cert_builder.cc | Explore in Territory

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
#pragma allow_unsafe_buffers
#endif

#include "net/test/cert_builder.h"

#include <map>
#include <memory>
#include <optional>
#include <string>
#include <string_view>
#include <utility>
#include <vector>

#include "base/files/file_path.h"
#include "base/memory/ptr_util.h"
#include "base/memory/scoped_refptr.h"
#include "base/notreached.h"
#include "base/ranges/algorithm.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/time/time.h"
#include "crypto/ec_private_key.h"
#include "crypto/rsa_private_key.h"
#include "crypto/sha2.h"
#include "net/cert/asn1_util.h"
#include "net/cert/ct_objects_extractor.h"
#include "net/cert/ct_serialization.h"
#include "net/cert/signed_certificate_timestamp.h"
#include "net/cert/time_conversions.h"
#include "net/cert/x509_util.h"
#include "net/test/cert_test_util.h"
#include "net/test/key_util.h"
#include "net/test/test_data_directory.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "third_party/boringssl/src/include/openssl/mem.h"
#include "third_party/boringssl/src/pki/certificate_policies.h"
#include "third_party/boringssl/src/pki/extended_key_usage.h"
#include "third_party/boringssl/src/pki/input.h"
#include "third_party/boringssl/src/pki/parse_certificate.h"
#include "third_party/boringssl/src/pki/parse_values.h"
#include "third_party/boringssl/src/pki/parser.h"
#include "third_party/boringssl/src/pki/verify_signed_data.h"
#include "url/gurl.h"

namespace net {

namespace {

constexpr char kSimpleChainHostname[] = …;

std::string Sha256WithRSAEncryption() { … }

std::string Sha1WithRSAEncryption() { … }

std::string EcdsaWithSha256() { … }

std::string EcdsaWithSha1() { … }

// Adds bytes (specified as a std::string_view) to the given CBB.
// The argument ordering follows the boringssl CBB_* api style.
bool CBBAddBytes(CBB* cbb, std::string_view bytes) { … }

// Adds bytes (from fixed size array) to the given CBB.
// The argument ordering follows the boringssl CBB_* api style.
template <size_t N>
bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) { … }

// Finalizes the CBB to a std::string.
std::string FinishCBB(CBB* cbb) { … }

// Finalizes the CBB to a std::vector.
std::vector<uint8_t> FinishCBBToVector(CBB* cbb) { … }

}  // namespace

CertBuilder::SctConfig::SctConfig() = default;
CertBuilder::SctConfig::SctConfig(std::string log_id,
                                  bssl::UniquePtr<EVP_PKEY> log_key,
                                  base::Time timestamp)
    : … { … }
CertBuilder::SctConfig::SctConfig(const SctConfig& other)
    : … { … }
CertBuilder::SctConfig::SctConfig(SctConfig&&) = default;
CertBuilder::SctConfig::~SctConfig() = default;
CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(
    const SctConfig& other) { … }
CertBuilder::SctConfig& CertBuilder::SctConfig::operator=(SctConfig&&) =
    default;

CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert, CertBuilder* issuer)
    : … { … }

// static
std::unique_ptr<CertBuilder> CertBuilder::FromFile(
    const base::FilePath& cert_and_key_file,
    CertBuilder* issuer) { … }

// static
std::unique_ptr<CertBuilder> CertBuilder::FromStaticCert(CRYPTO_BUFFER* cert,
                                                         EVP_PKEY* key) { … }

// static
std::unique_ptr<CertBuilder> CertBuilder::FromStaticCertFile(
    const base::FilePath& cert_and_key_file) { … }

// static
std::unique_ptr<CertBuilder> CertBuilder::FromSubjectPublicKeyInfo(
    base::span<const uint8_t> spki_der,
    CertBuilder* issuer) { … }

CertBuilder::~CertBuilder() = default;

// static
std::vector<std::unique_ptr<CertBuilder>> CertBuilder::CreateSimpleChain(
    size_t chain_length) { … }

// static
std::array<std::unique_ptr<CertBuilder>, 3> CertBuilder::CreateSimpleChain3() { … }

// static
std::array<std::unique_ptr<CertBuilder>, 2> CertBuilder::CreateSimpleChain2() { … }

// static
std::optional<bssl::SignatureAlgorithm>
CertBuilder::DefaultSignatureAlgorithmForKey(EVP_PKEY* key) { … }

// static
bool CertBuilder::SignData(bssl::SignatureAlgorithm signature_algorithm,
                           std::string_view tbs_data,
                           EVP_PKEY* key,
                           CBB* out_signature) { … }

// static
bool CertBuilder::SignDataWithDigest(const EVP_MD* digest,
                                     std::string_view tbs_data,
                                     EVP_PKEY* key,
                                     CBB* out_signature) { … }

// static
std::string CertBuilder::SignatureAlgorithmToDer(
    bssl::SignatureAlgorithm signature_algorithm) { … }

// static
std::string CertBuilder::MakeRandomHexString(size_t num_bytes) { … }

// static
std::vector<uint8_t> CertBuilder::BuildNameWithCommonNameOfType(
    std::string_view common_name,
    unsigned common_name_tag) { … }

void CertBuilder::SetCertificateVersion(bssl::CertificateVersion version) { … }

void CertBuilder::SetExtension(const bssl::der::Input& oid,
                               std::string value,
                               bool critical) { … }

void CertBuilder::EraseExtension(const bssl::der::Input& oid) { … }

void CertBuilder::ClearExtensions() { … }

void CertBuilder::SetBasicConstraints(bool is_ca, int path_len) { … }

namespace {
void AddNameConstraintsSubTrees(CBB* cbb,
                                const std::vector<std::string>& dns_names) { … }
}  // namespace

void CertBuilder::SetNameConstraintsDnsNames(
    const std::vector<std::string>& permitted_dns_names,
    const std::vector<std::string>& excluded_dns_names) { … }

void CertBuilder::SetCaIssuersUrl(const GURL& url) { … }

void CertBuilder::SetCaIssuersAndOCSPUrls(
    const std::vector<GURL>& ca_issuers_urls,
    const std::vector<GURL>& ocsp_urls) { … }

void CertBuilder::SetCrlDistributionPointUrl(const GURL& url) { … }

void CertBuilder::SetCrlDistributionPointUrls(const std::vector<GURL>& urls) { … }

void CertBuilder::SetIssuerTLV(base::span<const uint8_t> issuer_tlv) { … }

void CertBuilder::SetSubjectCommonName(std::string_view common_name) { … }

void CertBuilder::SetSubjectTLV(base::span<const uint8_t> subject_tlv) { … }

void CertBuilder::SetSubjectAltName(std::string_view dns_name) { … }

void CertBuilder::SetSubjectAltNames(
    const std::vector<std::string>& dns_names,
    const std::vector<IPAddress>& ip_addresses) { … }

void CertBuilder::SetKeyUsages(const std::vector<bssl::KeyUsageBit>& usages) { … }

void CertBuilder::SetExtendedKeyUsages(
    const std::vector<bssl::der::Input>& purpose_oids) { … }

void CertBuilder::SetCertificatePolicies(
    const std::vector<std::string>& policy_oids) { … }

void CertBuilder::SetPolicyMappings(
    const std::vector<std::pair<std::string, std::string>>& policy_mappings) { … }

void CertBuilder::SetPolicyConstraints(
    std::optional<uint64_t> require_explicit_policy,
    std::optional<uint64_t> inhibit_policy_mapping) { … }

void CertBuilder::SetInhibitAnyPolicy(uint64_t skip_certs) { … }

void CertBuilder::SetValidity(base::Time not_before, base::Time not_after) { … }

void CertBuilder::SetSubjectKeyIdentifier(
    const std::string& subject_key_identifier) { … }

void CertBuilder::SetAuthorityKeyIdentifier(
    const std::string& authority_key_identifier) { … }

void CertBuilder::SetSignatureAlgorithm(
    bssl::SignatureAlgorithm signature_algorithm) { … }

void CertBuilder::SetSignatureAlgorithmTLV(
    std::string_view signature_algorithm_tlv) { … }

void CertBuilder::SetOuterSignatureAlgorithmTLV(
    std::string_view signature_algorithm_tlv) { … }

void CertBuilder::SetTBSSignatureAlgorithmTLV(
    std::string_view signature_algorithm_tlv) { … }

void CertBuilder::SetSerialNumber(uint64_t serial_number) { … }

void CertBuilder::SetRandomSerialNumber() { … }

void CertBuilder::SetSctConfig(
    std::vector<CertBuilder::SctConfig> sct_configs) { … }

CRYPTO_BUFFER* CertBuilder::GetCertBuffer() { … }

bssl::UniquePtr<CRYPTO_BUFFER> CertBuilder::DupCertBuffer() { … }

const std::string& CertBuilder::GetSubject() { … }

uint64_t CertBuilder::GetSerialNumber() { … }

std::string CertBuilder::GetSubjectKeyIdentifier() { … }

bool CertBuilder::GetValidity(base::Time* not_before,
                              base::Time* not_after) const { … }

EVP_PKEY* CertBuilder::GetKey() { … }

scoped_refptr<X509Certificate> CertBuilder::GetX509Certificate() { … }

scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateChain() { … }

scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateFullChain() { … }

std::string CertBuilder::GetDER() { … }

std::string CertBuilder::GetPEM() { … }

std::string CertBuilder::GetPEMFullChain() { … }

std::string CertBuilder::GetPrivateKeyPEM() { … }

CertBuilder::CertBuilder(CRYPTO_BUFFER* orig_cert,
                         CertBuilder* issuer,
                         bool unique_subject_key_identifier)
    : … { … }

void CertBuilder::Invalidate() { … }

void CertBuilder::GenerateECKey() { … }

void CertBuilder::GenerateRSAKey() { … }

bool CertBuilder::UseKeyFromFile(const base::FilePath& key_file) { … }

void CertBuilder::SetKey(bssl::UniquePtr<EVP_PKEY> key) { … }

void CertBuilder::GenerateSubjectKeyIdentifier() { … }

void CertBuilder::GenerateSubject() { … }

void CertBuilder::InitFromCert(const bssl::der::Input& cert) { … }

void CertBuilder::BuildTBSCertificate(std::string_view signature_algorithm_tlv,
                                      std::string* out) { … }

void CertBuilder::BuildSctListExtension(const std::string& pre_tbs_certificate,
                                        std::string* out) { … }

void CertBuilder::GenerateCertificate() { … }

}  // namespace net
chromium/net/test/cert_builder.cc
