Revert of RTCCertificate::Expires() and ::HasExpired() implemented (patchset #5 id:140001 of https://codereview.webrtc.org/1494103003/ )
Reason for revert:
RTCCertificate's expires_timestamp_ns was renamed to Expires but the old function is still used in one place in Chromium...
https://uberchromegw.corp.google.com/i/chromium.webrtc.fyi/builders/Mac%20Builder/builds/7405
Original issue's description:
> RTCCertificate::Expires() and ::HasExpired() implemented using SSLCertificate::CertificateExpirationTime().
>
> NOPRESUBMIT=true
> BUG=chromium:544894
>
> Committed: https://crrev.com/20ef654174e245b3a06c9e9045bb97be9acd90cf
> Cr-Commit-Position: refs/heads/master@{#10930}
TBR=torbjorng@webrtc.org,hta@webrtc.org,kjellander@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:544894
Review URL: https://codereview.webrtc.org/1506883005
Cr-Commit-Position: refs/heads/master@{#10933}
diff --git a/webrtc/base/base_tests.gyp b/webrtc/base/base_tests.gyp
index 1da93de..23b1f9a 100644
--- a/webrtc/base/base_tests.gyp
+++ b/webrtc/base/base_tests.gyp
@@ -88,7 +88,6 @@
'ratetracker_unittest.cc',
'referencecountedsingletonfactory_unittest.cc',
'rollingaccumulator_unittest.cc',
- 'rtccertificate_unittests.cc',
'scopedptrcollection_unittest.cc',
'sha1digest_unittest.cc',
'sharedexclusivelock_unittest.cc',
diff --git a/webrtc/base/fakesslidentity.h b/webrtc/base/fakesslidentity.h
index ec603a5..69d590b 100644
--- a/webrtc/base/fakesslidentity.h
+++ b/webrtc/base/fakesslidentity.h
@@ -25,11 +25,9 @@
// SHA-1 is the default digest algorithm because it is available in all build
// configurations used for unit testing.
explicit FakeSSLCertificate(const std::string& data)
- : data_(data), digest_algorithm_(DIGEST_SHA_1), expiration_time_(-1) {}
+ : data_(data), digest_algorithm_(DIGEST_SHA_1) {}
explicit FakeSSLCertificate(const std::vector<std::string>& certs)
- : data_(certs.front()),
- digest_algorithm_(DIGEST_SHA_1),
- expiration_time_(-1) {
+ : data_(certs.front()), digest_algorithm_(DIGEST_SHA_1) {
std::vector<std::string>::const_iterator it;
// Skip certs[0].
for (it = certs.begin() + 1; it != certs.end(); ++it) {
@@ -47,12 +45,7 @@
VERIFY(SSLIdentity::PemToDer(kPemTypeCertificate, data_, &der_string));
der_buffer->SetData(der_string.c_str(), der_string.size());
}
- int64_t CertificateExpirationTime() const override {
- return expiration_time_;
- }
- void SetCertificateExpirationTime(int64_t expiration_time) {
- expiration_time_ = expiration_time;
- }
+ int64_t CertificateExpirationTime() const override { return -1; }
void set_digest_algorithm(const std::string& algorithm) {
digest_algorithm_ = algorithm;
}
@@ -86,8 +79,6 @@
std::string data_;
std::vector<FakeSSLCertificate> certs_;
std::string digest_algorithm_;
- // Expiration time in seconds relative to epoch, 1970-01-01T00:00:00Z (UTC).
- int64_t expiration_time_;
};
class FakeSSLIdentity : public rtc::SSLIdentity {
diff --git a/webrtc/base/rtccertificate.cc b/webrtc/base/rtccertificate.cc
index 7b764bd..a176d90 100644
--- a/webrtc/base/rtccertificate.cc
+++ b/webrtc/base/rtccertificate.cc
@@ -11,6 +11,7 @@
#include "webrtc/base/rtccertificate.h"
#include "webrtc/base/checks.h"
+#include "webrtc/base/timeutils.h"
namespace rtc {
@@ -27,16 +28,13 @@
RTCCertificate::~RTCCertificate() {
}
-uint64_t RTCCertificate::Expires() const {
- int64_t expires = ssl_certificate().CertificateExpirationTime();
- if (expires != -1)
- return static_cast<uint64_t>(expires) * kNumMillisecsPerSec;
- // If the expiration time could not be retrieved return an expired timestamp.
- return 0; // = 1970-01-01
+uint64_t RTCCertificate::expires_timestamp_ns() const {
+ // TODO(hbos): Update once SSLIdentity/SSLCertificate supports expires field.
+ return 0;
}
-bool RTCCertificate::HasExpired(uint64_t now) const {
- return Expires() <= now;
+bool RTCCertificate::HasExpired() const {
+ return expires_timestamp_ns() <= TimeNanos();
}
const SSLCertificate& RTCCertificate::ssl_certificate() const {
diff --git a/webrtc/base/rtccertificate.h b/webrtc/base/rtccertificate.h
index 600739b..d238938 100644
--- a/webrtc/base/rtccertificate.h
+++ b/webrtc/base/rtccertificate.h
@@ -27,11 +27,8 @@
// Takes ownership of |identity|.
static scoped_refptr<RTCCertificate> Create(scoped_ptr<SSLIdentity> identity);
- // Returns the expiration time in ms relative to epoch, 1970-01-01T00:00:00Z.
- uint64_t Expires() const;
- // Checks if the certificate has expired, where |now| is expressed in ms
- // relative to epoch, 1970-01-01T00:00:00Z.
- bool HasExpired(uint64_t now) const;
+ uint64_t expires_timestamp_ns() const;
+ bool HasExpired() const;
const SSLCertificate& ssl_certificate() const;
// TODO(hbos): If possible, remove once RTCCertificate and its
diff --git a/webrtc/base/rtccertificate_unittests.cc b/webrtc/base/rtccertificate_unittests.cc
deleted file mode 100644
index 3e9439f..0000000
--- a/webrtc/base/rtccertificate_unittests.cc
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright 2015 The WebRTC Project Authors. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#include "webrtc/base/checks.h"
-#include "webrtc/base/fakesslidentity.h"
-#include "webrtc/base/gunit.h"
-#include "webrtc/base/logging.h"
-#include "webrtc/base/rtccertificate.h"
-#include "webrtc/base/safe_conversions.h"
-#include "webrtc/base/scoped_ptr.h"
-#include "webrtc/base/sslidentity.h"
-#include "webrtc/base/thread.h"
-#include "webrtc/base/timeutils.h"
-
-namespace rtc {
-
-namespace {
-
-static const char* kTestCertCommonName = "RTCCertificateTest's certificate";
-
-} // namespace
-
-class RTCCertificateTest : public testing::Test {
- public:
- RTCCertificateTest() {}
- ~RTCCertificateTest() {}
-
- protected:
- // Timestamp note:
- // All timestamps in this unittest are expressed in number of seconds since
- // epoch, 1970-01-01T00:00:00Z (UTC). The RTCCertificate interface uses ms,
- // but only seconds-precision is supported by SSLCertificate. To make the
- // tests clearer we convert everything to seconds since the precision matters
- // when generating certificates or comparing timestamps.
- // As a result, ExpiresSeconds and HasExpiredSeconds are used instead of
- // RTCCertificate::Expires and ::HasExpired for ms -> s conversion.
-
- uint64_t NowSeconds() const {
- return TimeNanos() / kNumNanosecsPerSec;
- }
-
- uint64_t ExpiresSeconds(const scoped_refptr<RTCCertificate>& cert) const {
- uint64_t exp_ms = cert->Expires();
- uint64_t exp_s = exp_ms / kNumMillisecsPerSec;
- // Make sure this did not result in loss of precision.
- RTC_CHECK_EQ(exp_s * kNumMillisecsPerSec, exp_ms);
- return exp_s;
- }
-
- bool HasExpiredSeconds(const scoped_refptr<RTCCertificate>& cert,
- uint64_t now_s) const {
- return cert->HasExpired(now_s * kNumMillisecsPerSec);
- }
-
- // An RTC_CHECK ensures that |expires_s| this is in valid range of time_t as
- // is required by SSLIdentityParams. On some 32-bit systems time_t is limited
- // to < 2^31. On such systems this will fail for expiration times of year 2038
- // or later.
- scoped_refptr<RTCCertificate> GenerateCertificateWithExpires(
- uint64_t expires_s) const {
- RTC_CHECK(IsValueInRangeForNumericType<time_t>(expires_s));
-
- SSLIdentityParams params;
- params.common_name = kTestCertCommonName;
- params.not_before = 0;
- params.not_after = static_cast<time_t>(expires_s);
- // Certificate type does not matter for our purposes, using ECDSA because it
- // is fast to generate.
- params.key_params = KeyParams::ECDSA();
-
- scoped_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params));
- return RTCCertificate::Create(identity.Pass());
- }
-};
-
-TEST_F(RTCCertificateTest, NewCertificateNotExpired) {
- // Generate a real certificate without specifying the expiration time.
- // Certificate type doesn't matter, using ECDSA because it's fast to generate.
- scoped_ptr<SSLIdentity> identity(
- SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA()));
- scoped_refptr<RTCCertificate> certificate =
- RTCCertificate::Create(identity.Pass());
-
- uint64_t now = NowSeconds();
- EXPECT_FALSE(HasExpiredSeconds(certificate, now));
- // Even without specifying the expiration time we would expect it to be valid
- // for at least half an hour.
- EXPECT_FALSE(HasExpiredSeconds(certificate, now + 30*60));
-}
-
-TEST_F(RTCCertificateTest, UsesExpiresAskedFor) {
- uint64_t now = NowSeconds();
- scoped_refptr<RTCCertificate> certificate =
- GenerateCertificateWithExpires(now);
- EXPECT_EQ(now, ExpiresSeconds(certificate));
-}
-
-TEST_F(RTCCertificateTest, ExpiresInOneSecond) {
- // Generate a certificate that expires in 1s.
- uint64_t now = NowSeconds();
- scoped_refptr<RTCCertificate> certificate =
- GenerateCertificateWithExpires(now + 1);
- // Now it should not have expired.
- EXPECT_FALSE(HasExpiredSeconds(certificate, now));
- // In 2s it should have expired.
- EXPECT_TRUE(HasExpiredSeconds(certificate, now + 2));
-}
-
-} // namespace rtc
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h
index a143ee4..b8063ce 100644
--- a/webrtc/base/sslidentity.h
+++ b/webrtc/base/sslidentity.h
@@ -70,8 +70,7 @@
size_t size,
size_t* length) const = 0;
- // Returns the time in seconds relative to epoch, 1970-01-01T00:00:00Z (UTC),
- // or -1 if an expiration time could not be retrieved.
+ // Returns the time in seconds relative to epoch.
virtual int64_t CertificateExpirationTime() const = 0;
};
