From b21be96b1bac1553e4f1aa4e76991eb5e6e04e4a Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Sun, 14 Mar 2021 13:11:21 -0700 Subject: [PATCH] Verify DRM certificate validity [ Merge of http://go/wvgerrit/120123 ] DRM certificate creation and expiration times are now validated. * New DRM (default) certificates will have an expiration time specified by the provisioning service. When stored, the client will include the time the certificate was received. This allows for expiration calculation to occur when client and provisioning service clocks are out of sync. When read out, creation, expiration and acquisition times are validated. The certificate is checked for expiry by making sure that the time at the client since the license was acquired is not greater than the expiration period. The time information stored at the client may be tampered with. The license service will perform an expiration check and reject the license request if tampered with. The expiration time may be set to never expires/unlimited. This is not a valid value for creation or acquisition time. * Pre-existing (legacy) certificates from upgrading devices will not have an expiration time set by the provisioning service. Instead the client will calculate an expiration time 6 months with + or - a random two month period in the future. This is stored along with the certificate. When read out, if no expiration time has been set by the client, one will be calculated and written out. The certificate will be declared as valid. If a client calculated expiration time is present, the certificate will be validated. In case of tampering, the license service can reject license requests and force reprovisioning when appropriate. * ATSC certificates will continue to not have an expiration time. No additional validation is required. Other changes for non-ATSC licenses involve managing both default and legacy certificate co-existance. When checking for DRM certificates, the default certificate is attempted first. This is followed by a check for the legacy certificate, if the default certificate is not present. Bug: 169740403 Test: WV unit/integration tests DeviceFilesTest.StoreCertificateInvalidParams DeviceFilesTest.RetrieveAtscCertificate DeviceFilesTest.RetrieveAtscCertificateNotFound DeviceFilesTest.RetrieveCertificateInvalidParams DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime DeviceFilesTest.RetrieveCertificateWithoutKeyType DeviceFilesTest.RetrieveDefaultCertificate DeviceFilesTest.RetrieveDefaultCertificateNeverExpires DeviceFilesTest.HasCertificateAtsc DeviceFilesTest.HasCertificateDefault DeviceFilesTest.HasCertificateLegacy DeviceFilesTest.HasCertificateNone CertificateTest.StoreCertificateTest.DefaultAndLegacy/* CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/* CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/* Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd --- .../cdm/core/include/device_files.h | 80 +- libwvdrmengine/cdm/core/src/cdm_session.cpp | 6 +- .../cdm/core/src/certificate_provisioning.cpp | 14 + libwvdrmengine/cdm/core/src/device_files.cpp | 369 +++- .../cdm/core/test/cdm_session_unittest.cpp | 16 +- .../cdm/core/test/device_files_unittest.cpp | 1910 ++++++++++++++++- .../core/test/usage_table_header_unittest.cpp | 97 +- .../cdm/test/request_license_test.cpp | 12 +- .../cdm/util/src/string_conversions.cpp | 2 +- 9 files changed, 2319 insertions(+), 187 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/device_files.h b/libwvdrmengine/cdm/core/include/device_files.h index b760d453..9dcf8143 100644 --- a/libwvdrmengine/cdm/core/include/device_files.h +++ b/libwvdrmengine/cdm/core/include/device_files.h @@ -23,6 +23,8 @@ namespace wvcdm { class FileSystem; +using video_widevine_client::sdk::DeviceCertificate; + class DeviceFiles { public: typedef enum { @@ -31,6 +33,24 @@ class DeviceFiles { kLicenseStateUnknown, } LicenseState; + typedef enum { + kCertificateValid, + kCertificateExpired, + kCertificateNotFound, + kCertificateInvalid, + kCannotHandle, + } CertificateState; + + // |kCertificateDefault| includes an expiration time set by the provisioning + // service. This will replace any legacy certificates, if a forced + // reprovisioning happens at the client or by the license service. + // ATSC certificates are unaffected and have an unlimited lifetime. + typedef enum { + kCertificateDefault, + kCertificateLegacy, + kCertificateAtsc, + } CertificateType; + // All error response codes start with 5000 to avoid overlap with other error // spaces. enum ResponseType { @@ -100,12 +120,19 @@ class DeviceFiles { // and used but not written or removed. virtual bool StoreCertificate(const std::string& certificate, const CryptoWrappedKey& private_key); - virtual bool RetrieveCertificate(bool atsc_mode_enabled, - std::string* certificate, - CryptoWrappedKey* private_key, - std::string* serial_number, - uint32_t* system_id); + virtual CertificateState RetrieveCertificate(bool atsc_mode_enabled, + std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id); virtual bool HasCertificate(bool atsc_mode_enabled); + // Retrieves the legacy DRM certificate without performing expiry + // related validation. Use this only when restoring/releasing + // licenses/usage entries + virtual bool RetrieveLegacyCertificate(std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id); virtual bool RemoveCertificate(); virtual bool StoreLicense(const CdmLicenseData& license_data, @@ -247,6 +274,21 @@ class DeviceFiles { virtual bool DeleteUsageTableInfo(); private: + // This method will retrieve the certificate and perform expiry validation + // appropriate for a given certificate type + CertificateState RetrieveCertificate(CertificateType certificate_type, + std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id); + bool HasCertificate(CertificateType certificate_type); + bool SetDeviceCertificate(const std::string& certificate, + const CryptoWrappedKey& wrapped_private_key, + DeviceCertificate* mutable_device_certificate); + bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate, + std::string* certificate, + CryptoWrappedKey* wrapped_private_key); + // Helpers that wrap the File interface and automatically handle hashing, as // well as adding the device files base path to to the file name. ResponseType StoreFileWithHash(const std::string& name, @@ -260,7 +302,8 @@ class DeviceFiles { bool RemoveFile(const std::string& name); ssize_t GetFileSize(const std::string& name); - static std::string GetCertificateFileName(bool atsc_mode_enabled); + static bool GetCertificateFileName(CertificateType certificate_type, + std::string* certificate_file_name); static std::string GetHlsAttributesFileNameExtension(); static std::string GetLicenseFileNameExtension(); static std::string GetUsageTableFileName(); @@ -268,18 +311,28 @@ class DeviceFiles { #if defined(UNIT_TEST) FRIEND_TEST(DeviceFilesSecurityLevelTest, SecurityLevel); - FRIEND_TEST(DeviceCertificateTest, StoreCertificate); FRIEND_TEST(DeviceCertificateTest, ReadCertificate); - FRIEND_TEST(DeviceCertificateTest, ReadCertificateWithoutKeyType); - FRIEND_TEST(DeviceCertificateTest, HasCertificate); FRIEND_TEST(DeviceFilesStoreTest, StoreLicense); FRIEND_TEST(DeviceFilesHlsAttributesTest, Delete); FRIEND_TEST(DeviceFilesHlsAttributesTest, Read); FRIEND_TEST(DeviceFilesHlsAttributesTest, Store); - FRIEND_TEST(DeviceFilesTest, DeleteLicense); - FRIEND_TEST(DeviceFilesTest, ReserveLicenseIdsDoesNotUseFileSystem); - FRIEND_TEST(DeviceFilesTest, RetrieveLicenses); FRIEND_TEST(DeviceFilesTest, AppParametersBackwardCompatibility); + FRIEND_TEST(DeviceFilesTest, DeleteLicense); + FRIEND_TEST(DeviceFilesTest, HasCertificateAtsc); + FRIEND_TEST(DeviceFilesTest, HasCertificateDefault); + FRIEND_TEST(DeviceFilesTest, HasCertificateLegacy); + FRIEND_TEST(DeviceFilesTest, HasCertificateNone); + FRIEND_TEST(DeviceFilesTest, ReserveLicenseIdsDoesNotUseFileSystem); + FRIEND_TEST(DeviceFilesTest, RetrieveAtscCertificate); + FRIEND_TEST(DeviceFilesTest, RetrieveAtscCertificateNotFound); + FRIEND_TEST(DeviceFilesTest, RetrieveCertificateWithoutKeyType); + FRIEND_TEST(DeviceFilesTest, RetrieveDefaultCertificate); + FRIEND_TEST(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires); + FRIEND_TEST(DeviceFilesTest, + RetrieveLegacyCertificateWithClientExpirationTime); + FRIEND_TEST(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime); + FRIEND_TEST(DeviceFilesTest, RetrieveLicenses); + FRIEND_TEST(DeviceFilesTest, StoreCertificateInvalidParams); FRIEND_TEST(DeviceFilesTest, StoreLicenses); FRIEND_TEST(DeviceFilesTest, UpdateLicenseState); FRIEND_TEST(DeviceFilesUsageInfoTest, Delete); @@ -289,6 +342,9 @@ class DeviceFiles { FRIEND_TEST(DeviceFilesUsageTableTest, Read); FRIEND_TEST(DeviceFilesUsageTableTest, Store); FRIEND_TEST(DeviceFilesUsageTableTest, ReadWithoutLruData); + FRIEND_TEST(RetrieveDefaultCertificateTest, ErrorScenarios); + FRIEND_TEST(RetrieveLegacyCertificateTest, ErrorScenarios); + FRIEND_TEST(StoreCertificateTest, DefaultAndLegacy); FRIEND_TEST(WvCdmRequestLicenseTest, UnprovisionTest); FRIEND_TEST(WvCdmRequestLicenseTest, ForceL3Test); FRIEND_TEST(WvCdmRequestLicenseTest, UsageInfoRetryTest); diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index 3091a723..4fa9f897 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -188,9 +188,9 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set, bool atsc_mode_enabled = false; if (cdm_client_property_set != nullptr) atsc_mode_enabled = cdm_client_property_set->use_atsc_mode(); - if (!file_handle_->RetrieveCertificate(atsc_mode_enabled, &client_token, - &private_key, &serial_number, - nullptr)) { + if (file_handle_->RetrieveCertificate( + atsc_mode_enabled, &client_token, &private_key, &serial_number, + nullptr) != DeviceFiles::kCertificateValid) { return NEED_PROVISIONING; } CdmResponseType load_cert_sts; diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index 27e01b9f..86be4100 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -15,6 +15,8 @@ #include "string_conversions.h" #include "wv_cdm_constants.h" +#include "clock.h" + namespace { const std::string kEmptyString; @@ -538,6 +540,18 @@ bool CertificateProvisioning::ExtractDeviceInfo( ? drm_certificate.expiration_time_seconds() : INVALID_TIME; } + /* + Clock clock; + //drm_certificate.set_expiration_time_seconds(clock.GetCurrentTime() + 10*365.25*24*60*60); + drm_certificate.set_creation_time_seconds(-5); + std::string serialized_drm_certificate; + drm_certificate.SerializeToString(&serialized_drm_certificate); + signed_drm_certificate.set_drm_certificate(serialized_drm_certificate); + std::string serialized_signed_drm_certificate; + signed_drm_certificate.SerializeToString(&serialized_signed_drm_certificate); + LOGE("serialized_signed_drm_certificate: (%zu) %s", serialized_signed_drm_certificate.size(), b2a_hex(serialized_signed_drm_certificate).c_str()); + */ + return true; } diff --git a/libwvdrmengine/cdm/core/src/device_files.cpp b/libwvdrmengine/cdm/core/src/device_files.cpp index 8fcea5e8..06ec4d9f 100644 --- a/libwvdrmengine/cdm/core/src/device_files.cpp +++ b/libwvdrmengine/cdm/core/src/device_files.cpp @@ -4,12 +4,15 @@ #include "device_files.h" +#include #include #include #include +#include "cdm_random.h" #include "certificate_provisioning.h" +#include "clock.h" #include "file_store.h" #include "license_protocol.pb.h" #include "log.h" @@ -43,6 +46,18 @@ using video_widevine_client::sdk:: // Example: STRINGIFY(this_argument) -> "this_argument" #define STRINGIFY(PARAM...) #PARAM +#define RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(PARAM) \ + if ((PARAM) == nullptr) { \ + LOGE("Output parameter |" STRINGIFY(PARAM) "| not provided"); \ + return DeviceFiles::kCannotHandle; \ + } + +#define RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_UNINITIALIZED() \ + if (!initialized_) { \ + LOGE("Device files is not initialized"); \ + return DeviceFiles::kCannotHandle; \ + } + #define RETURN_FALSE_IF_NULL(PARAM) \ if ((PARAM) == nullptr) { \ LOGE("Output parameter |" STRINGIFY(PARAM) "| not provided"); \ @@ -78,6 +93,7 @@ const char kLicenseFileNameExt[] = ".lic"; const char kEmptyFileName[] = ""; const char kUsageTableFileName[] = "usgtable.bin"; const char kWildcard[] = "*"; +constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60; } // namespace @@ -128,106 +144,259 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate, file.set_version(video_widevine_client::sdk::File::VERSION_1); DeviceCertificate* device_certificate = file.mutable_device_certificate(); - device_certificate->set_certificate(certificate); - device_certificate->set_wrapped_private_key(private_key.key()); - switch (private_key.type()) { - case CryptoWrappedKey::kRsa: - device_certificate->set_key_type(DeviceCertificate::RSA); - break; - case CryptoWrappedKey::kEcc: - device_certificate->set_key_type(DeviceCertificate::ECC); - break; - case CryptoWrappedKey::kUninitialized: // Suppress compiler warnings. - default: - LOGE("Unexpected key type"); - return false; + + int64_t creation_time_seconds; + int64_t expiration_time_seconds; + uint32_t system_id; + + if (!CertificateProvisioning::ExtractDeviceInfo( + certificate, nullptr, &system_id, &creation_time_seconds, + &expiration_time_seconds)) + return false; + + if (creation_time_seconds <= 0) { + LOGE("Invalid certificate creation time %" PRId64, creation_time_seconds); + return false; + } + + const bool default_certificate = expiration_time_seconds >= 0; + + if (!SetDeviceCertificate(certificate, private_key, device_certificate)) + return false; + + if (default_certificate) { + Clock clock; + device_certificate->set_acquisition_time_seconds(clock.GetCurrentTime()); + } else { + // Since certificates of type kCertificateAtsc are not allowed to be + // stored, this is a certificate of type kCertificateLegacy. + // The only time when a legacy certificate is stored is when it does not + // have an expiration time. Set expiration time to 6 months +- 2 months. + Clock clock; + const int64_t current_time = clock.GetCurrentTime(); + CdmRandomGenerator rng(current_time & 0xffffffff); + + device_certificate->set_expiration_time_seconds( + current_time + kFourMonthsInSeconds + + rng.RandomInRange(kFourMonthsInSeconds)); } std::string serialized_file; file.SerializeToString(&serialized_file); - return StoreFileWithHash(GetCertificateFileName(false), serialized_file) == - kNoError; + std::string certificate_file_name; + const CertificateType certificate_type = + default_certificate ? kCertificateDefault : kCertificateLegacy; + if (!GetCertificateFileName(certificate_type, &certificate_file_name)) { + LOGE("Unable to get certificate file name of type: %d", certificate_type); + return false; + } + return StoreFileWithHash(certificate_file_name, serialized_file) == kNoError; } -bool DeviceFiles::RetrieveCertificate(bool atsc_mode_enabled, - std::string* certificate, - CryptoWrappedKey* private_key, - std::string* serial_number, - uint32_t* system_id) { - RETURN_FALSE_IF_UNINITIALIZED(); - RETURN_FALSE_IF_NULL(certificate); - RETURN_FALSE_IF_NULL(private_key); +DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate( + bool atsc_mode_enabled, std::string* certificate, + CryptoWrappedKey* private_key, std::string* serial_number, + uint32_t* system_id) { + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_UNINITIALIZED(); + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(certificate); + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(private_key); if (!HasCertificate(atsc_mode_enabled)) { - return false; + LOGW("Unable to find certificate, atsc mode: %s", + atsc_mode_enabled ? "enabled" : "disabled"); + return kCertificateNotFound; + } + + if (atsc_mode_enabled) + return RetrieveCertificate(kCertificateAtsc, certificate, private_key, + serial_number, system_id); + + if (HasCertificate(kCertificateDefault)) + return RetrieveCertificate(kCertificateDefault, certificate, private_key, + serial_number, system_id); + + return RetrieveCertificate(kCertificateLegacy, certificate, private_key, + serial_number, system_id); +} + +DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate( + CertificateType certificate_type, std::string* certificate, + CryptoWrappedKey* wrapped_private_key, std::string* serial_number, + uint32_t* system_id) { + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(certificate); + RETURN_CERTIFICATE_STATE_CANNOT_HANDLE_IF_NULL(wrapped_private_key); + + std::string certificate_file_name; + if (!GetCertificateFileName(certificate_type, &certificate_file_name)) { + LOGW("Unable to find certificate file name for type: %d", certificate_type); + return kCannotHandle; } video_widevine_client::sdk::File file; - if (RetrieveHashedFile(GetCertificateFileName(atsc_mode_enabled), &file) != - kNoError) { + if (RetrieveHashedFile(certificate_file_name, &file) != kNoError) { LOGW("Unable to retrieve certificate file"); - return false; + return kCertificateNotFound; } if (file.type() != video_widevine_client::sdk::File::DEVICE_CERTIFICATE) { LOGE("Certificate file is of incorrect file type: type = %d", static_cast(file.type())); - return false; + return kCertificateInvalid; } if (file.version() != video_widevine_client::sdk::File::VERSION_1) { LOGE("Certificate file is of incorrect file version: version = %d", static_cast(file.version())); - return false; + return kCertificateInvalid; } if (!file.has_device_certificate()) { LOGE("Certificate not present"); - return false; + return kCertificateInvalid; } - DeviceCertificate device_certificate = file.device_certificate(); - *certificate = device_certificate.certificate(); - private_key->Clear(); - private_key->set_key(device_certificate.wrapped_private_key()); - if (device_certificate.has_key_type()) { - const DeviceCertificate::PrivateKeyType key_type = - device_certificate.key_type(); - switch (key_type) { - case DeviceCertificate::RSA: - private_key->set_type(CryptoWrappedKey::kRsa); - break; - case DeviceCertificate::ECC: - private_key->set_type(CryptoWrappedKey::kEcc); - break; - default: - LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type); - private_key->set_type(CryptoWrappedKey::kRsa); - break; + const DeviceCertificate& device_certificate = file.device_certificate(); + + if (!ExtractFromDeviceCertificate(device_certificate, certificate, + wrapped_private_key)) { + LOGE("Unable to extract from device certificate"); + return kCertificateInvalid; + } + + int64_t creation_time_seconds; + int64_t expiration_time_seconds; + + if (!CertificateProvisioning::ExtractDeviceInfo( + device_certificate.certificate(), serial_number, system_id, + &creation_time_seconds, &expiration_time_seconds)) + return kCertificateInvalid; + + Clock clock; + const int64_t current_time = clock.GetCurrentTime(); + + switch (certificate_type) { + case kCertificateDefault: { + // Validation check for DRM certificate that includes an expiration + // time set by the provisioning service. Since provisioning and + // client clocks may not be in sync, verify by comparing time + // elapsed since license was acquired with expiration period. + // First verify that all the fields are set to valid values. + // The service will validate certificate expiration so tampering of + // time values at the client is not a concern. + if (creation_time_seconds <= 0) { + LOGE("Invalid creation time of default certificate: %" PRId64, + creation_time_seconds); + return kCertificateInvalid; + } + if (expiration_time_seconds < 0) { + LOGE("Invalid expiration time of default certificate: %" PRId64, + expiration_time_seconds); + return kCertificateInvalid; + } + if (expiration_time_seconds == UNLIMITED_DURATION) + return kCertificateValid; + + if (!device_certificate.has_acquisition_time_seconds()) { + LOGE("Acquisition time of default certificate not available"); + return kCertificateInvalid; + } + const int64_t acquisition_time_seconds = + device_certificate.acquisition_time_seconds(); + if (acquisition_time_seconds <= 0) { + LOGE("Invalid acquisition time of default certificate: %" PRId64, + acquisition_time_seconds); + return kCertificateInvalid; + } + + if (current_time < acquisition_time_seconds) { + LOGE("Time not valid: current time: %" PRId64 + ", acquisition time: %" PRId64, + current_time, acquisition_time_seconds); + return kCannotHandle; + } + + if (expiration_time_seconds < creation_time_seconds) { + LOGE("Time not valid: expiration time: %" PRId64 + ", creation time: %" PRId64, + expiration_time_seconds, creation_time_seconds); + return kCertificateInvalid; + } + + if (current_time - acquisition_time_seconds > + expiration_time_seconds - creation_time_seconds) { + return kCertificateExpired; + } + return kCertificateValid; } - } else { - // Possible that device certificate is from V15, in this case, the - // only supported key of at that time was RSA. - LOGD("No key type info, assuming RSA"); - private_key->set_type(CryptoWrappedKey::kRsa); - } - return CertificateProvisioning::ExtractDeviceInfo( - device_certificate.certificate(), serial_number, system_id, nullptr, - nullptr); + case kCertificateLegacy: { + // Validation check for DRM certificate without an expiration + // time set by the provisioning service. Add an expiry time + // within the next 6 months +/- 2 months, if one has not been set. + if (!device_certificate.has_expiration_time_seconds()) { + StoreCertificate(*certificate, *wrapped_private_key); + return kCertificateValid; + } + const int64_t expiration_time_seconds = + device_certificate.expiration_time_seconds(); + if (expiration_time_seconds <= 0) { + LOGE("Invalid expiration time of legacy certificate: %" PRId64, + expiration_time_seconds); + return kCertificateInvalid; + } + + if (current_time > expiration_time_seconds) return kCertificateExpired; + + return kCertificateValid; + } + + case kCertificateAtsc: + // No expiration enforced + return kCertificateValid; + + default: + // Should never happen. This should be detected earlier when fetching + // the file name + LOGE("Invalid certificate type: %d", certificate_type); + return kCertificateInvalid; + } +} + +bool DeviceFiles::RetrieveLegacyCertificate(std::string* certificate, + CryptoWrappedKey* private_key, + std::string* serial_number, + uint32_t* system_id) { + RETURN_FALSE_IF_UNINITIALIZED(); + RETURN_FALSE_IF_NULL(certificate); + RETURN_FALSE_IF_NULL(private_key); + if (!HasCertificate(kCertificateLegacy)) return false; + + const CertificateState state = RetrieveCertificate( + kCertificateLegacy, certificate, private_key, serial_number, system_id); + if (state == kCertificateValid || state == kCertificateExpired) return true; + + return false; } bool DeviceFiles::HasCertificate(bool atsc_mode_enabled) { RETURN_FALSE_IF_UNINITIALIZED(); - return FileExists(GetCertificateFileName(atsc_mode_enabled)); + if (atsc_mode_enabled) return HasCertificate(kCertificateAtsc); + + return HasCertificate(kCertificateDefault) || + HasCertificate(kCertificateLegacy); } bool DeviceFiles::RemoveCertificate() { RETURN_FALSE_IF_UNINITIALIZED() - return RemoveFile(GetCertificateFileName(false)); + std::string certificate_file_name; + if (GetCertificateFileName(kCertificateLegacy, &certificate_file_name)) + RemoveFile(certificate_file_name); + if (GetCertificateFileName(kCertificateDefault, &certificate_file_name)) + return RemoveFile(certificate_file_name); + return true; } bool DeviceFiles::StoreLicense(const CdmLicenseData& license_data, @@ -1086,6 +1255,70 @@ bool DeviceFiles::DeleteUsageTableInfo() { return RemoveFile(GetUsageTableFileName()); } +bool DeviceFiles::HasCertificate(CertificateType certificate_type) { + RETURN_FALSE_IF_UNINITIALIZED(); + + std::string certificate_file_name; + if (!GetCertificateFileName(certificate_type, &certificate_file_name)) + return false; + + return FileExists(certificate_file_name); +} + +bool DeviceFiles::SetDeviceCertificate( + const std::string& certificate, const CryptoWrappedKey& private_key, + DeviceCertificate* mutable_device_certificate) { + RETURN_FALSE_IF_NULL(mutable_device_certificate); + + mutable_device_certificate->set_certificate(certificate); + mutable_device_certificate->set_wrapped_private_key(private_key.key()); + switch (private_key.type()) { + case CryptoWrappedKey::kRsa: + mutable_device_certificate->set_key_type(DeviceCertificate::RSA); + return true; + case CryptoWrappedKey::kEcc: + mutable_device_certificate->set_key_type(DeviceCertificate::ECC); + return true; + case CryptoWrappedKey::kUninitialized: // Suppress compiler warnings. + default: + LOGE("Unexpected key type: %d", private_key.type()); + return false; + } +} + +bool DeviceFiles::ExtractFromDeviceCertificate( + const DeviceCertificate& device_certificate, std::string* certificate, + CryptoWrappedKey* private_key) { + RETURN_FALSE_IF_NULL(certificate); + RETURN_FALSE_IF_NULL(private_key); + + *certificate = device_certificate.certificate(); + private_key->Clear(); + private_key->set_key(device_certificate.wrapped_private_key()); + if (device_certificate.has_key_type()) { + const DeviceCertificate::PrivateKeyType key_type = + device_certificate.key_type(); + switch (key_type) { + case DeviceCertificate::RSA: + private_key->set_type(CryptoWrappedKey::kRsa); + break; + case DeviceCertificate::ECC: + private_key->set_type(CryptoWrappedKey::kEcc); + break; + default: + LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type); + private_key->set_type(CryptoWrappedKey::kRsa); + break; + } + } else { + // Possible that device certificate is from V15, in this case, the + // only supported key of at that time was RSA. + LOGD("No key type info, assuming RSA"); + private_key->set_type(CryptoWrappedKey::kRsa); + } + return true; +} + DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash( const std::string& name, const std::string& serialized_file) { std::string hash = Sha256Hash(serialized_file); @@ -1268,8 +1501,22 @@ ssize_t DeviceFiles::GetFileSize(const std::string& name) { return file_system_->FileSize(path); } -std::string DeviceFiles::GetCertificateFileName(bool atsc_mode_enabled) { - return atsc_mode_enabled ? kAtscCertificateFileName : kCertificateFileName; +bool DeviceFiles::GetCertificateFileName(CertificateType certificate_type, + std::string* file_name) { + RETURN_FALSE_IF_NULL(file_name); + switch (certificate_type) { + case kCertificateDefault: + *file_name = kCertificateFileName; + return true; + case kCertificateLegacy: + *file_name = kLegacyCertificateFileName; + return true; + case kCertificateAtsc: + *file_name = kAtscCertificateFileName; + return true; + default: + return false; + } } std::string DeviceFiles::GetUsageTableFileName() { return kUsageTableFileName; } diff --git a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp index 1822faee..8d9624ae 100644 --- a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp @@ -116,8 +116,10 @@ class MockDeviceFiles : public DeviceFiles { MockDeviceFiles() : DeviceFiles(nullptr) {} MOCK_METHOD1(Init, bool(CdmSecurityLevel)); - MOCK_METHOD5(RetrieveCertificate, bool(bool, std::string*, CryptoWrappedKey*, - std::string*, uint32_t*)); + MOCK_METHOD5(RetrieveCertificate, + DeviceFiles::CertificateState(bool, std::string*, + CryptoWrappedKey*, std::string*, + uint32_t*)); }; class MockUsageTableHeader : public UsageTableHeader { @@ -221,7 +223,7 @@ TEST_F(CdmSessionTest, InitWithBuiltInCertificate) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); @@ -249,7 +251,7 @@ TEST_F(CdmSessionTest, InitWithCertificate) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); @@ -276,7 +278,7 @@ TEST_F(CdmSessionTest, ReInitFail) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); @@ -310,7 +312,7 @@ TEST_F(CdmSessionTest, InitNeedsProvisioning) { EXPECT_CALL(*file_handle_, Init(Eq(level))).WillOnce(Return(true)); EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) - .WillOnce(Return(false)); + .WillOnce(Return(DeviceFiles::kCertificateInvalid)); ASSERT_EQ(NEED_PROVISIONING, cdm_session_->Init(nullptr)); } @@ -331,7 +333,7 @@ TEST_F(CdmSessionTest, UpdateUsageEntry) { EXPECT_CALL(*file_handle_, RetrieveCertificate(false, NotNull(), NotNull(), NotNull(), _)) .WillOnce(DoAll(SetArgPointee<1>(kToken), SetArgPointee<2>(kWrappedKey), - Return(true))); + Return(DeviceFiles::kCertificateValid))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(kWrappedKey)) .InSequence(crypto_session_seq) .WillOnce(Return(NO_ERROR)); diff --git a/libwvdrmengine/cdm/core/test/device_files_unittest.cpp b/libwvdrmengine/cdm/core/test/device_files_unittest.cpp index fc9b8016..a8070f3b 100644 --- a/libwvdrmengine/cdm/core/test/device_files_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/device_files_unittest.cpp @@ -35,7 +35,7 @@ const std::string kEmptyString; // 'public_key': ... 270 bytes, // 'serial_number': '7CB49F987A635E1E0A52184694582D6E', // 'type': 'DRM_USER_DEVICE'}, -// 'signature': ... 256 byts, +// 'signature': ... 256 bytes, // 'signer': { // 'certificate': {'creation_time': '2017-11-17T13:21:39', // 'public_key': ... 270 bytes, @@ -45,7 +45,8 @@ const std::string kEmptyString; // } // Value of |certificate| in DeviceCertFile proto messages // kTestCertificateFileData and kTestCertificateFileWithoutKeyTypeData -const std::string kTestCertificate = a2bs_hex( +// This can be used for both ATSC and Legacy certificate +const std::string kTestCertificateWithoutExpiration = a2bs_hex( "0AEB03080212107CB49F987A635E1E0A52184694582D6E1887C6E1FE05228E023082010A" "0282010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D" "7343553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC7" @@ -88,6 +89,383 @@ const std::string kTestCertificate = a2bs_hex( "A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA" "98383E3CD2ED4830"); +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: 0 +// expiration_time_seconds: unset +const std::string kTestCertificateNoExpirationWithUnlimitedCreationTime = + a2bs_hex( + "0AE703080212107CB49F987A635E1E0A52184694582D6E1800228E023082010A028201" + "0100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758" + "FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C1" + "3E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B27803" + "44DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FA" + "B25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6548511" + "03F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A1" + "85B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D" + "480152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE22" + "35717A44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB5" + "8923F1731860815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B" + "624A92158AC91035041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBB" + "CA2220595267DCA89A2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB" + "1280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52" + "A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB906163" + "2C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE9" + "35FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE" + "93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F06D308178" + "642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB9" + "40299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D2847783338" + "D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A319C33DC" + "1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C61" + "3E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3D" + "F6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4" + "A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF912" + "6C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F" + "8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14A" + "CAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F02" + "0301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD16" + "1947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3" + "970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C372" + "3FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A44BF9218027460DF694E2" + "E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C5" + "1339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560DBA8C38755A4" + "2A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A088136D6E8F4" + "75299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E3447634AB3408" + "F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645" + "A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B25564A73" + "A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558" + "FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: -5 +// expiration_time_seconds: unset +const std::string kTestCertificateWithInvalidCreationTime = a2bs_hex( + "0AEB03080212107CB49F987A635E1E0A52184694582D6E18FBFFFFFF0F228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377" + "B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685" + "DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF5" + "13C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D" + "1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F06D" + "308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4AB2E8D" + "B940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D2847783338D7" + "4F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3" + "C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E" + "349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B9" + "83A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D70" + "5520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC4" + "75C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274" + "C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C362" + "23404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47F" + "B9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB57" + "2AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD9" + "2EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A14" + "3CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A4" + "4BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91" + "E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560" + "DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A0881" + "36D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E3447634AB" + "3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645" + "A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E" + "2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E" + "3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: ~ 03/16/2021 +// expiration_time_seconds: ~ 03/2031 +const std::string kTestCertificateWithFutureExpiration = a2bs_hex( + "0AF103080212107CB49F987A635E1E0A52184694582D6E1887C6E1FE05228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833A" + "A0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE5" + "21308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D" + "8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502E" + "B649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A8" + "9E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D" + "2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A31" + "9C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C" + "613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6" + "860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D920" + "0FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA9" + "3BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C640769053" + "3BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD79" + "3296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4" + "391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E0658" + "1A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9" + "B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FA" + "A6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A866" + "69710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D5" + "3EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A9" + "6BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A5" + "0B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A" + "30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C" + "29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D42" + "6558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: ~ 03/17/2021 +// expiration_time_seconds: 0 +const std::string kTestCertificateNeverExpires = a2bs_hex( + "0AED03080212107CB49F987A635E1E0A52184694582D6E1894AECC8206228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB60001280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6" + "C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09" + "F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D" + "4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E76" + "9E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982" + "F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4AB" + "2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D28477833" + "38D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A319C33DC1C" + "B7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E" + "3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB" + "60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED4" + "5D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA" + "3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B" + "9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107" + "C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7" + "A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184" + "AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6D" + "DFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D9" + "5A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1A" + "D7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F" + "8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA4" + "4560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A" + "088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E34476" + "34AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CED5EA" + "D645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B25564A73" + "A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98" + "383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: ~ 03/07/2021 +// expiration_time_seconds: ~ 03/08/2021 +const std::string kTestCertificateExpired = a2bs_hex( + "0AF103080212107CB49F987A635E1E0A52184694582D6E189EF0968206228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB609E939C82061280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833A" + "A0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE5" + "21308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D" + "8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502E" + "B649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A8" + "9E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D" + "2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A31" + "9C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C" + "613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6" + "860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D920" + "0FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA9" + "3BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C640769053" + "3BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD79" + "3296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4" + "391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E0658" + "1A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9" + "B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FA" + "A6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A866" + "69710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D5" + "3EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A9" + "6BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A5" + "0B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A" + "30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C" + "29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D42" + "6558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: unset +// expiration_time_seconds: ~ 03/08/2031 +const std::string kTestCertificateWithInvalidCreationFutureExpiration = + a2bs_hex( + "0AEB03080212107CB49F987A635E1E0A52184694582D6E228E023082010A0282010100" + "DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D73435534" + "42A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E18" + "4034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD" + "5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25A" + "EE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F8" + "57A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B9" + "7FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D4801" + "52AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE223571" + "7A44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923" + "F1731860815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A" + "92158AC91035041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA22" + "20595267DCA89A2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60FD" + "8AFC98071280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D" + "8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702" + "CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C205" + "00064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D14" + "85253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F0" + "6D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4" + "AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D28" + "47783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A" + "319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0F" + "D8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70" + "BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9A" + "DB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA" + "64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB624" + "07F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E2458" + "59FC0F020301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8" + "E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D" + "81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D" + "2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A44BF921802746" + "0DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B" + "8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560DBA8" + "C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A0881" + "36D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E34476" + "34AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CE" + "D5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E" + "3D426558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: 0 +// expiration_time_seconds: ~2031 +const std::string kTestCertificateWithUnlimitedCreationFutureExpiration = + a2bs_hex( + "0AEB03080212107CB49F987A635E1E0A52184694582D6E228E023082010A0282010100" + "DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D73435534" + "42A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E18" + "4034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD" + "5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25A" + "EE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F8" + "57A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B9" + "7FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D4801" + "52AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE223571" + "7A44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923" + "F1731860815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A" + "92158AC91035041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA22" + "20595267DCA89A2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60AE" + "91FC98071280028CD44E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D" + "8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702" + "CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C205" + "00064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D8DA39E769E8D14" + "85253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502EB649D982F0" + "6D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A89E13D4" + "AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D28" + "47783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A" + "319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0F" + "D8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70" + "BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9A" + "DB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA" + "64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB624" + "07F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E2458" + "59FC0F020301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8" + "E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D" + "81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D" + "2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A86669710A1AD7A44BF921802746" + "0DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B" + "8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A96BE25AA44560DBA8" + "C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A50B23251A0881" + "36D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A30E34476" + "34AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C29CE" + "D5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E" + "3D426558FA98383E3CD2ED4830"); + +// Certificate data: +// Similar to kTestCertificateWithoutExpiration +// creation_time_seconds: 03/17/2021 +// expiration_time_seconds: 03/07/2021 +const std::string kTestCertificateExpiresBeforeCreationTime = a2bs_hex( + "0AF103080212107CB49F987A635E1E0A52184694582D6E18EC95CC8206228E023082010A02" + "82010100DB13F5089C061E8EB62562692B3A06A774A99129BD63445FEC24448D07C30D7343" + "553442A989AF000B7D962033C290D9A81DDCBCF3980512445EB7E6CF544FC1FB3FC758FB9E" + "06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36583C8FDB839C2752C13E184034" + "EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71" + "F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D" + "614974942A36527C62B73A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99" + "713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92" + "67020301000128E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F" + "554B9400E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B" + "10106CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D174" + "06B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408" + "A07C103DF860DC0520C3664EEB60ECB79782061280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7833A" + "A0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0AF1C3EFE5" + "21308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F5EF90C875D5D" + "8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955EBE7362287502E" + "B649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F422ED5ED139A25A8" + "9E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFAE953A99D492F3D" + "2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065802C9B625E5A31" + "9C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B80502043C2A8A0FD8D25C" + "613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6" + "860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D920" + "0FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA9" + "3BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C640769053" + "3BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD79" + "3296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4" + "391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E0658" + "1A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9" + "B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FA" + "A6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A866" + "69710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0FEB3D5" + "3EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E059F9734A9" + "6BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A8838C423D824A5" + "0B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB813B387A10CD2A" + "30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD101EB8A4148B9C" + "29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B16DE370CD9AFB9B" + "25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D42" + "6558FA98383E3CD2ED4830"); + // A Wrapped Private Key // Value of |wrapped_private_key| in DeviceCertFile proto messages // kTestCertificateFileData and kTestCertificateFileWithoutKeyTypeData. @@ -174,11 +552,13 @@ const std::string kTestCertificateFileWithoutKeyTypeData = a2bs_hex( "88EE59BAD141B8FD372BAE67A6FF05C74DAC"); // Structurally valid test certificate device file. -// {'certificate': kTestCertificate, +// {'certificate': kTestCertificateWithoutExpiration, // 'key_type': 'RSA', // 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': unset // } -const std::string kTestCertificateFileData = a2bs_hex( +const std::string kTestCertificateFileDataWithoutExpiration = a2bs_hex( "0AAB0F080110011AA40F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E" "1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A9" "9129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398" @@ -236,6 +616,978 @@ const std::string kTestCertificateFileData = a2bs_hex( "7F035DFB50EC4354D7E068ADFAFAD4081ACA67FD18001220A28ED0C0D4697C870B56192C" "F2AF86D7362398EB250F6A29BE3A0C4887F0D653"); +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': ~2031 +// } +const std::string kTestLegacyCertificateFileDataWithClientExpiration = a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E18" + "87C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8E" + "BF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CD" + "ADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CE" + "D4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F" + "6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955" + "EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F42" + "2ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFA" + "E953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065" + "802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B8050204" + "3C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7A" + "FE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4E" + "F9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2" + "A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A" + "038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E8" + "3D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D" + "68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB0" + "3B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A" + "5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420" + "E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB" + "813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD" + "101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B1" + "6DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA0" + "6ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF86634EE" + "5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D9E6F" + "88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC691530703FE" + "DDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3A7F2" + "9ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC084" + "4BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBC" + "A0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B" + "119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13" + "015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395" + "F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60" + "C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B" + "697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19" + "DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC" + "2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4081A" + "CA67FD180028B7BA8499071220752DEC6BBB7DCB2750411F58DEBA61BFE55AEDC0EE92C3C6" + "BCDBC0C86A75798C"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': ~2020 +// } +const std::string kTestLegacyCertificateFileDataClientExpired = a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E18" + "87C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8E" + "BF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CD" + "ADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CE" + "D4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F" + "6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955" + "EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F42" + "2ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFA" + "E953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065" + "802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B8050204" + "3C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7A" + "FE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4E" + "F9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2" + "A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A" + "038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E8" + "3D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D" + "68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB0" + "3B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A" + "5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420" + "E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB" + "813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD" + "101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B1" + "6DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA0" + "6ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF86634EE" + "5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D9E6F" + "88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC691530703FE" + "DDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3A7F2" + "9ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC084" + "4BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBC" + "A0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B" + "119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13" + "015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395" + "F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60" + "C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B" + "697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19" + "DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC" + "2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4081A" + "CA67FD180028B9A8C2F3051220D2F932E432C200B5B30228317A3BA4A207C429B3F788C072" + "8F1E9615DFDD7A34"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': -5 +// } +const std::string kTestLegacyCertificateFileDataInvalidClientExpiration = + a2bs_hex( + "0AB60F080110011AAF0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7" + "833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0A" + "F1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F" + "5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A379" + "55EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148" + "FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E" + "4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050A" + "AE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A" + "0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5" + "629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014" + "DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E3" + "14386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C" + "763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74F" + "C401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C36223404F" + "2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9" + "D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB" + "572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB" + "6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6" + "DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A8" + "6669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0" + "FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E" + "059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760F" + "CD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA99" + "2A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEAC" + "CB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E" + "7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F521" + "2C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340" + "489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099" + "920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3" + "A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C" + "231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C7D3B8C75CE58" + "8DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA84CD01E335E68" + "AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F8702941409E727691" + "0CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C84CB21AB6E75E" + "59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B697521F386" + "5B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19DBF939" + "4E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC2A" + "81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD408" + "1ACA67FD180028FBFFFFFFFFFFFFFFFF0112201CC3506DE1B3FC6A8DBB4AD85D34B62C" + "7EBA023FAD1AACCDBE1C932CFB6A1369"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataFutureExpiration = a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D6E18" + "87C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD4" + "4E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923" + "A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C" + "4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA6" + "6017898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B55" + "2FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD292093" + "29C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E7" + "1E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE" + "020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A028201" + "0100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027" + "AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C66" + "00562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655" + "851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6AB" + "F7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8" + "F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F02" + "0301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947" + "360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39" + "D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC" + "3E968B6821A91C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963" + "F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6" + "AD56F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A5" + "72125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962" + "760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A52" + "96FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3" + "B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4" + "186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172B" + "C691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4" + "B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E" + "8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EB" + "E7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D" + "4835AC44E39B119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985" + "AFD3677F0D13015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F7" + "50F6954AC395F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC28" + "6DB0BCC14A60C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886" + "406B3B69180B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D6" + "3D5A14E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750" + "C1CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068" + "ADFAFAD4081ACA67FD180020EA80CA820612204DDB25CD2B324880675C1006CB104524B42C" + "9BBA110F0304E6C1E4C6ADF5DA6C"); + +// Structurally valid test certificate device file. +// +// {'certificate': kTestCertificateNeverExpires, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataNeverExpires = a2bs_hex( + "0AB30F080110011AAC0F0AAA0B0AED03080212107CB49F987A635E1E0A52184694582D6E18" + "94AECC8206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB60001280028CD44E12AA7C" + "1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2A" + "C1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE" + "18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898D" + "EE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A3" + "7955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB" + "4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F2" + "0FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE02080112" + "1065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B805" + "02043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C75" + "9B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D" + "904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9A" + "DB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1" + "EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F" + "8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3" + "B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F0203010001" + "28E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D4" + "9C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662" + "ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B68" + "21A91C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F741" + "6420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114" + "C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD17" + "7CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E" + "07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD" + "7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF866" + "34EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D" + "9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC6915307" + "03FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3" + "A7F29ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EE" + "C0844BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDA" + "BFBCA0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44" + "E39B119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F" + "0D13015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954A" + "C395F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC1" + "4A60C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69" + "180B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5" + "BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC" + "5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4" + "081ACA67FD18002094AECC82061220494C9C49993FA8A9F0982FD684A62B99CC442E2AF264" + "CA351478C2BA1077A394"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateExpired +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/12/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataExpired = a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D6E18" + "9EF0968206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB609E939C82061280028CD4" + "4E12AA7C1A8EBF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923" + "A4172C2AC1CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C" + "4B2540BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA6" + "6017898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B55" + "2FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD292093" + "29C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E7" + "1E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE" + "020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A028201" + "0100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027" + "AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C66" + "00562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655" + "851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6AB" + "F7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0" + "C89E6E1F8DB2A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8" + "F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F02" + "0301000128E83D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947" + "360BC8D49C0D68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39" + "D25B2662ECB03B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC" + "3E968B6821A91C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963" + "F21EE6AA220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6" + "AD56F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A5" + "72125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962" + "760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A52" + "96FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3" + "B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4" + "186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172B" + "C691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4" + "B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E" + "8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EB" + "E7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D" + "4835AC44E39B119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985" + "AFD3677F0D13015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F7" + "50F6954AC395F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC28" + "6DB0BCC14A60C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886" + "406B3B69180B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D6" + "3D5A14E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750" + "C1CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068" + "ADFAFAD4081ACA67FD1800209E9FB182061220AB902564B722E023C7F31F485B194969C7D9" + "F4FB6ADB4EEF1312A0F663A3F092"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithInvalidCreationFutureExpiration +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateWithInvalidCreationFutureExpiration = + a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D" + "6E228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129BD63" + "445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E" + "0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9C" + "F1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78" + "471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF8" + "28EB598DA59060D654851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0" + "F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C77" + "69646576696E652E636F6D480152AA01080110001A8101044F554B9400E10B17185036" + "B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B10106CB6C2187F34" + "188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B991B5F915F2ADC" + "EE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D17406B10889" + "B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408A07C" + "103DF860DC0520C3664EEB60FD8AFC98071280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7" + "833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0A" + "F1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F" + "5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A379" + "55EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148" + "FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E" + "4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050A" + "AE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A" + "0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5" + "629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014" + "DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E3" + "14386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C" + "763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74F" + "C401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C36223404F" + "2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9" + "D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB" + "572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB" + "6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6" + "DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A8" + "6669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0" + "FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E" + "059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760F" + "CD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA99" + "2A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEAC" + "CB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E" + "7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F521" + "2C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340" + "489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099" + "920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3" + "A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C" + "231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C7D3B8C75CE58" + "8DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA84CD01E335E68" + "AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F8702941409E727691" + "0CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C84CB21AB6E75E" + "59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B697521F386" + "5B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19DBF939" + "4E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC2A" + "81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD408" + "1ACA67FD180020FD84CC8206122040597EA4CA5BDDB92960D3D616B402EFC44699E3C4" + "DF3E0F78A2D3218C3E3055"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithUnlimitedCreationFutureExpiration +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataCreationTimeUnlimited = + a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D" + "6E228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129BD63" + "445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E" + "0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9C" + "F1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78" + "471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF8" + "28EB598DA59060D654851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0" + "F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C77" + "69646576696E652E636F6D480152AA01080110001A8101044F554B9400E10B17185036" + "B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B10106CB6C2187F34" + "188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B991B5F915F2ADC" + "EE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0D17406B10889" + "B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D12742408A07C" + "103DF860DC0520C3664EEB60AE91FC98071280028CD44E12AA7C1A8EBF88C81A2A54EF" + "D29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CDADD16E41A7" + "833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CED4AB0A" + "F1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F6F" + "5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A379" + "55EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148" + "FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E" + "4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050A" + "AE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A" + "0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5" + "629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014" + "DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E3" + "14386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475C55C608E771C" + "763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B9274C16066F74F" + "C401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A107C36223404F" + "2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE4391BBFA7A47FB9" + "D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06581A019184AB" + "572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C4644F9B3F3FB" + "6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2DA7B68302FAA6" + "DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A91C051CA280A8" + "6669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A5EE4A4D0" + "FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420E05E" + "059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD2" + "4FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760F" + "CD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68" + "D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA99" + "2A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEAC" + "CB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E" + "7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA6095618D647F521" + "2C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979D61AE659E340" + "489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC408B602B0BC099" + "920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC9B30784952B3" + "A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB6681C4689FD276C" + "231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C7D3B8C75CE58" + "8DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA84CD01E335E68" + "AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F8702941409E727691" + "0CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C84CB21AB6E75E" + "59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B697521F386" + "5B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19DBF939" + "4E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC2A" + "81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD408" + "1ACA67FD180020AE8BCC82061220BA04B988A5E9D931946F2AB8FF3E3DD31C630300CD" + "065083437401CD752F8CD2"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithoutExpiration +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataExpirationUnset = a2bs_hex( + "0AB10F080110011AAA0F0AA80B0AEB03080212107CB49F987A635E1E0A52184694582D6E18" + "D991CC8206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A774A99129" + "BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDCBCF398051244" + "5EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2D6043CA9830E0F36" + "583C8FDB839C2752C13E184034EE412BA8A90271295B094255A16319706F4D6C9CF1EBB1B3" + "9BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4F48E79DDFC78471C11B9E99D" + "F98221D6FAB25AEE24574FB02D614974942A36527C62B73A6FB7CA9EF828EB598DA59060D6" + "54851103F857A041E66B2FFB99713D31A64605932833E8CCDA6CF0F888AE6E78EDC9DA0D88" + "A185B97FEB3EA74CF146BE7D9267020301000128E83D3A0C7769646576696E652E636F6D48" + "0152AA01080110001A8101044F554B9400E10B17185036B6A1628EFC61B22166DE2235717A" + "44F953B7928F3415B9D113835B10106CB6C2187F34188723D82ECF95CF5ECAB58923F17318" + "60815999F08BF4BE4A44DB7B991B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC910" + "35041173392B1E495428F0D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A" + "2E57E7D4CA3C62ED6D12742408A07C103DF860DC0520C3664EEB1280028CD44E12AA7C1A8E" + "BF88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1CD" + "ADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540BE18CE" + "D4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA66017898DEE6F" + "6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B552FB4B4A37955" + "EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD29209329C148FB4F42" + "2ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF55C1978F6E71E4548F20FFA" + "E953A99D492F3D2847783338D74F66D2DFEBB50896ACBC4795A81AB4050AAE020801121065" + "802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD005228E023082010A0282010100B8050204" + "3C2A8A0FD8D25C613E1E3E3B5E349F332F04516A7510D38021A5629B9AA027AEAD3C759B7A" + "FE70BED65F3DF6860FF5EB60B983A3FFA33FDE06F3B73014DFC845AB371C6600562E9D904F" + "842B8BA4A5D9200FFA3ED45D705520A5C372A889F9E314386234C6897AE655851FCD9ADB4E" + "F9126C78386EA93BCB25BA3EC475C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE" + "7B95C6407690533BD6890B9274C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2" + "A47841CD0DAD793296A107C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A" + "038BD3E4BBBAE4391BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E8" + "3D1280037E06581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D" + "68009B1C4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB0" + "3B2DA7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA220A" + "5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56F7416420" + "E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667B33B8114C76A" + "8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF789A572125CD24FBB" + "813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540D9C57962760FCD177CDD" + "101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85074186080D68D13CD37E07B1" + "6DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F0E67AC00CA992A5296FAEDAD7AA0" + "6ECD790F1E3D426558FA98383E3CD2ED483012F403B36550E6BEACCB34F6C3B2ABF86634EE" + "5383829C844F9B0C14DCF9A22FE3543CCBA8FD61E21CEE503E7A40B93B07A4186A362D9E6F" + "88DD48D4516635C6D0C253C03F12EFA6095618D647F5212C518C4A6AA7172BC691530703FE" + "DDFDB25ECF885A53FF2B4B98773979D61AE659E340489811512A5C2FD445A4B0AE88A3A7F2" + "9ACE5B01ECF580D0993227BC408B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC084" + "4BC19198ADADE47FB449DC9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBC" + "A0F2C2BFD4FBDDB6681C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B" + "119991EFF6E72C7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13" + "015AD7BEA84CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395" + "F8702941409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60" + "C84CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B69180B" + "697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14E5BA19" + "DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1CA2ABC5DEC" + "2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E068ADFAFAD4081A" + "CA67FD180020D991CC82061220CD90FA6F091C73BA7CC7EF0B777B986F4799DCEB5B03C8BC" + "360092DCC97CEF0A"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateExpiresBeforeCreationTime +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 03/17/2021 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataExpiresBeforeCreationTime = + a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E18EC95CC8206228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60ECB79782061280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD180020EC95CC82061220463AF8A7AE265E06A0BF07C366E6E0" + "52301A32F3A1DA487EA556519910C7534E"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': unset +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeUnset = + a2bs_hex( + "0AB10F080110011AAA0F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD180012205984768E4F372E0DF787C4215A337355CD62B5FC0A" + "EAE8CC5BA82EA29C2E7A01"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': -5 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeInvalid = + a2bs_hex( + "0ABC0F080110011AB50F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD180020FBFFFFFFFFFFFFFFFF011220F653E5406D56276BCB28" + "E9D1F8E9D83233A7AF24476732208AEBD9DD33BD6C41"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': 0 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeUnlimited = + a2bs_hex( + "0AB30F080110011AAC0F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD1800200012207CBD5A3A5258C9FDF467270ACD4F8B10B33FEC" + "3FBCD3409BFB38542C954B9BFD"); + +// Structurally valid test certificate device file. +// {'certificate': kTestCertificateWithFutureExpiration, +// 'key_type': 'RSA', +// 'wrapped_private_key': kTestWrappedPrivateKeyData +// 'acquisition_time_seconds': ~2030 +// 'expiration_time_seconds': unset +// } +const std::string kTestDefaultCertificateFileDataAcquisitionTimeInTheFuture = + a2bs_hex( + "0AB70F080110011AB00F0AAE0B0AF103080212107CB49F987A635E1E0A52184694582D" + "6E1887C6E1FE05228E023082010A0282010100DB13F5089C061E8EB62562692B3A06A7" + "74A99129BD63445FEC24448D07C30D7343553442A989AF000B7D962033C290D9A81DDC" + "BCF3980512445EB7E6CF544FC1FB3FC758FB9E06B6C28562A841E4AE2D3368795C41A2" + "D6043CA9830E0F36583C8FDB839C2752C13E184034EE412BA8A90271295B094255A163" + "19706F4D6C9CF1EBB1B39BA2A7B9B2780344DD5834BF71F4D5185508D2FDFB10419BD4" + "F48E79DDFC78471C11B9E99DF98221D6FAB25AEE24574FB02D614974942A36527C62B7" + "3A6FB7CA9EF828EB598DA59060D654851103F857A041E66B2FFB99713D31A646059328" + "33E8CCDA6CF0F888AE6E78EDC9DA0D88A185B97FEB3EA74CF146BE7D92670203010001" + "28E83D3A0C7769646576696E652E636F6D480152AA01080110001A8101044F554B9400" + "E10B17185036B6A1628EFC61B22166DE2235717A44F953B7928F3415B9D113835B1010" + "6CB6C2187F34188723D82ECF95CF5ECAB58923F1731860815999F08BF4BE4A44DB7B99" + "1B5F915F2ADCEE481E26096AAEC3AC761B624A92158AC91035041173392B1E495428F0" + "D17406B10889B6B701FAF08D2284F95DBBCA2220595267DCA89A2E57E7D4CA3C62ED6D" + "12742408A07C103DF860DC0520C3664EEB60E29D8399071280028CD44E12AA7C1A8EBF" + "88C81A2A54EFD29F8BC6C377B0C11C3404F84D8B9EAD52A0E18E929A4923A4172C2AC1" + "CDADD16E41A7833AA0DE9D09F685DAC9ACC702CB9061632C1C82333A6FB6BC9C4B2540" + "BE18CED4AB0AF1C3EFE521308F3D4CF513C20500064FE935FDDF7BBAC0BA99AA7FA660" + "17898DEE6F6F5EF90C875D5D8DA39E769E8D1485253EEE93A97B35A8EAE8D3213D392B" + "552FB4B4A37955EBE7362287502EB649D982F06D308178642C1F69B12383B050CF60CD" + "29209329C148FB4F422ED5ED139A25A89E13D4AB2E8DB940299D1414AF30DDF0D06AF5" + "5C1978F6E71E4548F20FFAE953A99D492F3D2847783338D74F66D2DFEBB50896ACBC47" + "95A81AB4050AAE020801121065802C9B625E5A319C33DC1CB7C3C6D418E3A5BDD00522" + "8E023082010A0282010100B80502043C2A8A0FD8D25C613E1E3E3B5E349F332F04516A" + "7510D38021A5629B9AA027AEAD3C759B7AFE70BED65F3DF6860FF5EB60B983A3FFA33F" + "DE06F3B73014DFC845AB371C6600562E9D904F842B8BA4A5D9200FFA3ED45D705520A5" + "C372A889F9E314386234C6897AE655851FCD9ADB4EF9126C78386EA93BCB25BA3EC475" + "C55C608E771C763AB02506F9B07252D6ABF7EA64B1EBDE7B95C6407690533BD6890B92" + "74C16066F74FC401EA355F0A02106814D49BF0C89E6E1F8DB2A47841CD0DAD793296A1" + "07C36223404F2BF1FCA16FD0A4B982634DB62407F8F14ACAE3B05A038BD3E4BBBAE439" + "1BBFA7A47FB9D01DE857EA88E5E36EE36E245859FC0F020301000128E83D1280037E06" + "581A019184AB572AFDCADDD03F161CE68200F8E6F8AD161947360BC8D49C0D68009B1C" + "4644F9B3F3FB6DDFD92EF92DE62D41D459D29D81BFAEF3970A3A39D25B2662ECB03B2D" + "A7B68302FAA6DD98D95A143CC8C1CB6ADDA76D2EE9C3723FAF95A29CDC3E968B6821A9" + "1C051CA280A86669710A1AD7A44BF9218027460DF694E2E9270396DF221963F21EE6AA" + "220A5EE4A4D0FEB3D53EB5732F8F91E9A96B3B8BE284C51339EA284D4D0EDD55B6AD56" + "F7416420E05E059F9734A96BE25AA44560DBA8C38755A42A82BD7F88EDD19DF346A667" + "B33B8114C76A8838C423D824A50B23251A088136D6E8F475299D2AFD46CEA51B5CBDF7" + "89A572125CD24FBB813B387A10CD2A30E3447634AB3408F96B9CF3D98896D405F3F540" + "D9C57962760FCD177CDD101EB8A4148B9C29CED5EAD645A95B698F1CDC6E1DB6678B85" + "074186080D68D13CD37E07B16DE370CD9AFB9B25564A73A30E2AF8085EA37D310C474F" + "0E67AC00CA992A5296FAEDAD7AA06ECD790F1E3D426558FA98383E3CD2ED483012F403" + "B36550E6BEACCB34F6C3B2ABF86634EE5383829C844F9B0C14DCF9A22FE3543CCBA8FD" + "61E21CEE503E7A40B93B07A4186A362D9E6F88DD48D4516635C6D0C253C03F12EFA609" + "5618D647F5212C518C4A6AA7172BC691530703FEDDFDB25ECF885A53FF2B4B98773979" + "D61AE659E340489811512A5C2FD445A4B0AE88A3A7F29ACE5B01ECF580D0993227BC40" + "8B602B0BC099920C17044FE66242372C2B2E8CA5C1EEC0844BC19198ADADE47FB449DC" + "9B30784952B3A8131B912CE928070D665C0557EBE7484FDABFBCA0F2C2BFD4FBDDB668" + "1C4689FD276C231B72B15AC4E5C3C088449DE4785F1D4835AC44E39B119991EFF6E72C" + "7D3B8C75CE588DB0B3AD69EB79C19B22CB518EF964C9D985AFD3677F0D13015AD7BEA8" + "4CD01E335E68AF153B989FE8BEEC60A94753C638535FA3F215F750F6954AC395F87029" + "41409E7276910CE11819649641318B5BD1B78DECEADB2B562312CC286DB0BCC14A60C8" + "4CB21AB6E75E59DAFBE701D6405DD3F47D2F8A95422ED8EB5ECE330C9886406B3B6918" + "0B697521F3865B4A05DF2BB51D16CAFEF05866E5D55C360C759F5B10E0D354D63D5A14" + "E5BA19DBF9394E18E474E79063B4E877C2FE6BCA732ED39B091B6D7A21DD9D6D6750C1" + "CA2ABC5DEC2A81B5359771849E7B4560EB6D329E59455A70F57F035DFB50EC4354D7E0" + "68ADFAFAD4081ACA67FD1800208FC2F789071220E3A52D11E90193A9532977A681F032" + "D01C8F97E2EAB6C964A0F207D61499D679"); + +struct CertificateErrorData { + DeviceFiles::CertificateState certificate_state; + std::string file_data; +}; + +const CertificateErrorData kRetrieveLegacyCertificateErrorData[] = { + // Certificate expired based on expiration time set by the client + {DeviceFiles::kCertificateExpired, + kTestLegacyCertificateFileDataClientExpired}, + // Certificate contains an invalid expiration time set by the client + {DeviceFiles::kCertificateInvalid, + kTestLegacyCertificateFileDataInvalidClientExpiration}, +}; + +const CertificateErrorData kRetrieveDefaultCertificateErrorData[] = { + // Certificate expired + {DeviceFiles::kCertificateExpired, kTestDefaultCertificateFileDataExpired}, + // Certificate has a creation time in the future + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateWithInvalidCreationFutureExpiration}, + // Certificate has a never expires creation time + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataCreationTimeUnlimited}, + // Certificate expiration time field is not set + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataExpirationUnset}, + // Certificate expires before creation time + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataExpiresBeforeCreationTime}, + // Certificate acqusition time field is not set + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataAcquisitionTimeUnset}, + // Certificate acqusition time is invalid + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataAcquisitionTimeInvalid}, + // Certificate has a never expires acqusition + {DeviceFiles::kCertificateInvalid, + kTestDefaultCertificateFileDataAcquisitionTimeUnlimited}, + // Certificate acqusition time is in the future + {DeviceFiles::kCannotHandle, + kTestDefaultCertificateFileDataAcquisitionTimeInTheFuture}, +}; + struct LicenseInfo { std::string key_set_id; DeviceFiles::LicenseState license_state; @@ -2139,6 +3491,7 @@ class MockFileSystem : public FileSystem { using ::testing::_; using ::testing::AllArgs; using ::testing::AllOf; +using ::testing::AtLeast; using ::testing::DoAll; using ::testing::Eq; using ::testing::Expectation; @@ -2199,10 +3552,6 @@ class DeviceFilesTest : public ::testing::Test { class DeviceFilesStoreTest : public DeviceFilesTest, public ::testing::WithParamInterface {}; -class DeviceCertificateTest - : public DeviceFilesTest, - public ::testing::WithParamInterface {}; - class DeviceFilesSecurityLevelTest : public DeviceFilesTest, public ::testing::WithParamInterface {}; @@ -2240,13 +3589,55 @@ MATCHER_P(StrAndLenContains, str_vector, "") { return true; } -TEST_F(DeviceCertificateTest, StoreCertificate) { - MockFileSystem file_system; +TEST_F(DeviceFilesTest, StoreCertificateInvalidParams) { const std::string certificate(CdmRandom::RandomData(kCertificateLen)); const CryptoWrappedKey private_key(CryptoWrappedKey::kRsa, CdmRandom::RandomData(kWrappedKeyLen)); + const CryptoWrappedKey empty_private_key; + + MockFileSystem file_system; + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + // Empty parameters + EXPECT_FALSE(device_files.StoreCertificate(kEmptyString, private_key)); + EXPECT_FALSE(device_files.StoreCertificate(certificate, empty_private_key)); + + // Certificate is not a valid Signed DRM certificate + EXPECT_FALSE(device_files.StoreCertificate(certificate, private_key)); + + // Certificate has an invalid creation time (negative or unlimited) + EXPECT_FALSE(device_files.StoreCertificate( + kTestCertificateWithInvalidCreationTime, private_key)); + EXPECT_FALSE(device_files.StoreCertificate( + kTestCertificateNoExpirationWithUnlimitedCreationTime, private_key)); +} + +class StoreCertificateTest + : public DeviceFilesTest, + public ::testing::WithParamInterface {}; + +TEST_P(StoreCertificateTest, DefaultAndLegacy) { + MockFileSystem file_system; + const bool certificate_type_default = GetParam(); /* otherwise legacy */ + + const std::string& certificate = certificate_type_default + ? kTestCertificateWithFutureExpiration + : kTestCertificateWithoutExpiration; + + const CryptoWrappedKey private_key(CryptoWrappedKey::kRsa, + CdmRandom::RandomData(kWrappedKeyLen)); + std::string certificate_file_name; + if (certificate_type_default) { + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + } else { + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + } const std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(false); + device_base_path_ + certificate_file_name; // Call to Open will return a unique_ptr, freeing this object. MockFile* file = new MockFile(); @@ -2264,17 +3655,38 @@ TEST_F(DeviceCertificateTest, StoreCertificate) { EXPECT_TRUE(device_files.StoreCertificate(certificate, private_key)); } -TEST_P(DeviceCertificateTest, ReadCertificate) { +INSTANTIATE_TEST_CASE_P(CertificateTest, StoreCertificateTest, + ::testing::Values(false, true)); + +TEST_F(DeviceFilesTest, RetrieveCertificateInvalidParams) { + std::string certificate, serial_number; + CryptoWrappedKey wrapped_private_key; + uint32_t system_id; + MockFileSystem file_system; - const bool atsc_mode = GetParam(); + DeviceFiles device_files(&file_system); + EXPECT_EQ(DeviceFiles::kCannotHandle, + device_files.RetrieveCertificate(false, &certificate, nullptr, + &serial_number, &system_id)); + EXPECT_EQ( + DeviceFiles::kCannotHandle, + device_files.RetrieveCertificate(false, nullptr, &wrapped_private_key, + &serial_number, &system_id)); +} + +TEST_F(DeviceFilesTest, RetrieveAtscCertificate) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName(DeviceFiles::kCertificateAtsc, + &certificate_file_name)); const std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(atsc_mode); - const std::string data = kTestCertificateFileData; + device_base_path_ + certificate_file_name; + const std::string& data = kTestCertificateFileDataWithoutExpiration; // Call to Open will return a unique_ptr, freeing this object. MockFile* file = new MockFile(); EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) - .Times(2) + .Times(AtLeast(1)) .WillRepeatedly(Return(true)); EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) .WillOnce(Return(data.size())); @@ -2292,34 +3704,369 @@ TEST_P(DeviceCertificateTest, ReadCertificate) { CryptoWrappedKey private_key; std::string serial_number; uint32_t system_id = 0; - ASSERT_TRUE(device_files.RetrieveCertificate( - atsc_mode, &certificate, &private_key, &serial_number, &system_id)); - EXPECT_EQ(kTestCertificate, certificate); + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(true, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); EXPECT_EQ(kTestWrappedKey, private_key); EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); } -TEST_P(DeviceCertificateTest, ReadCertificateWithoutKeyType) { +TEST_F(DeviceFilesTest, RetrieveAtscCertificateNotFound) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName(DeviceFiles::kCertificateAtsc, + &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .WillOnce(Return(false)); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + ASSERT_EQ(DeviceFiles::kCertificateNotFound, + device_files.RetrieveCertificate(true, &certificate, &private_key, + &serial_number, &system_id)); +} + +TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestCertificateFileDataWithoutExpiration; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + MockFile* write_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(data.size())); + // Retrieving the legacy license will cause a read as well as a write + // to fill in a random expiry date ~6 months later if one has not been set + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)) + .WillOnce(Return(write_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + EXPECT_CALL(*write_file, Read(_, _)).Times(0); + EXPECT_CALL(*write_file, Write(_, _)) + .With(AllArgs(StrAndLenContains(std::vector{ + kTestCertificateWithoutExpiration, kTestWrappedKey.key()}))) + .WillOnce(ReturnArg<1>()); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithClientExpirationTime) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestLegacyCertificateFileDataWithClientExpiration; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the legacy certificate. The expiration data is in the future. + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +class RetrieveLegacyCertificateTest + : public DeviceFilesTest, + public ::testing::WithParamInterface {}; + +TEST_P(RetrieveLegacyCertificateTest, ErrorScenarios) { + const int index = GetParam(); + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const CertificateErrorData& param = + kRetrieveLegacyCertificateErrorData[index]; + const std::string& data = param.file_data; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the legacy certificate. The license has expired. + ASSERT_EQ(param.certificate_state, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + + if (param.certificate_state == DeviceFiles::kCertificateExpired) { + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); + } +} + +INSTANTIATE_TEST_CASE_P(CertificateTest, RetrieveLegacyCertificateTest, + ::testing::Range(0, 2)); + +TEST_F(DeviceFilesTest, RetrieveDefaultCertificate) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestDefaultCertificateFileDataFutureExpiration; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the default certificate. It should be available. + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithFutureExpiration, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +TEST_F(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestDefaultCertificateFileDataNeverExpires; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the default certificate. It should be available. + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateNeverExpires, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); +} + +class RetrieveDefaultCertificateTest + : public DeviceFilesTest, + public ::testing::WithParamInterface {}; + +TEST_P(RetrieveDefaultCertificateTest, ErrorScenarios) { + const int index = GetParam(); + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + const CertificateErrorData& param = + kRetrieveDefaultCertificateErrorData[index]; + const std::string& data = param.file_data; + + // Call to Open will return a unique_ptr, freeing this object. + MockFile* read_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(true)); + EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + .WillOnce(Return(data.size())); + EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) + .WillOnce(Return(read_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) + .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), + Return(data.size()))); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); + + std::string certificate; + CryptoWrappedKey private_key; + std::string serial_number; + uint32_t system_id = 0; + + // Retrieve the default certificate. It should be available. + ASSERT_EQ(param.certificate_state, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + if (param.certificate_state == DeviceFiles::kCertificateExpired) { + EXPECT_EQ(kTestCertificateExpired, certificate); + EXPECT_EQ(kTestWrappedKey, private_key); + EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); + } +} + +INSTANTIATE_TEST_CASE_P(CertificateTest, RetrieveDefaultCertificateTest, + ::testing::Range(0, 9)); + +TEST_F(DeviceFilesTest, RetrieveCertificateWithoutKeyType) { // Stored files without an explicit key type should default to RSA. MockFileSystem file_system; - const bool atsc_mode = GetParam(); - const std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(atsc_mode); - const std::string data = kTestCertificateFileWithoutKeyTypeData; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + const std::string& data = kTestCertificateFileWithoutKeyTypeData; // Call to Open will return a unique_ptr, freeing this object. - MockFile* file = new MockFile(); - EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) - .Times(2) + // The file will be re-written with a new client expiration time + MockFile* read_file = new MockFile(); + MockFile* write_file = new MockFile(); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .Times(AtLeast(1)) .WillRepeatedly(Return(true)); - EXPECT_CALL(file_system, FileSize(StrEq(device_certificate_path))) + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .Times(AtLeast(1)) + .WillRepeatedly(Return(false)); + EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) .WillOnce(Return(data.size())); - EXPECT_CALL(file_system, DoOpen(StrEq(device_certificate_path), _)) - .WillOnce(Return(file)); - EXPECT_CALL(*file, Read(NotNull(), Eq(data.size()))) + EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) + .WillOnce(Return(read_file)) + .WillOnce(Return(write_file)); + EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), Return(data.size()))); - EXPECT_CALL(*file, Write(_, _)).Times(0); + EXPECT_CALL(*read_file, Write(_, _)).Times(0); + EXPECT_CALL(*write_file, Read(_, _)).Times(0); + EXPECT_CALL(*write_file, Write(_, _)) + .With(AllArgs(StrAndLenContains(std::vector{ + kTestCertificateWithoutExpiration, kTestWrappedKey.key()}))) + .WillOnce(ReturnArg<1>()); DeviceFiles device_files(&file_system); EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); @@ -2328,18 +4075,21 @@ TEST_P(DeviceCertificateTest, ReadCertificateWithoutKeyType) { CryptoWrappedKey private_key; std::string serial_number; uint32_t system_id = 0; - ASSERT_TRUE(device_files.RetrieveCertificate( - atsc_mode, &certificate, &private_key, &serial_number, &system_id)); - EXPECT_EQ(kTestCertificate, certificate); + ASSERT_EQ(DeviceFiles::kCertificateValid, + device_files.RetrieveCertificate(false, &certificate, &private_key, + &serial_number, &system_id)); + EXPECT_EQ(kTestCertificateWithoutExpiration, certificate); EXPECT_EQ(kTestWrappedKey, private_key); EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); } -TEST_P(DeviceCertificateTest, HasCertificate) { +TEST_F(DeviceFilesTest, HasCertificateAtsc) { MockFileSystem file_system; - bool atsc_mode = GetParam(); - std::string device_certificate_path = - device_base_path_ + DeviceFiles::GetCertificateFileName(atsc_mode); + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName(DeviceFiles::kCertificateAtsc, + &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) .WillOnce(Return(false)) @@ -2350,26 +4100,92 @@ TEST_P(DeviceCertificateTest, HasCertificate) { ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); // MockFile returns false. - EXPECT_FALSE(device_files.HasCertificate(atsc_mode)); + EXPECT_FALSE(device_files.HasCertificate(true)); // MockFile returns true. - EXPECT_TRUE(device_files.HasCertificate(atsc_mode)); + EXPECT_TRUE(device_files.HasCertificate(true)); } -INSTANTIATE_TEST_CASE_P(AtscMode, DeviceCertificateTest, - ::testing::Values(false, true)); +TEST_F(DeviceFilesTest, HasCertificateDefault) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_certificate_path))) + .WillOnce(Return(true)); + EXPECT_CALL(file_system, DoOpen(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); + + EXPECT_TRUE(device_files.HasCertificate(false)); +} + +TEST_F(DeviceFilesTest, HasCertificateLegacy) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .WillOnce(Return(false)); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(true)); + EXPECT_CALL(file_system, DoOpen(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); + + EXPECT_TRUE(device_files.HasCertificate(false)); +} + +TEST_F(DeviceFilesTest, HasCertificateNone) { + MockFileSystem file_system; + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_default_certificate_path = + device_base_path_ + certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateLegacy, &certificate_file_name)); + const std::string device_legacy_certificate_path = + device_base_path_ + certificate_file_name; + + EXPECT_CALL(file_system, Exists(StrEq(device_default_certificate_path))) + .WillOnce(Return(false)); + EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) + .WillOnce(Return(false)); + EXPECT_CALL(file_system, DoOpen(_, _)).Times(0); + + DeviceFiles device_files(&file_system); + ASSERT_TRUE(device_files.Init(kSecurityLevelL1)); + + EXPECT_FALSE(device_files.HasCertificate(false)); +} TEST_P(DeviceFilesSecurityLevelTest, SecurityLevel) { + CdmSecurityLevel security_level = GetParam(); MockFileSystem file_system; - std::string certificate(CdmRandom::RandomData(kCertificateLen)); + std::string certificate(kTestCertificateWithFutureExpiration); const CryptoWrappedKey private_key(CryptoWrappedKey::kRsa, CdmRandom::RandomData(kWrappedKeyLen)); - CdmSecurityLevel security_level = GetParam(); std::string device_base_path; ASSERT_TRUE( Properties::GetDeviceFilesBasePath(security_level, &device_base_path)); - std::string device_certificate_path = - device_base_path + DeviceFiles::GetCertificateFileName(false); + std::string certificate_file_name; + EXPECT_TRUE(DeviceFiles::GetCertificateFileName( + DeviceFiles::kCertificateDefault, &certificate_file_name)); + const std::string device_certificate_path = + device_base_path + certificate_file_name; // Call to Open will return a unique_ptr, freeing this object. MockFile* file = new MockFile(); diff --git a/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp b/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp index bfa0fae4..c86dbdd2 100644 --- a/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp @@ -168,28 +168,28 @@ const size_t kUsageInfoFileArraySize = ArraySize(kUsageInfoFileArray); std::vector kUsageInfoFileList; const DeviceFiles::CdmUsageData kCdmUsageData1 = { - /* provider_session_token = */ "provider_session_token_1", - /* license_request = */ "license_request_1", - /* license = */ "license_1", - /* key_set_id = */ "key_set_id_1", - /* usage_entry = */ "usage_entry_1", - /* usage_entry_number = */ 0, + /* provider_session_token = */ "provider_session_token_1", + /* license_request = */ "license_request_1", + /* license = */ "license_1", + /* key_set_id = */ "key_set_id_1", + /* usage_entry = */ "usage_entry_1", + /* usage_entry_number = */ 0, }; const DeviceFiles::CdmUsageData kCdmUsageData2 = { - /* provider_session_token = */ "provider_session_token_2", - /* license_request = */ "license_request_2", - /* license = */ "license_2", - /* key_set_id = */ "key_set_id_2", - /* usage_entry = */ "usage_entry_2", - /* usage_entry_number = */ 0, + /* provider_session_token = */ "provider_session_token_2", + /* license_request = */ "license_request_2", + /* license = */ "license_2", + /* key_set_id = */ "key_set_id_2", + /* usage_entry = */ "usage_entry_2", + /* usage_entry_number = */ 0, }; const DeviceFiles::CdmUsageData kCdmUsageData3 = { - /* provider_session_token = */ "provider_session_token_3", - /* license_request = */ "license_request_3", - /* license = */ "license_3", - /* key_set_id = */ "key_set_id_3", - /* usage_entry = */ "usage_entry_3", - /* usage_entry_number = */ 0, + /* provider_session_token = */ "provider_session_token_3", + /* license_request = */ "license_request_3", + /* license = */ "license_3", + /* key_set_id = */ "key_set_id_3", + /* usage_entry = */ "usage_entry_3", + /* usage_entry_number = */ 0, }; const std::vector kEmptyUsageInfoUsageDataList; @@ -366,8 +366,8 @@ void InitVectorConstants() { } } -void ToVector(std::vector& vec, - const CdmUsageEntryInfo* arr, size_t total_size) { +void ToVector(std::vector& vec, const CdmUsageEntryInfo* arr, + size_t total_size) { size_t max = total_size / sizeof(CdmUsageEntryInfo); vec.clear(); for (size_t i = 0; i < max; i++) { @@ -415,8 +415,7 @@ class MockDeviceFiles : public DeviceFiles { const std::string&, const CdmUsageEntry&, uint32_t)); MOCK_METHOD2(RetrieveUsageInfo, bool(const std::string&, std::vector*)); - MOCK_METHOD1(ListLicenses, - bool(std::vector* key_set_ids)); + MOCK_METHOD1(ListLicenses, bool(std::vector* key_set_ids)); MOCK_METHOD1(ListUsageInfoFiles, bool(std::vector* usage_info_files)); @@ -468,34 +467,31 @@ class MockCryptoSession : public TestCryptoSession { // Partial mock of the UsageTableHeader. This is to test when dependency // exist on internal methods which would require complex expectations class MockUsageTableHeader : public UsageTableHeader { - public: - MockUsageTableHeader() : UsageTableHeader() {} - MOCK_METHOD4(InvalidateEntry, CdmResponseType(uint32_t, bool, DeviceFiles*, - metrics::CryptoMetrics*)); - MOCK_METHOD6(AddEntry, - CdmResponseType(CryptoSession*, bool, const CdmKeySetId&, - const std::string&, const CdmKeyResponse&, - uint32_t*)); + public: + MockUsageTableHeader() : UsageTableHeader() {} + MOCK_METHOD4(InvalidateEntry, CdmResponseType(uint32_t, bool, DeviceFiles*, + metrics::CryptoMetrics*)); + MOCK_METHOD6(AddEntry, CdmResponseType(CryptoSession*, bool, + const CdmKeySetId&, const std::string&, + const CdmKeyResponse&, uint32_t*)); - CdmResponseType SuperAddEntry(CryptoSession* crypto_session, - bool persistent_license, - const CdmKeySetId& key_set_id, - const std::string& usage_info_filename, - const CdmKeyResponse& license_message, - uint32_t* usage_entry_number) { - return UsageTableHeader::AddEntry(crypto_session, persistent_license, - key_set_id, usage_info_filename, - license_message, usage_entry_number); - } + CdmResponseType SuperAddEntry(CryptoSession* crypto_session, + bool persistent_license, + const CdmKeySetId& key_set_id, + const std::string& usage_info_filename, + const CdmKeyResponse& license_message, + uint32_t* usage_entry_number) { + return UsageTableHeader::AddEntry(crypto_session, persistent_license, + key_set_id, usage_info_filename, + license_message, usage_entry_number); + } }; } // namespace class UsageTableHeaderTest : public WvCdmTestBase { public: - static void SetUpTestCase() { - InitVectorConstants(); - } + static void SetUpTestCase() { InitVectorConstants(); } // Useful when UsageTableHeader is mocked void InvalidateEntry(uint32_t usage_entry_number, bool, DeviceFiles*, @@ -591,10 +587,7 @@ class UsageTableHeaderInitializationTest : public UsageTableHeaderTest, public ::testing::WithParamInterface { public: - static void SetUpTestCase() { - InitVectorConstants(); - } - + static void SetUpTestCase() { InitVectorConstants(); } }; TEST_P(UsageTableHeaderInitializationTest, CreateUsageTableHeader) { @@ -629,7 +622,7 @@ TEST_P(UsageTableHeaderInitializationTest, Upgrade_UnableToRetrieveLicenses) { .WillOnce( DoAll(SetArgPointee<1>(kEmptyUsageTableHeader), Return(NO_ERROR))); // TODO: Why not being called? - //EXPECT_CALL(*device_files_, DeleteAllLicenses()).WillOnce(Return(true)); + // EXPECT_CALL(*device_files_, DeleteAllLicenses()).WillOnce(Return(true)); EXPECT_CALL(*device_files_, StoreUsageTableInfo(kEmptyUsageTableHeader, kEmptyUsageEntryInfoVector)) .WillOnce(Return(true)); @@ -763,8 +756,8 @@ TEST_P(UsageTableHeaderInitializationTest, const SecurityLevel security_level = (GetParam() == kSecurityLevelL3) ? kLevel3 : kLevelDefault; - EXPECT_CALL(*crypto_session_, - Open(security_level)).WillOnce(Return(NO_ERROR)); + EXPECT_CALL(*crypto_session_, Open(security_level)) + .WillOnce(Return(NO_ERROR)); EXPECT_CALL(*crypto_session_, LoadUsageTableHeader(security_level, kUsageTableHeader)) .WillOnce(Return(NO_ERROR)); @@ -847,8 +840,8 @@ TEST_P(UsageTableHeaderInitializationTest, const uint32_t expect_usage_entry_number = kOverFullUsageEntryInfoVector.size(); EXPECT_CALL(*crypto_session_, CreateUsageEntry(NotNull())) - .WillOnce(DoAll(SetArgPointee<0>(expect_usage_entry_number), - Return(NO_ERROR))); + .WillOnce( + DoAll(SetArgPointee<0>(expect_usage_entry_number), Return(NO_ERROR))); EXPECT_CALL(*crypto_session_, UpdateUsageEntry(NotNull(), NotNull())) .WillOnce( DoAll(SetArgPointee<0>(kAnotherUsageTableHeader), Return(NO_ERROR))); diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 83586654..97873e18 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -2301,13 +2301,17 @@ TEST_F(WvCdmRequestLicenseTest, UnprovisionTest) { CryptoWrappedKey wrapped_private_key; std::string serial_number; uint32_t system_id; - EXPECT_TRUE(handle.RetrieveCertificate( - false, &certificate, &wrapped_private_key, &serial_number, &system_id)); + EXPECT_EQ( + DeviceFiles::kCertificateValid, + handle.RetrieveCertificate(false, &certificate, &wrapped_private_key, + &serial_number, &system_id)); EXPECT_EQ(NO_ERROR, decryptor_->Unprovision(security_level, kDefaultCdmIdentifier)); - EXPECT_FALSE(handle.RetrieveCertificate( - false, &certificate, &wrapped_private_key, &serial_number, &system_id)); + EXPECT_NE( + DeviceFiles::kCertificateValid, + handle.RetrieveCertificate(false, &certificate, &wrapped_private_key, + &serial_number, &system_id)); } TEST_F(WvCdmRequestLicenseTest, ProvisioningInterposedRetryTest) { diff --git a/libwvdrmengine/cdm/util/src/string_conversions.cpp b/libwvdrmengine/cdm/util/src/string_conversions.cpp index e40e6f7e..2b0ba5f1 100644 --- a/libwvdrmengine/cdm/util/src/string_conversions.cpp +++ b/libwvdrmengine/cdm/util/src/string_conversions.cpp @@ -254,7 +254,7 @@ std::vector Base64SafeDecode(const std::string& b64_input) { std::string HexEncode(const uint8_t* in_buffer, unsigned int size) { static const char kHexChars[] = "0123456789ABCDEF"; if (size == 0) return ""; - constexpr unsigned int kMaxSafeSize = 2048; + constexpr unsigned int kMaxSafeSize = 3072; if (size > kMaxSafeSize) size = kMaxSafeSize; // Each input byte creates two output hex characters. std::string out_buffer(size * 2, '\0');