OLD | NEW |
| (Empty) |
1 /* | |
2 * Copyright 2015 The WebRTC Project Authors. All rights reserved. | |
3 * | |
4 * Use of this source code is governed by a BSD-style license | |
5 * that can be found in the LICENSE file in the root of the source | |
6 * tree. An additional intellectual property rights grant can be found | |
7 * in the file PATENTS. All contributing project authors may | |
8 * be found in the AUTHORS file in the root of the source tree. | |
9 */ | |
10 | |
11 #include "webrtc/base/checks.h" | |
12 #include "webrtc/base/fakesslidentity.h" | |
13 #include "webrtc/base/gunit.h" | |
14 #include "webrtc/base/logging.h" | |
15 #include "webrtc/base/rtccertificate.h" | |
16 #include "webrtc/base/safe_conversions.h" | |
17 #include "webrtc/base/scoped_ptr.h" | |
18 #include "webrtc/base/sslidentity.h" | |
19 #include "webrtc/base/thread.h" | |
20 #include "webrtc/base/timeutils.h" | |
21 | |
22 namespace rtc { | |
23 | |
24 namespace { | |
25 | |
26 static const char* kTestCertCommonName = "RTCCertificateTest's certificate"; | |
27 | |
28 } // namespace | |
29 | |
30 class RTCCertificateTest : public testing::Test { | |
31 public: | |
32 RTCCertificateTest() {} | |
33 ~RTCCertificateTest() {} | |
34 | |
35 protected: | |
36 // Timestamp note: | |
37 // All timestamps in this unittest are expressed in number of seconds since | |
38 // epoch, 1970-01-01T00:00:00Z (UTC). The RTCCertificate interface uses ms, | |
39 // but only seconds-precision is supported by SSLCertificate. To make the | |
40 // tests clearer we convert everything to seconds since the precision matters | |
41 // when generating certificates or comparing timestamps. | |
42 // As a result, ExpiresSeconds and HasExpiredSeconds are used instead of | |
43 // RTCCertificate::Expires and ::HasExpired for ms -> s conversion. | |
44 | |
45 uint64_t NowSeconds() const { | |
46 return TimeNanos() / kNumNanosecsPerSec; | |
47 } | |
48 | |
49 uint64_t ExpiresSeconds(const scoped_refptr<RTCCertificate>& cert) const { | |
50 uint64_t exp_ms = cert->Expires(); | |
51 uint64_t exp_s = exp_ms / kNumMillisecsPerSec; | |
52 // Make sure this did not result in loss of precision. | |
53 RTC_CHECK_EQ(exp_s * kNumMillisecsPerSec, exp_ms); | |
54 return exp_s; | |
55 } | |
56 | |
57 bool HasExpiredSeconds(const scoped_refptr<RTCCertificate>& cert, | |
58 uint64_t now_s) const { | |
59 return cert->HasExpired(now_s * kNumMillisecsPerSec); | |
60 } | |
61 | |
62 // An RTC_CHECK ensures that |expires_s| this is in valid range of time_t as | |
63 // is required by SSLIdentityParams. On some 32-bit systems time_t is limited | |
64 // to < 2^31. On such systems this will fail for expiration times of year 2038 | |
65 // or later. | |
66 scoped_refptr<RTCCertificate> GenerateCertificateWithExpires( | |
67 uint64_t expires_s) const { | |
68 RTC_CHECK(IsValueInRangeForNumericType<time_t>(expires_s)); | |
69 | |
70 SSLIdentityParams params; | |
71 params.common_name = kTestCertCommonName; | |
72 params.not_before = 0; | |
73 params.not_after = static_cast<time_t>(expires_s); | |
74 // Certificate type does not matter for our purposes, using ECDSA because it | |
75 // is fast to generate. | |
76 params.key_params = KeyParams::ECDSA(); | |
77 | |
78 scoped_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params)); | |
79 return RTCCertificate::Create(identity.Pass()); | |
80 } | |
81 }; | |
82 | |
83 TEST_F(RTCCertificateTest, NewCertificateNotExpired) { | |
84 // Generate a real certificate without specifying the expiration time. | |
85 // Certificate type doesn't matter, using ECDSA because it's fast to generate. | |
86 scoped_ptr<SSLIdentity> identity( | |
87 SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA())); | |
88 scoped_refptr<RTCCertificate> certificate = | |
89 RTCCertificate::Create(identity.Pass()); | |
90 | |
91 uint64_t now = NowSeconds(); | |
92 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); | |
93 // Even without specifying the expiration time we would expect it to be valid | |
94 // for at least half an hour. | |
95 EXPECT_FALSE(HasExpiredSeconds(certificate, now + 30*60)); | |
96 } | |
97 | |
98 TEST_F(RTCCertificateTest, UsesExpiresAskedFor) { | |
99 uint64_t now = NowSeconds(); | |
100 scoped_refptr<RTCCertificate> certificate = | |
101 GenerateCertificateWithExpires(now); | |
102 EXPECT_EQ(now, ExpiresSeconds(certificate)); | |
103 } | |
104 | |
105 TEST_F(RTCCertificateTest, ExpiresInOneSecond) { | |
106 // Generate a certificate that expires in 1s. | |
107 uint64_t now = NowSeconds(); | |
108 scoped_refptr<RTCCertificate> certificate = | |
109 GenerateCertificateWithExpires(now + 1); | |
110 // Now it should not have expired. | |
111 EXPECT_FALSE(HasExpiredSeconds(certificate, now)); | |
112 // In 2s it should have expired. | |
113 EXPECT_TRUE(HasExpiredSeconds(certificate, now + 2)); | |
114 } | |
115 | |
116 } // namespace rtc | |
OLD | NEW |