Deny certs with timestamps in the future as well as the past (#559)

adamspofford-dfinity · web-flow · commit d3db617c3698 · 2024-05-16T10:23:51.000-07:00
diff --git a/ic-agent/src/agent/mod.rs b/ic-agent/src/agent/mod.rs
@@ -878,6 +878,7 @@ impl Agent {
         let time = lookup_time(cert)?;
         if (OffsetDateTime::now_utc()
             - OffsetDateTime::from_unix_timestamp_nanos(time.into()).unwrap())
+        .abs()
             > self.ingress_expiry
         {
             Err(AgentError::CertificateOutdated(self.ingress_expiry))

Original file line number	Diff line number	Diff line change
`@@ -878,6 +878,7 @@ impl Agent {`
`878`	`878`	`let time = lookup_time(cert)?;`
`879`	`879`	`if (OffsetDateTime::now_utc()`
`880`	`880`	`- OffsetDateTime::from_unix_timestamp_nanos(time.into()).unwrap())`
	`881`	`+ .abs()`
`881`	`882`	`> self.ingress_expiry`
`882`	`883`	`{`
`883`	`884`	`Err(AgentError::CertificateOutdated(self.ingress_expiry))`