chromium/net/test/cert_test_util.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_TEST_CERT_TEST_UTIL_H_
#define NET_TEST_CERT_TEST_UTIL_H_

#include <string>
#include <vector>

#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/strings/string_piece.h"
#include "crypto/crypto_buildflags.h"
#include "net/base/hash_value.h"
#include "net/cert/x509_certificate.h"
#include "testing/gtest/include/gtest/gtest.h"

#if BUILDFLAG(USE_NSS_CERTS)
#include "net/cert/scoped_nss_types.h"

// From <pk11pub.h>
typedef struct PK11SlotInfoStr PK11SlotInfo;

#include "net/cert/scoped_nss_types.h"
#endif

namespace base {
class FilePath;
}

namespace net {

class EVRootCAMetadata;

#if BUILDFLAG(USE_NSS_CERTS)
// Imports a private key from file |key_filename| in |dir| into |slot|. The file
// must contain a PKCS#8 PrivateKeyInfo in DER encoding. Returns true on success
// and false on failure.
bool ImportSensitiveKeyFromFile(const base::FilePath& dir,
                                base::StringPiece key_filename,
                                PK11SlotInfo* slot);

bool ImportClientCertToSlot(CERTCertificate* cert, PK11SlotInfo* slot);

ScopedCERTCertificate ImportClientCertToSlot(
    const scoped_refptr<X509Certificate>& cert,
    PK11SlotInfo* slot);

scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
    const base::FilePath& dir,
    base::StringPiece cert_filename,
    base::StringPiece key_filename,
    PK11SlotInfo* slot,
    ScopedCERTCertificate* nss_cert);
scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile(
    const base::FilePath& dir,
    base::StringPiece cert_filename,
    base::StringPiece key_filename,
    PK11SlotInfo* slot);

ScopedCERTCertificate ImportCERTCertificateFromFile(
    const base::FilePath& certs_dir,
    base::StringPiece cert_file);

ScopedCERTCertificateList CreateCERTCertificateListFromFile(
    const base::FilePath& certs_dir,
    base::StringPiece cert_file,
    int format);
#endif

// Imports all of the certificates in |cert_file|, a file in |certs_dir|, into a
// CertificateList.
CertificateList CreateCertificateListFromFile(const base::FilePath& certs_dir,
                                              base::StringPiece cert_file,
                                              int format);

// Imports all the certificates given a list of filenames, and assigns the
// result to |*certs|. The filenames are relative to the test certificates
// directory.
::testing::AssertionResult LoadCertificateFiles(
    const std::vector<std::string>& cert_filenames,
    CertificateList* certs);

// Imports all of the certificates in |cert_file|, a file in |certs_dir|, into
// a new X509Certificate. The first certificate in the chain will be used for
// the returned cert, with any additional certificates configured as
// intermediate certificates.
scoped_refptr<X509Certificate> CreateCertificateChainFromFile(
    const base::FilePath& certs_dir,
    base::StringPiece cert_file,
    int format);

// Imports a single certificate from |cert_path|.
// If the file contains multiple certificates, the first certificate found
// will be returned.
scoped_refptr<X509Certificate> ImportCertFromFile(
    const base::FilePath& cert_path);

// Imports a single certificate from |cert_file|.
// |certs_dir| represents the test certificates directory. |cert_file| is the
// name of the certificate file. If cert_file contains multiple certificates,
// the first certificate found will be returned.
scoped_refptr<X509Certificate> ImportCertFromFile(
    const base::FilePath& certs_dir,
    base::StringPiece cert_file);

// Imports a private key from |key_path|, which should be a PEM file containing
// a PRIVATE KEY block. Only the first private key found will be returned, if
// the file contains multiple private keys or other PEM blocks, they will be
// ignored.
bssl::UniquePtr<EVP_PKEY> LoadPrivateKeyFromFile(
    const base::FilePath& key_path);

// ScopedTestEVPolicy causes certificates marked with |policy|, issued from a
// root with the given fingerprint, to be treated as EV. |policy| is expressed
// as a string of dotted numbers: i.e. "1.2.3.4".
// This should only be used in unittests as adding a CA twice causes a CHECK
// failure.
class ScopedTestEVPolicy {
 public:
  ScopedTestEVPolicy(EVRootCAMetadata* ev_root_ca_metadata,
                     const SHA256HashValue& fingerprint,
                     const char* policy);
  ~ScopedTestEVPolicy();

 private:
  SHA256HashValue fingerprint_;
  const raw_ptr<EVRootCAMetadata> ev_root_ca_metadata_;
};

}  // namespace net

#endif  // NET_TEST_CERT_TEST_UTIL_H_