validate token timestamps integer limits

ucan-wg · Dec 2, 2024 · a854389 · a854389
1 parent bff482f
commit a854389
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 0 deletions.
diff --git a/token/delegation/delegation.go b/token/delegation/delegation.go
@@ -18,6 +18,7 @@ import (
 	"github.com/ucan-wg/go-ucan/pkg/command"
 	"github.com/ucan-wg/go-ucan/pkg/meta"
 	"github.com/ucan-wg/go-ucan/pkg/policy"
+	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
 	"github.com/ucan-wg/go-ucan/token/internal/nonce"
 	"github.com/ucan-wg/go-ucan/token/internal/parse"
 )
@@ -176,6 +177,18 @@ func (t *Token) validate() error {
 		errs = errors.Join(errs, fmt.Errorf("token nonce too small"))
 	}
 
+	if t.notBefore != nil {
+		if err := validateTimestamp(t.notBefore.Unix(), "nbf"); err != nil {
+			errs = errors.Join(errs, err)
+		}
+	}
+
+	if t.expiration != nil {
+		if err := validateTimestamp(t.expiration.Unix(), "exp"); err != nil {
+			errs = errors.Join(errs, err)
+		}
+	}
+
 	return errs
 }
 
@@ -224,3 +237,11 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
 
 	return &tkn, nil
 }
+
+func validateTimestamp(ts int64, field string) error {
+	if ts > limits.MaxInt53 || ts < limits.MinInt53 {
+		return fmt.Errorf("token %s timestamp %d exceeds safe integer bounds", field, ts)
+	}
+
+	return nil
+}
diff --git a/token/delegation/delegation_test.go b/token/delegation/delegation_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/ucan-wg/go-ucan/did/didtest"
 	"github.com/ucan-wg/go-ucan/pkg/command"
 	"github.com/ucan-wg/go-ucan/pkg/policy"
+	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
 	"github.com/ucan-wg/go-ucan/token/delegation"
 )
 
@@ -207,3 +208,73 @@ func TestEncryptedMeta(t *testing.T) {
 		}
 	})
 }
+
+func TestTokenTimestampBounds(t *testing.T) {
+	t.Parallel()
+
+	cmd, err := command.Parse("/foo/bar")
+	require.NoError(t, err)
+	pol, err := policy.FromDagJson("[]")
+	require.NoError(t, err)
+
+	tomorrow := time.Now().Add(24 * time.Hour).Unix()
+
+	tests := []struct {
+		name    string
+		nbf     int64
+		exp     int64
+		wantErr bool
+	}{
+		{
+			name:    "valid timestamps",
+			nbf:     tomorrow,
+			exp:     tomorrow + 3600,
+			wantErr: false,
+		},
+		{
+			name:    "max safe integer",
+			nbf:     tomorrow,
+			exp:     limits.MaxInt53,
+			wantErr: false,
+		},
+		{
+			name:    "exceeds max safe integer",
+			nbf:     tomorrow,
+			exp:     limits.MaxInt53 + 1,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			_, err = delegation.New(didtest.PersonaAlice.DID(), didtest.PersonaBob.DID(),
+				cmd, pol,
+				delegation.WithNotBefore(time.Unix(tt.nbf, 0)),
+				delegation.WithExpiration(time.Unix(tt.exp, 0)),
+			)
+
+			if tt.wantErr {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), "exceeds safe integer bounds")
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+
+	t.Run("nbf overflow", func(t *testing.T) {
+		t.Parallel()
+
+		futureExp := time.Now().Add(48 * time.Hour).Unix()
+		_, err := delegation.New(didtest.PersonaAlice.DID(), didtest.PersonaBob.DID(),
+			cmd, pol,
+			delegation.WithNotBefore(time.Unix(limits.MaxInt53+1, 0)),
+			delegation.WithExpiration(time.Unix(futureExp, 0)),
+		)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "exceeds safe integer bounds")
+	})
+}