change MaxClockOffset (renamed) to 15 min and use duration type (#3438)

This commit is contained in:
Bryan White 2019-11-04 11:39:43 +01:00 committed by GitHub
parent 84fea5820f
commit 3a842bf53f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 16 deletions

View File

@ -13,6 +13,7 @@ import (
"fmt"
"strconv"
"strings"
"time"
"github.com/btcsuite/btcutil/base58"
"github.com/zeebo/errs"
@ -26,9 +27,9 @@ import (
const (
// Bucket is the bucket used with a bolt-backed authorizations DB.
Bucket = "authorizations"
// MaxClaimDelaySeconds is the max duration in seconds in the past or
// MaxClockOffset is the max duration in seconds in the past or
// future that a claim timestamp is allowed to have and still be valid.
MaxClaimDelaySeconds = 15
MaxClockOffset = 5 * time.Minute
tokenDataLength = 64 // 2^(64*8) =~ 1.34E+154
tokenDelimiter = ":"
tokenVersion = 0

View File

@ -236,10 +236,10 @@ func TestAuthorizationDB_Claim_Valid(t *testing.T) {
},
}
now := time.Now().Unix()
now := time.Now()
req := &pb.SigningRequest{
AuthToken: auths[0].Token.String(),
Timestamp: now,
Timestamp: now.Unix(),
}
difficulty, err := ident.ID.Difficulty()
require.NoError(t, err)
@ -262,9 +262,11 @@ func TestAuthorizationDB_Claim_Valid(t *testing.T) {
claim := updatedAuths[0].Claim
assert.Equal(t, peer.Addr.String(), claim.Addr)
assert.Equal(t, [][]byte{ident.CA.Raw}, claim.SignedChainBytes)
claimTime := time.Unix(claim.Timestamp, 0)
assert.Condition(t, func() bool {
return now-MaxClaimDelaySeconds < claim.Timestamp &&
claim.Timestamp < now+MaxClaimDelaySeconds
return now.Sub(claimTime) < MaxClockOffset &&
claimTime.Sub(now) < MaxClockOffset
})
}

View File

@ -170,9 +170,10 @@ func (authDB *DB) List(ctx context.Context) (auths Group, err error) {
// Claim marks an authorization as claimed and records claim information.
func (authDB *DB) Claim(ctx context.Context, opts *ClaimOpts) (err error) {
defer mon.Task()(&ctx)(&err)
now := time.Now().Unix()
if !(now-MaxClaimDelaySeconds < opts.Req.Timestamp) ||
!(opts.Req.Timestamp < now+MaxClaimDelaySeconds) {
now := time.Now()
reqTime := time.Unix(opts.Req.Timestamp, 0)
if (now.Sub(reqTime) > MaxClockOffset) ||
(reqTime.Sub(now) > MaxClockOffset) {
return Error.New("claim timestamp is outside of max delay window: %d", opts.Req.Timestamp)
}
@ -209,7 +210,7 @@ func (authDB *DB) Claim(ctx context.Context, opts *ClaimOpts) (err error) {
auths[i] = &Authorization{
Token: auth.Token,
Claim: &Claim{
Timestamp: now,
Timestamp: now.Unix(),
Addr: opts.Peer.Addr.String(),
Identity: ident,
SignedChainBytes: opts.ChainBytes,

View File

@ -196,13 +196,15 @@ func TestCertificateSigner_Sign(t *testing.T) {
require.NotEmpty(t, updatedAuths)
require.NotNil(t, updatedAuths[0].Claim)
now := time.Now().Unix()
claim := updatedAuths[0].Claim
assert.Equal(t, expectedAddr.String(), claim.Addr)
assert.Equal(t, res.Chain, claim.SignedChainBytes)
now := time.Now()
claimTime := time.Unix(claim.Timestamp, 0)
assert.Condition(t, func() bool {
return now-authorization.MaxClaimDelaySeconds < claim.Timestamp &&
claim.Timestamp < now+authorization.MaxClaimDelaySeconds
return now.Sub(claimTime) < authorization.MaxClockOffset &&
claimTime.Sub(now) < authorization.MaxClockOffset
})
})
})