OLD | NEW |
---|---|
(Empty) | |
1 /* | |
2 * Copyright 2015 The WebRTC Project Authors. All rights reserved. | |
3 * | |
4 * Use of this source code is governed by a BSD-style license | |
5 * that can be found in the LICENSE file in the root of the source | |
6 * tree. An additional intellectual property rights grant can be found | |
7 * in the file PATENTS. All contributing project authors may | |
8 * be found in the AUTHORS file in the root of the source tree. | |
9 */ | |
10 | |
11 #include "webrtc/base/checks.h" | |
torbjorng (webrtc)
2015/12/04 12:47:46
nit: I don't think all these #Includes are needed.
| |
12 #include "webrtc/base/gunit.h" | |
13 #include "webrtc/base/logging.h" | |
14 #include "webrtc/base/rtccertificate.h" | |
15 #include "webrtc/base/safe_conversions.h" | |
16 #include "webrtc/base/scoped_ptr.h" | |
17 #include "webrtc/base/sslidentity.h" | |
18 #include "webrtc/base/thread.h" | |
19 #include "webrtc/base/timeutils.h" | |
20 | |
21 namespace rtc { | |
22 | |
23 class RTCCertificateTest : public testing::Test { | |
24 public: | |
25 RTCCertificateTest() {} | |
26 ~RTCCertificateTest() {} | |
27 | |
28 protected: | |
29 // Gets the current time in ms since epoch, 1970-01-01T00:00:00Z. | |
30 // If |seconds_precision| is true it is rounded down to seconds-precision. | |
31 // This is useful when comparing expiration times since CreateCertificate is | |
32 // limited to seconds-precision. | |
33 uint64_t Now(bool seconds_precision) const { | |
34 uint64_t now = TimeNanos() / kNumNanosecsPerMillisec; | |
35 if (seconds_precision) | |
36 return (now / 1000) * 1000; | |
37 return now; | |
38 } | |
39 | |
40 // Generates a certificate with the specified |expiration_time|, expressed in | |
41 // number of ms since epoch, 1970-01-01T00:00:00Z. The expiration time is | |
torbjorng (webrtc)
2015/12/04 12:47:46
Note that a cert cannot store greater accuracy tha
| |
42 // converted to time_t meaning it is rounded down to number of seconds (note: | |
43 // loss of precision) and these number of seconds must be in valid range of | |
44 // time_t. On some 32-bit systems time_t is limited to < 2^31. On such systems | |
45 // this will fail for expiration times of year 2038 or later. | |
46 scoped_refptr<RTCCertificate> CreateCertificate(uint64_t expires_time) const { | |
47 uint64_t expires_time_s = expires_time / kNumMillisecsPerSec; // ms -> s | |
48 RTC_CHECK(rtc::IsValueInRangeForNumericType<time_t>(expires_time_s)); | |
49 | |
50 rtc::SSLIdentityParams params; | |
51 params.common_name = "RTCCertificateTest's certificate"; | |
52 params.not_before = 0; | |
53 params.not_after = static_cast<time_t>(expires_time_s); | |
54 // Certificate type does not matter for our purposes, using ECDSA because it | |
55 // is fast to generate. | |
56 params.key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256); | |
57 | |
58 scoped_ptr<SSLIdentity> identity(rtc::SSLIdentity::GenerateForTest(params)); | |
hta-webrtc
2015/12/03 18:16:05
You can make the test a lot more isolated (not dep
hbos
2015/12/04 09:58:56
Ok. I'll add a expiration setter to FakeSSLCertifi
| |
59 return RTCCertificate::Create(identity.Pass()); | |
60 } | |
61 }; | |
62 | |
63 TEST_F(RTCCertificateTest, ExpiresNow) { | |
64 uint64_t now = Now(true); | |
65 scoped_refptr<RTCCertificate> certificate = CreateCertificate(now); | |
66 EXPECT_EQ(now, certificate->Expires()); | |
67 } | |
68 | |
69 TEST_F(RTCCertificateTest, HasExpired) { | |
70 scoped_refptr<RTCCertificate> certificate; | |
71 | |
72 // Test that a certificate that should not have expired hasn't. | |
73 bool retry = true; | |
74 while (retry) { | |
hta-webrtc
2015/12/03 18:16:05
Looping until the times align is a Bad Thing.
You
hbos
2015/12/04 09:58:56
Point taken, I'll simplify.
Though as-is, one tes
| |
75 // Generate a certificate that expires in 0-1 seconds. | |
76 // Note seconds-precision of |expires| due to CreateCertificate. | |
77 uint64_t expires = Now(true) + 1000; | |
78 certificate = CreateCertificate(expires); | |
79 bool has_expired = certificate->HasExpired(); | |
80 if (has_expired) { | |
81 // Expecting not to have expired, but in the rare case that too much time | |
82 // passed between certificate generation and the HasExpired check we have | |
83 // to try again. | |
84 uint64_t now = Now(false); | |
85 if (now >= expires) | |
86 continue; | |
87 } | |
88 EXPECT_FALSE(has_expired); | |
89 retry = false; | |
90 } | |
91 RTC_CHECK(certificate); | |
92 | |
93 // Test that ~1.5 seconds later it has expired. | |
94 Thread::Current()->SleepMs(1500); | |
hta-webrtc
2015/12/03 18:16:05
Argh. This is going to cost us heavily. Sleeping i
hbos
2015/12/04 09:58:56
Ok. I wanted to test going from non-expired to exp
torbjorng (webrtc)
2015/12/04 12:47:46
I disagree (with the Argh and with the technical c
hta-webrtc
2015/12/04 13:32:44
I'm afraid I disagree about the importance. This i
| |
95 EXPECT_TRUE(certificate->HasExpired()); | |
96 } | |
97 | |
98 } // namespace rtc | |
OLD | NEW |