From 32e185978fb96f9099c97caf45074c1a605c08c6 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 8 Dec 2021 14:33:13 +0100 Subject: tolerate missing 'Expire' header better --- src/lib/exchange_api_handle.c | 51 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 10 deletions(-) (limited to 'src/lib/exchange_api_handle.c') diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index 7103f6d6d..07e124880 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -52,6 +52,17 @@ */ #define EXCHANGE_SERIALIZATION_FORMAT_VERSION 0 +/** + * How far off do we allow key liftimes to be? + */ +#define LIFETIME_TOLERANCE GNUNET_TIME_UNIT_HOURS + +/** + * If the "Expire" cache control header is missing, for + * how long do we assume the reply to be valid at least? + */ +#define DEFAULT_EXPIRATION GNUNET_TIME_UNIT_HOURS + /** * Set to 1 for extra debug logging. */ @@ -847,7 +858,7 @@ decode_keys_json (const json_t *resp_obj, key_data->denom_keys[key_data->num_denom_keys++] = dk; /* Update "last_denom_issue_date" */ - TALER_LOG_DEBUG ("Adding denomination key that is valid_from %s\n", + TALER_LOG_DEBUG ("Adding denomination key that is valid_until %s\n", GNUNET_STRINGS_absolute_time_to_string (dk.valid_from)); key_data->last_denom_issue_date = GNUNET_TIME_absolute_max (key_data->last_denom_issue_date, @@ -1053,6 +1064,9 @@ void TALER_EXCHANGE_set_last_denom (struct TALER_EXCHANGE_Handle *exchange, struct GNUNET_TIME_Absolute last_denom_new) { + TALER_LOG_DEBUG ( + "Application explicitly set last denomination validity to %s\n", + GNUNET_STRINGS_absolute_time_to_string (last_denom_new)); exchange->key_data.last_denom_issue_date = last_denom_new; } @@ -1117,9 +1131,19 @@ keys_completed_cb (void *cls, }; GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Received keys from URL `%s' with status %ld.\n", + "Received keys from URL `%s' with status %ld and expiration %s.\n", kr->url, - response_code); + response_code, + GNUNET_STRINGS_absolute_time_to_string (kr->expire)); + if (GNUNET_TIME_absolute_is_past (kr->expire)) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Exchange failed to give expiration time, assuming in %s\n", + GNUNET_STRINGS_relative_time_to_string (DEFAULT_EXPIRATION, + GNUNET_YES)); + kr->expire = GNUNET_TIME_relative_to_absolute (DEFAULT_EXPIRATION); + (void) GNUNET_TIME_round_abs (&kr->expire); + } kd_old = exchange->key_data; memset (&kd, 0, @@ -1253,9 +1277,14 @@ keys_completed_cb (void *cls, break; } exchange->key_data = kd; - TALER_LOG_DEBUG ("Last DK issue date update to: %s\n", - GNUNET_STRINGS_absolute_time_to_string - (exchange->key_data.last_denom_issue_date)); + if (GNUNET_TIME_absolute_is_past (exchange->key_data.last_denom_issue_date)) + TALER_LOG_WARNING ("Last DK issue date from exchange is in the past: %s\n", + GNUNET_STRINGS_absolute_time_to_string ( + exchange->key_data.last_denom_issue_date)); + else + TALER_LOG_DEBUG ("Last DK issue date updated to: %s\n", + GNUNET_STRINGS_absolute_time_to_string ( + exchange->key_data.last_denom_issue_date)); if (MHD_HTTP_OK != response_code) @@ -2010,10 +2039,12 @@ TALER_EXCHANGE_test_signing_key (const struct TALER_EXCHANGE_Keys *keys, /* we will check using a tolerance of 1h for the time */ now = GNUNET_TIME_absolute_get (); for (unsigned int i = 0; inum_sign_keys; i++) - if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us + 60 - * 60 * 1000LL * 1000LL) && - (keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us - 60 - * 60 * 1000LL * 1000LL) && + if ( (keys->sign_keys[i].valid_from.abs_value_us <= + GNUNET_TIME_absolute_add (now, + LIFETIME_TOLERANCE).abs_value_us) && + (keys->sign_keys[i].valid_until.abs_value_us > + GNUNET_TIME_absolute_subtract (now, + LIFETIME_TOLERANCE).abs_value_us) && (0 == GNUNET_memcmp (pub, &keys->sign_keys[i].key)) ) return GNUNET_OK; -- cgit v1.2.3