| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include <string> | 11 #include <string> |
| 12 | 12 |
| 13 #include "webrtc/base/gunit.h" | 13 #include "webrtc/base/gunit.h" |
| 14 #include "webrtc/base/helpers.h" |
| 14 #include "webrtc/base/ssladapter.h" | 15 #include "webrtc/base/ssladapter.h" |
| 15 #include "webrtc/base/sslidentity.h" | 16 #include "webrtc/base/sslidentity.h" |
| 16 | 17 |
| 17 using rtc::SSLIdentity; | 18 using rtc::SSLIdentity; |
| 18 | 19 |
| 19 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n" | 20 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n" |
| 20 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n" | 21 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n" |
| 21 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n" | 22 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n" |
| 22 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n" | 23 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n" |
| 23 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n" | 24 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n" |
| (...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 288 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der)); | 289 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der)); |
| 289 | 290 |
| 290 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem( | 291 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem( |
| 291 "CERTIFICATE", | 292 "CERTIFICATE", |
| 292 reinterpret_cast<const unsigned char*>(der.data()), der.length())); | 293 reinterpret_cast<const unsigned char*>(der.data()), der.length())); |
| 293 } | 294 } |
| 294 | 295 |
| 295 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) { | 296 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) { |
| 296 TestGetSignatureDigestAlgorithm(); | 297 TestGetSignatureDigestAlgorithm(); |
| 297 } | 298 } |
| 299 |
| 300 class SSLIdentityExpirationTest : public testing::Test { |
| 301 public: |
| 302 SSLIdentityExpirationTest() { |
| 303 // Set use of the test RNG to get deterministic expiration timestamp. |
| 304 rtc::SetRandomTestMode(true); |
| 305 } |
| 306 ~SSLIdentityExpirationTest() { |
| 307 // Put it back for the next test. |
| 308 rtc::SetRandomTestMode(false); |
| 309 } |
| 310 |
| 311 void TestASN1TimeToSec() { |
| 312 struct asn_example { |
| 313 const char* string; |
| 314 bool long_format; |
| 315 int64_t want; |
| 316 } static const data[] = { |
| 317 // Valid examples. |
| 318 {"19700101000000Z", true, 0}, |
| 319 {"700101000000Z", false, 0}, |
| 320 {"19700101000001Z", true, 1}, |
| 321 {"700101000001Z", false, 1}, |
| 322 {"19700101000100Z", true, 60}, |
| 323 {"19700101000101Z", true, 61}, |
| 324 {"19700101010000Z", true, 3600}, |
| 325 {"19700101010001Z", true, 3601}, |
| 326 {"19700101010100Z", true, 3660}, |
| 327 {"19700101010101Z", true, 3661}, |
| 328 {"710911012345Z", false, 53400225}, |
| 329 {"20000101000000Z", true, 946684800}, |
| 330 {"20000101000000Z", true, 946684800}, |
| 331 {"20151130140156Z", true, 1448892116}, |
| 332 {"151130140156Z", false, 1448892116}, |
| 333 {"20491231235959Z", true, 2524607999}, |
| 334 {"491231235959Z", false, 2524607999}, |
| 335 {"20500101000000Z", true, 2524607999+1}, |
| 336 {"20700101000000Z", true, 3155760000}, |
| 337 {"21000101000000Z", true, 4102444800}, |
| 338 {"24000101000000Z", true, 13569465600}, |
| 339 |
| 340 // Invalid examples. |
| 341 {"19700101000000", true, -1}, // missing Z long format |
| 342 {"19700101000000X", true, -1}, // X instead of Z long format |
| 343 {"197001010000000", true, -1}, // 0 instead of Z long format |
| 344 {"1970010100000000Z", true, -1}, // excess digits long format |
| 345 {"700101000000", false, -1}, // missing Z short format |
| 346 {"700101000000X", false, -1}, // X instead of Z short format |
| 347 {"7001010000000", false, -1}, // 0 instead of Z short format |
| 348 {"70010100000000Z", false, -1}, // excess digits short format |
| 349 {":9700101000000Z", true, -1}, // invalid character |
| 350 {"1:700101000001Z", true, -1}, // invalid character |
| 351 {"19:00101000100Z", true, -1}, // invalid character |
| 352 {"197:0101000101Z", true, -1}, // invalid character |
| 353 {"1970:101010000Z", true, -1}, // invalid character |
| 354 {"19700:01010001Z", true, -1}, // invalid character |
| 355 {"197001:1010100Z", true, -1}, // invalid character |
| 356 {"1970010:010101Z", true, -1}, // invalid character |
| 357 {"70010100:000Z", false, -1}, // invalid character |
| 358 {"700101000:01Z", false, -1}, // invalid character |
| 359 {"2000010100:000Z", true, -1}, // invalid character |
| 360 {"21000101000:00Z", true, -1}, // invalid character |
| 361 {"240001010000:0Z", true, -1}, // invalid character |
| 362 {"500101000000Z", false, -1}, // but too old for epoch |
| 363 {"691231235959Z", false, -1}, // too old for epoch |
| 364 {"19611118043000Z", false, -1}, // way too old for epoch |
| 365 }; |
| 366 |
| 367 unsigned char buf[20]; |
| 368 |
| 369 // Run all examples and check for the expected result. |
| 370 for (const auto& entry : data) { |
| 371 size_t length = strlen(entry.string); |
| 372 memcpy(buf, entry.string, length); // Copy the ASN1 string... |
| 373 buf[length] = rtc::CreateRandomId(); // ...and terminate it with junk. |
| 374 int64_t res = rtc::ASN1TimeToSec(buf, length, entry.long_format); |
| 375 LOG(LS_VERBOSE) << entry.string; |
| 376 ASSERT_EQ(entry.want, res); |
| 377 } |
| 378 // Run all examples again, but with an invalid length. |
| 379 for (const auto& entry : data) { |
| 380 size_t length = strlen(entry.string); |
| 381 memcpy(buf, entry.string, length); // Copy the ASN1 string... |
| 382 buf[length] = rtc::CreateRandomId(); // ...and terminate it with junk. |
| 383 int64_t res = rtc::ASN1TimeToSec(buf, length - 1, entry.long_format); |
| 384 LOG(LS_VERBOSE) << entry.string; |
| 385 ASSERT_EQ(-1, res); |
| 386 } |
| 387 } |
| 388 |
| 389 void TestExpireTime(int times) { |
| 390 for (int i = 0; i < times; i++) { |
| 391 rtc::SSLIdentityParams params; |
| 392 params.common_name = ""; |
| 393 params.not_before = 0; |
| 394 // We limit the time to < 2^31 here, i.e., we stay before 2038, since else |
| 395 // we hit time offset limitations in OpenSSL on some 32-bit systems. |
| 396 params.not_after = rtc::CreateRandomId() % 0x80000000; |
| 397 // We test just ECDSA here since what we're out to exercise here is the |
| 398 // code for expiration setting and reading. |
| 399 params.key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256); |
| 400 SSLIdentity* identity = rtc::SSLIdentity::GenerateForTest(params); |
| 401 EXPECT_EQ(params.not_after, |
| 402 identity->certificate().CertificateExpirationTime()); |
| 403 delete identity; |
| 404 } |
| 405 } |
| 406 }; |
| 407 |
| 408 TEST_F(SSLIdentityExpirationTest, TestASN1TimeToSec) { |
| 409 TestASN1TimeToSec(); |
| 410 } |
| 411 |
| 412 TEST_F(SSLIdentityExpirationTest, TestExpireTime) { |
| 413 TestExpireTime(500); |
| 414 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1468273004:
Provide method for returning certificate expiration timestamp. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master