1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include <string>
12
13 #include "webrtc/base/gunit.h"
14 #include "webrtc/base/helpers.h"
15 #include "webrtc/base/ssladapter.h"
16 #include "webrtc/base/sslidentity.h"
17
18 using rtc::SSLIdentity;
19
20 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n"
21 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n"
22 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n"
23 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n"
24 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n"
25 "A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl\n"
26 "cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP\n"
27 "Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//\n"
28 "Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4\n"
29 "GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM\n"
30 "k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz\n"
31 "itAE+OjGF+PFKbwX8Q==\n"
32 "-----END CERTIFICATE-----\n";
33
34 const unsigned char kTestCertSha1[] = {
35 0xA6, 0xC8, 0x59, 0xEA, 0xC3, 0x7E, 0x6D, 0x33,
36 0xCF, 0xE2, 0x69, 0x9D, 0x74, 0xE6, 0xF6, 0x8A,
37 0x9E, 0x47, 0xA7, 0xCA};
38 const unsigned char kTestCertSha224[] = {
39 0xd4, 0xce, 0xc6, 0xcf, 0x28, 0xcb, 0xe9, 0x77,
40 0x38, 0x36, 0xcf, 0xb1, 0x3b, 0x4a, 0xd7, 0xbd,
41 0xae, 0x24, 0x21, 0x08, 0xcf, 0x6a, 0x44, 0x0d,
42 0x3f, 0x94, 0x2a, 0x5b};
43 const unsigned char kTestCertSha256[] = {
44 0x41, 0x6b, 0xb4, 0x93, 0x47, 0x79, 0x77, 0x24,
45 0x77, 0x0b, 0x8b, 0x2e, 0xa6, 0x2b, 0xe0, 0xf9,
46 0x0a, 0xed, 0x1f, 0x31, 0xa6, 0xf7, 0x5c, 0xa1,
47 0x5a, 0xc4, 0xb0, 0xa2, 0xa4, 0x78, 0xb9, 0x76};
48 const unsigned char kTestCertSha384[] = {
49 0x42, 0x31, 0x9a, 0x79, 0x1d, 0xd6, 0x08, 0xbf,
50 0x3b, 0xba, 0x36, 0xd8, 0x37, 0x4a, 0x9a, 0x75,
51 0xd3, 0x25, 0x6e, 0x28, 0x92, 0xbe, 0x06, 0xb7,
52 0xc5, 0xa0, 0x83, 0xe3, 0x86, 0xb1, 0x03, 0xfc,
53 0x64, 0x47, 0xd6, 0xd8, 0xaa, 0xd9, 0x36, 0x60,
54 0x04, 0xcc, 0xbe, 0x7d, 0x6a, 0xe8, 0x34, 0x49};
55 const unsigned char kTestCertSha512[] = {
56 0x51, 0x1d, 0xec, 0x02, 0x3d, 0x51, 0x45, 0xd3,
57 0xd8, 0x1d, 0xa4, 0x9d, 0x43, 0xc9, 0xee, 0x32,
58 0x6f, 0x4f, 0x37, 0xee, 0xab, 0x3f, 0x25, 0xdf,
59 0x72, 0xfc, 0x61, 0x1a, 0xd5, 0x92, 0xff, 0x6b,
60 0x28, 0x71, 0x58, 0xb3, 0xe1, 0x8a, 0x18, 0xcf,
61 0x61, 0x33, 0x0e, 0x14, 0xc3, 0x04, 0xaa, 0x07,
62 0xf6, 0xa5, 0xda, 0xdc, 0x42, 0x42, 0x22, 0x35,
63 0xce, 0x26, 0x58, 0x4a, 0x33, 0x6d, 0xbc, 0xb6};
64
65 class SSLIdentityTest : public testing::Test {
66 public:
SSLIdentityTest()67 SSLIdentityTest() {}
68
~SSLIdentityTest()69 ~SSLIdentityTest() {
70 }
71
SetUp()72 virtual void SetUp() {
73 identity_rsa1_.reset(SSLIdentity::Generate("test1", rtc::KT_RSA));
74 identity_rsa2_.reset(SSLIdentity::Generate("test2", rtc::KT_RSA));
75 identity_ecdsa1_.reset(SSLIdentity::Generate("test3", rtc::KT_ECDSA));
76 identity_ecdsa2_.reset(SSLIdentity::Generate("test4", rtc::KT_ECDSA));
77
78 ASSERT_TRUE(identity_rsa1_);
79 ASSERT_TRUE(identity_rsa2_);
80 ASSERT_TRUE(identity_ecdsa1_);
81 ASSERT_TRUE(identity_ecdsa2_);
82
83 test_cert_.reset(rtc::SSLCertificate::FromPEMString(kTestCertificate));
84 ASSERT_TRUE(test_cert_);
85 }
86
TestGetSignatureDigestAlgorithm()87 void TestGetSignatureDigestAlgorithm() {
88 std::string digest_algorithm;
89
90 ASSERT_TRUE(identity_rsa1_->certificate().GetSignatureDigestAlgorithm(
91 &digest_algorithm));
92 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
93
94 ASSERT_TRUE(identity_rsa2_->certificate().GetSignatureDigestAlgorithm(
95 &digest_algorithm));
96 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
97
98 ASSERT_TRUE(identity_ecdsa1_->certificate().GetSignatureDigestAlgorithm(
99 &digest_algorithm));
100 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
101
102 ASSERT_TRUE(identity_ecdsa2_->certificate().GetSignatureDigestAlgorithm(
103 &digest_algorithm));
104 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
105
106 // The test certificate has an MD5-based signature.
107 ASSERT_TRUE(test_cert_->GetSignatureDigestAlgorithm(&digest_algorithm));
108 ASSERT_EQ(rtc::DIGEST_MD5, digest_algorithm);
109 }
110
111 typedef unsigned char DigestType[rtc::MessageDigest::kMaxSize];
112
TestDigestHelper(DigestType digest,const SSLIdentity * identity,const std::string & algorithm,size_t expected_len)113 void TestDigestHelper(DigestType digest,
114 const SSLIdentity* identity,
115 const std::string& algorithm,
116 size_t expected_len) {
117 DigestType digest1;
118 size_t digest_len;
119 bool rv;
120
121 memset(digest, 0, expected_len);
122 rv = identity->certificate().ComputeDigest(algorithm, digest,
123 sizeof(DigestType), &digest_len);
124 EXPECT_TRUE(rv);
125 EXPECT_EQ(expected_len, digest_len);
126
127 // Repeat digest computation for the identity as a sanity check.
128 memset(digest1, 0xff, expected_len);
129 rv = identity->certificate().ComputeDigest(algorithm, digest1,
130 sizeof(DigestType), &digest_len);
131 EXPECT_TRUE(rv);
132 EXPECT_EQ(expected_len, digest_len);
133
134 EXPECT_EQ(0, memcmp(digest, digest1, expected_len));
135 }
136
TestDigestForGeneratedCert(const std::string & algorithm,size_t expected_len)137 void TestDigestForGeneratedCert(const std::string& algorithm,
138 size_t expected_len) {
139 DigestType digest[4];
140
141 ASSERT_TRUE(expected_len <= sizeof(DigestType));
142
143 TestDigestHelper(digest[0], identity_rsa1_.get(), algorithm, expected_len);
144 TestDigestHelper(digest[1], identity_rsa2_.get(), algorithm, expected_len);
145 TestDigestHelper(digest[2], identity_ecdsa1_.get(), algorithm,
146 expected_len);
147 TestDigestHelper(digest[3], identity_ecdsa2_.get(), algorithm,
148 expected_len);
149
150 // Sanity check that all four digests are unique. This could theoretically
151 // fail, since cryptographic hash collisions have a non-zero probability.
152 for (int i = 0; i < 4; i++) {
153 for (int j = 0; j < 4; j++) {
154 if (i != j)
155 EXPECT_NE(0, memcmp(digest[i], digest[j], expected_len));
156 }
157 }
158 }
159
TestDigestForFixedCert(const std::string & algorithm,size_t expected_len,const unsigned char * expected_digest)160 void TestDigestForFixedCert(const std::string& algorithm,
161 size_t expected_len,
162 const unsigned char* expected_digest) {
163 bool rv;
164 DigestType digest;
165 size_t digest_len;
166
167 ASSERT_TRUE(expected_len <= sizeof(DigestType));
168
169 rv = test_cert_->ComputeDigest(algorithm, digest, sizeof(digest),
170 &digest_len);
171 EXPECT_TRUE(rv);
172 EXPECT_EQ(expected_len, digest_len);
173 EXPECT_EQ(0, memcmp(digest, expected_digest, expected_len));
174 }
175
176 private:
177 rtc::scoped_ptr<SSLIdentity> identity_rsa1_;
178 rtc::scoped_ptr<SSLIdentity> identity_rsa2_;
179 rtc::scoped_ptr<SSLIdentity> identity_ecdsa1_;
180 rtc::scoped_ptr<SSLIdentity> identity_ecdsa2_;
181 rtc::scoped_ptr<rtc::SSLCertificate> test_cert_;
182 };
183
TEST_F(SSLIdentityTest,FixedDigestSHA1)184 TEST_F(SSLIdentityTest, FixedDigestSHA1) {
185 TestDigestForFixedCert(rtc::DIGEST_SHA_1, 20, kTestCertSha1);
186 }
187
188 // HASH_AlgSHA224 is not supported in the chromium linux build.
TEST_F(SSLIdentityTest,FixedDigestSHA224)189 TEST_F(SSLIdentityTest, FixedDigestSHA224) {
190 TestDigestForFixedCert(rtc::DIGEST_SHA_224, 28, kTestCertSha224);
191 }
192
TEST_F(SSLIdentityTest,FixedDigestSHA256)193 TEST_F(SSLIdentityTest, FixedDigestSHA256) {
194 TestDigestForFixedCert(rtc::DIGEST_SHA_256, 32, kTestCertSha256);
195 }
196
TEST_F(SSLIdentityTest,FixedDigestSHA384)197 TEST_F(SSLIdentityTest, FixedDigestSHA384) {
198 TestDigestForFixedCert(rtc::DIGEST_SHA_384, 48, kTestCertSha384);
199 }
200
TEST_F(SSLIdentityTest,FixedDigestSHA512)201 TEST_F(SSLIdentityTest, FixedDigestSHA512) {
202 TestDigestForFixedCert(rtc::DIGEST_SHA_512, 64, kTestCertSha512);
203 }
204
205 // HASH_AlgSHA224 is not supported in the chromium linux build.
TEST_F(SSLIdentityTest,DigestSHA224)206 TEST_F(SSLIdentityTest, DigestSHA224) {
207 TestDigestForGeneratedCert(rtc::DIGEST_SHA_224, 28);
208 }
209
TEST_F(SSLIdentityTest,DigestSHA256)210 TEST_F(SSLIdentityTest, DigestSHA256) {
211 TestDigestForGeneratedCert(rtc::DIGEST_SHA_256, 32);
212 }
213
TEST_F(SSLIdentityTest,DigestSHA384)214 TEST_F(SSLIdentityTest, DigestSHA384) {
215 TestDigestForGeneratedCert(rtc::DIGEST_SHA_384, 48);
216 }
217
TEST_F(SSLIdentityTest,DigestSHA512)218 TEST_F(SSLIdentityTest, DigestSHA512) {
219 TestDigestForGeneratedCert(rtc::DIGEST_SHA_512, 64);
220 }
221
TEST_F(SSLIdentityTest,FromPEMStringsRSA)222 TEST_F(SSLIdentityTest, FromPEMStringsRSA) {
223 static const char kRSA_PRIVATE_KEY_PEM[] =
224 "-----BEGIN RSA PRIVATE KEY-----\n"
225 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
226 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
227 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
228 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
229 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
230 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
231 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
232 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
233 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
234 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
235 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
236 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
237 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
238 "UCXiYxSsu20QNVw=\n"
239 "-----END RSA PRIVATE KEY-----\n";
240
241 static const char kCERT_PEM[] =
242 "-----BEGIN CERTIFICATE-----\n"
243 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
244 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
245 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
246 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
247 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
248 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
249 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
250 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
251 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
252 "-----END CERTIFICATE-----\n";
253
254 rtc::scoped_ptr<SSLIdentity> identity(
255 SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM));
256 EXPECT_TRUE(identity);
257 EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString());
258 }
259
TEST_F(SSLIdentityTest,FromPEMStringsEC)260 TEST_F(SSLIdentityTest, FromPEMStringsEC) {
261 static const char kRSA_PRIVATE_KEY_PEM[] =
262 "-----BEGIN EC PRIVATE KEY-----\n"
263 "MHcCAQEEIKkIztWLPbs4Y2zWv7VW2Ov4is2ifleCuPgRB8fRv3IkoAoGCCqGSM49\n"
264 "AwEHoUQDQgAEDPV33NrhSdhg9cBRkUWUXnVMXc3h17i9ARbSmNgminKcBXb8/y8L\n"
265 "A76cMWQPPM0ybHO8OS7ZVg2U/m+TwE1M2g==\n"
266 "-----END EC PRIVATE KEY-----\n";
267 static const char kCERT_PEM[] =
268 "-----BEGIN CERTIFICATE-----\n"
269 "MIIB0jCCAXmgAwIBAgIJAMCjpFt9t6LMMAoGCCqGSM49BAMCMEUxCzAJBgNVBAYT\n"
270 "AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn\n"
271 "aXRzIFB0eSBMdGQwIBcNMTUwNjMwMTMwMTIyWhgPMjI4OTA0MTMxMzAxMjJaMEUx\n"
272 "CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl\n"
273 "cm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQM\n"
274 "9Xfc2uFJ2GD1wFGRRZRedUxdzeHXuL0BFtKY2CaKcpwFdvz/LwsDvpwxZA88zTJs\n"
275 "c7w5LtlWDZT+b5PATUzao1AwTjAdBgNVHQ4EFgQUYHq6nxNNIE832ZmaHc/noODO\n"
276 "rtAwHwYDVR0jBBgwFoAUYHq6nxNNIE832ZmaHc/noODOrtAwDAYDVR0TBAUwAwEB\n"
277 "/zAKBggqhkjOPQQDAgNHADBEAiAQRojsTyZG0BlKoU7gOt5h+yAMLl2cxmDtOIQr\n"
278 "GWP/PwIgJynB4AUDsPT0DWmethOXYijB5sY5UPd9DvgmiS/Mr6s=\n"
279 "-----END CERTIFICATE-----\n";
280
281 rtc::scoped_ptr<SSLIdentity> identity(
282 SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM));
283 EXPECT_TRUE(identity);
284 EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString());
285 }
286
TEST_F(SSLIdentityTest,PemDerConversion)287 TEST_F(SSLIdentityTest, PemDerConversion) {
288 std::string der;
289 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der));
290
291 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem(
292 "CERTIFICATE",
293 reinterpret_cast<const unsigned char*>(der.data()), der.length()));
294 }
295
TEST_F(SSLIdentityTest,GetSignatureDigestAlgorithm)296 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) {
297 TestGetSignatureDigestAlgorithm();
298 }
299
300 class SSLIdentityExpirationTest : public testing::Test {
301 public:
SSLIdentityExpirationTest()302 SSLIdentityExpirationTest() {
303 // Set use of the test RNG to get deterministic expiration timestamp.
304 rtc::SetRandomTestMode(true);
305 }
~SSLIdentityExpirationTest()306 ~SSLIdentityExpirationTest() {
307 // Put it back for the next test.
308 rtc::SetRandomTestMode(false);
309 }
310
TestASN1TimeToSec()311 void TestASN1TimeToSec() {
312 struct asn_example {
313 const char* string;
314 bool long_format;
315 int64_t want;
316 } static const data[] = {
317 // Valid examples.
318 {"19700101000000Z", true, 0},
319 {"700101000000Z", false, 0},
320 {"19700101000001Z", true, 1},
321 {"700101000001Z", false, 1},
322 {"19700101000100Z", true, 60},
323 {"19700101000101Z", true, 61},
324 {"19700101010000Z", true, 3600},
325 {"19700101010001Z", true, 3601},
326 {"19700101010100Z", true, 3660},
327 {"19700101010101Z", true, 3661},
328 {"710911012345Z", false, 53400225},
329 {"20000101000000Z", true, 946684800},
330 {"20000101000000Z", true, 946684800},
331 {"20151130140156Z", true, 1448892116},
332 {"151130140156Z", false, 1448892116},
333 {"20491231235959Z", true, 2524607999},
334 {"491231235959Z", false, 2524607999},
335 {"20500101000000Z", true, 2524607999+1},
336 {"20700101000000Z", true, 3155760000},
337 {"21000101000000Z", true, 4102444800},
338 {"24000101000000Z", true, 13569465600},
339
340 // Invalid examples.
341 {"19700101000000", true, -1}, // missing Z long format
342 {"19700101000000X", true, -1}, // X instead of Z long format
343 {"197001010000000", true, -1}, // 0 instead of Z long format
344 {"1970010100000000Z", true, -1}, // excess digits long format
345 {"700101000000", false, -1}, // missing Z short format
346 {"700101000000X", false, -1}, // X instead of Z short format
347 {"7001010000000", false, -1}, // 0 instead of Z short format
348 {"70010100000000Z", false, -1}, // excess digits short format
349 {":9700101000000Z", true, -1}, // invalid character
350 {"1:700101000001Z", true, -1}, // invalid character
351 {"19:00101000100Z", true, -1}, // invalid character
352 {"197:0101000101Z", true, -1}, // invalid character
353 {"1970:101010000Z", true, -1}, // invalid character
354 {"19700:01010001Z", true, -1}, // invalid character
355 {"197001:1010100Z", true, -1}, // invalid character
356 {"1970010:010101Z", true, -1}, // invalid character
357 {"70010100:000Z", false, -1}, // invalid character
358 {"700101000:01Z", false, -1}, // invalid character
359 {"2000010100:000Z", true, -1}, // invalid character
360 {"21000101000:00Z", true, -1}, // invalid character
361 {"240001010000:0Z", true, -1}, // invalid character
362 {"500101000000Z", false, -1}, // but too old for epoch
363 {"691231235959Z", false, -1}, // too old for epoch
364 {"19611118043000Z", false, -1}, // way too old for epoch
365 };
366
367 unsigned char buf[20];
368
369 // Run all examples and check for the expected result.
370 for (const auto& entry : data) {
371 size_t length = strlen(entry.string);
372 memcpy(buf, entry.string, length); // Copy the ASN1 string...
373 buf[length] = rtc::CreateRandomId(); // ...and terminate it with junk.
374 int64_t res = rtc::ASN1TimeToSec(buf, length, entry.long_format);
375 LOG(LS_VERBOSE) << entry.string;
376 ASSERT_EQ(entry.want, res);
377 }
378 // Run all examples again, but with an invalid length.
379 for (const auto& entry : data) {
380 size_t length = strlen(entry.string);
381 memcpy(buf, entry.string, length); // Copy the ASN1 string...
382 buf[length] = rtc::CreateRandomId(); // ...and terminate it with junk.
383 int64_t res = rtc::ASN1TimeToSec(buf, length - 1, entry.long_format);
384 LOG(LS_VERBOSE) << entry.string;
385 ASSERT_EQ(-1, res);
386 }
387 }
388
TestExpireTime(int times)389 void TestExpireTime(int times) {
390 for (int i = 0; i < times; i++) {
391 rtc::SSLIdentityParams params;
392 params.common_name = "";
393 params.not_before = 0;
394 // We limit the time to < 2^31 here, i.e., we stay before 2038, since else
395 // we hit time offset limitations in OpenSSL on some 32-bit systems.
396 params.not_after = rtc::CreateRandomId() % 0x80000000;
397 // We test just ECDSA here since what we're out to exercise here is the
398 // code for expiration setting and reading.
399 params.key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256);
400 SSLIdentity* identity = rtc::SSLIdentity::GenerateForTest(params);
401 EXPECT_EQ(params.not_after,
402 identity->certificate().CertificateExpirationTime());
403 delete identity;
404 }
405 }
406 };
407
TEST_F(SSLIdentityExpirationTest,TestASN1TimeToSec)408 TEST_F(SSLIdentityExpirationTest, TestASN1TimeToSec) {
409 TestASN1TimeToSec();
410 }
411
TEST_F(SSLIdentityExpirationTest,TestExpireTime)412 TEST_F(SSLIdentityExpirationTest, TestExpireTime) {
413 TestExpireTime(500);
414 }
415