Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2016 The WebRTC project authors. All Rights Reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Steve Anton | 10542f2 | 2019-01-11 17:11:00 | [diff] [blame] | 11 | #include "rtc_base/rtc_certificate_generator.h" |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 12 | |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 13 | #include <memory> |
| 14 | |
Danil Chapovalov | 0a1d189 | 2018-06-21 09:48:25 | [diff] [blame] | 15 | #include "absl/types/optional.h" |
Niels Möller | 105711e | 2022-06-14 13:48:26 | [diff] [blame] | 16 | #include "api/make_ref_counted.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 04:47:31 | [diff] [blame] | 17 | #include "rtc_base/checks.h" |
| 18 | #include "rtc_base/gunit.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 04:47:31 | [diff] [blame] | 19 | #include "rtc_base/thread.h" |
Yves Gerey | 3e70781 | 2018-11-28 15:47:49 | [diff] [blame] | 20 | #include "test/gtest.h" |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 21 | |
| 22 | namespace rtc { |
| 23 | |
Danil Chapovalov | b7da816 | 2022-08-22 14:39:34 | [diff] [blame] | 24 | class RTCCertificateGeneratorFixture { |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 25 | public: |
| 26 | RTCCertificateGeneratorFixture() |
| 27 | : signaling_thread_(Thread::Current()), |
tommi | e725159 | 2017-07-14 21:44:46 | [diff] [blame] | 28 | worker_thread_(Thread::Create()), |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 29 | generate_async_completed_(false) { |
| 30 | RTC_CHECK(signaling_thread_); |
| 31 | RTC_CHECK(worker_thread_->Start()); |
| 32 | generator_.reset( |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 33 | new RTCCertificateGenerator(signaling_thread_, worker_thread_.get())); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 34 | } |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 35 | |
| 36 | RTCCertificateGenerator* generator() const { return generator_.get(); } |
| 37 | RTCCertificate* certificate() const { return certificate_.get(); } |
| 38 | |
Danil Chapovalov | b7da816 | 2022-08-22 14:39:34 | [diff] [blame] | 39 | RTCCertificateGeneratorInterface::Callback OnGenerated() { |
| 40 | return [this](scoped_refptr<RTCCertificate> certificate) mutable { |
| 41 | RTC_CHECK(signaling_thread_->IsCurrent()); |
| 42 | certificate_ = std::move(certificate); |
| 43 | generate_async_completed_ = true; |
| 44 | }; |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 45 | } |
| 46 | |
| 47 | bool GenerateAsyncCompleted() { |
| 48 | RTC_CHECK(signaling_thread_->IsCurrent()); |
| 49 | if (generate_async_completed_) { |
| 50 | // Reset flag so that future generation requests are not considered done. |
| 51 | generate_async_completed_ = false; |
| 52 | return true; |
| 53 | } |
| 54 | return false; |
| 55 | } |
| 56 | |
| 57 | protected: |
| 58 | Thread* const signaling_thread_; |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 59 | std::unique_ptr<Thread> worker_thread_; |
| 60 | std::unique_ptr<RTCCertificateGenerator> generator_; |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 61 | scoped_refptr<RTCCertificate> certificate_; |
| 62 | bool generate_async_completed_; |
| 63 | }; |
| 64 | |
Mirko Bonadei | 6a489f2 | 2019-04-09 13:11:12 | [diff] [blame] | 65 | class RTCCertificateGeneratorTest : public ::testing::Test { |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 66 | public: |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 67 | protected: |
Mirko Bonadei | f7f6870 | 2020-04-15 07:55:03 | [diff] [blame] | 68 | static constexpr int kGenerationTimeoutMs = 10000; |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 69 | |
Niels Möller | 83830f3 | 2022-05-20 07:12:57 | [diff] [blame] | 70 | rtc::AutoThread main_thread_; |
Danil Chapovalov | b7da816 | 2022-08-22 14:39:34 | [diff] [blame] | 71 | RTCCertificateGeneratorFixture fixture_; |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 72 | }; |
| 73 | |
| 74 | TEST_F(RTCCertificateGeneratorTest, GenerateECDSA) { |
Danil Chapovalov | 0a1d189 | 2018-06-21 09:48:25 | [diff] [blame] | 75 | EXPECT_TRUE(RTCCertificateGenerator::GenerateCertificate(KeyParams::ECDSA(), |
| 76 | absl::nullopt)); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 77 | } |
| 78 | |
| 79 | TEST_F(RTCCertificateGeneratorTest, GenerateRSA) { |
Danil Chapovalov | 0a1d189 | 2018-06-21 09:48:25 | [diff] [blame] | 80 | EXPECT_TRUE(RTCCertificateGenerator::GenerateCertificate(KeyParams::RSA(), |
| 81 | absl::nullopt)); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 82 | } |
| 83 | |
| 84 | TEST_F(RTCCertificateGeneratorTest, GenerateAsyncECDSA) { |
Danil Chapovalov | b7da816 | 2022-08-22 14:39:34 | [diff] [blame] | 85 | EXPECT_FALSE(fixture_.certificate()); |
| 86 | fixture_.generator()->GenerateCertificateAsync( |
| 87 | KeyParams::ECDSA(), absl::nullopt, fixture_.OnGenerated()); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 88 | // Until generation has completed, the certificate is null. Since this is an |
| 89 | // async call, generation must not have completed until we process messages |
Artem Titov | 96e3b99 | 2021-07-26 14:03:14 | [diff] [blame] | 90 | // posted to this thread (which is done by `EXPECT_TRUE_WAIT`). |
Danil Chapovalov | b7da816 | 2022-08-22 14:39:34 | [diff] [blame] | 91 | EXPECT_FALSE(fixture_.GenerateAsyncCompleted()); |
| 92 | EXPECT_FALSE(fixture_.certificate()); |
| 93 | EXPECT_TRUE_WAIT(fixture_.GenerateAsyncCompleted(), kGenerationTimeoutMs); |
| 94 | EXPECT_TRUE(fixture_.certificate()); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 95 | } |
| 96 | |
| 97 | TEST_F(RTCCertificateGeneratorTest, GenerateWithExpires) { |
| 98 | // By generating two certificates with different expiration we can compare the |
| 99 | // two expiration times relative to each other without knowing the current |
| 100 | // time relative to epoch, 1970-01-01T00:00:00Z. This verifies that the |
| 101 | // expiration parameter is correctly used relative to the generator's clock, |
| 102 | // but does not verify that this clock is relative to epoch. |
| 103 | |
| 104 | // Generate a certificate that expires immediately. |
| 105 | scoped_refptr<RTCCertificate> cert_a = |
Danil Chapovalov | 0a1d189 | 2018-06-21 09:48:25 | [diff] [blame] | 106 | RTCCertificateGenerator::GenerateCertificate(KeyParams::ECDSA(), 0); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 107 | EXPECT_TRUE(cert_a); |
| 108 | |
| 109 | // Generate a certificate that expires in one minute. |
| 110 | const uint64_t kExpiresMs = 60000; |
| 111 | scoped_refptr<RTCCertificate> cert_b = |
Danil Chapovalov | 0a1d189 | 2018-06-21 09:48:25 | [diff] [blame] | 112 | RTCCertificateGenerator::GenerateCertificate(KeyParams::ECDSA(), |
| 113 | kExpiresMs); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 114 | EXPECT_TRUE(cert_b); |
| 115 | |
Artem Titov | 96e3b99 | 2021-07-26 14:03:14 | [diff] [blame] | 116 | // Verify that `cert_b` expires approximately `kExpiresMs` after `cert_a` |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 117 | // (allowing a +/- 1 second plus maximum generation time difference). |
| 118 | EXPECT_GT(cert_b->Expires(), cert_a->Expires()); |
| 119 | uint64_t expires_diff = cert_b->Expires() - cert_a->Expires(); |
| 120 | EXPECT_GE(expires_diff, kExpiresMs); |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 121 | EXPECT_LE(expires_diff, kExpiresMs + 2 * kGenerationTimeoutMs + 1000); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 122 | } |
| 123 | |
| 124 | TEST_F(RTCCertificateGeneratorTest, GenerateWithInvalidParamsShouldFail) { |
| 125 | KeyParams invalid_params = KeyParams::RSA(0, 0); |
| 126 | EXPECT_FALSE(invalid_params.IsValid()); |
| 127 | |
Danil Chapovalov | 0a1d189 | 2018-06-21 09:48:25 | [diff] [blame] | 128 | EXPECT_FALSE(RTCCertificateGenerator::GenerateCertificate(invalid_params, |
| 129 | absl::nullopt)); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 130 | |
Danil Chapovalov | b7da816 | 2022-08-22 14:39:34 | [diff] [blame] | 131 | fixture_.generator()->GenerateCertificateAsync(invalid_params, absl::nullopt, |
| 132 | fixture_.OnGenerated()); |
| 133 | EXPECT_TRUE_WAIT(fixture_.GenerateAsyncCompleted(), kGenerationTimeoutMs); |
| 134 | EXPECT_FALSE(fixture_.certificate()); |
Henrik Boström | da3a1da | 2016-04-15 15:55:21 | [diff] [blame] | 135 | } |
| 136 | |
| 137 | } // namespace rtc |