diff --git a/libwvdrmengine/cdm/core/include/device_files.h b/libwvdrmengine/cdm/core/include/device_files.h index b760d453..9dcf8143 100644 --- a/libwvdrmengine/cdm/core/include/device_files.h +++ b/libwvdrmengine/cdm/core/include/device_files.h @@ -23,6 +23,8 @@ namespace wvcdm { class FileSystem; +using video_widevine_client::sdk::DeviceCertificate; + class DeviceFiles { public: typedef enum { @@ -31,6 +33,24 @@ class DeviceFiles { kLicenseStateUnknown, } LicenseState; + typedef enum { + kCertificateValid, + kCertificateExpired, + kCertificateNotFound, + kCertificateInvalid, + kCannotHandle, + } CertificateState; + + // |kCertificateDefault| includes an expiration time set by the provisioning + // service. This will replace any legacy certificates, if a forced + // reprovisioning happens at the client or by the license service. + // ATSC certificates are unaffected and have an unlimited lifetime. + typedef enum { + kCertificateDefault, + kCertificateLegacy, + kCertificateAtsc, + } CertificateType; + // All error response codes start with 5000 to avoid overlap with other error // spaces. enum ResponseType { @@ -100,12 +120,19 @@ class DeviceFiles { // and used but not written or removed. virtual bool StoreCertificate(const std::string& certificate, const CryptoWrappedKey& private_key); - virtual bool RetrieveCertificate(bool atsc_mode_enabled, - std::string* certificate, - CryptoWrappedKey* private_key, - std::string* serial_number, - uint32_t* system_id); + virtual CertificateState RetrieveCertificate(bool atsc_mode_enabled, + std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id); virtual bool HasCertificate(bool atsc_mode_enabled); + // Retrieves the legacy DRM certificate without performing expiry + // related validation. Use this only when restoring/releasing + // licenses/usage entries + virtual bool RetrieveLegacyCertificate(std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id); virtual bool RemoveCertificate(); virtual bool StoreLicense(const CdmLicenseData& license_data, @@ -247,6 +274,21 @@ class DeviceFiles { virtual bool DeleteUsageTableInfo(); private: + // This method will retrieve the certificate and perform expiry validation + // appropriate for a given certificate type + CertificateState RetrieveCertificate(CertificateType certificate_type, + std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id); + bool HasCertificate(CertificateType certificate_type); + bool SetDeviceCertificate(const std::string& certificate, + const CryptoWrappedKey& wrapped_private_key, + DeviceCertificate* mutable_device_certificate); + bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate, + std::string* certificate, + CryptoWrappedKey* wrapped_private_key); + // Helpers that wrap the File interface and automatically handle hashing, as // well as adding the device files base path to to the file name. ResponseType StoreFileWithHash(const std::string& name, @@ -260,7 +302,8 @@ class DeviceFiles { bool RemoveFile(const std::string& name); ssize_t GetFileSize(const std::string& name); - static std::string GetCertificateFileName(bool atsc_mode_enabled); + static bool GetCertificateFileName(CertificateType certificate_type, + std::string* certificate_file_name); static std::string GetHlsAttributesFileNameExtension(); static std::string GetLicenseFileNameExtension(); static std::string GetUsageTableFileName(); @@ -268,18 +311,28 @@ class DeviceFiles { #if defined(UNIT_TEST) FRIEND_TEST(DeviceFilesSecurityLevelTest, SecurityLevel); - FRIEND_TEST(DeviceCertificateTest, StoreCertificate); FRIEND_TEST(DeviceCertificateTest, ReadCertificate); - FRIEND_TEST(DeviceCertificateTest, ReadCertificateWithoutKeyType); - FRIEND_TEST(DeviceCertificateTest, HasCertificate); FRIEND_TEST(DeviceFilesStoreTest, StoreLicense); FRIEND_TEST(DeviceFilesHlsAttributesTest, Delete); FRIEND_TEST(DeviceFilesHlsAttributesTest, Read); FRIEND_TEST(DeviceFilesHlsAttributesTest, Store); - FRIEND_TEST(DeviceFilesTest, DeleteLicense); - FRIEND_TEST(DeviceFilesTest, ReserveLicenseIdsDoesNotUseFileSystem); - FRIEND_TEST(DeviceFilesTest, RetrieveLicenses); FRIEND_TEST(DeviceFilesTest, AppParametersBackwardCompatibility); + FRIEND_TEST(DeviceFilesTest, DeleteLicense); + FRIEND_TEST(DeviceFilesTest, HasCertificateAtsc); + FRIEND_TEST(DeviceFilesTest, HasCertificateDefault); + FRIEND_TEST(DeviceFilesTest, HasCertificateLegacy); + FRIEND_TEST(DeviceFilesTest, HasCertificateNone); + FRIEND_TEST(DeviceFilesTest, ReserveLicenseIdsDoesNotUseFileSystem); + FRIEND_TEST(DeviceFilesTest, RetrieveAtscCertificate); + FRIEND_TEST(DeviceFilesTest, RetrieveAtscCertificateNotFound); + FRIEND_TEST(DeviceFilesTest, RetrieveCertificateWithoutKeyType); + FRIEND_TEST(DeviceFilesTest, RetrieveDefaultCertificate); + FRIEND_TEST(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires); + FRIEND_TEST(DeviceFilesTest, + RetrieveLegacyCertificateWithClientExpirationTime); + FRIEND_TEST(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime); + FRIEND_TEST(DeviceFilesTest, RetrieveLicenses); + FRIEND_TEST(DeviceFilesTest, StoreCertificateInvalidParams); FRIEND_TEST(DeviceFilesTest, StoreLicenses); FRIEND_TEST(DeviceFilesTest, UpdateLicenseState); FRIEND_TEST(DeviceFilesUsageInfoTest, Delete); @@ -289,6 +342,9 @@ class DeviceFiles { FRIEND_TEST(DeviceFilesUsageTableTest, Read); FRIEND_TEST(DeviceFilesUsageTableTest, Store); FRIEND_TEST(DeviceFilesUsageTableTest, ReadWithoutLruData); + FRIEND_TEST(RetrieveDefaultCertificateTest, ErrorScenarios); + FRIEND_TEST(RetrieveLegacyCertificateTest, ErrorScenarios); + FRIEND_TEST(StoreCertificateTest, DefaultAndLegacy); FRIEND_TEST(WvCdmRequestLicenseTest, UnprovisionTest); FRIEND_TEST(WvCdmRequestLicenseTest, ForceL3Test); FRIEND_TEST(WvCdmRequestLicenseTest, UsageInfoRetryTest); diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index 3091a723..4fa9f897 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -188,9 +188,9 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set, bool atsc_mode_enabled = false; if (cdm_client_property_set != nullptr) atsc_mode_enabled = cdm_client_property_set->use_atsc_mode(); - if (!file_handle_->RetrieveCertificate(atsc_mode_enabled, &client_token, - &private_key, &serial_number, - nullptr)) { + if (file_handle_->RetrieveCertificate( + atsc_mode_enabled, &client_token, &private_key, &serial_number, + nullptr) != DeviceFiles::kCertificateValid) { return NEED_PROVISIONING; } CdmResponseType load_cert_sts; diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index 27e01b9f..86be4100 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -15,6 +15,8 @@ #include "string_conversions.h" #include "wv_cdm_constants.h" +#include "clock.h" + namespace { const std::string kEmptyString; @@ -538,6 +540,18 @@ bool CertificateProvisioning::ExtractDeviceInfo( ? drm_certificate.expiration_time_seconds() : INVALID_TIME; } + /* + Clock clock; + //drm_certificate.set_expiration_time_seconds(clock.GetCurrentTime() + 10*365.25*24*60*60); + drm_certificate.set_creation_time_seconds(-5); + std::string serialized_drm_certificate; + drm_certificate.SerializeToString(&serialized_drm_certificate); + signed_drm_certificate.set_drm_certificate(serialized_drm_certificate); + std::string serialized_signed_drm_certificate; + signed_drm_certificate.SerializeToString(&serialized_signed_drm_certificate); + LOGE("serialized_signed_drm_certificate: (%zu) %s", serialized_signed_drm_certificate.size(), b2a_hex(serialized_signed_drm_certificate).c_str()); + */ + return true; } diff --git a/libwvdrmengine/cdm/core/src/device_files.cpp b/libwvdrmengine/cdm/core/src/device_files.cpp index 8fcea5e8..06ec4d9f 100644 --- a/libwvdrmengine/cdm/core/src/device_files.cpp +++ b/libwvdrmengine/cdm/core/src/device_files.cpp @@ -4,12 +4,15 @@ #include "device_files.h" +#include #include #include #include +#include "cdm_random.h" #include "certificate_provisioning.h" +#include "clock.h" #include "file_store.h" #include "license_protocol.pb.h" #include "log.h" @@ -43,6 +46,18 @@ using video_widevine_client::sdk:: // Example: STRINGIFY(this_argument) -> "this_argument" #define STRINGIFY(PARAM...) #PARAM +#define RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(PARAM) \ + if ((PARAM) == nullptr) { \ + LOGE("Output parameter |" STRINGIFY(PARAM) "| not provided"); \ + return DeviceFiles::kCannotHandle; \ + } + +#define RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_UNINITIALIZED() \ + if (!initialized_) { \ + LOGE("Device files is not initialized"); \ + return DeviceFiles::kCannotHandle; \ + } + #define RETURN_FALSE_IF_NULL(PARAM) \ if ((PARAM) == nullptr) { \ LOGE("Output parameter |" STRINGIFY(PARAM) "| not provided"); \ @@ -78,6 +93,7 @@ const char kLicenseFileNameExt[] = ".lic"; const char kEmptyFileName[] = ""; const char kUsageTableFileName[] = "usgtable.bin"; const char kWildcard[] = "*"; +constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60; } // namespace @@ -128,106 +144,259 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate, file.set_version(video_widevine_client::sdk::File::VERSION_1); DeviceCertificate* device_certificate = file.mutable_device_certificate(); - device_certificate->set_certificate(certificate); - device_certificate->set_wrapped_private_key(private_key.key()); - switch (private_key.type()) { - case CryptoWrappedKey::kRsa: - device_certificate->set_key_type(DeviceCertificate::RSA); - break; - case CryptoWrappedKey::kEcc: - device_certificate->set_key_type(DeviceCertificate::ECC); - break; - case CryptoWrappedKey::kUninitialized: // Suppress compiler warnings. - default: - LOGE("Unexpected key type"); - return false; + + int64_t creation_time_seconds; + int64_t expiration_time_seconds; + uint32_t system_id; + + if (!CertificateProvisioning::ExtractDeviceInfo( + certificate, nullptr, &system_id, &creation_time_seconds, + &expiration_time_seconds)) + return false; + + if (creation_time_seconds <= 0) { + LOGE("Invalid certificate creation time %" PRId64, creation_time_seconds); + return false; + } + + const bool default_certificate = expiration_time_seconds >= 0; + + if (!SetDeviceCertificate(certificate, private_key, device_certificate)) + return false; + + if (default_certificate) { + Clock clock; + device_certificate->set_acquisition_time_seconds(clock.GetCurrentTime()); + } else { + // Since certificates of type kCertificateAtsc are not allowed to be + // stored, this is a certificate of type kCertificateLegacy. + // The only time when a legacy certificate is stored is when it does not + // have an expiration time. Set expiration time to 6 months +- 2 months. + Clock clock; + const int64_t current_time = clock.GetCurrentTime(); + CdmRandomGenerator rng(current_time & 0xffffffff); + + device_certificate->set_expiration_time_seconds( + current_time + kFourMonthsInSeconds + + rng.RandomInRange(kFourMonthsInSeconds)); } std::string serialized_file; file.SerializeToString(&serialized_file); - return StoreFileWithHash(GetCertificateFileName(false), serialized_file) == - kNoError; + std::string certificate_file_name; + const CertificateType certificate_type = + default_certificate ? kCertificateDefault : kCertificateLegacy; + if (!GetCertificateFileName(certificate_type, &certificate_file_name)) { + LOGE("Unable to get certificate file name of type: %d", certificate_type); + return false; + } + return StoreFileWithHash(certificate_file_name, serialized_file) == kNoError; } -bool DeviceFiles::RetrieveCertificate(bool atsc_mode_enabled, - std::string* certificate, - CryptoWrappedKey* private_key, - std::string* serial_number, - uint32_t* system_id) { - RETURN_FALSE_IF_UNINITIALIZED(); - RETURN_FALSE_IF_NULL(certificate); - RETURN_FALSE_IF_NULL(private_key); +DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate( + bool atsc_mode_enabled, std::string* certificate, + CryptoWrappedKey* private_key, std::string* serial_number, + uint32_t* system_id) { + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_UNINITIALIZED(); + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(certificate); + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(private_key); if (!HasCertificate(atsc_mode_enabled)) { - return false; + LOGW("Unable to find certificate, atsc mode: %s", + atsc_mode_enabled ? "enabled" : "disabled"); + return kCertificateNotFound; + } + + if (atsc_mode_enabled) + return RetrieveCertificate(kCertificateAtsc, certificate, private_key, + serial_number, system_id); + + if (HasCertificate(kCertificateDefault)) + return RetrieveCertificate(kCertificateDefault, certificate, private_key, + serial_number, system_id); + + return RetrieveCertificate(kCertificateLegacy, certificate, private_key, + serial_number, system_id); +} + +DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate( + CertificateType certificate_type, std::string* certificate, + CryptoWrappedKey* wrapped_private_key, std::string* serial_number, + uint32_t* system_id) { + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(certificate); + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(wrapped_private_key); + + std::string certificate_file_name; + if (!GetCertificateFileName(certificate_type, &certificate_file_name)) { + LOGW("Unable to find certificate file name for type: %d", certificate_type); + return kCannotHandle; } video_widevine_client::sdk::File file; - if (RetrieveHashedFile(GetCertificateFileName(atsc_mode_enabled), &file) != - kNoError) { + if (RetrieveHashedFile(certificate_file_name, &file) != kNoError) { LOGW("Unable to retrieve certificate file"); - return false; + return kCertificateNotFound; } if (file.type() != video_widevine_client::sdk::File::DEVICE_CERTIFICATE) { LOGE("Certificate file is of incorrect file type: type = %d", static_cast(file.type())); - return false; + return kCertificateInvalid; } if (file.version() != video_widevine_client::sdk::File::VERSION_1) { LOGE("Certificate file is of incorrect file version: version = %d", static_cast(file.version())); - return false; + return kCertificateInvalid; } if (!file.has_device_certificate()) { LOGE("Certificate not present"); - return false; + return kCertificateInvalid; } - DeviceCertificate device_certificate = file.device_certificate(); - *certificate = device_certificate.certificate(); - private_key->Clear(); - private_key->set_key(device_certificate.wrapped_private_key()); - if (device_certificate.has_key_type()) { - const DeviceCertificate::PrivateKeyType key_type = - device_certificate.key_type(); - switch (key_type) { - case DeviceCertificate::RSA: - private_key->set_type(CryptoWrappedKey::kRsa); - break; - case DeviceCertificate::ECC: - private_key->set_type(CryptoWrappedKey::kEcc); - break; - default: - LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type); - private_key->set_type(CryptoWrappedKey::kRsa); - break; + const DeviceCertificate& device_certificate = file.device_certificate(); + + if (!ExtractFromDeviceCertificate(device_certificate, certificate, + wrapped_private_key)) { + LOGE("Unable to extract from device certificate"); + return kCertificateInvalid; + } + + int64_t creation_time_seconds; + int64_t expiration_time_seconds; + + if (!CertificateProvisioning::ExtractDeviceInfo( + device_certificate.certificate(), serial_number, system_id, + &creation_time_seconds, &expiration_time_seconds)) + return kCertificateInvalid; + + Clock clock; + const int64_t current_time = clock.GetCurrentTime(); + + switch (certificate_type) { + case kCertificateDefault: { + // Validation check for DRM certificate that includes an expiration + // time set by the provisioning service. Since provisioning and + // client clocks may not be in sync, verify by comparing time + // elapsed since license was acquired with expiration period. + // First verify that all the fields are set to valid values. + // The service will validate certificate expiration so tampering of + // time values at the client is not a concern. + if (creation_time_seconds <= 0) { + LOGE("Invalid creation time of default certificate: %" PRId64, + creation_time_seconds); + return kCertificateInvalid; + } + if (expiration_time_seconds < 0) { + LOGE("Invalid expiration time of default certificate: %" PRId64, + expiration_time_seconds); + return kCertificateInvalid; + } + if (expiration_time_seconds == UNLIMITED_DURATION) + return kCertificateValid; + + if (!device_certificate.has_acquisition_time_seconds()) { + LOGE("Acquisition time of default certificate not available"); + return kCertificateInvalid; + } + const int64_t acquisition_time_seconds = + device_certificate.acquisition_time_seconds(); + if (acquisition_time_seconds <= 0) { + LOGE("Invalid acquisition time of default certificate: %" PRId64, + acquisition_time_seconds); + return kCertificateInvalid; + } + + if (current_time < acquisition_time_seconds) { + LOGE("Time not valid: current time: %" PRId64 + ", acquisition time: %" PRId64, + current_time, acquisition_time_seconds); + return kCannotHandle; + } + + if (expiration_time_seconds < creation_time_seconds) { + LOGE("Time not valid: expiration time: %" PRId64 + ", creation time: %" PRId64, + expiration_time_seconds, creation_time_seconds); + return kCertificateInvalid; + } + + if (current_time - acquisition_time_seconds > + expiration_time_seconds - creation_time_seconds) { + return kCertificateExpired; + } + return kCertificateValid; } - } else { - // Possible that device certificate is from V15, in this case, the - // only supported key of at that time was RSA. - LOGD("No key type info, assuming RSA"); - private_key->set_type(CryptoWrappedKey::kRsa); - } - return CertificateProvisioning::ExtractDeviceInfo( - device_certificate.certificate(), serial_number, system_id, nullptr, - nullptr); + case kCertificateLegacy: { + // Validation check for DRM certificate without an expiration + // time set by the provisioning service. Add an expiry time + // within the next 6 months +/- 2 months, if one has not been set. + if (!device_certificate.has_expiration_time_seconds()) { + StoreCertificate(*certificate, *wrapped_private_key); + return kCertificateValid; + } + const int64_t expiration_time_seconds = + device_certificate.expiration_time_seconds(); + if (expiration_time_seconds <= 0) { + LOGE("Invalid expiration time of legacy certificate: %" PRId64, + expiration_time_seconds); + return kCertificateInvalid; + } + + if (current_time > expiration_time_seconds) return kCertificateExpired; + + return kCertificateValid; + } + + case kCertificateAtsc: + // No expiration enforced + return kCertificateValid; + + default: + // Should never happen. This should be detected earlier when fetching + // the file name + LOGE("Invalid certificate type: %d", certificate_type); + return kCertificateInvalid; + } +} + +bool DeviceFiles::RetrieveLegacyCertificate(std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id) { + RETURN_FALSE_IF_UNINITIALIZED(); + RETURN_FALSE_IF_NULL(certificate); + RETURN_FALSE_IF_NULL(private_key); + if (!HasCertificate(kCertificateLegacy)) return false; + + const CertificateState state = RetrieveCertificate( + kCertificateLegacy, certificate, private_key, serial_number, system_id); + if (state == kCertificateValid || state == kCertificateExpired) return true; + + return false; } bool DeviceFiles::HasCertificate(bool atsc_mode_enabled) { RETURN_FALSE_IF_UNINITIALIZED(); - return FileExists(GetCertificateFileName(atsc_mode_enabled)); + if (atsc_mode_enabled) return HasCertificate(kCertificateAtsc); + + return HasCertificate(kCertificateDefault) || + HasCertificate(kCertificateLegacy); } bool DeviceFiles::RemoveCertificate() { RETURN_FALSE_IF_UNINITIALIZED() - return RemoveFile(GetCertificateFileName(false)); + std::string certificate_file_name; + if (GetCertificateFileName(kCertificateLegacy, &certificate_file_name)) + RemoveFile(certificate_file_name); + if (GetCertificateFileName(kCertificateDefault, &certificate_file_name)) + return RemoveFile(certificate_file_name); + return true; } bool DeviceFiles::StoreLicense(const CdmLicenseData& license_data, @@ -1086,6 +1255,70 @@ bool DeviceFiles::DeleteUsageTableInfo() { return RemoveFile(GetUsageTableFileName()); } +bool DeviceFiles::HasCertificate(CertificateType certificate_type) { + RETURN_FALSE_IF_UNINITIALIZED(); + + std::string certificate_file_name; + if (!GetCertificateFileName(certificate_type, &certificate_file_name)) + return false; + + return FileExists(certificate_file_name); +} + +bool DeviceFiles::SetDeviceCertificate( + const std::string& certificate, const CryptoWrappedKey& private_key, + DeviceCertificate* mutable_device_certificate) { + RETURN_FALSE_IF_NULL(mutable_device_certificate); + + mutable_device_certificate->set_certificate(certificate); + mutable_device_certificate->set_wrapped_private_key(private_key.key()); + switch (private_key.type()) { + case CryptoWrappedKey::kRsa: + mutable_device_certificate->set_key_type(DeviceCertificate::RSA); + return true; + case CryptoWrappedKey::kEcc: + mutable_device_certificate->set_key_type(DeviceCertificate::ECC); + return true; + case CryptoWrappedKey::kUninitialized: // Suppress compiler warnings. + default: + LOGE("Unexpected key type: %d", private_key.type()); + return false; + } +} + +bool DeviceFiles::ExtractFromDeviceCertificate( + const DeviceCertificate& device_certificate, std::string* certificate, + CryptoWrappedKey* private_key) { + RETURN_FALSE_IF_NULL(certificate); + RETURN_FALSE_IF_NULL(private_key); + + *certificate = device_certificate.certificate(); + private_key->Clear(); + private_key->set_key(device_certificate.wrapped_private_key()); + if (device_certificate.has_key_type()) { + const DeviceCertificate::PrivateKeyType key_type = + device_certificate.key_type(); + switch (key_type) { + case DeviceCertificate::RSA: + private_key->set_type(CryptoWrappedKey::kRsa); + break; + case DeviceCertificate::ECC: + private_key->set_type(CryptoWrappedKey::kEcc); + break; + default: + LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type); + private_key->set_type(CryptoWrappedKey::kRsa); + break; + } + } else { + // Possible that device certificate is from V15, in this case, the + // only supported key of at that time was RSA. + LOGD("No key type info, assuming RSA"); + private_key->set_type(CryptoWrappedKey::kRsa); + } + return true; +} + DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash( const std::string& name, const std::string& serialized_file) { std::string hash = Sha256Hash(serialized_file); @@ -1268,8 +1501,22 @@ ssize_t DeviceFiles::GetFileSize(const std::string& name) { return file_system_->FileSize(path); } -std::string DeviceFiles::GetCertificateFileName(bool atsc_mode_enabled) { - return atsc_mode_enabled ? kAtscCertificateFileName : kCertificateFileName; +bool DeviceFiles::GetCertificateFileName(CertificateType certificate_type, + std::string* file_name) { + RETURN_FALSE_IF_NULL(file_name); + switch (certificate_type) { + case kCertificateDefault: + *file_name = kCertificateFileName; + return true; + case kCertificateLegacy: + *file_name = kLegacyCertificateFileName; + return true; + case kCertificateAtsc: + *file_name = kAtscCertificateFileName; + return true; + default: + return false; + } } std::string DeviceFiles::GetUsageTableFileName() { return kUsageTableFileName; } diff --git a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp index 1822faee..8d9624ae 100644 --- a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp @@ -116,8 +116,10 @@ class MockDeviceFiles : public DeviceFiles { MockDeviceFiles() : DeviceFiles(nullptr) {} MOCK_METHOD1(Init, bool(CdmSecurityLevel)); - MOCK_METHOD5(RetrieveCertificate, bool(bool, std::string*, CryptoWrappedKey*, - std::string*, uint32_t*)); + MOCK_METHOD5(RetrieveCertificate, + DeviceFiles::CertificateState(bool, std::string*, + CryptoWrappedKey*, std::string*, + uint32_t*)); }; class MockUsageTableHeader : public UsageTableHeader { @@ -221,7 +223,7 @@ TEST_F(CdmSessionTest, InitWithBuiltInCertificate) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); @@ -249,7 +251,7 @@ TEST_F(CdmSessionTest, InitWithCertificate) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); @@ -276,7 +278,7 @@ TEST_F(CdmSessionTest, ReInitFail) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); @@ -310,7 +312,7 @@ TEST_F(CdmSessionTest, InitNeedsProvisioning) { EXPECT_CALL(*file_handle_, Init(Eq(level))).WillOnce(Return(true)); EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) - .WillOnce(Return(false)); + .WillOnce(Return(DeviceFiles::kCertificateInvalid)); ASSERT_EQ(NEED_PROVISIONING, cdm_session_->Init(nullptr)); } @@ -331,7 +333,7 @@ TEST_F(CdmSessionTest, UpdateUsageEntry) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); diff --git a/libwvdrmengine/cdm/core/test/device_files_unittest.cpp b/libwvdrmengine/cdm/core/test/device_files_unittest.cpp index fc9b8016..a8070f3b 100644 --- a/libwvdrmengine/cdm/core/test/device_files_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/device_files_unittest.cpp @@ -35,7 +35,7 @@ const std::string kEmptyString; // 'public_key': ... 270 bytes, // 'serial_number': '7CB49F987A635E1E0A52184694582D6E', // 'type': 'DRM_USER_DEVICE'}, -// 'signature': ... 256 byts, +// 'signature': ... 256 bytes, // 'signer': { // 'certificate': {'creation_time': '2017-11-17T13:21:39', // 'public_key': ... 270 bytes, @@ -45,7 +45,8 @@ const std::string kEmptyString; // } // Value of |certificate| in DeviceCertFile proto messages // kTestCertificateFileData and kTestCertificateFileWithoutKeyTypeData -const std::string kTestCertificate = a2bs_hex( +// This can be used for both ATSC and Legacy certificate +const std::string kTestCertificateWithoutExpiration = a2bs_hex( "0AEB03080212107CB49F987A635E1E0A52184694582D6E1887C6E1FE05228E023082010A" "0282010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D" "7343553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC7" @@ -88,6 +89,383 @@ const std::string kTestCertificate = a2bs_hex( "A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA" "98383E3CD2ED4830"); +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: 0 +// expiration_time_seconds: unset +const std::string kTestCertificateNoExpirationWithUnlimitedCreationTime = + a2bs_hex( + "0AE703080212107CB49F987A635E1E0A52184694582D6E1800228E023082010A028201" + "0100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758" + "FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C1" + "3E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B27803" + "44DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FA" + "B25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6548511" + "03F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A1" + "85B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D" + "480152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE22" + "35717A44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB5" + "8923F1731860815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B" + "624A92158AC91035041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBB" + "CA2220595267DCA89A2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB" + "1280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52" + "A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB906163" + "2C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE9" + "35FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE" + "93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F06D308178" + "642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB9" + "40299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D2847783338" + "D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A319C33DC" + "1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C61" + "3E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3D" + "F6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4" + "A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF912" + "6C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F" + "8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14A" + "CAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F02" + "0301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD16" + "1947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3" + "970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C372" + "3FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A44BF9218027460DF694E2" + "E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C5" + "1339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560DBA8C38755A4" + "2A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A088136D6E8F4" + "75299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E3447634AB3408" + "F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645" + "A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B25564A73" + "A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558" + "FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: -5 +// expiration_time_seconds: unset +const std::string kTestCertificateWithInvalidCreationTime = a2bs_hex( + "0AEB03080212107CB49F987A635E1E0A52184694582D6E18FBFFFFFF0F228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377" + "B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685" + "DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF5" + "13C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D" + "1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F06D" + "308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4AB2E8D" + "B940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D2847783338D7" + "4F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3" + "C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E" + "349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B9" + "83A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D70" + "5520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC4" + "75C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274" + "C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C362" + "23404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47F" + "B9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB57" + "2AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD9" + "2EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A14" + "3CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A4" + "4BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91" + "E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560" + "DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A0881" + "36D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E3447634AB" + "3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645" + "A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E" + "2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E" + "3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: ~ 03/16/2021 +// expiration_time_seconds: ~ 03/2031 +const std::string kTestCertificateWithFutureExpiration = a2bs_hex( + "0AF103080212107CB49F987A635E1E0A52184694582D6E1887C6E1FE05228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833A" + "A0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE5" + "21308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D" + "8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502E" + "B649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A8" + "9E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D" + "2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A31" + "9C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C" + "613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6" + "860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D920" + "0FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA9" + "3BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C640769053" + "3BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD79" + "3296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4" + "391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E0658" + "1A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9" + "B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FA" + "A6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A866" + "69710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D5" + "3EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A9" + "6BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A5" + "0B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A" + "30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C" + "29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D42" + "6558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: ~ 03/17/2021 +// expiration_time_seconds: 0 +const std::string kTestCertificateNeverExpires = a2bs_hex( + "0AED03080212107CB49F987A635E1E0A52184694582D6E1894AECC8206228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB60001280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6" + "C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09" + "F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D" + "4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E76" + "9E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982" + "F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4AB" + "2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D28477833" + "38D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A319C33DC1C" + "B7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E" + "3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB" + "60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED4" + "5D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA" + "3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B" + "9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107" + "C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7" + "A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184" + "AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6D" + "DFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D9" + "5A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1A" + "D7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F" + "8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA4" + "4560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A" + "088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E34476" + "34AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CED5EA" + "D645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B25564A73" + "A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98" + "383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: ~ 03/07/2021 +// expiration_time_seconds: ~ 03/08/2021 +const std::string kTestCertificateExpired = a2bs_hex( + "0AF103080212107CB49F987A635E1E0A52184694582D6E189EF0968206228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB609E939C82061280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833A" + "A0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE5" + "21308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D" + "8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502E" + "B649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A8" + "9E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D" + "2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A31" + "9C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C" + "613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6" + "860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D920" + "0FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA9" + "3BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C640769053" + "3BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD79" + "3296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4" + "391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E0658" + "1A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9" + "B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FA" + "A6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A866" + "69710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D5" + "3EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A9" + "6BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A5" + "0B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A" + "30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C" + "29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D42" + "6558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: unset +// expiration_time_seconds: ~ 03/08/2031 +const std::string kTestCertificateWithInvalidCreationFutureExpiration = + a2bs_hex( + "0AEB03080212107CB49F987A635E1E0A52184694582D6E228E023082010A0282010100" + "DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D73435534" + "42A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E18" + "4034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD" + "5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25A" + "EE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F8" + "57A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B9" + "7FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D4801" + "52AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE223571" + "7A44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923" + "F1731860815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A" + "92158AC91035041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA22" + "20595267DCA89A2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60FD" + "8AFC98071280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D" + "8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702" + "CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C205" + "00064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D14" + "85253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F0" + "6D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4" + "AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D28" + "47783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A" + "319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0F" + "D8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70" + "BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9A" + "DB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA" + "64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB624" + "07F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E2458" + "59FC0F020301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8" + "E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D" + "81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D" + "2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A44BF921802746" + "0DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B" + "8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560DBA8" + "C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A0881" + "36D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E34476" + "34AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CE" + "D5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E" + "3D426558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: 0 +// expiration_time_seconds: ~2031 +const std::string kTestCertificateWithUnlimitedCreationFutureExpiration = + a2bs_hex( + "0AEB03080212107CB49F987A635E1E0A52184694582D6E228E023082010A0282010100" + "DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D73435534" + "42A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E18" + "4034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD" + "5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25A" + "EE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F8" + "57A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B9" + "7FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D4801" + "52AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE223571" + "7A44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923" + "F1731860815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A" + "92158AC91035041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA22" + "20595267DCA89A2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60AE" + "91FC98071280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D" + "8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702" + "CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C205" + "00064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D14" + "85253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F0" + "6D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4" + "AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D28" + "47783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A" + "319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0F" + "D8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70" + "BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9A" + "DB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA" + "64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB624" + "07F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E2458" + "59FC0F020301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8" + "E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D" + "81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D" + "2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A44BF921802746" + "0DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B" + "8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560DBA8" + "C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A0881" + "36D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E34476" + "34AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CE" + "D5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E" + "3D426558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: 03/17/2021 +// expiration_time_seconds: 03/07/2021 +const std::string kTestCertificateExpiresBeforeCreationTime = a2bs_hex( + "0AF103080212107CB49F987A635E1E0A52184694582D6E18EC95CC8206228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB60ECB79782061280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833A" + "A0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE5" + "21308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D" + "8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502E" + "B649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A8" + "9E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D" + "2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A31" + "9C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C" + "613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6" + "860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D920" + "0FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA9" + "3BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C640769053" + "3BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD79" + "3296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4" + "391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E0658" + "1A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9" + "B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FA" + "A6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A866" + "69710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D5" + "3EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A9" + "6BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A5" + "0B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A" + "30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C" + "29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D42" + "6558FA98383E3CD2ED4830"); + // A Wrapped Private Key // Value of |wrapped_private_key| in DeviceCertFile proto messages // kTestCertificateFileData and kTestCertificateFileWithoutKeyTypeData. @@ -174,11 +552,13 @@ const std::string kTestCertificateFileWithoutKeyTypeData = a2bs_hex( "88EE59BAD141B8FD372BAE67A6FF05C74DAC"); // Structurally valid test certificate device file. -// {'certificate': kTestCertificate, +// {'certificate': kTestCertificateWithoutExpiration, // 'key_type': 'RSA', // 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': unset // } -const std::string kTestCertificateFileData = a2bs_hex( +const std::string kTestCertificateFileDataWithoutExpiration = a2bs_hex( "0AAB0F080110011AA40F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E" "1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A9" "9129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398" @@ -236,6 +616,978 @@ const std::string kTestCertificateFileData = a2bs_hex( "7F035DFB50EC4354D7E068ADFAFAD4081ACA67FD18001220A28ED0C0D4697C870B56192C" "F2AF86D7362398EB250F6A29BE3A0C4887F0D653"); +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': ~2031 +// } +const std::string kTestLegacyCertificateFileDataWithClientExpiration = a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E18" + "87C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8E" + "BF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CD" + "ADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CE" + "D4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F" + "6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955" + "EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F42" + "2ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFA" + "E953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065" + "802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B8050204" + "3C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7A" + "FE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4E" + "F9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2" + "A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A" + "038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E8" + "3D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D" + "68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB0" + "3B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A" + "5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420" + "E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB" + "813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD" + "101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B1" + "6DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA0" + "6ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF86634EE" + "5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D9E6F" + "88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC691530703FE" + "DDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3A7F2" + "9ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC084" + "4BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBC" + "A0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B" + "119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13" + "015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395" + "F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60" + "C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B" + "697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19" + "DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC" + "2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4081A" + "CA67FD180028B7BA8499071220752DEC6BBB7DCB2750411F58DEBA61BFE55AEDC0EE92C3C6" + "BCDBC0C86A75798C"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': ~2020 +// } +const std::string kTestLegacyCertificateFileDataClientExpired = a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E18" + "87C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8E" + "BF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CD" + "ADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CE" + "D4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F" + "6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955" + "EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F42" + "2ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFA" + "E953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065" + "802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B8050204" + "3C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7A" + "FE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4E" + "F9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2" + "A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A" + "038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E8" + "3D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D" + "68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB0" + "3B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A" + "5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420" + "E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB" + "813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD" + "101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B1" + "6DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA0" + "6ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF86634EE" + "5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D9E6F" + "88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC691530703FE" + "DDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3A7F2" + "9ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC084" + "4BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBC" + "A0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B" + "119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13" + "015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395" + "F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60" + "C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B" + "697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19" + "DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC" + "2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4081A" + "CA67FD180028B9A8C2F3051220D2F932E432C200B5B30228317A3BA4A207C429B3F788C072" + "8F1E9615DFDD7A34"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': -5 +// } +const std::string kTestLegacyCertificateFileDataInvalidClientExpiration = + a2bs_hex( + "0AB60F080110011AAF0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7" + "833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0A" + "F1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F" + "5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A379" + "55EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148" + "FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E" + "4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050A" + "AE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A" + "0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5" + "629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014" + "DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E3" + "14386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C" + "763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74F" + "C401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C36223404F" + "2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9" + "D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB" + "572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB" + "6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6" + "DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A8" + "6669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0" + "FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E" + "059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760F" + "CD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA99" + "2A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEAC" + "CB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E" + "7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F521" + "2C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340" + "489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099" + "920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3" + "A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C" + "231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C7D3B8C75CE58" + "8DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA84CD01E335E68" + "AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F8702941409E727691" + "0CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C84CB21AB6E75E" + "59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B697521F386" + "5B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19DBF939" + "4E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC2A" + "81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD408" + "1ACA67FD180028FBFFFFFFFFFFFFFFFF0112201CC3506DE1B3FC6A8DBB4AD85D34B62C" + "7EBA023FAD1AACCDBE1C932CFB6A1369"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataFutureExpiration = a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D6E18" + "87C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD4" + "4E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923" + "A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C" + "4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA6" + "6017898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B55" + "2FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD292093" + "29C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E7" + "1E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE" + "020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A028201" + "0100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027" + "AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C66" + "00562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655" + "851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6AB" + "F7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8" + "F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F02" + "0301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947" + "360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39" + "D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC" + "3E968B6821A91C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963" + "F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6" + "AD56F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A5" + "72125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962" + "760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A52" + "96FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3" + "B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4" + "186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172B" + "C691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4" + "B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E" + "8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EB" + "E7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D" + "4835AC44E39B119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985" + "AFD3677F0D13015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F7" + "50F6954AC395F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC28" + "6DB0BCC14A60C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886" + "406B3B69180B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D6" + "3D5A14E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750" + "C1CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068" + "ADFAFAD4081ACA67FD180020EA80CA820612204DDB25CD2B324880675C1006CB104524B42C" + "9BBA110F0304E6C1E4C6ADF5DA6C"); + +// Structurally valid test certificate device file. +// +// {'certificate': kTestCertificateNeverExpires, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataNeverExpires = a2bs_hex( + "0AB30F080110011AAC0F0AAA0B0AED03080212107CB49F987A635E1E0A52184694582D6E18" + "94AECC8206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60001280028CD44E12AA7C" + "1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2A" + "C1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE" + "18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898D" + "EE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A3" + "7955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB" + "4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F2" + "0FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE02080112" + "1065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B805" + "02043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C75" + "9B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D" + "904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9A" + "DB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1" + "EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F" + "8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3" + "B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F0203010001" + "28E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D4" + "9C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662" + "ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B68" + "21A91C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F741" + "6420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114" + "C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD17" + "7CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E" + "07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD" + "7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF866" + "34EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D" + "9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC6915307" + "03FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3" + "A7F29ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EE" + "C0844BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDA" + "BFBCA0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44" + "E39B119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F" + "0D13015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954A" + "C395F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC1" + "4A60C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69" + "180B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5" + "BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC" + "5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4" + "081ACA67FD18002094AECC82061220494C9C49993FA8A9F0982FD684A62B99CC442E2AF264" + "CA351478C2BA1077A394"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateExpired +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/12/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataExpired = a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D6E18" + "9EF0968206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB609E939C82061280028CD4" + "4E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923" + "A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C" + "4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA6" + "6017898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B55" + "2FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD292093" + "29C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E7" + "1E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE" + "020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A028201" + "0100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027" + "AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C66" + "00562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655" + "851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6AB" + "F7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8" + "F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F02" + "0301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947" + "360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39" + "D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC" + "3E968B6821A91C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963" + "F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6" + "AD56F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A5" + "72125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962" + "760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A52" + "96FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3" + "B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4" + "186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172B" + "C691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4" + "B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E" + "8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EB" + "E7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D" + "4835AC44E39B119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985" + "AFD3677F0D13015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F7" + "50F6954AC395F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC28" + "6DB0BCC14A60C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886" + "406B3B69180B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D6" + "3D5A14E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750" + "C1CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068" + "ADFAFAD4081ACA67FD1800209E9FB182061220AB902564B722E023C7F31F485B194969C7D9" + "F4FB6ADB4EEF1312A0F663A3F092"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithInvalidCreationFutureExpiration +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateWithInvalidCreationFutureExpiration = + a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D" + "6E228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129BD63" + "445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E" + "0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9C" + "F1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78" + "471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF8" + "28EB598DA59060D654851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0" + "F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C77" + "69646576696E652E636F6D480152AA01080110001A8101044F554B9400E10B17185036" + "B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B10106CB6C2187F34" + "188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B991B5F915F2ADC" + "EE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D17406B10889" + "B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408A07C" + "103DF860DC0520C3664EEB60FD8AFC98071280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7" + "833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0A" + "F1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F" + "5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A379" + "55EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148" + "FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E" + "4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050A" + "AE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A" + "0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5" + "629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014" + "DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E3" + "14386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C" + "763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74F" + "C401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C36223404F" + "2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9" + "D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB" + "572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB" + "6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6" + "DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A8" + "6669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0" + "FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E" + "059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760F" + "CD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA99" + "2A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEAC" + "CB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E" + "7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F521" + "2C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340" + "489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099" + "920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3" + "A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C" + "231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C7D3B8C75CE58" + "8DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA84CD01E335E68" + "AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F8702941409E727691" + "0CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C84CB21AB6E75E" + "59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B697521F386" + "5B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19DBF939" + "4E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC2A" + "81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD408" + "1ACA67FD180020FD84CC8206122040597EA4CA5BDDB92960D3D616B402EFC44699E3C4" + "DF3E0F78A2D3218C3E3055"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithUnlimitedCreationFutureExpiration +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataCreationTimeUnlimited = + a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D" + "6E228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129BD63" + "445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E" + "0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9C" + "F1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78" + "471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF8" + "28EB598DA59060D654851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0" + "F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C77" + "69646576696E652E636F6D480152AA01080110001A8101044F554B9400E10B17185036" + "B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B10106CB6C2187F34" + "188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B991B5F915F2ADC" + "EE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D17406B10889" + "B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408A07C" + "103DF860DC0520C3664EEB60AE91FC98071280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7" + "833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0A" + "F1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F" + "5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A379" + "55EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148" + "FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E" + "4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050A" + "AE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A" + "0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5" + "629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014" + "DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E3" + "14386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C" + "763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74F" + "C401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C36223404F" + "2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9" + "D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB" + "572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB" + "6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6" + "DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A8" + "6669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0" + "FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E" + "059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760F" + "CD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA99" + "2A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEAC" + "CB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E" + "7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F521" + "2C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340" + "489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099" + "920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3" + "A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C" + "231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C7D3B8C75CE58" + "8DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA84CD01E335E68" + "AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F8702941409E727691" + "0CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C84CB21AB6E75E" + "59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B697521F386" + "5B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19DBF939" + "4E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC2A" + "81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD408" + "1ACA67FD180020AE8BCC82061220BA04B988A5E9D931946F2AB8FF3E3DD31C630300CD" + "065083437401CD752F8CD2"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataExpirationUnset = a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E18" + "D991CC8206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8E" + "BF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CD" + "ADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CE" + "D4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F" + "6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955" + "EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F42" + "2ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFA" + "E953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065" + "802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B8050204" + "3C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7A" + "FE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4E" + "F9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2" + "A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A" + "038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E8" + "3D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D" + "68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB0" + "3B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A" + "5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420" + "E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB" + "813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD" + "101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B1" + "6DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA0" + "6ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF86634EE" + "5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D9E6F" + "88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC691530703FE" + "DDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3A7F2" + "9ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC084" + "4BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBC" + "A0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B" + "119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13" + "015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395" + "F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60" + "C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B" + "697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19" + "DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC" + "2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4081A" + "CA67FD180020D991CC82061220CD90FA6F091C73BA7CC7EF0B777B986F4799DCEB5B03C8BC" + "360092DCC97CEF0A"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateExpiresBeforeCreationTime +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataExpiresBeforeCreationTime = + a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E18EC95CC8206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60ECB79782061280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD180020EC95CC82061220463AF8A7AE265E06A0BF07C366E6E0" + "52301A32F3A1DA487EA556519910C7534E"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeUnset = + a2bs_hex( + "0AB10F080110011AAA0F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD180012205984768E4F372E0DF787C4215A337355CD62B5FC0A" + "EAE8CC5BA82EA29C2E7A01"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': -5 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeInvalid = + a2bs_hex( + "0ABC0F080110011AB50F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD180020FBFFFFFFFFFFFFFFFF011220F653E5406D56276BCB28" + "E9D1F8E9D83233A7AF24476732208AEBD9DD33BD6C41"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 0 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeUnlimited = + a2bs_hex( + "0AB30F080110011AAC0F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD1800200012207CBD5A3A5258C9FDF467270ACD4F8B10B33FEC" + "3FBCD3409BFB38542C954B9BFD"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': ~2030 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeInTheFuture = + a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD1800208FC2F789071220E3A52D11E90193A9532977A681F032" + "D01C8F97E2EAB6C964A0F207D61499D679"); + +struct CertificateErrorData { + DeviceFiles::CertificateState certificate_state; + std::string file_data; +}; + +const CertificateErrorData kRetrieveLegacyCertificateErrorData[] = { + // Certificate expired based on expiration time set by the client + {DeviceFiles::kCertificateExpired, + kTestLegacyCertificateFileDataClientExpired}, + // Certificate contains an invalid expiration time set by the client + {DeviceFiles::kCertificateInvalid, + kTestLegacyCertificateFileDataInvalidClientExpiration}, +}; + +const CertificateErrorData kRetrieveDefaultCertificateErrorData[] = { + // Certificate expired + {DeviceFiles::kCertificateExpired, kTestDefaultCertificateFileDataExpired}, + // Certificate has a creation time in the future + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateWithInvalidCreationFutureExpiration}, + // Certificate has a never expires creation time + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataCreationTimeUnlimited}, + // Certificate expiration time field is not set + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataExpirationUnset}, + // Certificate expires before creation time + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataExpiresBeforeCreationTime}, + // Certificate acqusition time field is not set + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataAcquisitionTimeUnset}, + // Certificate acqusition time is invalid + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataAcquisitionTimeInvalid}, + // Certificate has a never expires acqusition + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataAcquisitionTimeUnlimited}, + // Certificate acqusition time is in the future + {DeviceFiles::kCannotHandle, + kTestDefaultCertificateFileDataAcquisitionTimeInTheFuture}, +}; + struct LicenseInfo { std::string key_set_id; DeviceFiles::LicenseState license_state; @@ -2139,6 +3491,7 @@ class MockFileSystem : public FileSystem { using ::testing::_; using ::testing::AllArgs; using ::testing::AllOf; +using ::testing::AtLeast; using ::testing::DoAll; using ::testing::Eq; using ::testing::Expectation; @@ -2199,10 +3552,6 @@ class DeviceFilesTest : public ::testing::Test { class DeviceFilesStoreTest : public DeviceFilesTest, public ::testing::WithParamInterface {}; -class DeviceCertificateTest - : public DeviceFilesTest, - public ::testing::WithParamInterface {}; - class DeviceFilesSecurityLevelTest : public DeviceFilesTest, public ::testing::WithParamInterface {}; @@ -2240,13 +3589,55 @@ MATCHER_P(StrAndLenContains, str_vector, "") { return true; } -TEST_F(DeviceCertificateTest, StoreCertificate) { - MockFileSystem file_system; +TEST_F(DeviceFilesTest, StoreCertificateInvalidParams) { const std::string certificate(CdmRandom::RandomData(kCertificateLen)); const CryptoWrappedKey private_key(CryptoWrappedKey::kRsa, CdmRandom::RandomData(kWrappedKeyLen)); + const CryptoWrappedKey empty_private_key; + + MockFileSystem file_system; + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + // Empty parameters + EXPECT_FALSE(device_files.StoreCertificate(kEmptyString, private_key)); + EXPECT_FALSE(device_files.StoreCertificate(certificate, empty_private_key)); + + // Certificate is not a valid Signed DRM certificate + EXPECT_FALSE(device_files.StoreCertificate(certificate, private_key)); + + // Certificate has an invalid creation time (negative or unlimited) + EXPECT_FALSE(device_files.StoreCertificate( + kTestCertificateWithInvalidCreationTime, private_key)); + EXPECT_FALSE(device_files.StoreCertificate( + kTestCertificateNoExpirationWithUnlimitedCreationTime, private_key)); +} + +class StoreCertificateTest + : public DeviceFilesTest, + public ::testing::WithParamInterface {}; + +TEST_P(StoreCertificateTest, DefaultAndLegacy) { + MockFileSystem file_system; + const bool certificate_type_default = GetParam(); /* otherwise legacy */ + + const std::string& certificate = certificate_type_default + ? kTestCertificateWithFutureExpiration + : kTestCertificateWithoutExpiration; + + const CryptoWrappedKey private_key(CryptoWrappedKey::kRsa, + CdmRandom::RandomData(kWrappedKeyLen)); + std::string certificate_file_name; + if (certificate_type_default) { + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + } else { + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + } const std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(false); + device_base_path_ + certificate_file_name; // Call to Open will return a unique_ptr, freeing this object. MockFile* file = new MockFile(); @@ -2264,17 +3655,38 @@ TEST_F(DeviceCertificateTest, StoreCertificate) { EXPECT_TRUE(device_files.StoreCertificate(certificate, private_key)); } -TEST_P(DeviceCertificateTest, ReadCertificate) { +INSTANTIATE_TEST_CASE_P(CertificateTest, StoreCertificateTest, + ::testing::Values(false, true)); + +TEST_F(DeviceFilesTest, RetrieveCertificateInvalidParams) { + std::string certificate, serial_number; + CryptoWrappedKey wrapped_private_key; + uint32_t system_id; + MockFileSystem file_system; - const bool atsc_mode = GetParam(); + DeviceFiles device_files(&file_system); + EXPECT_EQ(DeviceFiles::kCannotHandle, + device_files.RetrieveCertificate(false, &certificate, nullptr, + &serial_number, &system_id)); + EXPECT_EQ( + DeviceFiles::kCannotHandle, + device_files.RetrieveCertificate(false, nullptr, &wrapped_private_key, + &serial_number, &system_id)); +} + +TEST_F(DeviceFilesTest, RetrieveAtscCertificate) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName(DeviceFiles::kCertificateAtsc, + &certificate_file_name)); const std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(atsc_mode); - const std::string data = kTestCertificateFileData; + device_base_path_ + certificate_file_name; + const std::string& data = kTestCertificateFileDataWithoutExpiration; // Call to Open will return a unique_ptr, freeing this object. MockFile* file = new MockFile(); EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) - .Times(2) + .Times(AtLeast(1)) .WillRepeatedly(Return(true)); EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) .WillOnce(Return(data.size())); @@ -2292,34 +3704,369 @@ TEST_P(DeviceCertificateTest, ReadCertificate) { CryptoWrappedKey private_key; std::string serial_number; uint32_t system_id = 0; - ASSERT_TRUE(device_files.RetrieveCertificate( - atsc_mode, &certificate, &private_key, &serial_number, &system_id)); - EXPECT_EQ(kTestCertificate, certificate); + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(true, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); EXPECT_EQ(kTestWrappedKey, private_key); EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); } -TEST_P(DeviceCertificateTest, ReadCertificateWithoutKeyType) { +TEST_F(DeviceFilesTest, RetrieveAtscCertificateNotFound) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName(DeviceFiles::kCertificateAtsc, + &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .WillOnce(Return(false)); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + ASSERT_EQ(DeviceFiles::kCertificateNotFound, + device_files.RetrieveCertificate(true, &certificate, &private_key, + &serial_number, &system_id)); +} + +TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestCertificateFileDataWithoutExpiration; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + MockFile* write_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(data.size())); + // Retrieving the legacy license will cause a read as well as a write + // to fill in a random expiry date ~6 months later if one has not been set + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)) + .WillOnce(Return(write_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + EXPECT_CALL(*write_file, Read(_, _)).Times(0); + EXPECT_CALL(*write_file, Write(_, _)) + .With(AllArgs(StrAndLenContains(std::vector{ + kTestCertificateWithoutExpiration, kTestWrappedKey.key()}))) + .WillOnce(ReturnArg<1>()); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithClientExpirationTime) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestLegacyCertificateFileDataWithClientExpiration; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the legacy certificate. The expiration data is in the future. + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +class RetrieveLegacyCertificateTest + : public DeviceFilesTest, + public ::testing::WithParamInterface {}; + +TEST_P(RetrieveLegacyCertificateTest, ErrorScenarios) { + const int index = GetParam(); + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const CertificateErrorData& param = + kRetrieveLegacyCertificateErrorData[index]; + const std::string& data = param.file_data; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the legacy certificate. The license has expired. + ASSERT_EQ(param.certificate_state, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + + if (param.certificate_state == DeviceFiles::kCertificateExpired) { + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); + } +} + +INSTANTIATE_TEST_CASE_P(CertificateTest, RetrieveLegacyCertificateTest, + ::testing::Range(0, 2)); + +TEST_F(DeviceFilesTest, RetrieveDefaultCertificate) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestDefaultCertificateFileDataFutureExpiration; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the default certificate. It should be available. + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithFutureExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +TEST_F(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestDefaultCertificateFileDataNeverExpires; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the default certificate. It should be available. + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateNeverExpires, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +class RetrieveDefaultCertificateTest + : public DeviceFilesTest, + public ::testing::WithParamInterface {}; + +TEST_P(RetrieveDefaultCertificateTest, ErrorScenarios) { + const int index = GetParam(); + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + const CertificateErrorData& param = + kRetrieveDefaultCertificateErrorData[index]; + const std::string& data = param.file_data; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the default certificate. It should be available. + ASSERT_EQ(param.certificate_state, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + if (param.certificate_state == DeviceFiles::kCertificateExpired) { + EXPECT_EQ(kTestCertificateExpired, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); + } +} + +INSTANTIATE_TEST_CASE_P(CertificateTest, RetrieveDefaultCertificateTest, + ::testing::Range(0, 9)); + +TEST_F(DeviceFilesTest, RetrieveCertificateWithoutKeyType) { // Stored files without an explicit key type should default to RSA. MockFileSystem file_system; - const bool atsc_mode = GetParam(); - const std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(atsc_mode); - const std::string data = kTestCertificateFileWithoutKeyTypeData; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestCertificateFileWithoutKeyTypeData; // Call to Open will return a unique_ptr, freeing this object. - MockFile* file = new MockFile(); - EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) - .Times(2) + // The file will be re-written with a new client expiration time + MockFile* read_file = new MockFile(); + MockFile* write_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) .WillRepeatedly(Return(true)); - EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) .WillOnce(Return(data.size())); - EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) - .WillOnce(Return(file)); - EXPECT_CALL(*file, Read(NotNull(), Eq(data.size()))) + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)) + .WillOnce(Return(write_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), Return(data.size()))); - EXPECT_CALL(*file, Write(_, _)).Times(0); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + EXPECT_CALL(*write_file, Read(_, _)).Times(0); + EXPECT_CALL(*write_file, Write(_, _)) + .With(AllArgs(StrAndLenContains(std::vector{ + kTestCertificateWithoutExpiration, kTestWrappedKey.key()}))) + .WillOnce(ReturnArg<1>()); DeviceFiles device_files(&file_system); EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); @@ -2328,18 +4075,21 @@ TEST_P(DeviceCertificateTest, ReadCertificateWithoutKeyType) { CryptoWrappedKey private_key; std::string serial_number; uint32_t system_id = 0; - ASSERT_TRUE(device_files.RetrieveCertificate( - atsc_mode, &certificate, &private_key, &serial_number, &system_id)); - EXPECT_EQ(kTestCertificate, certificate); + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); EXPECT_EQ(kTestWrappedKey, private_key); EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); } -TEST_P(DeviceCertificateTest, HasCertificate) { +TEST_F(DeviceFilesTest, HasCertificateAtsc) { MockFileSystem file_system; - bool atsc_mode = GetParam(); - std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(atsc_mode); + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName(DeviceFiles::kCertificateAtsc, + &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) .WillOnce(Return(false)) @@ -2350,26 +4100,92 @@ TEST_P(DeviceCertificateTest, HasCertificate) { ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); // MockFile returns false. - EXPECT_FALSE(device_files.HasCertificate(atsc_mode)); + EXPECT_FALSE(device_files.HasCertificate(true)); // MockFile returns true. - EXPECT_TRUE(device_files.HasCertificate(atsc_mode)); + EXPECT_TRUE(device_files.HasCertificate(true)); } -INSTANTIATE_TEST_CASE_P(AtscMode, DeviceCertificateTest, - ::testing::Values(false, true)); +TEST_F(DeviceFilesTest, HasCertificateDefault) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .WillOnce(Return(true)); + EXPECT_CALL(file_system, DoOpen(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); + + EXPECT_TRUE(device_files.HasCertificate(false)); +} + +TEST_F(DeviceFilesTest, HasCertificateLegacy) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .WillOnce(Return(false)); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(true)); + EXPECT_CALL(file_system, DoOpen(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); + + EXPECT_TRUE(device_files.HasCertificate(false)); +} + +TEST_F(DeviceFilesTest, HasCertificateNone) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .WillOnce(Return(false)); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(false)); + EXPECT_CALL(file_system, DoOpen(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); + + EXPECT_FALSE(device_files.HasCertificate(false)); +} TEST_P(DeviceFilesSecurityLevelTest, SecurityLevel) { + CdmSecurityLevel security_level = GetParam(); MockFileSystem file_system; - std::string certificate(CdmRandom::RandomData(kCertificateLen)); + std::string certificate(kTestCertificateWithFutureExpiration); const CryptoWrappedKey private_key(CryptoWrappedKey::kRsa, CdmRandom::RandomData(kWrappedKeyLen)); - CdmSecurityLevel security_level = GetParam(); std::string device_base_path; ASSERT_TRUE( Properties::GetDeviceFilesBasePath(security_level, &device_base_path)); - std::string device_certificate_path = - device_base_path + DeviceFiles::GetCertificateFileName(false); + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path + certificate_file_name; // Call to Open will return a unique_ptr, freeing this object. MockFile* file = new MockFile(); diff --git a/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp b/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp index bfa0fae4..c86dbdd2 100644 --- a/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp @@ -168,28 +168,28 @@ const size_t kUsageInfoFileArraySize = ArraySize(kUsageInfoFileArray); std::vector kUsageInfoFileList; const DeviceFiles::CdmUsageData kCdmUsageData1 = { - /* provider_session_token = */ "provider_session_token_1", - /* license_request = */ "license_request_1", - /* license = */ "license_1", - /* key_set_id = */ "key_set_id_1", - /* usage_entry = */ "usage_entry_1", - /* usage_entry_number = */ 0, + /* provider_session_token = */ "provider_session_token_1", + /* license_request = */ "license_request_1", + /* license = */ "license_1", + /* key_set_id = */ "key_set_id_1", + /* usage_entry = */ "usage_entry_1", + /* usage_entry_number = */ 0, }; const DeviceFiles::CdmUsageData kCdmUsageData2 = { - /* provider_session_token = */ "provider_session_token_2", - /* license_request = */ "license_request_2", - /* license = */ "license_2", - /* key_set_id = */ "key_set_id_2", - /* usage_entry = */ "usage_entry_2", - /* usage_entry_number = */ 0, + /* provider_session_token = */ "provider_session_token_2", + /* license_request = */ "license_request_2", + /* license = */ "license_2", + /* key_set_id = */ "key_set_id_2", + /* usage_entry = */ "usage_entry_2", + /* usage_entry_number = */ 0, }; const DeviceFiles::CdmUsageData kCdmUsageData3 = { - /* provider_session_token = */ "provider_session_token_3", - /* license_request = */ "license_request_3", - /* license = */ "license_3", - /* key_set_id = */ "key_set_id_3", - /* usage_entry = */ "usage_entry_3", - /* usage_entry_number = */ 0, + /* provider_session_token = */ "provider_session_token_3", + /* license_request = */ "license_request_3", + /* license = */ "license_3", + /* key_set_id = */ "key_set_id_3", + /* usage_entry = */ "usage_entry_3", + /* usage_entry_number = */ 0, }; const std::vector kEmptyUsageInfoUsageDataList; @@ -366,8 +366,8 @@ void InitVectorConstants() { } } -void ToVector(std::vector& vec, - const CdmUsageEntryInfo* arr, size_t total_size) { +void ToVector(std::vector& vec, const CdmUsageEntryInfo* arr, + size_t total_size) { size_t max = total_size / sizeof(CdmUsageEntryInfo); vec.clear(); for (size_t i = 0; i < max; i++) { @@ -415,8 +415,7 @@ class MockDeviceFiles : public DeviceFiles { const std::string&, const CdmUsageEntry&, uint32_t)); MOCK_METHOD2(RetrieveUsageInfo, bool(const std::string&, std::vector*)); - MOCK_METHOD1(ListLicenses, - bool(std::vector* key_set_ids)); + MOCK_METHOD1(ListLicenses, bool(std::vector* key_set_ids)); MOCK_METHOD1(ListUsageInfoFiles, bool(std::vector* usage_info_files)); @@ -468,34 +467,31 @@ class MockCryptoSession : public TestCryptoSession { // Partial mock of the UsageTableHeader. This is to test when dependency // exist on internal methods which would require complex expectations class MockUsageTableHeader : public UsageTableHeader { - public: - MockUsageTableHeader() : UsageTableHeader() {} - MOCK_METHOD4(InvalidateEntry, CdmResponseType(uint32_t, bool, DeviceFiles*, - metrics::CryptoMetrics*)); - MOCK_METHOD6(AddEntry, - CdmResponseType(CryptoSession*, bool, const CdmKeySetId&, - const std::string&, const CdmKeyResponse&, - uint32_t*)); + public: + MockUsageTableHeader() : UsageTableHeader() {} + MOCK_METHOD4(InvalidateEntry, CdmResponseType(uint32_t, bool, DeviceFiles*, + metrics::CryptoMetrics*)); + MOCK_METHOD6(AddEntry, CdmResponseType(CryptoSession*, bool, + const CdmKeySetId&, const std::string&, + const CdmKeyResponse&, uint32_t*)); - CdmResponseType SuperAddEntry(CryptoSession* crypto_session, - bool persistent_license, - const CdmKeySetId& key_set_id, - const std::string& usage_info_filename, - const CdmKeyResponse& license_message, - uint32_t* usage_entry_number) { - return UsageTableHeader::AddEntry(crypto_session, persistent_license, - key_set_id, usage_info_filename, - license_message, usage_entry_number); - } + CdmResponseType SuperAddEntry(CryptoSession* crypto_session, + bool persistent_license, + const CdmKeySetId& key_set_id, + const std::string& usage_info_filename, + const CdmKeyResponse& license_message, + uint32_t* usage_entry_number) { + return UsageTableHeader::AddEntry(crypto_session, persistent_license, + key_set_id, usage_info_filename, + license_message, usage_entry_number); + } }; } // namespace class UsageTableHeaderTest : public WvCdmTestBase { public: - static void SetUpTestCase() { - InitVectorConstants(); - } + static void SetUpTestCase() { InitVectorConstants(); } // Useful when UsageTableHeader is mocked void InvalidateEntry(uint32_t usage_entry_number, bool, DeviceFiles*, @@ -591,10 +587,7 @@ class UsageTableHeaderInitializationTest : public UsageTableHeaderTest, public ::testing::WithParamInterface { public: - static void SetUpTestCase() { - InitVectorConstants(); - } - + static void SetUpTestCase() { InitVectorConstants(); } }; TEST_P(UsageTableHeaderInitializationTest, CreateUsageTableHeader) { @@ -629,7 +622,7 @@ TEST_P(UsageTableHeaderInitializationTest, Upgrade_UnableToRetrieveLicenses) { .WillOnce( DoAll(SetArgPointee<1>(kEmptyUsageTableHeader), Return(NO_ERROR))); // TODO: Why not being called? - //EXPECT_CALL(*device_files_, DeleteAllLicenses()).WillOnce(Return(true)); + // EXPECT_CALL(*device_files_, DeleteAllLicenses()).WillOnce(Return(true)); EXPECT_CALL(*device_files_, StoreUsageTableInfo(kEmptyUsageTableHeader, kEmptyUsageEntryInfoVector)) .WillOnce(Return(true)); @@ -763,8 +756,8 @@ TEST_P(UsageTableHeaderInitializationTest, const SecurityLevel security_level = (GetParam() == kSecurityLevelL3) ? kLevel3 : kLevelDefault; - EXPECT_CALL(*crypto_session_, - Open(security_level)).WillOnce(Return(NO_ERROR)); + EXPECT_CALL(*crypto_session_, Open(security_level)) + .WillOnce(Return(NO_ERROR)); EXPECT_CALL(*crypto_session_, LoadUsageTableHeader(security_level, kUsageTableHeader)) .WillOnce(Return(NO_ERROR)); @@ -847,8 +840,8 @@ TEST_P(UsageTableHeaderInitializationTest, const uint32_t expect_usage_entry_number = kOverFullUsageEntryInfoVector.size(); EXPECT_CALL(*crypto_session_, CreateUsageEntry(NotNull())) - .WillOnce(DoAll(SetArgPointee<0>(expect_usage_entry_number), - Return(NO_ERROR))); + .WillOnce( + DoAll(SetArgPointee<0>(expect_usage_entry_number), Return(NO_ERROR))); EXPECT_CALL(*crypto_session_, UpdateUsageEntry(NotNull(), NotNull())) .WillOnce( DoAll(SetArgPointee<0>(kAnotherUsageTableHeader), Return(NO_ERROR))); diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 83586654..97873e18 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -2301,13 +2301,17 @@ TEST_F(WvCdmRequestLicenseTest, UnprovisionTest) { CryptoWrappedKey wrapped_private_key; std::string serial_number; uint32_t system_id; - EXPECT_TRUE(handle.RetrieveCertificate( - false, &certificate, &wrapped_private_key, &serial_number, &system_id)); + EXPECT_EQ( + DeviceFiles::kCertificateValid, + handle.RetrieveCertificate(false, &certificate, &wrapped_private_key, + &serial_number, &system_id)); EXPECT_EQ(NO_ERROR, decryptor_->Unprovision(security_level, kDefaultCdmIdentifier)); - EXPECT_FALSE(handle.RetrieveCertificate( - false, &certificate, &wrapped_private_key, &serial_number, &system_id)); + EXPECT_NE( + DeviceFiles::kCertificateValid, + handle.RetrieveCertificate(false, &certificate, &wrapped_private_key, + &serial_number, &system_id)); } TEST_F(WvCdmRequestLicenseTest, ProvisioningInterposedRetryTest) { diff --git a/libwvdrmengine/cdm/util/src/string_conversions.cpp b/libwvdrmengine/cdm/util/src/string_conversions.cpp index e40e6f7e..2b0ba5f1 100644 --- a/libwvdrmengine/cdm/util/src/string_conversions.cpp +++ b/libwvdrmengine/cdm/util/src/string_conversions.cpp @@ -254,7 +254,7 @@ std::vector Base64SafeDecode(const std::string& b64_input) { std::string HexEncode(const uint8_t* in_buffer, unsigned int size) { static const char kHexChars[] = "0123456789ABCDEF"; if (size == 0) return ""; - constexpr unsigned int kMaxSafeSize = 2048; + constexpr unsigned int kMaxSafeSize = 3072; if (size > kMaxSafeSize) size = kMaxSafeSize; // Each input byte creates two output hex characters. std::string out_buffer(size * 2, '\0');