1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_TEST_CERT_TEST_UTIL_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_TEST_CERT_TEST_UTIL_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <string> 9*6777b538SAndroid Build Coastguard Worker #include <string_view> 10*6777b538SAndroid Build Coastguard Worker #include <vector> 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard Worker #include "base/memory/raw_ptr.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/memory/scoped_refptr.h" 14*6777b538SAndroid Build Coastguard Worker #include "crypto/crypto_buildflags.h" 15*6777b538SAndroid Build Coastguard Worker #include "net/base/hash_value.h" 16*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate.h" 17*6777b538SAndroid Build Coastguard Worker #include "testing/gtest/include/gtest/gtest.h" 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(USE_NSS_CERTS) 20*6777b538SAndroid Build Coastguard Worker #include "net/cert/scoped_nss_types.h" 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Worker // From <pk11pub.h> 23*6777b538SAndroid Build Coastguard Worker typedef struct PK11SlotInfoStr PK11SlotInfo; 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker #include "net/cert/scoped_nss_types.h" 26*6777b538SAndroid Build Coastguard Worker #endif 27*6777b538SAndroid Build Coastguard Worker 28*6777b538SAndroid Build Coastguard Worker namespace base { 29*6777b538SAndroid Build Coastguard Worker class FilePath; 30*6777b538SAndroid Build Coastguard Worker } 31*6777b538SAndroid Build Coastguard Worker 32*6777b538SAndroid Build Coastguard Worker namespace net { 33*6777b538SAndroid Build Coastguard Worker 34*6777b538SAndroid Build Coastguard Worker class EVRootCAMetadata; 35*6777b538SAndroid Build Coastguard Worker 36*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(USE_NSS_CERTS) 37*6777b538SAndroid Build Coastguard Worker // Imports a private key from file |key_filename| in |dir| into |slot|. The file 38*6777b538SAndroid Build Coastguard Worker // must contain a PKCS#8 PrivateKeyInfo in DER encoding. Returns true on success 39*6777b538SAndroid Build Coastguard Worker // and false on failure. 40*6777b538SAndroid Build Coastguard Worker bool ImportSensitiveKeyFromFile(const base::FilePath& dir, 41*6777b538SAndroid Build Coastguard Worker std::string_view key_filename, 42*6777b538SAndroid Build Coastguard Worker PK11SlotInfo* slot); 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker bool ImportClientCertToSlot(CERTCertificate* cert, PK11SlotInfo* slot); 45*6777b538SAndroid Build Coastguard Worker 46*6777b538SAndroid Build Coastguard Worker ScopedCERTCertificate ImportClientCertToSlot( 47*6777b538SAndroid Build Coastguard Worker const scoped_refptr<X509Certificate>& cert, 48*6777b538SAndroid Build Coastguard Worker PK11SlotInfo* slot); 49*6777b538SAndroid Build Coastguard Worker 50*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile( 51*6777b538SAndroid Build Coastguard Worker const base::FilePath& dir, 52*6777b538SAndroid Build Coastguard Worker std::string_view cert_filename, 53*6777b538SAndroid Build Coastguard Worker std::string_view key_filename, 54*6777b538SAndroid Build Coastguard Worker PK11SlotInfo* slot, 55*6777b538SAndroid Build Coastguard Worker ScopedCERTCertificate* nss_cert); 56*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> ImportClientCertAndKeyFromFile( 57*6777b538SAndroid Build Coastguard Worker const base::FilePath& dir, 58*6777b538SAndroid Build Coastguard Worker std::string_view cert_filename, 59*6777b538SAndroid Build Coastguard Worker std::string_view key_filename, 60*6777b538SAndroid Build Coastguard Worker PK11SlotInfo* slot); 61*6777b538SAndroid Build Coastguard Worker 62*6777b538SAndroid Build Coastguard Worker ScopedCERTCertificate ImportCERTCertificateFromFile( 63*6777b538SAndroid Build Coastguard Worker const base::FilePath& certs_dir, 64*6777b538SAndroid Build Coastguard Worker std::string_view cert_file); 65*6777b538SAndroid Build Coastguard Worker 66*6777b538SAndroid Build Coastguard Worker ScopedCERTCertificateList CreateCERTCertificateListFromFile( 67*6777b538SAndroid Build Coastguard Worker const base::FilePath& certs_dir, 68*6777b538SAndroid Build Coastguard Worker std::string_view cert_file, 69*6777b538SAndroid Build Coastguard Worker int format); 70*6777b538SAndroid Build Coastguard Worker 71*6777b538SAndroid Build Coastguard Worker // Returns an NSS built-in root certificate which is trusted for issuing TLS 72*6777b538SAndroid Build Coastguard Worker // server certificates. If multiple ones are available, it is not specified 73*6777b538SAndroid Build Coastguard Worker // which one is returned. If none are available, returns nullptr. 74*6777b538SAndroid Build Coastguard Worker ScopedCERTCertificate GetAnNssBuiltinSslTrustedRoot(); 75*6777b538SAndroid Build Coastguard Worker #endif 76*6777b538SAndroid Build Coastguard Worker 77*6777b538SAndroid Build Coastguard Worker // Imports all of the certificates in |cert_file|, a file in |certs_dir|, into a 78*6777b538SAndroid Build Coastguard Worker // CertificateList. 79*6777b538SAndroid Build Coastguard Worker CertificateList CreateCertificateListFromFile(const base::FilePath& certs_dir, 80*6777b538SAndroid Build Coastguard Worker std::string_view cert_file, 81*6777b538SAndroid Build Coastguard Worker int format); 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker // Imports all the certificates given a list of filenames, and assigns the 84*6777b538SAndroid Build Coastguard Worker // result to |*certs|. The filenames are relative to the test certificates 85*6777b538SAndroid Build Coastguard Worker // directory. 86*6777b538SAndroid Build Coastguard Worker ::testing::AssertionResult LoadCertificateFiles( 87*6777b538SAndroid Build Coastguard Worker const std::vector<std::string>& cert_filenames, 88*6777b538SAndroid Build Coastguard Worker CertificateList* certs); 89*6777b538SAndroid Build Coastguard Worker 90*6777b538SAndroid Build Coastguard Worker // Imports all of the certificates in |cert_file|, a file in |certs_dir|, into 91*6777b538SAndroid Build Coastguard Worker // a new X509Certificate. The first certificate in the chain will be used for 92*6777b538SAndroid Build Coastguard Worker // the returned cert, with any additional certificates configured as 93*6777b538SAndroid Build Coastguard Worker // intermediate certificates. 94*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> CreateCertificateChainFromFile( 95*6777b538SAndroid Build Coastguard Worker const base::FilePath& certs_dir, 96*6777b538SAndroid Build Coastguard Worker std::string_view cert_file, 97*6777b538SAndroid Build Coastguard Worker int format); 98*6777b538SAndroid Build Coastguard Worker 99*6777b538SAndroid Build Coastguard Worker // Imports a single certificate from |cert_path|. 100*6777b538SAndroid Build Coastguard Worker // If the file contains multiple certificates, the first certificate found 101*6777b538SAndroid Build Coastguard Worker // will be returned. 102*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> ImportCertFromFile( 103*6777b538SAndroid Build Coastguard Worker const base::FilePath& cert_path); 104*6777b538SAndroid Build Coastguard Worker 105*6777b538SAndroid Build Coastguard Worker // Imports a single certificate from |cert_file|. 106*6777b538SAndroid Build Coastguard Worker // |certs_dir| represents the test certificates directory. |cert_file| is the 107*6777b538SAndroid Build Coastguard Worker // name of the certificate file. If cert_file contains multiple certificates, 108*6777b538SAndroid Build Coastguard Worker // the first certificate found will be returned. 109*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> ImportCertFromFile( 110*6777b538SAndroid Build Coastguard Worker const base::FilePath& certs_dir, 111*6777b538SAndroid Build Coastguard Worker std::string_view cert_file); 112*6777b538SAndroid Build Coastguard Worker 113*6777b538SAndroid Build Coastguard Worker // ScopedTestEVPolicy causes certificates marked with |policy|, issued from a 114*6777b538SAndroid Build Coastguard Worker // root with the given fingerprint, to be treated as EV. |policy| is expressed 115*6777b538SAndroid Build Coastguard Worker // as a string of dotted numbers: i.e. "1.2.3.4". 116*6777b538SAndroid Build Coastguard Worker // This should only be used in unittests as adding a CA twice causes a CHECK 117*6777b538SAndroid Build Coastguard Worker // failure. 118*6777b538SAndroid Build Coastguard Worker class ScopedTestEVPolicy { 119*6777b538SAndroid Build Coastguard Worker public: 120*6777b538SAndroid Build Coastguard Worker ScopedTestEVPolicy(EVRootCAMetadata* ev_root_ca_metadata, 121*6777b538SAndroid Build Coastguard Worker const SHA256HashValue& fingerprint, 122*6777b538SAndroid Build Coastguard Worker const char* policy); 123*6777b538SAndroid Build Coastguard Worker ~ScopedTestEVPolicy(); 124*6777b538SAndroid Build Coastguard Worker 125*6777b538SAndroid Build Coastguard Worker private: 126*6777b538SAndroid Build Coastguard Worker SHA256HashValue fingerprint_; 127*6777b538SAndroid Build Coastguard Worker const raw_ptr<EVRootCAMetadata> ev_root_ca_metadata_; 128*6777b538SAndroid Build Coastguard Worker }; 129*6777b538SAndroid Build Coastguard Worker 130*6777b538SAndroid Build Coastguard Worker } // namespace net 131*6777b538SAndroid Build Coastguard Worker 132*6777b538SAndroid Build Coastguard Worker #endif // NET_TEST_CERT_TEST_UTIL_H_ 133