security: Make self-signed certificate valid from 1970-01-01 to now()+20 years
Previously set now()+1000 years doesn't work because of the bug #3915
Change-Id: Ia83a0bc921f49424fc19bcd15aad642a87e76803
diff --git a/src/security/v2/key-chain.cpp b/src/security/v2/key-chain.cpp
index f3ebc62..de9281d 100644
--- a/src/security/v2/key-chain.cpp
+++ b/src/security/v2/key-chain.cpp
@@ -568,8 +568,10 @@
// set signature-info
SignatureInfo signatureInfo;
- signatureInfo.setValidityPeriod(ValidityPeriod(time::system_clock::now(),
- time::system_clock::now() + time::days(1000 * 365)));
+ // Note time::system_clock::max() or other NotAfter date results in incorrect encoded value
+ // because of overflow during conversion to boost::posix_time::ptime (bug #3915).
+ signatureInfo.setValidityPeriod(ValidityPeriod(time::system_clock::TimePoint(),
+ time::system_clock::now() + time::days(20 * 365)));
sign(certificate, SigningInfo(key).setSignatureInfo(signatureInfo));
diff --git a/tests/unit-tests/security/v2/key-chain.t.cpp b/tests/unit-tests/security/v2/key-chain.t.cpp
index 8ce962e..f67e30c 100644
--- a/tests/unit-tests/security/v2/key-chain.t.cpp
+++ b/tests/unit-tests/security/v2/key-chain.t.cpp
@@ -24,7 +24,7 @@
#include "boost-test.hpp"
#include "unit-tests/test-home-env-saver.hpp"
-#include "test-home-fixture.hpp"
+#include "identity-management-fixture.hpp"
#include "validator.hpp"
namespace ndn {
@@ -168,30 +168,6 @@
BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
}
-// @TODO Delete after upgrade of the existing management fixture
-class IdentityManagementFixture
-{
-public:
- IdentityManagementFixture()
- : m_keyChain("pib-memory:", "tpm-memory:")
- {
- }
-
- Identity
- addIdentity(const Name& identityName, const KeyParams& params = KeyChain::getDefaultKeyParams())
- {
- Identity identity = m_keyChain.createIdentity(identityName, params);
- m_identities.push_back(identity);
- return identity;
- }
-
-protected:
- KeyChain m_keyChain;
-
-private:
- std::vector<Identity> m_identities;
-};
-
BOOST_FIXTURE_TEST_CASE(Management, IdentityManagementFixture)
{
Name identityName("/test/id");
@@ -407,8 +383,19 @@
BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(cert.getKeyName()), false);
}
+BOOST_FIXTURE_TEST_CASE(SelfSignedCertValidity, IdentityManagementFixture)
+{
+ Certificate cert = addIdentity("/Security/V2/TestKeyChain/SelfSignedCertValidity")
+ .getDefaultKey()
+ .getDefaultCertificate();
+ BOOST_CHECK(cert.isValid());
+ BOOST_CHECK(cert.isValid(time::system_clock::now() + time::days(10 * 365)));
+ BOOST_CHECK_GT(cert.getValidityPeriod().getPeriod().second,
+ time::system_clock::now() + time::days(10 * 365));
+}
+
BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
-BOOST_AUTO_TEST_SUITE_END() // Tmp
+BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
diff --git a/tests/unit-tests/util/time.t.cpp b/tests/unit-tests/util/time.t.cpp
index 74d893c..217eff8 100644
--- a/tests/unit-tests/util/time.t.cpp
+++ b/tests/unit-tests/util/time.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -24,6 +24,7 @@
#include "boost-test.hpp"
namespace ndn {
+namespace time {
namespace tests {
BOOST_AUTO_TEST_SUITE(Util)
@@ -31,58 +32,68 @@
BOOST_AUTO_TEST_CASE(SystemClock)
{
- time::system_clock::TimePoint value = time::system_clock::now();
- time::system_clock::TimePoint referenceTime =
- time::fromUnixTimestamp(time::milliseconds(1390966967032LL));
+ system_clock::TimePoint value = system_clock::now();
+ system_clock::TimePoint referenceTime = fromUnixTimestamp(milliseconds(1390966967032LL));
BOOST_CHECK_GT(value, referenceTime);
- BOOST_CHECK_EQUAL(time::toIsoString(referenceTime), "20140129T034247.032000");
- BOOST_CHECK_EQUAL(time::toString(referenceTime), "2014-01-29 03:42:47");
- BOOST_CHECK_EQUAL(time::toString(referenceTime), "2014-01-29 03:42:47");
+ BOOST_CHECK_EQUAL(toIsoString(referenceTime), "20140129T034247.032000");
+ BOOST_CHECK_EQUAL(toString(referenceTime), "2014-01-29 03:42:47");
+ BOOST_CHECK_EQUAL(toString(referenceTime), "2014-01-29 03:42:47");
// Unfortunately, not all systems has lv_LV locale installed :(
- // BOOST_CHECK_EQUAL(time::toString(referenceTime, "%Y. gada %d. %B",
+ // BOOST_CHECK_EQUAL(toString(referenceTime, "%Y. gada %d. %B",
// std::locale("lv_LV.UTF-8")),
// "2014. gada 29. Janvāris");
- BOOST_CHECK_EQUAL(time::toString(referenceTime, "%Y -- %d -- %B",
+ BOOST_CHECK_EQUAL(toString(referenceTime, "%Y -- %d -- %B",
std::locale("C")),
"2014 -- 29 -- January");
- BOOST_CHECK_EQUAL(time::fromIsoString("20140129T034247.032000"), referenceTime);
- BOOST_CHECK_EQUAL(time::fromIsoString("20140129T034247.032000Z"), referenceTime);
- BOOST_CHECK_EQUAL(time::fromString("2014-01-29 03:42:47"),
- time::fromUnixTimestamp(time::seconds(1390966967)));
+ BOOST_CHECK_EQUAL(fromIsoString("20140129T034247.032000"), referenceTime);
+ BOOST_CHECK_EQUAL(fromIsoString("20140129T034247.032000Z"), referenceTime);
+ BOOST_CHECK_EQUAL(fromString("2014-01-29 03:42:47"),
+ fromUnixTimestamp(seconds(1390966967)));
// Unfortunately, not all systems has lv_LV locale installed :(
- // BOOST_CHECK_EQUAL(time::fromString("2014. gada 29. Janvāris", "%Y. gada %d. %B",
+ // BOOST_CHECK_EQUAL(fromString("2014. gada 29. Janvāris", "%Y. gada %d. %B",
// std::locale("lv_LV.UTF-8")),
- // time::fromUnixTimestamp(time::seconds(1390953600)));
+ // fromUnixTimestamp(seconds(1390953600)));
- BOOST_CHECK_EQUAL(time::fromString("2014 -- 29 -- January", "%Y -- %d -- %B",
+ BOOST_CHECK_EQUAL(fromString("2014 -- 29 -- January", "%Y -- %d -- %B",
std::locale("C")),
- time::fromUnixTimestamp(time::seconds(1390953600)));
+ fromUnixTimestamp(seconds(1390953600)));
}
BOOST_AUTO_TEST_CASE(SteadyClock)
{
- time::steady_clock::TimePoint oldValue = time::steady_clock::now();
+ steady_clock::TimePoint oldValue = steady_clock::now();
usleep(100);
- time::steady_clock::TimePoint newValue = time::steady_clock::now();
+ steady_clock::TimePoint newValue = steady_clock::now();
BOOST_CHECK_GT(newValue, oldValue);
}
BOOST_AUTO_TEST_CASE(Abs)
{
- BOOST_CHECK_EQUAL(time::abs(time::nanoseconds(24422)), time::nanoseconds(24422));
- BOOST_CHECK_EQUAL(time::abs(time::microseconds(0)), time::microseconds(0));
- BOOST_CHECK_EQUAL(time::abs(time::milliseconds(-15583)), time::milliseconds(15583));
+ BOOST_CHECK_EQUAL(abs(nanoseconds(24422)), nanoseconds(24422));
+ BOOST_CHECK_EQUAL(abs(microseconds(0)), microseconds(0));
+ BOOST_CHECK_EQUAL(abs(milliseconds(-15583)), milliseconds(15583));
+}
+
+BOOST_AUTO_TEST_CASE_EXPECTED_FAILURES(LargeDates, 1)
+BOOST_AUTO_TEST_CASE(LargeDates)
+{
+ system_clock::TimePoint value = fromUnixTimestamp(milliseconds(1390966967032LL));
+ BOOST_CHECK_EQUAL(toIsoString(value), "20140129T034247.032000");
+
+ value += days(365 * 100 + 25 - 1); // 36524 days
+ BOOST_CHECK_EQUAL(toIsoString(value), "21140129T034247.032000");
}
BOOST_AUTO_TEST_SUITE_END() // TestTime
BOOST_AUTO_TEST_SUITE_END() // Util
} // namespace tests
+} // namespace time
} // namespace ndn