Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make customtoken test sleep to mitigate clock skew #413

Merged
merged 1 commit into from
Feb 16, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 27 additions & 3 deletions launcher/image/testworkloads/customtoken/happypath/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"net"
"net/http"
"strings"
"time"

"github.com/golang-jwt/jwt/v4"
)
Expand Down Expand Up @@ -173,6 +174,26 @@ func getRSAPublicKeyFromJWKsFile(t *jwt.Token) (any, error) {

func decodeAndValidateToken(tokenBytes []byte, keyFunc func(t *jwt.Token) (any, error)) (*jwt.Token, error) {
var err error

unverifiedClaims := &jwt.RegisteredClaims{}
_, _, err = jwt.NewParser().ParseUnverified(string(tokenBytes), unverifiedClaims)
if err != nil {
return nil, fmt.Errorf("failed to parse claims: %v", err)
}
now := time.Now()
// Add one second for buffer.
nbf := unverifiedClaims.NotBefore.Time.Add(time.Second)
diff := nbf.Sub(now)
ten := 10 * time.Second
// Sleep until nbf is valid or max 10 seconds.
if diff > 0 {
if diff < ten {
time.Sleep(diff)
} else {
time.Sleep(ten)
}
}

token, err := jwt.NewParser().Parse(string(tokenBytes), keyFunc)

fmt.Printf("Token valid: %v", token.Valid)
Expand Down Expand Up @@ -208,7 +229,8 @@ func main() {
// custom attestation intended to be sent to a remote party for verification.
tokenbytes, err := getCustomTokenBytes(body)
if err != nil {
panic(err)
fmt.Println(err)
return
}

// Write a method to return a public key from the well-known endpoint
Expand All @@ -219,12 +241,14 @@ func main() {
// Confidential Space workload that generated the attestation.
token, err := decodeAndValidateToken(tokenbytes, keyFunc)
if err != nil {
panic(err)
fmt.Println(err)
return
}

claimsString, err := json.MarshalIndent(token.Claims, "", " ")
if err != nil {
panic(err)
fmt.Println(err)
return
}

fmt.Println(string(claimsString))
Expand Down
Loading