1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/memory/scoped_ptr.h" 6 #include "crypto/ec_private_key.h" 7 #include "net/cert/x509_util.h" 8 #include "net/cert/x509_util_openssl.h" 9 #include "testing/gtest/include/gtest/gtest.h" 10 11 namespace net { 12 13 TEST(X509UtilOpenSSLTest, IsSupportedValidityRange) { 14 base::Time now = base::Time::Now(); 15 EXPECT_TRUE(x509_util::IsSupportedValidityRange(now, now)); 16 EXPECT_FALSE(x509_util::IsSupportedValidityRange( 17 now, now - base::TimeDelta::FromSeconds(1))); 18 19 // See x509_util_openssl.cc to see how these were computed. 20 const int64 kDaysFromYear0001ToUnixEpoch = 719162; 21 const int64 kDaysFromUnixEpochToYear10000 = 2932896 + 1; 22 23 // When computing too_old / too_late, add one day to account for 24 // possible leap seconds. 25 base::Time too_old = base::Time::UnixEpoch() - 26 base::TimeDelta::FromDays(kDaysFromYear0001ToUnixEpoch + 1); 27 28 base::Time too_late = base::Time::UnixEpoch() + 29 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000 + 1); 30 31 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_old, too_old)); 32 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_old, now)); 33 34 EXPECT_FALSE(x509_util::IsSupportedValidityRange(now, too_late)); 35 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_late, too_late)); 36 } 37 38 // For OpenSSL, x509_util::CreateDomainBoundCertEC() is not yet implemented 39 // and should return false. This unit test ensures that a stub implementation 40 // is present. 41 TEST(X509UtilOpenSSLTest, CreateDomainBoundCertNotImplemented) { 42 std::string domain = "weborigin.com"; 43 base::Time now = base::Time::Now(); 44 scoped_ptr<crypto::ECPrivateKey> private_key( 45 crypto::ECPrivateKey::Create()); 46 std::string der_cert; 47 EXPECT_FALSE(x509_util::CreateDomainBoundCertEC( 48 private_key.get(), 49 domain, 1, 50 now, 51 now + base::TimeDelta::FromDays(1), 52 &der_cert)); 53 EXPECT_TRUE(der_cert.empty()); 54 55 } 56 57 } // namespace net 58