Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2b29469d authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "identity: VTS: allow for multiple interpretations of AuthKey validity." am: 5086f131 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2482276



Change-Id: I5958f7ca0b5e57d148adfcd6b6ead5dbd9432940
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 3e619b8c 5086f131

identity/aidl/vts/Util.cpp

+18 −2
Original line number Diff line number Diff line
@@ -523,8 +523,24 @@ void verifyAuthKeyCertificate(const vector<uint8_t>& authKeyCertChain) { 
    int64_t allowDriftSecs = 10;

    EXPECT_LE(-allowDriftSecs, diffSecs);

    EXPECT_GE(allowDriftSecs, diffSecs);

    constexpr uint64_t kSecsInOneYear = 365 * 24 * 60 * 60;

    EXPECT_EQ(notBefore + kSecsInOneYear, notAfter);



    // The AIDL spec used to call for "one year in the future (365

    // days)" but was updated to say "current time and 31536000

    // seconds in the future (approximately 365 days)" to clarify that

    // this was the original intention.

    //

    // However a number of implementations interpreted this as a

    // "literal year" which started causing problems in March 2023

    // because 2024 is a leap year. Since the extra day doesn't really

    // matter (the validity period is specified in the MSO anyway and

    // that's what RPs use), we allow both interpretations.

    //

    // For simplicity, we just require that that notAfter is after

    // 31536000 and which also covers the case if there's a leap-day

    // and possible leap-seconds.

    //

    constexpr uint64_t kSecsIn365Days = 365 * 24 * 60 * 60;

    EXPECT_LE(notBefore + kSecsIn365Days, notAfter);

}



vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries) {