OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * Copyright 2015 The WebRTC Project Authors. All rights reserved. |
| 3 * |
| 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ |
| 10 |
| 11 #include "webrtc/base/checks.h" |
| 12 #include "webrtc/base/fakesslidentity.h" |
| 13 #include "webrtc/base/gunit.h" |
| 14 #include "webrtc/base/logging.h" |
| 15 #include "webrtc/base/rtccertificate.h" |
| 16 #include "webrtc/base/safe_conversions.h" |
| 17 #include "webrtc/base/scoped_ptr.h" |
| 18 #include "webrtc/base/sslidentity.h" |
| 19 #include "webrtc/base/thread.h" |
| 20 #include "webrtc/base/timeutils.h" |
| 21 |
| 22 namespace rtc { |
| 23 |
| 24 namespace { |
| 25 |
| 26 static const char* kTestCertCommonName = "RTCCertificateTest's certificate"; |
| 27 |
| 28 } // namespace |
| 29 |
| 30 class RTCCertificateTest : public testing::Test { |
| 31 public: |
| 32 RTCCertificateTest() {} |
| 33 ~RTCCertificateTest() {} |
| 34 |
| 35 protected: |
| 36 // Timestamp note: |
| 37 // All timestamps in this unittest are expressed in number of seconds since |
| 38 // epoch, 1970-01-01T00:00:00Z (UTC). The RTCCertificate interface uses ms, |
| 39 // but only seconds-precision is supported by SSLCertificate. To make the |
| 40 // tests clearer we convert everything to seconds since the precision matters |
| 41 // when generating certificates or comparing timestamps. |
| 42 // As a result, ExpiresSeconds and HasExpiredSeconds are used instead of |
| 43 // RTCCertificate::Expires and ::HasExpired for ms -> s conversion. |
| 44 |
| 45 uint64_t NowSeconds() const { |
| 46 return TimeNanos() / kNumNanosecsPerSec; |
| 47 } |
| 48 |
| 49 uint64_t ExpiresSeconds(const scoped_refptr<RTCCertificate>& cert) const { |
| 50 uint64_t exp_ms = cert->Expires(); |
| 51 uint64_t exp_s = exp_ms / kNumMillisecsPerSec; |
| 52 // Make sure this did not result in loss of precision. |
| 53 RTC_CHECK_EQ(exp_s * kNumMillisecsPerSec, exp_ms); |
| 54 return exp_s; |
| 55 } |
| 56 |
| 57 bool HasExpiredSeconds(const scoped_refptr<RTCCertificate>& cert, |
| 58 uint64_t now_s) const { |
| 59 return cert->HasExpired(now_s * kNumMillisecsPerSec); |
| 60 } |
| 61 |
| 62 // An RTC_CHECK ensures that |expires_s| this is in valid range of time_t as |
| 63 // is required by SSLIdentityParams. On some 32-bit systems time_t is limited |
| 64 // to < 2^31. On such systems this will fail for expiration times of year 2038 |
| 65 // or later. |
| 66 scoped_refptr<RTCCertificate> GenerateCertificateWithExpires( |
| 67 uint64_t expires_s) const { |
| 68 RTC_CHECK(IsValueInRangeForNumericType<time_t>(expires_s)); |
| 69 |
| 70 SSLIdentityParams params; |
| 71 params.common_name = kTestCertCommonName; |
| 72 params.not_before = 0; |
| 73 params.not_after = static_cast<time_t>(expires_s); |
| 74 // Certificate type does not matter for our purposes, using ECDSA because it |
| 75 // is fast to generate. |
| 76 params.key_params = KeyParams::ECDSA(); |
| 77 |
| 78 scoped_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params)); |
| 79 return RTCCertificate::Create(identity.Pass()); |
| 80 } |
| 81 }; |
| 82 |
| 83 TEST_F(RTCCertificateTest, NewCertificateNotExpired) { |
| 84 // Generate a real certificate without specifying the expiration time. |
| 85 // Certificate type doesn't matter, using ECDSA because it's fast to generate. |
| 86 scoped_ptr<SSLIdentity> identity( |
| 87 SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA())); |
| 88 scoped_refptr<RTCCertificate> certificate = |
| 89 RTCCertificate::Create(identity.Pass()); |
| 90 |
| 91 uint64_t now = NowSeconds(); |
| 92 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); |
| 93 // Even without specifying the expiration time we would expect it to be valid |
| 94 // for at least half an hour. |
| 95 EXPECT_FALSE(HasExpiredSeconds(certificate, now + 30*60)); |
| 96 } |
| 97 |
| 98 TEST_F(RTCCertificateTest, UsesExpiresAskedFor) { |
| 99 uint64_t now = NowSeconds(); |
| 100 scoped_refptr<RTCCertificate> certificate = |
| 101 GenerateCertificateWithExpires(now); |
| 102 EXPECT_EQ(now, ExpiresSeconds(certificate)); |
| 103 } |
| 104 |
| 105 TEST_F(RTCCertificateTest, ExpiresInOneSecond) { |
| 106 // Generate a certificate that expires in 1s. |
| 107 uint64_t now = NowSeconds(); |
| 108 scoped_refptr<RTCCertificate> certificate = |
| 109 GenerateCertificateWithExpires(now + 1); |
| 110 // Now it should not have expired. |
| 111 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); |
| 112 // In 2s it should have expired. |
| 113 EXPECT_TRUE(HasExpiredSeconds(certificate, now + 2)); |
| 114 } |
| 115 |
| 116 } // namespace rtc |
OLD | NEW |