mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 962668 - Use skew from token server to generate better assertions. r=rnewman
This commit is contained in:
parent
9bf0da9087
commit
aa89c14bff
@ -535,6 +535,7 @@ public class FxAccountLoginPolicy {
|
||||
public class EnsureAssertionStage implements LoginStage {
|
||||
@Override
|
||||
public void execute(final LoginStageDelegate delegate) throws Exception {
|
||||
final long now = System.currentTimeMillis();
|
||||
BrowserIDKeyPair keyPair = fxAccount.getAssertionKeyPair();
|
||||
if (keyPair == null) {
|
||||
throw new IllegalStateException("keyPair must not be null");
|
||||
@ -545,9 +546,12 @@ public class FxAccountLoginPolicy {
|
||||
}
|
||||
String assertion;
|
||||
try {
|
||||
long now = System.currentTimeMillis();
|
||||
// Hurrah for global state. We want to make the timestamp in the
|
||||
// generated assertion as close to the timestamp on the consuming server
|
||||
// as possible. In this case, the audience is the consuming server.
|
||||
SkewHandler skewHandler = SkewHandler.getSkewHandlerFromEndpointString(delegate.audience);
|
||||
assertion = JSONWebTokenUtils.createAssertion(keyPair.getPrivate(), certificate, delegate.audience,
|
||||
JSONWebTokenUtils.DEFAULT_ASSERTION_ISSUER, now, getAssertionDurationInMilliseconds());
|
||||
JSONWebTokenUtils.DEFAULT_ASSERTION_ISSUER, now + skewHandler.getSkewInMillis(), getAssertionDurationInMilliseconds());
|
||||
} catch (Exception e) {
|
||||
// If we can't sign an assertion, we probably have some crypto
|
||||
// configuration error on device, which we are never going to recover
|
||||
|
@ -13,6 +13,7 @@ import java.util.concurrent.Executor;
|
||||
|
||||
import org.json.simple.JSONObject;
|
||||
import org.mozilla.gecko.background.common.log.Logger;
|
||||
import org.mozilla.gecko.background.fxa.SkewHandler;
|
||||
import org.mozilla.gecko.sync.ExtendedJSONObject;
|
||||
import org.mozilla.gecko.sync.NonArrayJSONException;
|
||||
import org.mozilla.gecko.sync.NonObjectJSONException;
|
||||
@ -203,11 +204,13 @@ public class TokenServerClient {
|
||||
|
||||
public void getTokenFromBrowserIDAssertion(final String assertion, final boolean conditionsAccepted,
|
||||
final TokenServerClientDelegate delegate) {
|
||||
BaseResource r = new BaseResource(uri);
|
||||
final BaseResource r = new BaseResource(uri);
|
||||
|
||||
r.delegate = new BaseResourceDelegate(r) {
|
||||
@Override
|
||||
public void handleHttpResponse(HttpResponse response) {
|
||||
SkewHandler skewHandler = SkewHandler.getSkewHandlerForResource(r);
|
||||
skewHandler.updateSkew(response, System.currentTimeMillis());
|
||||
try {
|
||||
TokenServerToken token = processResponse(response);
|
||||
invokeHandleSuccess(delegate, token);
|
||||
|
Loading…
Reference in New Issue
Block a user