gatewarden 0.1.2

Hardened Keygen.sh license validation infrastructure
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

//! Response freshness enforcement (replay attack prevention).

use crate::clock::Clock;
use crate::GatewardenError;
use chrono::{DateTime, Utc};

/// Maximum age of a response before it's considered stale (5 minutes).
pub const MAX_RESPONSE_AGE_SECONDS: i64 = 5 * 60;

/// Maximum future tolerance for response dates (60 seconds).
pub const MAX_FUTURE_TOLERANCE_SECONDS: i64 = 60;

/// Parse an RFC 2822 date string (HTTP Date header format).
///
/// Example: "Wed, 09 Jun 2021 16:08:15 GMT"
pub fn parse_rfc2822_date(date_str: &str) -> Result<DateTime<Utc>, GatewardenError> {
    DateTime::parse_from_rfc2822(date_str)
        .map(|dt| dt.with_timezone(&Utc))
        .map_err(|e| {
            GatewardenError::ProtocolError(format!("Invalid date header: {} ({})", date_str, e))
        })
}

/// Check that a response is fresh (not a replay attack).
///
/// # Arguments
/// * `response_date` - The parsed Date header from the response
/// * `clock` - Clock implementation for current time
///
/// # Errors
/// * `ResponseTooOld` - Response is older than 5 minutes (replay attack)
/// * `ResponseFromFuture` - Response date is more than 60s in the future (clock tampering)
pub fn check_freshness<C: Clock + ?Sized>(
    response_date: DateTime<Utc>,
    clock: &C,
) -> Result<(), GatewardenError> {
    let now = clock.now_utc();
    let age_seconds = (now - response_date).num_seconds();

    // Reject stale responses (replay attack)
    if age_seconds > MAX_RESPONSE_AGE_SECONDS {
        return Err(GatewardenError::ResponseTooOld { age_seconds });
    }

    // Reject future responses (clock tampering)
    if age_seconds < -MAX_FUTURE_TOLERANCE_SECONDS {
        return Err(GatewardenError::ResponseFromFuture);
    }

    Ok(())
}

/// Combined parse and check freshness.
pub fn check_date_freshness<C: Clock + ?Sized>(
    date_header: &str,
    clock: &C,
) -> Result<DateTime<Utc>, GatewardenError> {
    let response_date = parse_rfc2822_date(date_header)?;
    check_freshness(response_date, clock)?;
    Ok(response_date)
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::clock::MockClock;

    #[test]
    fn test_parse_rfc2822_valid() {
        let date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();
        assert_eq!(date.to_rfc3339(), "2021-06-09T16:08:15+00:00");
    }

    #[test]
    fn test_parse_rfc2822_invalid() {
        let result = parse_rfc2822_date("not a date");
        assert!(matches!(result, Err(GatewardenError::ProtocolError(_))));
    }

    #[test]
    fn test_freshness_valid() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:10:00Z").unwrap();
        let response_date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();

        // Response is ~105 seconds old, within 5 minute window
        let result = check_freshness(response_date, &clock);
        assert!(result.is_ok());
    }

    #[test]
    fn test_freshness_stale() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:20:00Z").unwrap();
        let response_date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();

        // Response is ~12 minutes old, exceeds 5 minute window
        let result = check_freshness(response_date, &clock);
        assert!(matches!(
            result,
            Err(GatewardenError::ResponseTooOld { .. })
        ));
    }

    #[test]
    fn test_freshness_exactly_5_minutes() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:13:15Z").unwrap();
        let response_date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();

        // Response is exactly 5 minutes old (300 seconds) - should still be valid
        let result = check_freshness(response_date, &clock);
        assert!(result.is_ok());
    }

    #[test]
    fn test_freshness_just_over_5_minutes() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:13:16Z").unwrap();
        let response_date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();

        // Response is 301 seconds old - should be rejected
        let result = check_freshness(response_date, &clock);
        assert!(matches!(
            result,
            Err(GatewardenError::ResponseTooOld { .. })
        ));
    }

    #[test]
    fn test_freshness_future_within_tolerance() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:07:30Z").unwrap();
        let response_date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();

        // Response is 45 seconds in the future - within 60s tolerance
        let result = check_freshness(response_date, &clock);
        assert!(result.is_ok());
    }

    #[test]
    fn test_freshness_future_exceeds_tolerance() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:06:00Z").unwrap();
        let response_date = parse_rfc2822_date("Wed, 09 Jun 2021 16:08:15 GMT").unwrap();

        // Response is 135 seconds in the future - exceeds 60s tolerance
        let result = check_freshness(response_date, &clock);
        assert!(matches!(result, Err(GatewardenError::ResponseFromFuture)));
    }

    #[test]
    fn test_check_date_freshness_combined() {
        let clock = MockClock::from_rfc3339("2021-06-09T16:10:00Z").unwrap();
        let result = check_date_freshness("Wed, 09 Jun 2021 16:08:15 GMT", &clock);
        assert!(result.is_ok());
    }
}