Check that KDM validity periods are safely within the validity periods

of the signing certificate chain. This does cause problems when you try to create a KDM for a certificate you just made (due to the fact that certificates always have a start-valid time of "now") but hopefully this can be fixed up in another commit.
author: Carl Hetherington <cth@carlh.net> 2019-12-01 23:13:25 +0100
committer: Carl Hetherington <cth@carlh.net> 2019-12-01 23:13:25 +0100
commit: 9a5809be580c1a12864d751a710f6783363d3de7 (patch)
tree: 2039fc251ed6bb5abcfe2fd6daa2fe572fac144e /test
parent: c78523806e89e4c43015816fcd20db2549992464 (diff)
4 files changed, 272 insertions, 5 deletions
diff --git a/test/encryption_test.cc b/test/encryption_test.cc
index 214bc263..c3590751 100644
--- a/test/encryption_test.cc
+++ b/test/encryption_test.cc
@@ -143,7 +143,7 @@ BOOST_AUTO_TEST_CASE (encryption_test)
 	dcp::DecryptedKDM kdm (
 		cpl,
 		key,
-		dcp::LocalTime ("2013-01-01T00:00:00+00:00"),
+		dcp::LocalTime ("2016-01-01T00:00:00+00:00"),
 		dcp::LocalTime ("2017-01-08T00:00:00+00:00"),
 		"libdcp",
 		"test",
diff --git a/test/kdm_test.cc b/test/kdm_test.cc
index 8dced8ac..bf5c14c5 100644
--- a/test/kdm_test.cc
+++ b/test/kdm_test.cc
@@ -36,6 +36,13 @@
 #include "certificate_chain.h"
 #include "util.h"
 #include "test.h"
+#include "cpl.h"
+#include "mono_picture_asset.h"
+#include "reel_mono_picture_asset.h"
+#include "reel.h"
+#include "file.h"
+#include "types.h"
+#include "picture_asset_writer.h"
 #include <libcxml/cxml.h>
 #include <libxml++/libxml++.h>
 #include <boost/test/unit_test.hpp>
@@ -227,3 +234,53 @@ BOOST_AUTO_TEST_CASE (kdm_forensic_test5)
 	cxml::ConstNodePtr forensic = kdm_forensic_test(doc, false, optional<int>());
 	BOOST_CHECK (!forensic);
 }
+
+/** Check that KDM validity periods are checked for being within the certificate validity */
+BOOST_AUTO_TEST_CASE (validity_period_test1)
+{
+	shared_ptr<dcp::CertificateChain> signer(new dcp::CertificateChain(dcp::file_to_string("test/data/certificate_chain")));
+	signer->set_key(dcp::file_to_string("test/data/private.key"));
+
+	shared_ptr<dcp::MonoPictureAsset> asset (new dcp::MonoPictureAsset(dcp::Fraction(24, 1), dcp::SMPTE));
+	asset->set_key (dcp::Key());
+	shared_ptr<dcp::PictureAssetWriter> writer = asset->start_write ("build/test/validity_period_test1.mxf", false);
+	dcp::File frame ("test/data/32x32_red_square.j2c");
+	writer->write (frame.data(), frame.size());
+	shared_ptr<dcp::Reel> reel(new dcp::Reel());
+	reel->add(shared_ptr<dcp::ReelPictureAsset>(new dcp::ReelMonoPictureAsset(asset, 0)));
+	shared_ptr<dcp::CPL> cpl (new dcp::CPL("test", dcp::FEATURE));
+	cpl->add(reel);
+
+	/* This certificate_chain is valid from 26/12/2012 to 24/12/2022 */
+
+	/* Inside */
+	BOOST_CHECK_NO_THROW(
+		dcp::DecryptedKDM(
+			cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("2015-01-01T00:00:00"), dcp::LocalTime("2017-07-31T00:00:00"), "", "", ""
+			).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>())
+		);
+
+	/* Starts too early */
+	BOOST_CHECK_THROW(
+		dcp::DecryptedKDM(
+			cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("1981-01-01T00:00:00"), dcp::LocalTime("2017-07-31T00:00:00"), "", "", ""
+			).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>()),
+		dcp::BadKDMDateError
+		);
+
+	/* Finishes too late */
+	BOOST_CHECK_THROW(
+		dcp::DecryptedKDM(
+			cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("2015-01-01T00:00:00"), dcp::LocalTime("2035-07-31T00:00:00"), "", "", ""
+			).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>()),
+		dcp::BadKDMDateError
+		);
+
+	/* Starts too early and finishes too late */
+	BOOST_CHECK_THROW(
+		dcp::DecryptedKDM(
+			cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("1981-01-01T00:00:00"), dcp::LocalTime("2035-07-31T00:00:00"), "", "", ""
+			).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>()),
+		dcp::BadKDMDateError
+		);
+}
diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index f2d16333..10b7b6fe 100644
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -85,12 +85,17 @@ BOOST_AUTO_TEST_CASE (round_trip_test)
 	reel->add (shared_ptr<dcp::ReelMonoPictureAsset> (new dcp::ReelMonoPictureAsset (asset_A, 0)));
 	cpl->add (reel);
 
+	dcp::LocalTime start;
+	start.set_year (start.year() + 1);
+	dcp::LocalTime end;
+	end.set_year (end.year() + 2);
+
 	/* A KDM using our certificate chain's leaf key pair */
 	dcp::DecryptedKDM kdm_A (
 		cpl,
 		key,
-		dcp::LocalTime ("2013-01-01T00:00:00+00:00"),
-		dcp::LocalTime ("2013-01-08T00:00:00+00:00"),
+		start,
+		end,
 		"libdcp",
 		"test",
 		"2012-07-17T04:45:18+00:00"
diff --git a/test/util_test.cc b/test/util_test.cc
index 15851ecd..d85b9b56 100644
--- a/test/util_test.cc
+++ b/test/util_test.cc
@@ -31,9 +31,10 @@
     files in the program, then also delete it here.
 */
 
-#include <fstream>
-#include <boost/test/unit_test.hpp>
 #include "util.h"
+#include "local_time.h"
+#include <boost/test/unit_test.hpp>
+#include <fstream>
 
 using std::ifstream;
 using std::string;
@@ -136,3 +137,207 @@ BOOST_AUTO_TEST_CASE (private_key_fingerprint_test)
 {
 	BOOST_CHECK_EQUAL (dcp::private_key_fingerprint (dcp::file_to_string ("test/data/private.key")), "Jdz1bFpCcKI7R16Ccx9JHYytag0=");
 }
+
+BOOST_AUTO_TEST_CASE (day_less_than_or_equal_test)
+{
+	{
+		/* equal */
+		struct tm a;
+		a.tm_mday = 5;
+		a.tm_mon = 3;
+		a.tm_year = 78;
+
+		dcp::LocalTime b ("1978-04-05T00:00:00");
+		BOOST_CHECK (day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* every part of a less than b */
+		struct tm a;
+		a.tm_mday = 4;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1985-05-23T00:00:00");
+		BOOST_CHECK (day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* years equal, other parts less */
+		struct tm a;
+		a.tm_mday = 4;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-05-10T00:00:00");
+		BOOST_CHECK (day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* year and month equal, day less */
+		struct tm a;
+		a.tm_mday = 4;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-12T00:00:00");
+		BOOST_CHECK (day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* year and month equal, day less */
+		struct tm a;
+		a.tm_mday = 1;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-04T00:00:00");
+		BOOST_CHECK (day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* a one day later than b */
+		struct tm a;
+		a.tm_mday = 5;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-04T00:00:00");
+		BOOST_CHECK (!day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* year and month same, day much later */
+		struct tm a;
+		a.tm_mday = 22;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-04T00:00:00");
+		BOOST_CHECK (!day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* year same, month and day later */
+		struct tm a;
+		a.tm_mday = 22;
+		a.tm_mon = 5;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-02-04T00:00:00");
+		BOOST_CHECK (!day_less_than_or_equal(a, b));
+	}
+
+	{
+		/* all later */
+		struct tm a;
+		a.tm_mday = 22;
+		a.tm_mon = 5;
+		a.tm_year = 99;
+
+		dcp::LocalTime b ("1981-02-04T00:00:00");
+		BOOST_CHECK (!day_less_than_or_equal(a, b));
+	}
+}
+
+BOOST_AUTO_TEST_CASE (day_greater_than_or_equal_test)
+{
+	{
+		/* equal */
+		struct tm a;
+		a.tm_mday = 5;
+		a.tm_mon = 3;
+		a.tm_year = 78;
+
+		dcp::LocalTime b ("1978-04-05T00:00:00");
+		BOOST_CHECK (day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* every part of a less than b */
+		struct tm a;
+		a.tm_mday = 4;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1985-05-23T00:00:00");
+		BOOST_CHECK (!day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* years equal, other parts less */
+		struct tm a;
+		a.tm_mday = 4;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-05-10T00:00:00");
+		BOOST_CHECK (!day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* year and month equal, day less */
+		struct tm a;
+		a.tm_mday = 4;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-12T00:00:00");
+		BOOST_CHECK (!day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* year and month equal, day less */
+		struct tm a;
+		a.tm_mday = 1;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-04T00:00:00");
+		BOOST_CHECK (!day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* a one day later than b */
+		struct tm a;
+		a.tm_mday = 5;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-04T00:00:00");
+		BOOST_CHECK (day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* year and month same, day much later */
+		struct tm a;
+		a.tm_mday = 22;
+		a.tm_mon = 2;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-03-04T00:00:00");
+		BOOST_CHECK (day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* year same, month and day later */
+		struct tm a;
+		a.tm_mday = 22;
+		a.tm_mon = 5;
+		a.tm_year = 81;
+
+		dcp::LocalTime b ("1981-02-04T00:00:00");
+		BOOST_CHECK (day_greater_than_or_equal(a, b));
+	}
+
+	{
+		/* all later */
+		struct tm a;
+		a.tm_mday = 22;
+		a.tm_mon = 5;
+		a.tm_year = 99;
+
+		dcp::LocalTime b ("1981-02-04T00:00:00");
+		BOOST_CHECK (day_greater_than_or_equal(a, b));
+	}
+}
author	Carl Hetherington <cth@carlh.net>	2019-12-01 23:13:25 +0100
committer	Carl Hetherington <cth@carlh.net>	2019-12-01 23:13:25 +0100
commit	9a5809be580c1a12864d751a710f6783363d3de7 (patch)
tree	2039fc251ed6bb5abcfe2fd6daa2fe572fac144e /test
parent	c78523806e89e4c43015816fcd20db2549992464 (diff)