
    201   SignedCertificateTimestamp *const sct(sct_ref->get());
    202   sct->version = ct::SignedCertificateTimestamp::SCT_VERSION_1;
    203   sct->log_id = HexToBytes(kTestKeyId);
    204   // Time the log issued a SCT for this certificate, which is
    205   // Fri Apr  5 10:04:16.089 2013
    206   sct->timestamp = base::Time::UnixEpoch() +
    207       base::TimeDelta::FromMilliseconds(GG_INT64_C(1365181456089));
    208   sct->extensions.clear();
    209 
    210   sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
    211   sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
    212   sct->signature.signature_data = HexToBytes(kTestSCTSignatureData);
    213 }
    214 
    215 void GetPrecertSCT(scoped_refptr<SignedCertificateTimestamp>* sct_ref) {
    216   CHECK(sct_ref != NULL);
    217   *sct_ref = new SignedCertificateTimestamp();
    218   SignedCertificateTimestamp *const sct(sct_ref->get());
    219   sct->version = ct::SignedCertificateTimestamp::SCT_VERSION_1;
    220   sct->log_id = HexToBytes(kTestKeyId);
    221   // Time the log issued a SCT for this Precertificate, which is
    222   // Fri Apr  5 10:04:16.275 2013
    223   sct->timestamp = base::Time::UnixEpoch() +
    224     base::TimeDelta::FromMilliseconds(GG_INT64_C(1365181456275));
    225   sct->extensions.clear();
    226 
    227   sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
    228   sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
    229   sct->signature.signature_data = HexToBytes(kTestSCTPrecertSignatureData);
    230 }
    231 
    232 std::string GetDefaultIssuerKeyHash() {
    233   return HexToBytes(kDefaultIssuerKeyHash);
    234 }
    235 
    236 std::string GetDerEncodedFakeOCSPResponse() {
    237 return HexToBytes(kFakeOCSPResponse);
    238 }
    239 
    240 std::string GetFakeOCSPExtensionValue() {
    241   return HexToBytes(kFakeOCSPExtensionValue);
    242 }
    243 
    244 std::string GetDerEncodedFakeOCSPResponseCert() {
    245   return HexToBytes(kFakeOCSPResponseCert);
    246 }
    247 
    248 std::string GetDerEncodedFakeOCSPResponseIssuerCert() {
    249   return HexToBytes(kFakeOCSPResponseIssuerCert);
    250 }
    251 
    252 std::string GetSampleSTHSHA256RootHash() {
    253   return HexToBytes(kSampleSTHSHA256RootHash);
    254 }
    255 
    256 // A sample, valid STH
    257 void GetSignedTreeHead(SignedTreeHead* sth) {
    258   sth->version = SignedTreeHead::V1;
    259   sth->timestamp = base::Time::UnixEpoch() +
    260                    base::TimeDelta::FromMilliseconds(1396877277237);
    261   sth->tree_size = 21u;
    262   std::string sha256_root_hash = GetSampleSTHSHA256RootHash();
    263   memcpy(sth->sha256_root_hash, sha256_root_hash.c_str(), kSthRootHashLength);
    264 
    265   std::string tree_head_signature = HexToBytes(kSampleSTHTreeHeadSignature);
    266   base::StringPiece sp(tree_head_signature);
    267   DecodeDigitallySigned(&sp, &(sth->signature));
    268 }
    269 
    270 }  // namespace ct
    271 
    272 }  // namespace net
    273