OLD | NEW |
---|---|
(Empty) | |
1 /* | |
2 * Copyright 2015 The WebRTC Project Authors. All rights reserved. | |
3 * | |
4 * Use of this source code is governed by a BSD-style license | |
5 * that can be found in the LICENSE file in the root of the source | |
6 * tree. An additional intellectual property rights grant can be found | |
7 * in the file PATENTS. All contributing project authors may | |
8 * be found in the AUTHORS file in the root of the source tree. | |
9 */ | |
10 | |
11 #include "webrtc/base/checks.h" | |
12 #include "webrtc/base/fakesslidentity.h" | |
13 #include "webrtc/base/gunit.h" | |
14 #include "webrtc/base/logging.h" | |
15 #include "webrtc/base/rtccertificate.h" | |
16 #include "webrtc/base/safe_conversions.h" | |
17 #include "webrtc/base/scoped_ptr.h" | |
18 #include "webrtc/base/sslidentity.h" | |
19 #include "webrtc/base/thread.h" | |
20 #include "webrtc/base/timeutils.h" | |
21 | |
22 namespace rtc { | |
23 | |
24 namespace { | |
25 | |
26 static const char* kTestCertCommonName = "RTCCertificateTest's certificate"; | |
27 | |
28 } // namespace | |
29 | |
30 class RTCCertificateTest : public testing::Test { | |
31 public: | |
32 RTCCertificateTest() {} | |
33 ~RTCCertificateTest() {} | |
34 | |
35 protected: | |
36 // Timestamp note: | |
37 // All timestamps in this unittest are expressed in number of seconds since | |
38 // epoch, 1970-01-01T00:00:00Z. The RTCCertificate interface uses ms, but only | |
39 // seconds-precision is supported by the crypto library. To make the tests | |
torbjorng (webrtc)
2015/12/07 14:53:26
nit: "the crypto library" => X509
hbos
2015/12/07 15:59:36
I'll make it say "SSLCertificate" instead since th
| |
40 // clearer we convert everything to seconds since the precision matters when | |
41 // generating certificates or comparing timestamps. | |
42 // As a result, ExpiresSeconds and HasExpiredSeconds are used instead of | |
43 // RTCCertificate::Expires and ::HasExpired for ms -> s conversion. | |
44 | |
45 uint64_t NowSeconds() const { | |
46 return TimeNanos() / (kNumNanosecsPerMillisec * kNumMillisecsPerSec); | |
torbjorng (webrtc)
2015/12/07 14:53:26
Please use just kNumNanosecsPerSec.
hbos
2015/12/07 15:59:36
Aj aj kapten
| |
47 } | |
48 | |
49 uint64_t ExpiresSeconds(const scoped_refptr<RTCCertificate>& cert) const { | |
50 uint64_t exp_ms = cert->Expires(); | |
51 uint64_t exp_s = exp_ms / kNumMillisecsPerSec; | |
52 // Make sure this did not result in loss of precision. | |
53 RTC_CHECK_EQ(exp_s * kNumMillisecsPerSec, exp_ms); | |
54 return exp_s; | |
55 } | |
56 | |
57 bool HasExpiredSeconds(const scoped_refptr<RTCCertificate>& cert, | |
58 uint64_t now_s) const { | |
59 return cert->HasExpired(now_s * kNumMillisecsPerSec); | |
60 } | |
61 | |
62 // An RTC_CHECK ensures that |expires_s| this is in valid range of time_t as | |
63 // is required by SSLIdentityParams. On some 32-bit systems time_t is limited | |
64 // to < 2^31. On such systems this will fail for expiration times of year 2038 | |
65 // or later. | |
66 scoped_refptr<RTCCertificate> GenerateCertificateWithExpires( | |
67 uint64_t expires_s) const { | |
68 RTC_CHECK(IsValueInRangeForNumericType<time_t>(expires_s)); | |
69 | |
70 SSLIdentityParams params; | |
71 params.common_name = kTestCertCommonName; | |
72 params.not_before = 0; | |
73 params.not_after = static_cast<time_t>(expires_s); | |
74 // Certificate type does not matter for our purposes, using ECDSA because it | |
75 // is fast to generate. | |
76 params.key_params = KeyParams::ECDSA(EC_NIST_P256); | |
77 | |
78 scoped_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params)); | |
79 return RTCCertificate::Create(identity.Pass()); | |
80 } | |
81 }; | |
82 | |
83 TEST_F(RTCCertificateTest, NewCertificateNotExpired) { | |
84 // Generate a real certificate without specifying the expiration time. | |
85 scoped_ptr<SSLIdentity> identity( | |
86 SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA())); | |
torbjorng (webrtc)
2015/12/07 14:53:26
You specify EC_NIST_P256 explicitly a few lines be
hbos
2015/12/07 15:59:36
Done.
| |
87 scoped_refptr<RTCCertificate> certificate = | |
88 RTCCertificate::Create(identity.Pass()); | |
89 | |
90 uint64_t now = NowSeconds(); | |
91 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); | |
92 // Even without specifying the expiration time we would expect it to be valid | |
93 // for at least half an hour. | |
94 EXPECT_FALSE(HasExpiredSeconds(certificate, now + 30*60)); | |
95 } | |
96 | |
97 TEST_F(RTCCertificateTest, UsesExpiresAskedFor) { | |
98 uint64_t now = NowSeconds(); | |
99 scoped_refptr<RTCCertificate> certificate = | |
100 GenerateCertificateWithExpires(now); | |
101 EXPECT_EQ(now, ExpiresSeconds(certificate)); | |
102 } | |
103 | |
104 TEST_F(RTCCertificateTest, ExpiresInOneSecond) { | |
105 // Generate a certificate that expires in 1s. | |
106 uint64_t now = NowSeconds(); | |
107 scoped_refptr<RTCCertificate> certificate = | |
108 GenerateCertificateWithExpires(now + 1); | |
109 // Now it should not have expired. | |
110 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); | |
111 // In 2s it should have expired. | |
112 EXPECT_TRUE(HasExpiredSeconds(certificate, now + 2)); | |
113 } | |
114 | |
115 } // namespace rtc | |
OLD | NEW |