go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

streamline int overflow check for token timestamps

Browse Source
This commit is contained in:
Fabio Bozzo
2024-12-02 12:06:06 +01:00
parent 28272e6900
commit 5b816ccc62
3 changed files with 28 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
token/delegation/delegation.go
View File

@@ -18,7 +18,6 @@ import (
"github.com/ucan-wg/go-ucan/pkg/command" "github.com/ucan-wg/go-ucan/pkg/command"
"github.com/ucan-wg/go-ucan/pkg/meta" "github.com/ucan-wg/go-ucan/pkg/meta"
"github.com/ucan-wg/go-ucan/pkg/policy" "github.com/ucan-wg/go-ucan/pkg/policy"
"github.com/ucan-wg/go-ucan/pkg/policy/limits"
"github.com/ucan-wg/go-ucan/token/internal/nonce" "github.com/ucan-wg/go-ucan/token/internal/nonce"
"github.com/ucan-wg/go-ucan/token/internal/parse" "github.com/ucan-wg/go-ucan/token/internal/parse"
) )
@@ -177,18 +176,6 @@ func (t *Token) validate() error {
errs = errors.Join(errs, fmt.Errorf("token nonce too small")) errs = errors.Join(errs, fmt.Errorf("token nonce too small"))
} }
if t.notBefore != nil {
if err := validateTimestamp(t.notBefore.Unix(), "nbf"); err != nil {
errs = errors.Join(errs, err)
}
}
if t.expiration != nil {
if err := validateTimestamp(t.expiration.Unix(), "exp"); err != nil {
errs = errors.Join(errs, err)
}
}
return errs return errs
} }
@@ -228,8 +215,15 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
tkn.meta = m.Meta tkn.meta = m.Meta
tkn.notBefore = parse.OptionalTimestamp(m.Nbf) tkn.notBefore, err = parse.OptionalTimestamp(m.Nbf)
tkn.expiration = parse.OptionalTimestamp(m.Exp) if err != nil {
return nil, fmt.Errorf("parse notBefore: %w", err)
}
tkn.expiration, err = parse.OptionalTimestamp(m.Exp)
if err != nil {
return nil, fmt.Errorf("parse expiration: %w", err)
}
if err := tkn.validate(); err != nil { if err := tkn.validate(); err != nil {
return nil, err return nil, err
@@ -237,11 +231,3 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
return &tkn, nil return &tkn, nil
} }
func validateTimestamp(ts int64, field string) error {
if ts > limits.MaxInt53 || ts < limits.MinInt53 {
return fmt.Errorf("token %s timestamp %d exceeds safe integer bounds", field, ts)
}
return nil
}

13
token/internal/parse/parse.go
View File

@@ -1,9 +1,11 @@
package parse package parse
import ( import (
"fmt"
"time" "time"
"github.com/ucan-wg/go-ucan/did" "github.com/ucan-wg/go-ucan/did"
"github.com/ucan-wg/go-ucan/pkg/policy/limits"
) )
func OptionalDID(s *string) (did.DID, error) { func OptionalDID(s *string) (did.DID, error) {
@@ -13,10 +15,15 @@ func OptionalDID(s *string) (did.DID, error) {
return did.Parse(*s) return did.Parse(*s)
} }
func OptionalTimestamp(sec *int64) *time.Time { func OptionalTimestamp(sec *int64) (*time.Time, error) {
if sec == nil { if sec == nil {
return nil return nil, nil
} }
if *sec > limits.MaxInt53 || *sec < limits.MinInt53 {
return nil, fmt.Errorf("timestamp value %d exceeds safe integer bounds", *sec)
}
t := time.Unix(*sec, 0) t := time.Unix(*sec, 0)
return &t return &t, nil
} }

11
token/invocation/invocation.go
View File

@@ -275,8 +275,15 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
tkn.proof = m.Prf tkn.proof = m.Prf
tkn.meta = m.Meta tkn.meta = m.Meta
tkn.expiration = parse.OptionalTimestamp(m.Exp) tkn.expiration, err = parse.OptionalTimestamp(m.Exp)
tkn.invokedAt = parse.OptionalTimestamp(m.Iat) if err != nil {
return nil, fmt.Errorf("parse expiration: %w", err)
}
tkn.invokedAt, err = parse.OptionalTimestamp(m.Iat)
if err != nil {
return nil, fmt.Errorf("parse invokedAt: %w", err)
}
tkn.cause = m.Cause tkn.cause = m.Cause