From 40574312f8c643d027ac1f93287f2026e755eb18 Mon Sep 17 00:00:00 2001
From: Carmen Hanish <cyhanish@google.com>
Date: Fri, 12 Jun 2026 05:04:42 -0700
Subject: [PATCH] Generate roots valid from long ago to far in the future.

PiperOrigin-RevId: 931089191
---
 src/main/kotlin/testing/FakeCalendar.kt              | 4 ++++
 src/main/kotlin/testing/KeyAttestationCertFactory.kt | 7 ++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main/kotlin/testing/FakeCalendar.kt b/src/main/kotlin/testing/FakeCalendar.kt
index 8005a91..7019103 100644
--- a/src/main/kotlin/testing/FakeCalendar.kt
+++ b/src/main/kotlin/testing/FakeCalendar.kt
@@ -30,6 +30,10 @@ class FakeCalendar(val today: LocalDate = LocalDate.of(2024, 10, 20)) {
 
   fun nextWeek(): Date = today.plusDays(7).toDate()
 
+  internal fun longAgo(): Date = today.minusYears(5).toDate()
+
+  internal fun farInTheFuture(): Date = today.plusYears(5).toDate()
+
   private fun Instant.toDate() = Date.from(this)
 
   private fun LocalDate.toDate() = this.atStartOfDay(ZoneId.of("UTC")).toInstant().toDate()
diff --git a/src/main/kotlin/testing/KeyAttestationCertFactory.kt b/src/main/kotlin/testing/KeyAttestationCertFactory.kt
index d741c16..41b3c74 100644
--- a/src/main/kotlin/testing/KeyAttestationCertFactory.kt
+++ b/src/main/kotlin/testing/KeyAttestationCertFactory.kt
@@ -84,7 +84,7 @@ internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCa
 
   internal fun generateRootCertificate(
     keyPair: KeyPair = rootKey,
-    subject: X500Name = X500Name("SERIALNUMBER=badc0de"),
+    subject: X500Name = RKP_ROOT_SUBJECT,
   ) =
     generateCertificate(
       keyPair.public,
@@ -92,8 +92,8 @@ internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCa
       subject = subject,
       issuer = subject,
       serialNumber = BigInteger.valueOf(0xca11cafe),
-      notBefore = fakeCalendar.lastWeek(),
-      notAfter = fakeCalendar.nextWeek(),
+      notBefore = fakeCalendar.longAgo(),
+      notAfter = fakeCalendar.farInTheFuture(),
       extensions = listOf(BASIC_CONSTRAINTS_EXT),
     )
 
@@ -258,6 +258,7 @@ internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCa
       )
     val RKP_INTERMEDIATE_SUBJECT = X500Name("O=Google LLC, CN=Droid CA3")
     val REMOTE_INTERMEDIATE_SUBJECT = X500Name("CN=Droid CA2, O=Google LLC")
+    val RKP_ROOT_SUBJECT = X500Name("CN=Test Key Attestation CA1, OU=Android, O=Google LLC, C=US")
   }
 }