1 /* 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #include <string> 12 13 #include "webrtc/base/gunit.h" 14 #include "webrtc/base/helpers.h" 15 #include "webrtc/base/ssladapter.h" 16 #include "webrtc/base/sslidentity.h" 17 18 using rtc::SSLIdentity; 19 20 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n" 21 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n" 22 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n" 23 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n" 24 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n" 25 "A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl\n" 26 "cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP\n" 27 "Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//\n" 28 "Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4\n" 29 "GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM\n" 30 "k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz\n" 31 "itAE+OjGF+PFKbwX8Q==\n" 32 "-----END CERTIFICATE-----\n"; 33 34 const unsigned char kTestCertSha1[] = { 35 0xA6, 0xC8, 0x59, 0xEA, 0xC3, 0x7E, 0x6D, 0x33, 36 0xCF, 0xE2, 0x69, 0x9D, 0x74, 0xE6, 0xF6, 0x8A, 37 0x9E, 0x47, 0xA7, 0xCA}; 38 const unsigned char kTestCertSha224[] = { 39 0xd4, 0xce, 0xc6, 0xcf, 0x28, 0xcb, 0xe9, 0x77, 40 0x38, 0x36, 0xcf, 0xb1, 0x3b, 0x4a, 0xd7, 0xbd, 41 0xae, 0x24, 0x21, 0x08, 0xcf, 0x6a, 0x44, 0x0d, 42 0x3f, 0x94, 0x2a, 0x5b}; 43 const unsigned char kTestCertSha256[] = { 44 0x41, 0x6b, 0xb4, 0x93, 0x47, 0x79, 0x77, 0x24, 45 0x77, 0x0b, 0x8b, 0x2e, 0xa6, 0x2b, 0xe0, 0xf9, 46 0x0a, 0xed, 0x1f, 0x31, 0xa6, 0xf7, 0x5c, 0xa1, 47 0x5a, 0xc4, 0xb0, 0xa2, 0xa4, 0x78, 0xb9, 0x76}; 48 const unsigned char kTestCertSha384[] = { 49 0x42, 0x31, 0x9a, 0x79, 0x1d, 0xd6, 0x08, 0xbf, 50 0x3b, 0xba, 0x36, 0xd8, 0x37, 0x4a, 0x9a, 0x75, 51 0xd3, 0x25, 0x6e, 0x28, 0x92, 0xbe, 0x06, 0xb7, 52 0xc5, 0xa0, 0x83, 0xe3, 0x86, 0xb1, 0x03, 0xfc, 53 0x64, 0x47, 0xd6, 0xd8, 0xaa, 0xd9, 0x36, 0x60, 54 0x04, 0xcc, 0xbe, 0x7d, 0x6a, 0xe8, 0x34, 0x49}; 55 const unsigned char kTestCertSha512[] = { 56 0x51, 0x1d, 0xec, 0x02, 0x3d, 0x51, 0x45, 0xd3, 57 0xd8, 0x1d, 0xa4, 0x9d, 0x43, 0xc9, 0xee, 0x32, 58 0x6f, 0x4f, 0x37, 0xee, 0xab, 0x3f, 0x25, 0xdf, 59 0x72, 0xfc, 0x61, 0x1a, 0xd5, 0x92, 0xff, 0x6b, 60 0x28, 0x71, 0x58, 0xb3, 0xe1, 0x8a, 0x18, 0xcf, 61 0x61, 0x33, 0x0e, 0x14, 0xc3, 0x04, 0xaa, 0x07, 62 0xf6, 0xa5, 0xda, 0xdc, 0x42, 0x42, 0x22, 0x35, 63 0xce, 0x26, 0x58, 0x4a, 0x33, 0x6d, 0xbc, 0xb6}; 64 65 class SSLIdentityTest : public testing::Test { 66 public: 67 SSLIdentityTest() {} 68 69 ~SSLIdentityTest() { 70 } 71 72 virtual void SetUp() { 73 identity_rsa1_.reset(SSLIdentity::Generate("test1", rtc::KT_RSA)); 74 identity_rsa2_.reset(SSLIdentity::Generate("test2", rtc::KT_RSA)); 75 identity_ecdsa1_.reset(SSLIdentity::Generate("test3", rtc::KT_ECDSA)); 76 identity_ecdsa2_.reset(SSLIdentity::Generate("test4", rtc::KT_ECDSA)); 77 78 ASSERT_TRUE(identity_rsa1_); 79 ASSERT_TRUE(identity_rsa2_); 80 ASSERT_TRUE(identity_ecdsa1_); 81 ASSERT_TRUE(identity_ecdsa2_); 82 83 test_cert_.reset(rtc::SSLCertificate::FromPEMString(kTestCertificate)); 84 ASSERT_TRUE(test_cert_); 85 } 86 87 void TestGetSignatureDigestAlgorithm() { 88 std::string digest_algorithm; 89 90 ASSERT_TRUE(identity_rsa1_->certificate().GetSignatureDigestAlgorithm( 91 &digest_algorithm)); 92 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); 93 94 ASSERT_TRUE(identity_rsa2_->certificate().GetSignatureDigestAlgorithm( 95 &digest_algorithm)); 96 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); 97 98 ASSERT_TRUE(identity_ecdsa1_->certificate().GetSignatureDigestAlgorithm( 99 &digest_algorithm)); 100 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); 101 102 ASSERT_TRUE(identity_ecdsa2_->certificate().GetSignatureDigestAlgorithm( 103 &digest_algorithm)); 104 ASSERT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); 105 106 // The test certificate has an MD5-based signature. 107 ASSERT_TRUE(test_cert_->GetSignatureDigestAlgorithm(&digest_algorithm)); 108 ASSERT_EQ(rtc::DIGEST_MD5, digest_algorithm); 109 } 110 111 typedef unsigned char DigestType[rtc::MessageDigest::kMaxSize]; 112 113 void TestDigestHelper(DigestType digest, 114 const SSLIdentity* identity, 115 const std::string& algorithm, 116 size_t expected_len) { 117 DigestType digest1; 118 size_t digest_len; 119 bool rv; 120 121 memset(digest, 0, expected_len); 122 rv = identity->certificate().ComputeDigest(algorithm, digest, 123 sizeof(DigestType), &digest_len); 124 EXPECT_TRUE(rv); 125 EXPECT_EQ(expected_len, digest_len); 126 127 // Repeat digest computation for the identity as a sanity check. 128 memset(digest1, 0xff, expected_len); 129 rv = identity->certificate().ComputeDigest(algorithm, digest1, 130 sizeof(DigestType), &digest_len); 131 EXPECT_TRUE(rv); 132 EXPECT_EQ(expected_len, digest_len); 133 134 EXPECT_EQ(0, memcmp(digest, digest1, expected_len)); 135 } 136 137 void TestDigestForGeneratedCert(const std::string& algorithm, 138 size_t expected_len) { 139 DigestType digest[4]; 140 141 ASSERT_TRUE(expected_len <= sizeof(DigestType)); 142 143 TestDigestHelper(digest[0], identity_rsa1_.get(), algorithm, expected_len); 144 TestDigestHelper(digest[1], identity_rsa2_.get(), algorithm, expected_len); 145 TestDigestHelper(digest[2], identity_ecdsa1_.get(), algorithm, 146 expected_len); 147 TestDigestHelper(digest[3], identity_ecdsa2_.get(), algorithm, 148 expected_len); 149 150 // Sanity check that all four digests are unique. This could theoretically 151 // fail, since cryptographic hash collisions have a non-zero probability. 152 for (int i = 0; i < 4; i++) { 153 for (int j = 0; j < 4; j++) { 154 if (i != j) 155 EXPECT_NE(0, memcmp(digest[i], digest[j], expected_len)); 156 } 157 } 158 } 159 160 void TestDigestForFixedCert(const std::string& algorithm, 161 size_t expected_len, 162 const unsigned char* expected_digest) { 163 bool rv; 164 DigestType digest; 165 size_t digest_len; 166 167 ASSERT_TRUE(expected_len <= sizeof(DigestType)); 168 169 rv = test_cert_->ComputeDigest(algorithm, digest, sizeof(digest), 170 &digest_len); 171 EXPECT_TRUE(rv); 172 EXPECT_EQ(expected_len, digest_len); 173 EXPECT_EQ(0, memcmp(digest, expected_digest, expected_len)); 174 } 175 176 private: 177 rtc::scoped_ptr<SSLIdentity> identity_rsa1_; 178 rtc::scoped_ptr<SSLIdentity> identity_rsa2_; 179 rtc::scoped_ptr<SSLIdentity> identity_ecdsa1_; 180 rtc::scoped_ptr<SSLIdentity> identity_ecdsa2_; 181 rtc::scoped_ptr<rtc::SSLCertificate> test_cert_; 182 }; 183 184 TEST_F(SSLIdentityTest, FixedDigestSHA1) { 185 TestDigestForFixedCert(rtc::DIGEST_SHA_1, 20, kTestCertSha1); 186 } 187 188 // HASH_AlgSHA224 is not supported in the chromium linux build. 189 TEST_F(SSLIdentityTest, FixedDigestSHA224) { 190 TestDigestForFixedCert(rtc::DIGEST_SHA_224, 28, kTestCertSha224); 191 } 192 193 TEST_F(SSLIdentityTest, FixedDigestSHA256) { 194 TestDigestForFixedCert(rtc::DIGEST_SHA_256, 32, kTestCertSha256); 195 } 196 197 TEST_F(SSLIdentityTest, FixedDigestSHA384) { 198 TestDigestForFixedCert(rtc::DIGEST_SHA_384, 48, kTestCertSha384); 199 } 200 201 TEST_F(SSLIdentityTest, FixedDigestSHA512) { 202 TestDigestForFixedCert(rtc::DIGEST_SHA_512, 64, kTestCertSha512); 203 } 204 205 // HASH_AlgSHA224 is not supported in the chromium linux build. 206 TEST_F(SSLIdentityTest, DigestSHA224) { 207 TestDigestForGeneratedCert(rtc::DIGEST_SHA_224, 28); 208 } 209 210 TEST_F(SSLIdentityTest, DigestSHA256) { 211 TestDigestForGeneratedCert(rtc::DIGEST_SHA_256, 32); 212 } 213 214 TEST_F(SSLIdentityTest, DigestSHA384) { 215 TestDigestForGeneratedCert(rtc::DIGEST_SHA_384, 48); 216 } 217 218 TEST_F(SSLIdentityTest, DigestSHA512) { 219 TestDigestForGeneratedCert(rtc::DIGEST_SHA_512, 64); 220 } 221 222 TEST_F(SSLIdentityTest, FromPEMStringsRSA) { 223 static const char kRSA_PRIVATE_KEY_PEM[] = 224 "-----BEGIN RSA PRIVATE KEY-----\n" 225 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n" 226 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" 227 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" 228 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n" 229 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n" 230 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n" 231 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n" 232 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n" 233 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n" 234 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n" 235 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n" 236 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n" 237 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n" 238 "UCXiYxSsu20QNVw=\n" 239 "-----END RSA PRIVATE KEY-----\n"; 240 241 static const char kCERT_PEM[] = 242 "-----BEGIN CERTIFICATE-----\n" 243 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n" 244 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" 245 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" 246 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" 247 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" 248 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" 249 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" 250 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" 251 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" 252 "-----END CERTIFICATE-----\n"; 253 254 rtc::scoped_ptr<SSLIdentity> identity( 255 SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM)); 256 EXPECT_TRUE(identity); 257 EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString()); 258 } 259 260 TEST_F(SSLIdentityTest, FromPEMStringsEC) { 261 static const char kRSA_PRIVATE_KEY_PEM[] = 262 "-----BEGIN EC PRIVATE KEY-----\n" 263 "MHcCAQEEIKkIztWLPbs4Y2zWv7VW2Ov4is2ifleCuPgRB8fRv3IkoAoGCCqGSM49\n" 264 "AwEHoUQDQgAEDPV33NrhSdhg9cBRkUWUXnVMXc3h17i9ARbSmNgminKcBXb8/y8L\n" 265 "A76cMWQPPM0ybHO8OS7ZVg2U/m+TwE1M2g==\n" 266 "-----END EC PRIVATE KEY-----\n"; 267 static const char kCERT_PEM[] = 268 "-----BEGIN CERTIFICATE-----\n" 269 "MIIB0jCCAXmgAwIBAgIJAMCjpFt9t6LMMAoGCCqGSM49BAMCMEUxCzAJBgNVBAYT\n" 270 "AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn\n" 271 "aXRzIFB0eSBMdGQwIBcNMTUwNjMwMTMwMTIyWhgPMjI4OTA0MTMxMzAxMjJaMEUx\n" 272 "CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl\n" 273 "cm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQM\n" 274 "9Xfc2uFJ2GD1wFGRRZRedUxdzeHXuL0BFtKY2CaKcpwFdvz/LwsDvpwxZA88zTJs\n" 275 "c7w5LtlWDZT+b5PATUzao1AwTjAdBgNVHQ4EFgQUYHq6nxNNIE832ZmaHc/noODO\n" 276 "rtAwHwYDVR0jBBgwFoAUYHq6nxNNIE832ZmaHc/noODOrtAwDAYDVR0TBAUwAwEB\n" 277 "/zAKBggqhkjOPQQDAgNHADBEAiAQRojsTyZG0BlKoU7gOt5h+yAMLl2cxmDtOIQr\n" 278 "GWP/PwIgJynB4AUDsPT0DWmethOXYijB5sY5UPd9DvgmiS/Mr6s=\n" 279 "-----END CERTIFICATE-----\n"; 280 281 rtc::scoped_ptr<SSLIdentity> identity( 282 SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM)); 283 EXPECT_TRUE(identity); 284 EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString()); 285 } 286 287 TEST_F(SSLIdentityTest, PemDerConversion) { 288 std::string der; 289 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der)); 290 291 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem( 292 "CERTIFICATE", 293 reinterpret_cast<const unsigned char*>(der.data()), der.length())); 294 } 295 296 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) { 297 TestGetSignatureDigestAlgorithm(); 298 } 299 300 class SSLIdentityExpirationTest : public testing::Test { 301 public: 302 SSLIdentityExpirationTest() { 303 // Set use of the test RNG to get deterministic expiration timestamp. 304 rtc::SetRandomTestMode(true); 305 } 306 ~SSLIdentityExpirationTest() { 307 // Put it back for the next test. 308 rtc::SetRandomTestMode(false); 309 } 310 311 void TestASN1TimeToSec() { 312 struct asn_example { 313 const char* string; 314 bool long_format; 315 int64_t want; 316 } static const data[] = { 317 // Valid examples. 318 {"19700101000000Z", true, 0}, 319 {"700101000000Z", false, 0}, 320 {"19700101000001Z", true, 1}, 321 {"700101000001Z", false, 1}, 322 {"19700101000100Z", true, 60}, 323 {"19700101000101Z", true, 61}, 324 {"19700101010000Z", true, 3600}, 325 {"19700101010001Z", true, 3601}, 326 {"19700101010100Z", true, 3660}, 327 {"19700101010101Z", true, 3661}, 328 {"710911012345Z", false, 53400225}, 329 {"20000101000000Z", true, 946684800}, 330 {"20000101000000Z", true, 946684800}, 331 {"20151130140156Z", true, 1448892116}, 332 {"151130140156Z", false, 1448892116}, 333 {"20491231235959Z", true, 2524607999}, 334 {"491231235959Z", false, 2524607999}, 335 {"20500101000000Z", true, 2524607999+1}, 336 {"20700101000000Z", true, 3155760000}, 337 {"21000101000000Z", true, 4102444800}, 338 {"24000101000000Z", true, 13569465600}, 339 340 // Invalid examples. 341 {"19700101000000", true, -1}, // missing Z long format 342 {"19700101000000X", true, -1}, // X instead of Z long format 343 {"197001010000000", true, -1}, // 0 instead of Z long format 344 {"1970010100000000Z", true, -1}, // excess digits long format 345 {"700101000000", false, -1}, // missing Z short format 346 {"700101000000X", false, -1}, // X instead of Z short format 347 {"7001010000000", false, -1}, // 0 instead of Z short format 348 {"70010100000000Z", false, -1}, // excess digits short format 349 {":9700101000000Z", true, -1}, // invalid character 350 {"1:700101000001Z", true, -1}, // invalid character 351 {"19:00101000100Z", true, -1}, // invalid character 352 {"197:0101000101Z", true, -1}, // invalid character 353 {"1970:101010000Z", true, -1}, // invalid character 354 {"19700:01010001Z", true, -1}, // invalid character 355 {"197001:1010100Z", true, -1}, // invalid character 356 {"1970010:010101Z", true, -1}, // invalid character 357 {"70010100:000Z", false, -1}, // invalid character 358 {"700101000:01Z", false, -1}, // invalid character 359 {"2000010100:000Z", true, -1}, // invalid character 360 {"21000101000:00Z", true, -1}, // invalid character 361 {"240001010000:0Z", true, -1}, // invalid character 362 {"500101000000Z", false, -1}, // but too old for epoch 363 {"691231235959Z", false, -1}, // too old for epoch 364 {"19611118043000Z", false, -1}, // way too old for epoch 365 }; 366 367 unsigned char buf[20]; 368 369 // Run all examples and check for the expected result. 370 for (const auto& entry : data) { 371 size_t length = strlen(entry.string); 372 memcpy(buf, entry.string, length); // Copy the ASN1 string... 373 buf[length] = rtc::CreateRandomId(); // ...and terminate it with junk. 374 int64_t res = rtc::ASN1TimeToSec(buf, length, entry.long_format); 375 LOG(LS_VERBOSE) << entry.string; 376 ASSERT_EQ(entry.want, res); 377 } 378 // Run all examples again, but with an invalid length. 379 for (const auto& entry : data) { 380 size_t length = strlen(entry.string); 381 memcpy(buf, entry.string, length); // Copy the ASN1 string... 382 buf[length] = rtc::CreateRandomId(); // ...and terminate it with junk. 383 int64_t res = rtc::ASN1TimeToSec(buf, length - 1, entry.long_format); 384 LOG(LS_VERBOSE) << entry.string; 385 ASSERT_EQ(-1, res); 386 } 387 } 388 389 void TestExpireTime(int times) { 390 for (int i = 0; i < times; i++) { 391 rtc::SSLIdentityParams params; 392 params.common_name = ""; 393 params.not_before = 0; 394 // We limit the time to < 2^31 here, i.e., we stay before 2038, since else 395 // we hit time offset limitations in OpenSSL on some 32-bit systems. 396 params.not_after = rtc::CreateRandomId() % 0x80000000; 397 // We test just ECDSA here since what we're out to exercise here is the 398 // code for expiration setting and reading. 399 params.key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256); 400 SSLIdentity* identity = rtc::SSLIdentity::GenerateForTest(params); 401 EXPECT_EQ(params.not_after, 402 identity->certificate().CertificateExpirationTime()); 403 delete identity; 404 } 405 } 406 }; 407 408 TEST_F(SSLIdentityExpirationTest, TestASN1TimeToSec) { 409 TestASN1TimeToSec(); 410 } 411 412 TEST_F(SSLIdentityExpirationTest, TestExpireTime) { 413 TestExpireTime(500); 414 } 415
