Reland of Add CheckOCSPDateValid() to net/cert/internal

net/cert/internal/parse_ocsp_unittest.cc

Index: net/cert/internal/parse_ocsp_unittest.cc
diff --git a/net/cert/internal/parse_ocsp_unittest.cc b/net/cert/internal/parse_ocsp_unittest.cc
index c0fc061b5e43243f39d156444df42a61f38915e5..bc4e1e1ebe14930727397707a95423a472081e96 100644
--- a/net/cert/internal/parse_ocsp_unittest.cc
+++ b/net/cert/internal/parse_ocsp_unittest.cc
@@ -8,6 +8,7 @@
 #include "base/logging.h"
 #include "net/cert/internal/test_helpers.h"
 #include "net/cert/x509_certificate.h"
+#include "net/der/encode_values.h"
 #include "net/test/test_data_directory.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -15,6 +16,8 @@ namespace net {
 
 namespace {
 
+const base::TimeDelta kOCSPAgeOneWeek = base::TimeDelta::FromDays(7);

[Lei Zhang, 2016/07/14 10:39:50]

Not 100% sure if this adds a static initializer, but since this is in a unit
test and we don't check unit test binaries... *shrug*

[dadrian, 2016/07/14 17:37:29]

IIRC it does not, since TimeDelta::FromDays is constexpr.

+
 std::string GetFilePath(const std::string& file_name) {
   return std::string("net/data/parse_ocsp_unittest/") + file_name;
 }
@@ -182,4 +185,131 @@ TEST(ParseOCSPTest, OCSPMissingResponse) {
   ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem"));
 }
 
+TEST(OCSPDateTest, Valid) {
+  OCSPSingleResponse response;
+
+  base::Time now = base::Time::Now();
+  base::Time this_update = now - base::TimeDelta::FromHours(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+  EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+
+  base::Time next_update = this_update + base::TimeDelta::FromDays(7);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));
+  response.has_next_update = true;
+  EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+}
+
+TEST(OCSPDateTest, ThisUpdateInTheFuture) {
+  OCSPSingleResponse response;
+
+  base::Time now = base::Time::Now();
+  base::Time this_update = now + base::TimeDelta::FromHours(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+  EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+
+  base::Time next_update = this_update + base::TimeDelta::FromDays(7);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));
+  response.has_next_update = true;
+  EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+}
+
+TEST(OCSPDateTest, NextUpdatePassed) {
+  OCSPSingleResponse response;
+
+  base::Time now = base::Time::Now();
+  base::Time this_update = now - base::TimeDelta::FromDays(6);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+  EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+
+  base::Time next_update = now - base::TimeDelta::FromHours(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));
+  response.has_next_update = true;
+  EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+}
+
+TEST(OCSPDateTest, NextUpdateBeforeThisUpdate) {
+  OCSPSingleResponse response;
+
+  base::Time now = base::Time::Now();
+  base::Time this_update = now - base::TimeDelta::FromDays(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+  EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+
+  base::Time next_update = this_update - base::TimeDelta::FromDays(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));
+  response.has_next_update = true;
+  EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+}
+
+TEST(OCSPDateTest, ThisUpdateOlderThanMaxAge) {
+  OCSPSingleResponse response;
+
+  base::Time now = base::Time::Now();
+  base::Time this_update = now - kOCSPAgeOneWeek;
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+  EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+
+  base::Time next_update = now + base::TimeDelta::FromHours(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));
+  response.has_next_update = true;
+  EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+
+  ASSERT_TRUE(der::EncodeTimeAsGeneralizedTime(
+      this_update - base::TimeDelta::FromSeconds(1), &response.this_update));
+  response.has_next_update = false;
+  EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+  response.has_next_update = true;
+  EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));
+}
+
+TEST(OCSPDateTest, VerifyTimeFromBeforeWindowsEpoch) {
+  OCSPSingleResponse response;
+  base::Time windows_epoch;
+  base::Time verify_time = windows_epoch - base::TimeDelta::FromDays(1);
+
+  base::Time now = base::Time::Now();
+  base::Time this_update = now - base::TimeDelta::FromHours(1);
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+  EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));
+
+  base::Time next_update = this_update + kOCSPAgeOneWeek;
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));
+  response.has_next_update = true;
+  EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));
+}
+
+TEST(OCSPDateTest, VerifyTimeMinusAgeFromBeforeWindowsEpoch) {
+  OCSPSingleResponse response;
+  base::Time windows_epoch;
+  base::Time verify_time = windows_epoch + base::TimeDelta::FromDays(1);
+
+  base::Time this_update = windows_epoch;
+  ASSERT_TRUE(
+      der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));
+  response.has_next_update = false;
+#ifdef OS_WIN

[Lei Zhang, 2016/07/14 10:39:50]

#if defined(OS_WIN)

[dadrian, 2016/07/14 17:37:29]

Done.

+  EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));
+#else
+  EXPECT_TRUE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));
+#endif
+}
+
 }  // namespace net