Fixed message expiration check to also disallow post-dated timestamps.

This is a security mitigation for those who are trying to brute force a message signature, and might otherwise give themselves a huge time window by setting a nonce date far into the future.

src/DotNetOpenAuth.Test/Messaging/Bindings/StandardExpirationBindingElementTests.cs

@@ -6,6 +6,8 @@
 
 namespace DotNetOpenAuth.Test.Messaging.Bindings {
 	using System;
+
+	using DotNetOpenAuth.Configuration;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.Messaging.Bindings;
 	using DotNetOpenAuth.Test.Mocks;
@@ -30,10 +32,22 @@ public class StandardExpirationBindingElementTests : MessagingTestBase {
 			this.ParameterizedReceiveProtectedTest(DateTime.UtcNow, false);
 		}
 
+		[TestCase]
+		public void VerifyFutureTimestampWithinClockSkewIsAccepted() {
+			this.Channel = CreateChannel(MessageProtections.Expiration);
+			this.ParameterizedReceiveProtectedTest(DateTime.UtcNow + DotNetOpenAuthSection.Configuration.Messaging.MaximumClockSkew - TimeSpan.FromSeconds(1), false);
+		}
+
 		[TestCase, ExpectedException(typeof(ExpiredMessageException))]
-		public void VerifyBadTimestampIsRejected() {
+		public void VerifyOldTimestampIsRejected() {
 			this.Channel = CreateChannel(MessageProtections.Expiration);
 			this.ParameterizedReceiveProtectedTest(DateTime.UtcNow - StandardExpirationBindingElement.MaximumMessageAge - TimeSpan.FromSeconds(1), false);
 		}
+
+		[TestCase, ExpectedException(typeof(ProtocolException))]
+		public void VerifyFutureTimestampIsRejected() {
+			this.Channel = CreateChannel(MessageProtections.Expiration);
+			this.ParameterizedReceiveProtectedTest(DateTime.UtcNow + DotNetOpenAuthSection.Configuration.Messaging.MaximumClockSkew + TimeSpan.FromSeconds(1), false);
+		}
 	}
 }

src/DotNetOpenAuth/Messaging/Bindings/StandardExpirationBindingElement.cs

@@ -83,11 +83,19 @@ internal class StandardExpirationBindingElement : IChannelBindingElement {
 			if (expiringMessage != null) {
 				// Yes the UtcCreationDate is supposed to always be in UTC already,
 				// but just in case a given message failed to guarantee that, we do it here.
-				DateTime expirationDate = expiringMessage.UtcCreationDate.ToUniversalTimeSafe() + MaximumMessageAge;
+				DateTime creationDate = expiringMessage.UtcCreationDate.ToUniversalTimeSafe();
+				DateTime expirationDate = creationDate + MaximumMessageAge;
 				if (expirationDate < DateTime.UtcNow) {
 					throw new ExpiredMessageException(expirationDate, expiringMessage);
 				}
 
+				// Mitigate HMAC attacks (just guessing the signature until they get it) by 
+				// disallowing post-dated messages.
+				ErrorUtilities.VerifyProtocol(
+					creationDate <= DateTime.UtcNow + DotNetOpenAuthSection.Configuration.Messaging.MaximumClockSkew,
+					MessagingStrings.MessageTimestampInFuture,
+					creationDate);
+
 				return MessageProtections.Expiration;
 			}
 

src/DotNetOpenAuth/Messaging/MessagingStrings.resx

@@ -303,4 +303,7 @@
   <data name="SessionRequired" xml:space="preserve">
     <value>An HttpContext.Current.Session object is required.</value>
   </data>
-</root>
+  <data name="MessageTimestampInFuture" xml:space="preserve">
+    <value>This message has a timestamp of {0}, which is beyond the allowable clock skew for in the future.</value>
+  </data>
+</root>