webrtc/base/sslidentity_unittest.cc - Issue 1468273004: Provide method for returning certificate expiration timestamp.

Side by Side Diff: webrtc/base/sslidentity_unittest.cc

Issue 1468273004: Provide method for returning certificate expiration timestamp. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master

Patch Set: Fix formatting Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.	2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.

3 *	3 *

4 * Use of this source code is governed by a BSD-style license	4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source	5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found	6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may	7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.	8 * be found in the AUTHORS file in the root of the source tree.

9 */	9 */

10	10

11 #include <string>	11 #include <string>

12	12

13 #include "webrtc/base/gunit.h"	13 #include "webrtc/base/gunit.h"

	14 #include "webrtc/base/helpers.h"

14 #include "webrtc/base/ssladapter.h"	15 #include "webrtc/base/ssladapter.h"

15 #include "webrtc/base/sslidentity.h"	16 #include "webrtc/base/sslidentity.h"

16	17

17 using rtc::SSLIdentity;	18 using rtc::SSLIdentity;

18	19

19 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n"	20 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n"

20 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n"	21 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n"

21 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n"	22 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n"

22 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n"	23 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n"

23 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n"	24 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n"

(...skipping 264 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
288 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der));	289 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der));

289	290

290 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem(	291 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem(

291 "CERTIFICATE",	292 "CERTIFICATE",

292 reinterpret_cast<const unsigned char*>(der.data()), der.length()));	293 reinterpret_cast<const unsigned char*>(der.data()), der.length()));

293 }	294 }

294	295

295 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) {	296 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) {

296 TestGetSignatureDigestAlgorithm();	297 TestGetSignatureDigestAlgorithm();

297 }	298 }

	299

	300 class SSLIdentityExpirationTest : public testing::Test {

	301 public:

	302 SSLIdentityExpirationTest() {

	303 // Set use of the test RNG to get deterministic expiration timestamp.

	304 rtc::SetRandomTestMode(true);

	305 }

	306 ~SSLIdentityExpirationTest() {

	307 // Put it back for the next test.

	308 rtc::SetRandomTestMode(false);

	309 }

	310

	311 void TestASN1TimeToSec() {

	312 struct asn_example {

	313 const char* string;

	314 bool long_format;

	315 int64_t want;

	316 };

	317 static const struct asn_example data[] = {

	318 // Valid examples.

	319 {"19700101000000Z", true, 0},

	320 {"700101000000Z", false, 0},

	321 {"19700101000001Z", true, 1},

	322 {"700101000001Z", false, 1},

	323 {"19700101000100Z", true, 60},

	324 {"19700101000101Z", true, 61},

	325 {"19700101010000Z", true, 3600},

	326 {"19700101010001Z", true, 3601},

	327 {"19700101010100Z", true, 3660},

	328 {"19700101010101Z", true, 3661},

	329 {"710911012345Z", false, 53400225},

	330 {"20000101000000Z", true, 946684800},

	331 {"20000101000000Z", true, 946684800},

	332 {"20151130140156Z", true, 1448892116},

	333 {"151130140156Z", false, 1448892116},

	334 {"20691231235959Z", true, 3155759999},

	335 {"691231235959Z", false, 3155759999},

	336 {"20700101000000Z", true, 3155759999+1},

	337 {"21000101000000Z", true, 4102444800},

	338 {"24000101000000Z", true, 13569465600},

	339

	340 // Invalid examples.

	341 {"19700101000000", true, -1}, // missing Z long format

	342 {"19700101000000X", true, -1}, // X instead of Z long format

	343 {"197001010000000", true, -1}, // 0 instead of Z long format

	344 {"1970010100000000Z", true, -1}, // excess digits long format

	345 {"700101000000", false, -1}, // missing Z short format

	346 {"700101000000X", false, -1}, // X instead of Z short format

	347 {"7001010000000", false, -1}, // 0 instead of Z short format

	348 {"70010100000000Z", false, -1}, // excess digits short format

	349 {":9700101000000Z", true, -1}, // invalid character

	350 {"1:700101000001Z", true, -1}, // invalid character

	351 {"19:00101000100Z", true, -1}, // invalid character

	352 {"197:0101000101Z", true, -1}, // invalid character

	353 {"1970:101010000Z", true, -1}, // invalid character

	354 {"19700:01010001Z", true, -1}, // invalid character

	355 {"197001:1010100Z", true, -1}, // invalid character

	356 {"1970010:010101Z", true, -1}, // invalid character

	357 {"70010100:000Z", false, -1}, // invalid character

	358 {"700101000:01Z", false, -1}, // invalid character

	359 {"2000010100:000Z", true, -1}, // invalid character

	360 {"21000101000:00Z", true, -1}, // invalid character

	361 {"240001010000:0Z", true, -1}, // invalid character

	362 {"19611118043000Z", false, -1}, // too old for epoch

	363

	364 {nullptr} // sentinel
	tommi 2015/11/30 15:53:56 nit: you could sneak a case in here of a string th nit: you could sneak a case in here of a string that is not null terminated. torbjorng (webrtc) 2015/11/30 21:05:45 Good idea. Made'em all garbage terminated. Show quoted text On 2015/11/30 15:53:56, tommi (webrtc) wrote: > nit: you could sneak a case in here of a string that is not null terminated. Good idea. Made'em all garbage terminated.
	365 };

	366

	367 // Run all examples and check for the expected result.

	368 for (int i = 0; data[i].string != nullptr; i++) {
	tommi 2015/11/30 15:53:56 nit: ++i Actually, you don't need to use nullptr nit: ++i Actually, you don't need to use nullptr to terminate the array. You could remove the last element of the array and do this instead: for (const auto& entry : asn_example data) { // use \|entry\| instead of data[i] } torbjorng (webrtc) 2015/11/30 21:05:45 Done. Show quoted text On 2015/11/30 15:53:56, tommi (webrtc) wrote: > nit: ++i > > Actually, you don't need to use nullptr to terminate the array. > > You could remove the last element of the array and do this instead: > > for (const auto& entry : asn_example data) { > // use \|entry\| instead of data[i] > } Done.
	369 const char* s = data[i].string;

	370 const unsigned char* us = reinterpret_cast<const unsigned char*>(s);

	371 size_t length = strlen(s);

	372 int64_t res = rtc::ASN1TimeToSec(us, length, data[i].long_format);

	373 LOG(LS_INFO) << s;

	374 ASSERT_EQ(data[i].want, res);

	375 }

	376 // Run all examples again, but with an invalid length.

	377 for (int i = 0; data[i].string != nullptr; i++) {
	tommi 2015/11/30 15:53:55 same here same here torbjorng (webrtc) 2015/11/30 21:05:45 Done. Show quoted text On 2015/11/30 15:53:55, tommi (webrtc) wrote: > same here Done.
	378 const char* s = data[i].string;

	379 const unsigned char* us = reinterpret_cast<const unsigned char*>(s);

	380 size_t length = strlen(s) - 1;

	381 int64_t res = rtc::ASN1TimeToSec(us, length, data[i].long_format);

	382 LOG(LS_INFO) << s;

	383 ASSERT_EQ(-1, res);

	384 }

	385 }

	386

	387 void TestExpireTime(int times) {

	388 for (int i = 0; i < times; i++) {

	389 rtc::SSLIdentityParams params;

	390 params.common_name = "";

	391 params.not_before = 0;

	392 // We limit the time to < 2^31 here, i.e., we stay before 2038, since else

	393 // we hit time offset limitations in OpenSSL on some 32-bit systems.

	394 params.not_after = rtc::CreateRandomId() % 0x80000000;

	395 // We test just ECDSA here since what we're out to exercise here is the

	396 // code for expiration setting and reading.

	397 params.key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256);

	398 SSLIdentity* identity = rtc::SSLIdentity::GenerateForTest(params);
	tommi 2015/11/30 15:53:55 can GenerateForTest return a scoped_ptr? can GenerateForTest return a scoped_ptr? torbjorng (webrtc) 2015/11/30 21:05:45 I don't understand. Are you suggesting that we ma Show quoted text On 2015/11/30 15:53:55, tommi (webrtc) wrote: > can GenerateForTest return a scoped_ptr? I don't understand. Are you suggesting that we make GenerateForTest return a scoped_ptr? That would be possible, but that seems like a separate CL. Or are you suggesting that I use a scoped_ptr for the test itself and avoid the delete? tommi 2015/11/30 22:12:00 Either. Fine as is too. Show quoted text On 2015/11/30 21:05:45, torbjorng (webrtc) wrote: > On 2015/11/30 15:53:55, tommi (webrtc) wrote: > > can GenerateForTest return a scoped_ptr? > > I don't understand. > > Are you suggesting that we make GenerateForTest return a scoped_ptr? That would > be possible, but that seems like a separate CL. > > Or are you suggesting that I use a scoped_ptr for the test itself and avoid the > delete? Either. Fine as is too.
	399 EXPECT_EQ(params.not_after,

	400 identity->certificate().CertificateExpirationTime());

	401 delete identity;

	402 }

	403 }

	404 };

	405

	406 TEST_F(SSLIdentityExpirationTest, TestASN1TimeToSec) {

	407 TestASN1TimeToSec();

	408 }

	409

	410 TEST_F(SSLIdentityExpirationTest, TestExpireTime) {

	411 TestExpireTime(500);

	412 }

OLD	NEW

« webrtc/base/sslidentity.cc ('K') | « webrtc/base/sslidentity.cc ('k') | webrtc/base/sslstreamadapter_unittest.cc » ('j') | webrtc/base/timeutils_unittest.cc » ('J')