Commit 59166f5f authored by Sietse Ringers's avatar Sietse Ringers
Browse files

fix: stricter and more early sanity checks on incoming session requests

parent 5144a758
......@@ -394,6 +394,11 @@ func (dr *DisclosureRequest) Validate() error {
if len(dr.Disclose) == 0 {
return errors.New("Disclosure request had no attributes")
}
for _, discon := range dr.Disclose {
if len(discon) == 0 {
return errors.New("Empty disjunction")
}
}
return nil
}
......@@ -519,6 +524,11 @@ func (ir *IssuanceRequest) Validate() error {
if len(ir.Credentials) == 0 {
return errors.New("Empty issuance request")
}
for _, cred := range ir.Credentials {
if cred.Validity.Floor().Before(Timestamp(time.Now())) {
return errors.New("Expired credential request")
}
}
return nil
}
......@@ -561,6 +571,11 @@ func (sr *SignatureRequest) Validate() error {
if len(sr.Disclose) == 0 {
return errors.New("Signature request had no attributes")
}
for _, discon := range sr.Disclose {
if len(discon) == 0 {
return errors.New("Empty disjunction")
}
}
return nil
}
......@@ -593,6 +608,10 @@ func (t *Timestamp) String() string {
return fmt.Sprint(time.Time(*t).Unix())
}
func (t *Timestamp) Floor() Timestamp {
return Timestamp(time.Unix((time.Time(*t).Unix()/ExpiryFactor)*ExpiryFactor, 0))
}
func readTimestamp(path string) (*Timestamp, bool, error) {
exists, err := fs.PathExists(path)
if err != nil {
......
......@@ -168,7 +168,7 @@ func (transport *HTTPTransport) jsonRequest(url string, method string, result in
if _, resultstr := result.(*string); resultstr {
*result.(*string) = string(body)
} else {
err = json.Unmarshal(body, result)
err = UnmarshalValidate(body, result)
if err != nil {
return &SessionError{ErrorType: ErrorServerResponse, Err: err, RemoteStatus: res.StatusCode}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment