Chromium Code Reviews Chromium Code Reviews
Issue 1494103003:
RTCCertificate::Expires() and ::HasExpired() implemented (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 /* | |
| 2 * Copyright 2015 The WebRTC Project Authors. All rights reserved. | |
| 3 * | |
| 4 * Use of this source code is governed by a BSD-style license | |
| 5 * that can be found in the LICENSE file in the root of the source | |
| 6 * tree. An additional intellectual property rights grant can be found | |
| 7 * in the file PATENTS. All contributing project authors may | |
| 8 * be found in the AUTHORS file in the root of the source tree. | |
| 9 */ | |
| 10 | |
| 11 #include "webrtc/base/checks.h" | |
| 12 #include "webrtc/base/fakesslidentity.h" | |
| 13 #include "webrtc/base/gunit.h" | |
| 14 #include "webrtc/base/logging.h" | |
| 15 #include "webrtc/base/rtccertificate.h" | |
| 16 #include "webrtc/base/safe_conversions.h" | |
| 17 #include "webrtc/base/scoped_ptr.h" | |
| 18 #include "webrtc/base/sslidentity.h" | |
| 19 #include "webrtc/base/thread.h" | |
| 20 #include "webrtc/base/timeutils.h" | |
| 21 | |
| 22 namespace rtc { | |
| 23 | |
| 24 namespace { | |
| 25 | |
| 26 static const char* kTestCertCommonName = "RTCCertificateTest's certificate"; | |
| 27 | |
| 28 } // namespace | |
| 29 | |
| 30 class RTCCertificateTest : public testing::Test { | |
| 31 public: | |
| 32 RTCCertificateTest() {} | |
| 33 ~RTCCertificateTest() {} | |
| 34 | |
| 35 protected: | |
| 36 // Timestamp note: | |
| 37 // All timestamps in this unittest are expressed in number of seconds since | |
| 38 // epoch, 1970-01-01T00:00:00Z. The RTCCertificate interface uses ms, but only | |
| 39 // seconds-precision is supported by the crypto library. To make the tests | |
|
torbjorng (webrtc)
2015/12/07 14:53:26
nit: "the crypto library" => X509
hbos
2015/12/07 15:59:36
I'll make it say "SSLCertificate" instead since th
| |
| 40 // clearer we convert everything to seconds since the precision matters when | |
| 41 // generating certificates or comparing timestamps. | |
| 42 // As a result, ExpiresSeconds and HasExpiredSeconds are used instead of | |
| 43 // RTCCertificate::Expires and ::HasExpired for ms -> s conversion. | |
| 44 | |
| 45 uint64_t NowSeconds() const { | |
| 46 return TimeNanos() / (kNumNanosecsPerMillisec * kNumMillisecsPerSec); | |
|
torbjorng (webrtc)
2015/12/07 14:53:26
Please use just kNumNanosecsPerSec.
hbos
2015/12/07 15:59:36
Aj aj kapten
| |
| 47 } | |
| 48 | |
| 49 uint64_t ExpiresSeconds(const scoped_refptr<RTCCertificate>& cert) const { | |
| 50 uint64_t exp_ms = cert->Expires(); | |
| 51 uint64_t exp_s = exp_ms / kNumMillisecsPerSec; | |
| 52 // Make sure this did not result in loss of precision. | |
| 53 RTC_CHECK_EQ(exp_s * kNumMillisecsPerSec, exp_ms); | |
| 54 return exp_s; | |
| 55 } | |
| 56 | |
| 57 bool HasExpiredSeconds(const scoped_refptr<RTCCertificate>& cert, | |
| 58 uint64_t now_s) const { | |
| 59 return cert->HasExpired(now_s * kNumMillisecsPerSec); | |
| 60 } | |
| 61 | |
| 62 // An RTC_CHECK ensures that |expires_s| this is in valid range of time_t as | |
| 63 // is required by SSLIdentityParams. On some 32-bit systems time_t is limited | |
| 64 // to < 2^31. On such systems this will fail for expiration times of year 2038 | |
| 65 // or later. | |
| 66 scoped_refptr<RTCCertificate> GenerateCertificateWithExpires( | |
| 67 uint64_t expires_s) const { | |
| 68 RTC_CHECK(IsValueInRangeForNumericType<time_t>(expires_s)); | |
| 69 | |
| 70 SSLIdentityParams params; | |
| 71 params.common_name = kTestCertCommonName; | |
| 72 params.not_before = 0; | |
| 73 params.not_after = static_cast<time_t>(expires_s); | |
| 74 // Certificate type does not matter for our purposes, using ECDSA because it | |
| 75 // is fast to generate. | |
| 76 params.key_params = KeyParams::ECDSA(EC_NIST_P256); | |
| 77 | |
| 78 scoped_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params)); | |
| 79 return RTCCertificate::Create(identity.Pass()); | |
| 80 } | |
| 81 }; | |
| 82 | |
| 83 TEST_F(RTCCertificateTest, NewCertificateNotExpired) { | |
| 84 // Generate a real certificate without specifying the expiration time. | |
| 85 scoped_ptr<SSLIdentity> identity( | |
| 86 SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA())); | |
|
torbjorng (webrtc)
2015/12/07 14:53:26
You specify EC_NIST_P256 explicitly a few lines be
hbos
2015/12/07 15:59:36
Done.
| |
| 87 scoped_refptr<RTCCertificate> certificate = | |
| 88 RTCCertificate::Create(identity.Pass()); | |
| 89 | |
| 90 uint64_t now = NowSeconds(); | |
| 91 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); | |
| 92 // Even without specifying the expiration time we would expect it to be valid | |
| 93 // for at least half an hour. | |
| 94 EXPECT_FALSE(HasExpiredSeconds(certificate, now + 30*60)); | |
| 95 } | |
| 96 | |
| 97 TEST_F(RTCCertificateTest, UsesExpiresAskedFor) { | |
| 98 uint64_t now = NowSeconds(); | |
| 99 scoped_refptr<RTCCertificate> certificate = | |
| 100 GenerateCertificateWithExpires(now); | |
| 101 EXPECT_EQ(now, ExpiresSeconds(certificate)); | |
| 102 } | |
| 103 | |
| 104 TEST_F(RTCCertificateTest, ExpiresInOneSecond) { | |
| 105 // Generate a certificate that expires in 1s. | |
| 106 uint64_t now = NowSeconds(); | |
| 107 scoped_refptr<RTCCertificate> certificate = | |
| 108 GenerateCertificateWithExpires(now + 1); | |
| 109 // Now it should not have expired. | |
| 110 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); | |
| 111 // In 2s it should have expired. | |
| 112 EXPECT_TRUE(HasExpiredSeconds(certificate, now + 2)); | |
| 113 } | |
| 114 | |
| 115 } // namespace rtc | |
| OLD | NEW |
