2015-12-09 05:26:49 -08:00
|
|
|
/*
|
|
|
|
|
* Copyright 2015 The WebRTC Project Authors. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Use of this source code is governed by a BSD-style license
|
|
|
|
|
* that can be found in the LICENSE file in the root of the source
|
|
|
|
|
* tree. An additional intellectual property rights grant can be found
|
|
|
|
|
* in the file PATENTS. All contributing project authors may
|
|
|
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-04-26 03:13:22 -07:00
|
|
|
#include <memory>
|
2015-12-17 03:04:15 -08:00
|
|
|
#include <utility>
|
|
|
|
|
|
2015-12-09 05:26:49 -08:00
|
|
|
#include "webrtc/base/checks.h"
|
|
|
|
|
#include "webrtc/base/fakesslidentity.h"
|
|
|
|
|
#include "webrtc/base/gunit.h"
|
|
|
|
|
#include "webrtc/base/logging.h"
|
|
|
|
|
#include "webrtc/base/rtccertificate.h"
|
Revert of Safe numeric library: base/numerics (copied from Chromium) (patchset #11 id:250001 of https://codereview.webrtc.org/1753293002/ )
Reason for revert:
Looks like the Chrome iOS build is broken because of these two changes. So I'm going to have to revert. Here's the error:
https://build.chromium.org/p/tryserver.chromium.mac/builders/ios_rel_device_ninja/builds/185624/steps/compile/logs/stdio
FAILED: rm -f arch/libsafe_numerics.arm64.a && ./gyp-mac-tool filter-libtool libtool -static -o arch/libsafe_numerics.arm64.a
error: /Applications/Xcode7.0.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/libtool: no files specified
Usage: /Applications/Xcode7.0.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/libtool -static [-] file [...] [-filelist listfile[,dirname]] [-arch_only arch] [-sacLT] [-no_warning_for_no_symbols]
Usage: /Applications/Xcode7.0.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/libtool -dynamic [-] file [...] [-filelist listfile[,dirname]] [-arch_only arch] [-o output] [-install_name name] [-compatibility_version #] [-current_version #] [-seg1addr 0x#] [-segs_read_only_addr 0x#] [-segs_read_write_addr 0x#] [-seg_addr_table <filename>] [-seg_addr_table_filename <file_system_path>] [-all_load] [-noall_load]
FAILED: rm -f arch/libsafe_numerics.armv7.a && ./gyp-mac-tool filter-libtool libtool -static -o arch/libsafe_numerics.armv7.a
error: /Applications/Xcode7.0.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/libtool: no files specified
Usage: /Applications/Xcode7.0.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/libtool -static [-] file [...] [-filelist listfile[,dirname]] [-arch_only arch] [-sacLT] [-no_warning_for_no_symbols]
Usage: /Applications/Xcode7.0.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/libtool -dynamic [-] file [...] [-filelist listfile[,dirname]] [-arch_only arch] [-o output] [-install_name name] [-compatibility_version #] [-current_version #] [-seg1addr 0x#] [-segs_read_only_addr 0x#] [-segs_read_write_addr 0x#] [-seg_addr_table <filename>] [-seg_addr_table_filename <file_system_path>] [-all_load] [-noall_load]
ninja: build stopped: subcommand failed.
Original issue's description:
> Safe numeric library added: base/numerics (copied from Chromium)
>
> This copies the contents (unittest excluded) of base/numerics in
> chromium to base/numerics in webrtc. Files added:
> - safe_conversions.h
> - safe_conversions_impl.h
> - safe_math.h
> - safe_math_impl.h
>
> A really old version of safe_conversions[_impl].h previously existed in
> base/, this has been deleted and sources using it have been updated
> to include the new base/numerics/safe_converions.h.
>
> This CL also adds a DEPS file to webrtc/base.
>
> NOPRESUBMIT=True
> BUG=webrtc:5548, webrtc:5623
>
> Committed: https://crrev.com/de1c81b2d2196be611674aa6019b9db3a9329042
> Cr-Commit-Position: refs/heads/master@{#11907}
TBR=kjellander@webrtc.org,kwiberg@webrtc.org,tina.legrand@webrtc.org,hbos@webrtc.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=webrtc:5548, webrtc:5623
Review URL: https://codereview.webrtc.org/1792613002 .
Cr-Commit-Position: refs/heads/master@{#11965}
2016-03-11 17:12:32 -08:00
|
|
|
#include "webrtc/base/safe_conversions.h"
|
2015-12-09 05:26:49 -08:00
|
|
|
#include "webrtc/base/sslidentity.h"
|
|
|
|
|
#include "webrtc/base/thread.h"
|
|
|
|
|
#include "webrtc/base/timeutils.h"
|
|
|
|
|
|
|
|
|
|
namespace rtc {
|
|
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
|
|
static const char* kTestCertCommonName = "RTCCertificateTest's certificate";
|
|
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
class RTCCertificateTest : public testing::Test {
|
|
|
|
|
public:
|
|
|
|
|
RTCCertificateTest() {}
|
|
|
|
|
~RTCCertificateTest() {}
|
|
|
|
|
|
|
|
|
|
protected:
|
2016-04-28 05:14:21 -07:00
|
|
|
scoped_refptr<RTCCertificate> GenerateECDSA() {
|
|
|
|
|
std::unique_ptr<SSLIdentity> identity(
|
|
|
|
|
SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA()));
|
|
|
|
|
RTC_CHECK(identity);
|
|
|
|
|
return RTCCertificate::Create(std::move(identity));
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 05:26:49 -08:00
|
|
|
// Timestamp note:
|
|
|
|
|
// All timestamps in this unittest are expressed in number of seconds since
|
|
|
|
|
// epoch, 1970-01-01T00:00:00Z (UTC). The RTCCertificate interface uses ms,
|
|
|
|
|
// but only seconds-precision is supported by SSLCertificate. To make the
|
|
|
|
|
// tests clearer we convert everything to seconds since the precision matters
|
|
|
|
|
// when generating certificates or comparing timestamps.
|
|
|
|
|
// As a result, ExpiresSeconds and HasExpiredSeconds are used instead of
|
|
|
|
|
// RTCCertificate::Expires and ::HasExpired for ms -> s conversion.
|
|
|
|
|
|
|
|
|
|
uint64_t NowSeconds() const {
|
|
|
|
|
return TimeNanos() / kNumNanosecsPerSec;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint64_t ExpiresSeconds(const scoped_refptr<RTCCertificate>& cert) const {
|
|
|
|
|
uint64_t exp_ms = cert->Expires();
|
|
|
|
|
uint64_t exp_s = exp_ms / kNumMillisecsPerSec;
|
|
|
|
|
// Make sure this did not result in loss of precision.
|
|
|
|
|
RTC_CHECK_EQ(exp_s * kNumMillisecsPerSec, exp_ms);
|
|
|
|
|
return exp_s;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool HasExpiredSeconds(const scoped_refptr<RTCCertificate>& cert,
|
|
|
|
|
uint64_t now_s) const {
|
|
|
|
|
return cert->HasExpired(now_s * kNumMillisecsPerSec);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// An RTC_CHECK ensures that |expires_s| this is in valid range of time_t as
|
|
|
|
|
// is required by SSLIdentityParams. On some 32-bit systems time_t is limited
|
|
|
|
|
// to < 2^31. On such systems this will fail for expiration times of year 2038
|
|
|
|
|
// or later.
|
|
|
|
|
scoped_refptr<RTCCertificate> GenerateCertificateWithExpires(
|
|
|
|
|
uint64_t expires_s) const {
|
|
|
|
|
RTC_CHECK(IsValueInRangeForNumericType<time_t>(expires_s));
|
|
|
|
|
|
|
|
|
|
SSLIdentityParams params;
|
|
|
|
|
params.common_name = kTestCertCommonName;
|
|
|
|
|
params.not_before = 0;
|
|
|
|
|
params.not_after = static_cast<time_t>(expires_s);
|
|
|
|
|
// Certificate type does not matter for our purposes, using ECDSA because it
|
|
|
|
|
// is fast to generate.
|
|
|
|
|
params.key_params = KeyParams::ECDSA();
|
|
|
|
|
|
2016-04-26 03:13:22 -07:00
|
|
|
std::unique_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params));
|
2015-12-17 03:04:15 -08:00
|
|
|
return RTCCertificate::Create(std::move(identity));
|
2015-12-09 05:26:49 -08:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
TEST_F(RTCCertificateTest, NewCertificateNotExpired) {
|
|
|
|
|
// Generate a real certificate without specifying the expiration time.
|
|
|
|
|
// Certificate type doesn't matter, using ECDSA because it's fast to generate.
|
2016-04-28 05:14:21 -07:00
|
|
|
scoped_refptr<RTCCertificate> certificate = GenerateECDSA();
|
2015-12-09 05:26:49 -08:00
|
|
|
|
|
|
|
|
uint64_t now = NowSeconds();
|
|
|
|
|
EXPECT_FALSE(HasExpiredSeconds(certificate, now));
|
|
|
|
|
// Even without specifying the expiration time we would expect it to be valid
|
|
|
|
|
// for at least half an hour.
|
|
|
|
|
EXPECT_FALSE(HasExpiredSeconds(certificate, now + 30*60));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(RTCCertificateTest, UsesExpiresAskedFor) {
|
|
|
|
|
uint64_t now = NowSeconds();
|
|
|
|
|
scoped_refptr<RTCCertificate> certificate =
|
|
|
|
|
GenerateCertificateWithExpires(now);
|
|
|
|
|
EXPECT_EQ(now, ExpiresSeconds(certificate));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(RTCCertificateTest, ExpiresInOneSecond) {
|
|
|
|
|
// Generate a certificate that expires in 1s.
|
|
|
|
|
uint64_t now = NowSeconds();
|
|
|
|
|
scoped_refptr<RTCCertificate> certificate =
|
|
|
|
|
GenerateCertificateWithExpires(now + 1);
|
|
|
|
|
// Now it should not have expired.
|
|
|
|
|
EXPECT_FALSE(HasExpiredSeconds(certificate, now));
|
|
|
|
|
// In 2s it should have expired.
|
|
|
|
|
EXPECT_TRUE(HasExpiredSeconds(certificate, now + 2));
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-28 05:14:21 -07:00
|
|
|
TEST_F(RTCCertificateTest, DifferentCertificatesNotEqual) {
|
|
|
|
|
scoped_refptr<RTCCertificate> a = GenerateECDSA();
|
|
|
|
|
scoped_refptr<RTCCertificate> b = GenerateECDSA();
|
|
|
|
|
EXPECT_TRUE(*a != *b);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(RTCCertificateTest, CloneWithPEMSerialization) {
|
|
|
|
|
scoped_refptr<RTCCertificate> orig = GenerateECDSA();
|
|
|
|
|
|
|
|
|
|
// To PEM.
|
|
|
|
|
RTCCertificatePEM orig_pem = orig->ToPEM();
|
|
|
|
|
// Clone from PEM.
|
|
|
|
|
scoped_refptr<RTCCertificate> clone = RTCCertificate::FromPEM(orig_pem);
|
|
|
|
|
EXPECT_TRUE(clone);
|
|
|
|
|
EXPECT_TRUE(*orig == *clone);
|
|
|
|
|
EXPECT_EQ(orig->Expires(), clone->Expires());
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-20 10:27:21 -07:00
|
|
|
TEST_F(RTCCertificateTest, FromPEMWithInvalidPEM) {
|
|
|
|
|
RTCCertificatePEM pem("not a valid PEM", "not a valid PEM");
|
|
|
|
|
scoped_refptr<RTCCertificate> certificate = RTCCertificate::FromPEM(pem);
|
|
|
|
|
EXPECT_FALSE(certificate);
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 05:26:49 -08:00
|
|
|
} // namespace rtc
|