1 /*
2 * Copyright 2016 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include "rtc_base/rtc_certificate_generator.h"
12
13 #include <memory>
14
15 #include "absl/types/optional.h"
16 #include "api/make_ref_counted.h"
17 #include "rtc_base/checks.h"
18 #include "rtc_base/gunit.h"
19 #include "rtc_base/thread.h"
20 #include "test/gtest.h"
21
22 namespace rtc {
23
24 class RTCCertificateGeneratorFixture {
25 public:
RTCCertificateGeneratorFixture()26 RTCCertificateGeneratorFixture()
27 : signaling_thread_(Thread::Current()),
28 worker_thread_(Thread::Create()),
29 generate_async_completed_(false) {
30 RTC_CHECK(signaling_thread_);
31 RTC_CHECK(worker_thread_->Start());
32 generator_.reset(
33 new RTCCertificateGenerator(signaling_thread_, worker_thread_.get()));
34 }
35
generator() const36 RTCCertificateGenerator* generator() const { return generator_.get(); }
certificate() const37 RTCCertificate* certificate() const { return certificate_.get(); }
38
OnGenerated()39 RTCCertificateGeneratorInterface::Callback OnGenerated() {
40 return [this](scoped_refptr<RTCCertificate> certificate) mutable {
41 RTC_CHECK(signaling_thread_->IsCurrent());
42 certificate_ = std::move(certificate);
43 generate_async_completed_ = true;
44 };
45 }
46
GenerateAsyncCompleted()47 bool GenerateAsyncCompleted() {
48 RTC_CHECK(signaling_thread_->IsCurrent());
49 if (generate_async_completed_) {
50 // Reset flag so that future generation requests are not considered done.
51 generate_async_completed_ = false;
52 return true;
53 }
54 return false;
55 }
56
57 protected:
58 Thread* const signaling_thread_;
59 std::unique_ptr<Thread> worker_thread_;
60 std::unique_ptr<RTCCertificateGenerator> generator_;
61 scoped_refptr<RTCCertificate> certificate_;
62 bool generate_async_completed_;
63 };
64
65 class RTCCertificateGeneratorTest : public ::testing::Test {
66 public:
67 protected:
68 static constexpr int kGenerationTimeoutMs = 10000;
69
70 rtc::AutoThread main_thread_;
71 RTCCertificateGeneratorFixture fixture_;
72 };
73
TEST_F(RTCCertificateGeneratorTest,GenerateECDSA)74 TEST_F(RTCCertificateGeneratorTest, GenerateECDSA) {
75 EXPECT_TRUE(RTCCertificateGenerator::GenerateCertificate(KeyParams::ECDSA(),
76 absl::nullopt));
77 }
78
TEST_F(RTCCertificateGeneratorTest,GenerateRSA)79 TEST_F(RTCCertificateGeneratorTest, GenerateRSA) {
80 EXPECT_TRUE(RTCCertificateGenerator::GenerateCertificate(KeyParams::RSA(),
81 absl::nullopt));
82 }
83
TEST_F(RTCCertificateGeneratorTest,GenerateAsyncECDSA)84 TEST_F(RTCCertificateGeneratorTest, GenerateAsyncECDSA) {
85 EXPECT_FALSE(fixture_.certificate());
86 fixture_.generator()->GenerateCertificateAsync(
87 KeyParams::ECDSA(), absl::nullopt, fixture_.OnGenerated());
88 // Until generation has completed, the certificate is null. Since this is an
89 // async call, generation must not have completed until we process messages
90 // posted to this thread (which is done by `EXPECT_TRUE_WAIT`).
91 EXPECT_FALSE(fixture_.GenerateAsyncCompleted());
92 EXPECT_FALSE(fixture_.certificate());
93 EXPECT_TRUE_WAIT(fixture_.GenerateAsyncCompleted(), kGenerationTimeoutMs);
94 EXPECT_TRUE(fixture_.certificate());
95 }
96
TEST_F(RTCCertificateGeneratorTest,GenerateWithExpires)97 TEST_F(RTCCertificateGeneratorTest, GenerateWithExpires) {
98 // By generating two certificates with different expiration we can compare the
99 // two expiration times relative to each other without knowing the current
100 // time relative to epoch, 1970-01-01T00:00:00Z. This verifies that the
101 // expiration parameter is correctly used relative to the generator's clock,
102 // but does not verify that this clock is relative to epoch.
103
104 // Generate a certificate that expires immediately.
105 scoped_refptr<RTCCertificate> cert_a =
106 RTCCertificateGenerator::GenerateCertificate(KeyParams::ECDSA(), 0);
107 EXPECT_TRUE(cert_a);
108
109 // Generate a certificate that expires in one minute.
110 const uint64_t kExpiresMs = 60000;
111 scoped_refptr<RTCCertificate> cert_b =
112 RTCCertificateGenerator::GenerateCertificate(KeyParams::ECDSA(),
113 kExpiresMs);
114 EXPECT_TRUE(cert_b);
115
116 // Verify that `cert_b` expires approximately `kExpiresMs` after `cert_a`
117 // (allowing a +/- 1 second plus maximum generation time difference).
118 EXPECT_GT(cert_b->Expires(), cert_a->Expires());
119 uint64_t expires_diff = cert_b->Expires() - cert_a->Expires();
120 EXPECT_GE(expires_diff, kExpiresMs);
121 EXPECT_LE(expires_diff, kExpiresMs + 2 * kGenerationTimeoutMs + 1000);
122 }
123
TEST_F(RTCCertificateGeneratorTest,GenerateWithInvalidParamsShouldFail)124 TEST_F(RTCCertificateGeneratorTest, GenerateWithInvalidParamsShouldFail) {
125 KeyParams invalid_params = KeyParams::RSA(0, 0);
126 EXPECT_FALSE(invalid_params.IsValid());
127
128 EXPECT_FALSE(RTCCertificateGenerator::GenerateCertificate(invalid_params,
129 absl::nullopt));
130
131 fixture_.generator()->GenerateCertificateAsync(invalid_params, absl::nullopt,
132 fixture_.OnGenerated());
133 EXPECT_TRUE_WAIT(fixture_.GenerateAsyncCompleted(), kGenerationTimeoutMs);
134 EXPECT_FALSE(fixture_.certificate());
135 }
136
137 } // namespace rtc
138