diff --git a/token/delegation/delegation.go b/token/delegation/delegation.go index 959a40a..5548477 100644 --- a/token/delegation/delegation.go +++ b/token/delegation/delegation.go @@ -18,6 +18,7 @@ import ( "github.com/ucan-wg/go-ucan/pkg/command" "github.com/ucan-wg/go-ucan/pkg/meta" "github.com/ucan-wg/go-ucan/pkg/policy" + "github.com/ucan-wg/go-ucan/pkg/policy/limits" "github.com/ucan-wg/go-ucan/token/internal/nonce" "github.com/ucan-wg/go-ucan/token/internal/parse" ) @@ -176,6 +177,18 @@ func (t *Token) validate() error { errs = errors.Join(errs, fmt.Errorf("token nonce too small")) } + if t.notBefore != nil { + if err := validateTimestamp(t.notBefore.Unix(), "nbf"); err != nil { + errs = errors.Join(errs, err) + } + } + + if t.expiration != nil { + if err := validateTimestamp(t.expiration.Unix(), "exp"); err != nil { + errs = errors.Join(errs, err) + } + } + return errs } @@ -224,3 +237,11 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) { return &tkn, nil } + +func validateTimestamp(ts int64, field string) error { + if ts > limits.MaxInt53 || ts < limits.MinInt53 { + return fmt.Errorf("token %s timestamp %d exceeds safe integer bounds", field, ts) + } + + return nil +} diff --git a/token/delegation/delegation_test.go b/token/delegation/delegation_test.go index 8da08b4..7450bea 100644 --- a/token/delegation/delegation_test.go +++ b/token/delegation/delegation_test.go @@ -11,6 +11,7 @@ import ( "github.com/ucan-wg/go-ucan/did/didtest" "github.com/ucan-wg/go-ucan/pkg/command" "github.com/ucan-wg/go-ucan/pkg/policy" + "github.com/ucan-wg/go-ucan/pkg/policy/limits" "github.com/ucan-wg/go-ucan/token/delegation" ) @@ -207,3 +208,73 @@ func TestEncryptedMeta(t *testing.T) { } }) } + +func TestTokenTimestampBounds(t *testing.T) { + t.Parallel() + + cmd, err := command.Parse("/foo/bar") + require.NoError(t, err) + pol, err := policy.FromDagJson("[]") + require.NoError(t, err) + + tomorrow := time.Now().Add(24 * time.Hour).Unix() + + tests := []struct { + name string + nbf int64 + exp int64 + wantErr bool + }{ + { + name: "valid timestamps", + nbf: tomorrow, + exp: tomorrow + 3600, + wantErr: false, + }, + { + name: "max safe integer", + nbf: tomorrow, + exp: limits.MaxInt53, + wantErr: false, + }, + { + name: "exceeds max safe integer", + nbf: tomorrow, + exp: limits.MaxInt53 + 1, + wantErr: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + _, err = delegation.New(didtest.PersonaAlice.DID(), didtest.PersonaBob.DID(), + cmd, pol, + delegation.WithNotBefore(time.Unix(tt.nbf, 0)), + delegation.WithExpiration(time.Unix(tt.exp, 0)), + ) + + if tt.wantErr { + require.Error(t, err) + require.Contains(t, err.Error(), "exceeds safe integer bounds") + } else { + require.NoError(t, err) + } + }) + } + + t.Run("nbf overflow", func(t *testing.T) { + t.Parallel() + + futureExp := time.Now().Add(48 * time.Hour).Unix() + _, err := delegation.New(didtest.PersonaAlice.DID(), didtest.PersonaBob.DID(), + cmd, pol, + delegation.WithNotBefore(time.Unix(limits.MaxInt53+1, 0)), + delegation.WithExpiration(time.Unix(futureExp, 0)), + ) + require.Error(t, err) + require.Contains(t, err.Error(), "exceeds safe integer bounds") + }) +}