MAC Cookies (patch 5 of N)

To help folks deal with clock skew, we've changed the timestamp to the "age" of
the credential, which is the number of seconds since the cookie was set (as
opposed to the number of seconds since the epoch).  This patch updates our
implementation to match.

Review URL: http://codereview.chromium.org/6969075

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85542 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 38 insertions, 23 deletions

diff --git a/net/http/http_mac_signature.cc b/net/http/http_mac_signature.cc
index a8177f75..32f1e0c 100644
--- a/net/http/http_mac_signature.cc
+++ b/net/http/http_mac_signature.cc
@@ -8,7 +8,6 @@
 #include "base/rand_util.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
-#include "base/time.h"
 #include "crypto/hmac.h"
 
 namespace net {
@@ -51,11 +50,13 @@ HttpMacSignature::~HttpMacSignature() {
 }
 
 bool HttpMacSignature::AddStateInfo(const std::string& id,
+                                    const base::Time& creation_date,
                                     const std::string& mac_key,
                                     const std::string& mac_algorithm) {
   DCHECK(id_.empty());
 
   if (!IsPlainString(id) || id.empty() ||
+      creation_date.is_null() ||
       mac_key.empty() ||
       mac_algorithm.empty()) {
     return false;
@@ -69,6 +70,7 @@ bool HttpMacSignature::AddStateInfo(const std::string& id,
     return false;
 
   id_ = id;
+  creation_date_ = creation_date;
   mac_key_ = mac_key;
   return true;
 }
@@ -97,33 +99,32 @@ std::string HttpMacSignature::GenerateAuthorizationHeader() {
   DCHECK(!id_.empty()) << "Call AddStateInfo first.";
   DCHECK(!method_.empty()) << "Call AddHttpInfo first.";
 
-  std::string timestamp = base::Int64ToString((base::Time::Now() -
-      base::Time::UnixEpoch()).InSeconds());
+  std::string age = base::Int64ToString(
+      (base::Time::Now() - creation_date_).InSeconds());
   std::string nonce = GenerateNonce();
 
-  return GenerateHeaderString(timestamp, nonce);
+  return GenerateHeaderString(age, nonce);
 }
 
-std::string HttpMacSignature::GenerateHeaderString(
-    const std::string& timestamp,
-    const std::string& nonce) {
-  std::string mac = GenerateMAC(timestamp, nonce);
+std::string HttpMacSignature::GenerateHeaderString(const std::string& age,
+                                                   const std::string& nonce) {
+  std::string mac = GenerateMAC(age, nonce);
 
-  DCHECK(IsPlainString(timestamp));
+  DCHECK(IsPlainString(age));
   DCHECK(IsPlainString(nonce));
   DCHECK(IsPlainString(mac));
 
   return "MAC id=\"" + id_ +
-      "\", nonce=\"" + timestamp + ":" + nonce +
+      "\", nonce=\"" + age + ":" + nonce +
       "\", mac=\"" + mac + "\"";
 }
 
 std::string HttpMacSignature::GenerateNormalizedRequest(
-    const std::string& timestamp,
+    const std::string& age,
     const std::string& nonce) {
   static const std::string kNewLine = "\n";
 
-  std::string normalized_request = timestamp + ":" + nonce + kNewLine;
+  std::string normalized_request = age + ":" + nonce + kNewLine;
   normalized_request += method_ + kNewLine;
   normalized_request += request_uri_ + kNewLine;
   normalized_request += host_ + kNewLine;
@@ -134,9 +135,9 @@ std::string HttpMacSignature::GenerateNormalizedRequest(
   return normalized_request;
 }
 
-std::string HttpMacSignature::GenerateMAC(const std::string& timestamp,
+std::string HttpMacSignature::GenerateMAC(const std::string& age,
                                           const std::string& nonce) {
-  std::string request = GenerateNormalizedRequest(timestamp, nonce);
+  std::string request = GenerateNormalizedRequest(age, nonce);
 
   crypto::HMAC hmac(mac_algorithm_);
   hmac.Init(mac_key_);
diff --git a/net/http/http_mac_signature.h b/net/http/http_mac_signature.h
index d96d1c4..016fd3d 100644
--- a/net/http/http_mac_signature.h
+++ b/net/http/http_mac_signature.h
@@ -10,6 +10,7 @@
 
 #include "base/basictypes.h"
 #include "base/gtest_prod_util.h"
+#include "base/time.h"
 #include "crypto/hmac.h"
 
 namespace net {
@@ -27,6 +28,7 @@ class HttpMacSignature {
 
   // Returns whether this information is valid.
   bool AddStateInfo(const std::string& id,
+                    const base::Time& creation_date,
                     const std::string& mac_key,
                     const std::string& mac_algorithm);
 
@@ -44,14 +46,15 @@ class HttpMacSignature {
   FRIEND_TEST_ALL_PREFIXES(HttpMacSignatureTest, GenerateNormalizedRequest);
   FRIEND_TEST_ALL_PREFIXES(HttpMacSignatureTest, GenerateMAC);
 
-  std::string GenerateHeaderString(const std::string& timestamp,
+  std::string GenerateHeaderString(const std::string& age,
                                    const std::string& nonce);
-  std::string GenerateNormalizedRequest(const std::string& timestamp,
+  std::string GenerateNormalizedRequest(const std::string& age,
                                         const std::string& nonce);
-  std::string GenerateMAC(const std::string& timestamp,
+  std::string GenerateMAC(const std::string& age,
                           const std::string& nonce);
 
   std::string id_;
+  base::Time creation_date_;
   std::string mac_key_;
   crypto::HMAC::HashAlgorithm mac_algorithm_;
 
diff --git a/net/http/http_mac_signature_unittest.cc b/net/http/http_mac_signature_unittest.cc
index c7e577d..e0c6be2 100644
--- a/net/http/http_mac_signature_unittest.cc
+++ b/net/http/http_mac_signature_unittest.cc
@@ -10,15 +10,23 @@ namespace net {
 TEST(HttpMacSignatureTest, BogusAddStateInfo) {
   HttpMacSignature signature;
   EXPECT_FALSE(signature.AddStateInfo("exciting-id",
+                                      base::Time::Now(),
                                       "the-mac-key",
                                       "bogus-hmac-algorithm"));
   EXPECT_FALSE(signature.AddStateInfo("",
+                                      base::Time::Now(),
                                       "the-mac-key",
                                       "hmac-sha-1"));
   EXPECT_FALSE(signature.AddStateInfo("exciting-id",
+                                      base::Time(),
+                                      "the-mac-key",
+                                      "hmac-sha-1"));
+  EXPECT_FALSE(signature.AddStateInfo("exciting-id",
+                                      base::Time::Now(),
                                       "",
                                       "hmac-sha-1"));
   EXPECT_FALSE(signature.AddStateInfo("exciting-id",
+                                      base::Time::Now(),
                                       "the-mac-key",
                                       ""));
 }
@@ -36,6 +44,7 @@ TEST(HttpMacSignatureTest, BogusAddHttpInfo) {
 TEST(HttpMacSignatureTest, GenerateHeaderString) {
   HttpMacSignature signature;
   EXPECT_TRUE(signature.AddStateInfo("dfoi30j0qnf",
+                                     base::Time::Now(),
                                      "adiMf03j0f3nOenc003r",
                                      "hmac-sha-1"));
   EXPECT_TRUE(signature.AddHttpInfo("GeT",
@@ -43,19 +52,20 @@ TEST(HttpMacSignatureTest, GenerateHeaderString) {
                                     "eXaMple.com",
                                     80));
 
-  std::string timestamp = "239034";
+  std::string age = "239034";
   std::string nonce = "mn4302j0n+32r2/f3r=";
 
   EXPECT_EQ("MAC id=\"dfoi30j0qnf\", "
             "nonce=\"239034:mn4302j0n+32r2/f3r=\", "
             "mac=\"GrkHtPKzB1m1dCHfa7OCWOw6EQ==\"",
-            signature.GenerateHeaderString(timestamp, nonce));
+            signature.GenerateHeaderString(age, nonce));
 }
 
 
 TEST(HttpMacSignatureTest, GenerateNormalizedRequest) {
   HttpMacSignature signature;
   EXPECT_TRUE(signature.AddStateInfo("dfoi30j0qnf",
+                                     base::Time::Now(),
                                      "adiMf03j0f3nOenc003r",
                                      "hmac-sha-1"));
   EXPECT_TRUE(signature.AddHttpInfo("GeT",
@@ -63,7 +73,7 @@ TEST(HttpMacSignatureTest, GenerateNormalizedRequest) {
                                     "eXaMple.com",
                                     80));
 
-  std::string timestamp = "239034";
+  std::string age = "239034";
   std::string nonce = "mn4302j0n+32r2/f3r=";
 
   EXPECT_EQ("239034:mn4302j0n+32r2/f3r=\n"
@@ -73,12 +83,13 @@ TEST(HttpMacSignatureTest, GenerateNormalizedRequest) {
             "80\n"
             "\n"
             "\n",
-            signature.GenerateNormalizedRequest(timestamp, nonce));
+            signature.GenerateNormalizedRequest(age, nonce));
 }
 
 TEST(HttpMacSignatureTest, GenerateMAC) {
   HttpMacSignature signature;
   EXPECT_TRUE(signature.AddStateInfo("dfoi30j0qnf",
+                                     base::Time::Now(),
                                      "adiMf03j0f3nOenc003r",
                                      "hmac-sha-1"));
   EXPECT_TRUE(signature.AddHttpInfo("GeT",
@@ -86,10 +97,10 @@ TEST(HttpMacSignatureTest, GenerateMAC) {
                                      "eXaMple.com",
                                      80));
 
-  std::string timestamp = "239034";
+  std::string age = "239034";
   std::string nonce = "mn4302j0n+32r2/f3r=";
 
   EXPECT_EQ("GrkHtPKzB1m1dCHfa7OCWOw6EQ==",
-            signature.GenerateMAC(timestamp, nonce));
+            signature.GenerateMAC(age, nonce));
 }
 }