identity: VTS: allow for multiple interpretations of AuthKey validity. am: 5993719991
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2489995
Change-Id: I89b208ea35edc6a487d38ced395ae62bcc549019
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/identity/aidl/vts/Util.cpp b/identity/aidl/vts/Util.cpp
index 1148cb0..0ce63b2 100644
--- a/identity/aidl/vts/Util.cpp
+++ b/identity/aidl/vts/Util.cpp
@@ -445,8 +445,24 @@
int64_t allowDriftSecs = 10;
EXPECT_LE(-allowDriftSecs, diffSecs);
EXPECT_GE(allowDriftSecs, diffSecs);
- constexpr uint64_t kSecsInOneYear = 365 * 24 * 60 * 60;
- EXPECT_EQ(notBefore + kSecsInOneYear, notAfter);
+
+ // The AIDL spec used to call for "one year in the future (365
+ // days)" but was updated to say "current time and 31536000
+ // seconds in the future (approximately 365 days)" to clarify that
+ // this was the original intention.
+ //
+ // However a number of implementations interpreted this as a
+ // "literal year" which started causing problems in March 2023
+ // because 2024 is a leap year. Since the extra day doesn't really
+ // matter (the validity period is specified in the MSO anyway and
+ // that's what RPs use), we allow both interpretations.
+ //
+ // For simplicity, we just require that that notAfter is after
+ // 31536000 and which also covers the case if there's a leap-day
+ // and possible leap-seconds.
+ //
+ constexpr uint64_t kSecsIn365Days = 365 * 24 * 60 * 60;
+ EXPECT_LE(notBefore + kSecsIn365Days, notAfter);
}
vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries) {