Disabled cert validation test in certain platforms

project-chip · Dec 2, 2021 · cb3698e · cb3698e
1 parent d6d4834
commit cb3698e
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 0 deletions.
diff --git a/src/credentials/BUILD.gn b/src/credentials/BUILD.gn
@@ -15,6 +15,7 @@
 import("//build_overrides/chip.gni")
 import("//build_overrides/nlassert.gni")
 import("${chip_root}/src/crypto/crypto.gni")
+import("${chip_root}/src/platform/device.gni")
 
 static_library("credentials") {
   output_name = "libCredentials"
@@ -48,6 +49,10 @@ static_library("credentials") {
     sources += [ "${chip_root}/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.cpp" ]
   }
 
+  if (chip_device_platform == "esp32" || chip_device_platform == "nrfconnect") {
+    defines = [ "CURRENT_TIME_NOT_IMPLEMENTED=1" ]
+  }
+
   cflags = [ "-Wconversion" ]
 
   public_deps = [

diff --git a/src/credentials/examples/DefaultDeviceAttestationVerifier.cpp b/src/credentials/examples/DefaultDeviceAttestationVerifier.cpp
@@ -248,7 +248,9 @@ AttestationVerificationResult DefaultDACVerifier::VerifyAttestationInformation(c
     VerifyOrReturnError(mAttestationTrustStore->GetProductAttestationAuthorityCert(akid, paaDerBuffer) == CHIP_NO_ERROR,
                         AttestationVerificationResult::kPaaNotFound);
 
+#if !defined(CURRENT_TIME_NOT_IMPLEMENTED)
     VerifyOrReturnError(IsCertificateValidAtCurrentTime(dacDerBuffer) == CHIP_NO_ERROR, AttestationVerificationResult::kDacExpired);
+#endif
 
     VerifyOrReturnError(IsCertificateValidAtIssuance(dacDerBuffer, paiDerBuffer) == CHIP_NO_ERROR,
                         AttestationVerificationResult::kPaiExpired);

diff --git a/src/crypto/tests/BUILD.gn b/src/crypto/tests/BUILD.gn
@@ -48,6 +48,10 @@ chip_test_suite("tests") {
     sources += [ "CHIPCryptoPALTest.cpp" ]
   }
 
+  if (chip_device_platform == "esp32" || chip_device_platform == "nrfconnect") {
+    defines = [ "CURRENT_TIME_NOT_IMPLEMENTED=1" ]
+  }
+
   cflags = [ "-Wconversion" ]
 
   public_deps = [

diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp
@@ -1947,9 +1947,11 @@ static void TestX509_IssuingTimestampValidation(nlTestSuite * inSuite, void * in
     err = IsCertificateValidAtIssuance(kDacCert, leafCert);
     NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR);
 
+#if !defined(CURRENT_TIME_NOT_IMPLEMENTED)
     // test certificate validity (this one contains validity until year 9999 so it will not fail soon)
     err = IsCertificateValidAtCurrentTime(kDacCert);
     NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR);
+#endif
 }
 
 static void TestSKID_x509Extraction(nlTestSuite * inSuite, void * inContext)