Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
b5eca5c7
Commit
b5eca5c7
authored
Jan 30, 2019
by
Sietse Ringers
Browse files
Fix clock drift issues in keyshare server jwt validation
parent
4bc1dabd
Changes
2
Hide whitespace changes
Inline
Side-by-side
irmaclient/keyshare.go
View file @
b5eca5c7
...
...
@@ -207,11 +207,15 @@ func startKeyshareSession(
claims
:=
jwt
.
StandardClaims
{}
_
,
err
:=
parser
.
ParseWithClaims
(
ks
.
keyshareServer
.
token
,
&
claims
,
ks
.
conf
.
KeyshareServerKeyFunc
(
managerID
))
if
err
!=
nil
{
irma
.
Logger
.
Info
(
"Keyshare server token invalid, asking for PIN"
)
irma
.
Logger
.
Debug
(
"Token: "
,
ks
.
keyshareServer
.
token
)
ks
.
pinCheck
=
true
}
// Add a minute of leeway for possible clockdrift with the server,
// and for the rest of the protocol to take place with this token
if
claims
.
VerifyExpiresAt
(
time
.
Now
()
.
Add
(
1
*
time
.
Minute
)
.
Unix
(),
true
)
{
if
!
claims
.
VerifyExpiresAt
(
time
.
Now
()
.
Add
(
1
*
time
.
Minute
)
.
Unix
(),
true
)
{
irma
.
Logger
.
Info
(
"Keyshare server token expires too soon, asking for PIN"
)
irma
.
Logger
.
Debug
(
"Token: "
,
ks
.
keyshareServer
.
token
)
ks
.
pinCheck
=
true
}
}
...
...
@@ -458,7 +462,9 @@ func (ks *keyshareSession) finishDisclosureOrSigning(challenge *big.Int, respons
jwt
.
StandardClaims
ProofP
*
gabi
.
ProofP
}{}
if
_
,
err
:=
jwt
.
ParseWithClaims
(
responses
[
managerID
],
&
claims
,
ks
.
conf
.
KeyshareServerKeyFunc
(
managerID
));
err
!=
nil
{
parser
:=
new
(
jwt
.
Parser
)
parser
.
SkipClaimsValidation
=
true
// no need to abort due to clock drift issues
if
_
,
err
:=
parser
.
ParseWithClaims
(
responses
[
managerID
],
&
claims
,
ks
.
conf
.
KeyshareServerKeyFunc
(
managerID
));
err
!=
nil
{
ks
.
sessionHandler
.
KeyshareError
(
&
managerID
,
err
)
return
}
...
...
irmaclient/session.go
View file @
b5eca5c7
...
...
@@ -107,7 +107,7 @@ func (client *Client) NewSession(sessionrequest string, handler Handler) Session
return
client
.
newManualSession
(
disclosureRequest
,
handler
,
irma
.
ActionDisclosing
)
}
handler
.
Failure
(
&
irma
.
SessionError
{
Err
:
errors
.
New
(
"Session request could not be parsed"
)})
handler
.
Failure
(
&
irma
.
SessionError
{
Err
:
errors
.
New
(
"Session request could not be parsed"
)
,
Info
:
sessionrequest
})
return
nil
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment