Merge pull request #636 from /issues/635-temporary-key-expiration

Temporary key expiration
wultra · Oct 8, 2024 · 28da51d · 28da51d
2 parents 7b4191f + 0cf4a7f
commit 28da51d
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 2 deletions.
diff --git a/...roidTest/java/io/getlime/security/powerauth/integration/tests/StandardActivationTest.java b/...roidTest/java/io/getlime/security/powerauth/integration/tests/StandardActivationTest.java
@@ -549,4 +549,41 @@ public void onGetEciesEncryptorFailed(@NonNull Throwable t) {
         });
         assertNotNull(encryptor);
     }
+
+    @Test
+    public void testEciesTemporaryKeyExpiration() throws Exception {
+        // This test requires PAS configured for a very short temporary key lifespan.
+        activationHelper.createStandardActivation(true, null);
+
+        Boolean result = AsyncHelper.await(resultCatcher -> {
+            powerAuthSDK.fetchEncryptionKey(testHelper.getContext(), activationHelper.getValidAuthentication(), 1000, new IFetchEncryptionKeyListener() {
+                @Override
+                public void onFetchEncryptionKeySucceed(@NonNull byte[] encryptedEncryptionKey) {
+                    resultCatcher.completeWithResult(true);
+                }
+
+                @Override
+                public void onFetchEncryptionKeyFailed(@NonNull Throwable t) {
+                    resultCatcher.completeWithResult(false);
+                }
+            });
+        });
+        assertTrue(result);
+
+        Thread.sleep(15_000);
+        result = AsyncHelper.await(resultCatcher -> {
+            powerAuthSDK.fetchEncryptionKey(testHelper.getContext(), activationHelper.getValidAuthentication(), 1000, new IFetchEncryptionKeyListener() {
+                @Override
+                public void onFetchEncryptionKeySucceed(@NonNull byte[] encryptedEncryptionKey) {
+                    resultCatcher.completeWithResult(true);
+                }
+
+                @Override
+                public void onFetchEncryptionKeyFailed(@NonNull Throwable t) {
+                    resultCatcher.completeWithResult(false);
+                }
+            });
+        });
+        assertTrue(result);
+    }
 }
diff --git a/...hLibrary/src/main/java/io/getlime/security/powerauth/sdk/impl/DefaultKeystoreService.java b/...hLibrary/src/main/java/io/getlime/security/powerauth/sdk/impl/DefaultKeystoreService.java
@@ -82,7 +82,7 @@ public boolean containsKeyForEncryptor(int scope) {
             lock.lock();
             if (session.hasPublicKeyForEciesScope(scope)) {
                 final PublicKeyInfo publicKeyInfo = getPublicKeyInfoForScope(scope);
-                if (publicKeyInfo.expiration >= 0 && publicKeyInfo.expiration - EXPIRATION_THRESHOLD < timeService.getCurrentTime()) {
+                if (publicKeyInfo.expiration >= 0 && (timeService.getCurrentTime() < publicKeyInfo.expiration - EXPIRATION_THRESHOLD)) {
                     return true;
                 }
                 PowerAuthLog.d("Removing expired public key for ECIES encryptor " + scope);

diff --git a/proj-xcode/PowerAuth2/private/PA2KeystoreService.m b/proj-xcode/PowerAuth2/private/PA2KeystoreService.m
@@ -125,7 +125,7 @@ - (BOOL) hasKeyForEncryptorScope:(PowerAuthCoreEciesEncryptorScope)encryptorScop
     PA2PublicKeyInfo * pki = [self pkiForScope:encryptorScope];
     NSTimeInterval expiration = pki.expiration;
     keyIsSet = expiration >= 0.0;
-    keyIsExpired = expiration - PUBLIC_KEY_EXPIRATION_THRESHOLD < [_timeService currentTime];
+    keyIsExpired = [_timeService currentTime] >= expiration - PUBLIC_KEY_EXPIRATION_THRESHOLD;
     if (keyIsExpired) {
         pki.expiration = -1;
     }

diff --git a/proj-xcode/PowerAuth2IntegrationTests/PowerAuthSDKDefaultTests.m b/proj-xcode/PowerAuth2IntegrationTests/PowerAuthSDKDefaultTests.m
@@ -1395,4 +1395,32 @@ - (void) testEncryptorCreation
     XCTAssertNotNil(encryptor);
 }
 
+
+- (void) testTemporaryKeyExpiration
+{
+    // This test requires PAS configured for a very short temporary key lifespan.
+    CHECK_TEST_CONFIG();
+
+    PowerAuthSdkActivation * activation = [_helper createActivation:YES];
+    if (!activation) {
+        return;
+    }
+
+    BOOL result = [[AsyncHelper synchronizeAsynchronousBlock:^(AsyncHelper *waiting) {
+        [_sdk fetchEncryptionKey:_helper.authPossessionWithKnowledge index:1000 callback:^(NSData * _Nullable encryptionKey, NSError * _Nullable error) {
+            [waiting reportCompletion:@(error == nil)];
+        }];
+    }] boolValue];
+    XCTAssertTrue(result);
+
+    [NSThread sleepForTimeInterval:15.0];
+
+    result = [[AsyncHelper synchronizeAsynchronousBlock:^(AsyncHelper *waiting) {
+        [_sdk fetchEncryptionKey:_helper.authPossessionWithKnowledge index:1000 callback:^(NSData * _Nullable encryptionKey, NSError * _Nullable error) {
+            [waiting reportCompletion:@(error == nil)];
+        }];
+    }] boolValue];
+    XCTAssertTrue(result);
+}
+
 @end