mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Add missing time in validation.

Browse source
This commit is contained in:
Mariano Cano 2019-03-11 11:12:47 -07:00
parent fb279c89fb
commit dce3100cfb
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
authority/provisioner/jwk.go
View file

@ -32,7 +32,7 @@ func (p *JWK) GetID() string {
return p.Name + ":" + p.Key.KeyID return p.Name + ":" + p.Key.KeyID
} }
// GetName returns the name of the provisioner // GetName returns the name of the provisioner.
func (p *JWK) GetName() string { func (p *JWK) GetName() string {
return p.Name return p.Name
} }
@ -80,6 +80,7 @@ func (p *JWK) Authorize(token string) ([]SignOption, error) {
// more than a few minutes. // more than a few minutes.
if err = claims.ValidateWithLeeway(jose.Expected{ if err = claims.ValidateWithLeeway(jose.Expected{
Issuer: p.Name, Issuer: p.Name,
Time: time.Now().UTC(),
}, time.Minute); err != nil { }, time.Minute); err != nil {
return nil, errors.Wrapf(err, "invalid token") return nil, errors.Wrapf(err, "invalid token")
} }

1
authority/provisioner/oidc.go
View file

@ -111,6 +111,7 @@ func (o *OIDC) ValidatePayload(p openIDPayload) error {
if err := p.ValidateWithLeeway(jose.Expected{ if err := p.ValidateWithLeeway(jose.Expected{
Issuer: o.configuration.Issuer, Issuer: o.configuration.Issuer,
Audience: jose.Audience{o.ClientID}, Audience: jose.Audience{o.ClientID},
Time: time.Now().UTC(),
}, time.Minute); err != nil { }, time.Minute); err != nil {
return errors.Wrap(err, "failed to validate payload") return errors.Wrap(err, "failed to validate payload")
} }