Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make the logic to ignore clock skew more robust #191

Merged
merged 1 commit into from
Apr 12, 2022
Merged

Make the logic to ignore clock skew more robust #191

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions client/src/session/session.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1443,6 +1443,13 @@ impl SessionService for Session {
let _ = secure_channel
.set_remote_cert_from_byte_string(&response.server_certificate);
}
// When ignoring clock skew, we calculate the time offset between the client
// and the server and use that to compensate for the difference in time.
if self.ignore_clock_skew && !response.response_header.timestamp.is_null() {
let offset = response.response_header.timestamp - DateTime::now();
// Update the client offset by adding the new offset.
session_state.set_client_offset(offset);
}
session_state.session_id()
};

Expand Down
10 changes: 7 additions & 3 deletions client/src/session/session_state.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,11 @@ impl SessionState {
self.id
}

pub fn set_client_offset(&mut self, offset: Duration) {
self.client_offset = self.client_offset + offset;
debug!("Client offset set to {}", self.client_offset);
}

pub fn set_session_id(&mut self, session_id: NodeId) {
self.session_id = session_id
}
Expand Down Expand Up @@ -452,15 +457,14 @@ impl SessionState {
// server and use that offset to compensate for the difference in time when setting
// the timestamps in the request headers and when decoding timestamps in messages
// received from the server.
if self.ignore_clock_skew {
if self.ignore_clock_skew && !response.response_header.timestamp.is_null() {
let offset = response.response_header.timestamp - DateTime::now();
// Make sure to apply the offset to the security token in the current response.
security_token.created_at = security_token.created_at - offset;
// Update the client offset by adding the new offset. When the secure channel is
// renewed its already using the client offset calculated when issuing the secure
// channel and only needs to be updated to accommodate any additional clock skew.
self.client_offset = self.client_offset + offset;
debug!("Client offset set to {}", self.client_offset);
self.set_client_offset(offset);
}

debug!("Setting transport's security token");
Expand Down