fix: improve key seearch logic

brave-intl · May 27, 2024 · 22f0b52 · 22f0b52
1 parent 418468a
commit 22f0b52
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 27 deletions.
diff --git a/model/issuer.go b/model/issuer.go
@@ -58,41 +58,41 @@ func (x *Issuer) FindSigningKeys(now time.Time) ([]*crypto.SigningKey, error) {
 		return nil, ErrInvalidIssuerType
 	}
 
-	keys, err := x.findActiveKeys(now)
-	if err != nil {
-		return nil, err
-	}
-
-	return parseSigningKeys(keys), nil
-}
+	const leeway = 1 * time.Hour
 
-func (x *Issuer) findActiveKeys(now time.Time) ([]*IssuerKeys, error) {
-	strictKeys, err := x.findActiveKeysOnce(now, 0)
+	keys, err := x.findActiveKeys(now, leeway)
 	if err != nil {
 		return nil, err
 	}
 
-	const leeway = 1 * time.Hour
-
-	leewayKeys, err := x.findActiveKeysOnce(now, leeway)
-	if err != nil {
-		return nil, err
+	if len(keys) == 0 {
+		return nil, nil
 	}
 
-	return append(strictKeys, leewayKeys...), nil
+	return parseSigningKeys(keys), nil
 }
 
-func (x *Issuer) findActiveKeysOnce(now time.Time, leeway time.Duration) ([]*IssuerKeys, error) {
+func (x *Issuer) findActiveKeys(now time.Time, lw time.Duration) ([]*IssuerKeys, error) {
 	var result []*IssuerKeys
 
 	for i := range x.Keys {
-		active, err := x.Keys[i].isActiveV3(now, leeway)
+		active, err := x.Keys[i].isActiveV3(now, 0)
 		if err != nil {
 			return nil, err
 		}
 
 		if active {
 			result = append(result, &x.Keys[i])
+			continue
+		}
+
+		activeLw, err := x.Keys[i].isActiveV3(now, lw)
+		if err != nil {
+			return nil, err
+		}
+
+		if activeLw {
+			result = append(result, &x.Keys[i])
 		}
 	}
 

diff --git a/model/issuer_test.go b/model/issuer_test.go
@@ -89,7 +89,7 @@ func TestIssuer_HasExpired(t *testing.T) {
 	}
 }
 
-func TestFindSigningKey(t *testing.T) {
+func TestFindSigningKeys(t *testing.T) {
 	type tcGiven struct {
 		issuer *Issuer
 		now    time.Time
@@ -142,7 +142,6 @@ func TestFindSigningKey(t *testing.T) {
 				},
 				now: time.Date(2023, time.December, 31, 0, 0, 1, 0, time.UTC),
 			},
-			exp: tcExpected{err: ErrIssuerV3NoCryptoKey},
 		},
 
 		{
@@ -169,14 +168,18 @@ func TestFindSigningKey(t *testing.T) {
 
 		t.Run(tc.name, func(t *testing.T) {
 			actual, err := tc.given.issuer.FindSigningKeys(tc.given.now)
-			must.Equal(t, tc.exp, err)
+			must.Equal(t, tc.exp.err, err)
+
+			if tc.exp.err != nil {
+				return
+			}
 
 			should.Equal(t, tc.exp.num, len(actual))
 		})
 	}
 }
 
-func TestIssuer_findActiveKeysOnce(t *testing.T) {
+func TestIssuer_findActiveKeys(t *testing.T) {
 	type tcGiven struct {
 		issuer *Issuer
 		now    time.Time
@@ -254,13 +257,38 @@ func TestIssuer_findActiveKeysOnce(t *testing.T) {
 				},
 			},
 		},
+
+		{
+			name: "valid_key_inactive_leeway",
+			given: tcGiven{
+				issuer: &Issuer{
+					Version: 3,
+					Keys: []IssuerKeys{
+						{
+							StartAt: ptrTo(time.Date(2024, time.January, 1, 0, 0, 1, 0, time.UTC)),
+							EndAt:   ptrTo(time.Date(2024, time.January, 2, 0, 0, 1, 0, time.UTC)),
+						},
+					},
+				},
+				now: time.Date(2023, time.December, 31, 23, 30, 1, 0, time.UTC),
+				lw:  1 * time.Hour,
+			},
+			exp: tcExpected{
+				result: []*IssuerKeys{
+					{
+						StartAt: ptrTo(time.Date(2024, time.January, 1, 0, 0, 1, 0, time.UTC)),
+						EndAt:   ptrTo(time.Date(2024, time.January, 2, 0, 0, 1, 0, time.UTC)),
+					},
+				},
+			},
+		},
 	}
 
 	for i := range tests {
 		tc := tests[i]
 
 		t.Run(tc.name, func(t *testing.T) {
-			actual, err := tc.given.issuer.findActiveKeysOnce(tc.given.now, tc.given.lw)
+			actual, err := tc.given.issuer.findActiveKeys(tc.given.now, tc.given.lw)
 			must.Equal(t, tc.exp.err, err)
 
 			if tc.exp.err != nil {
@@ -296,19 +324,19 @@ func TestIssuer_findActiveKeysEV(t *testing.T) {
 		},
 	}
 
-	t.Run("only_a", func(t *testing.T) {
+	t.Run("strict_b_leeway_a", func(t *testing.T) {
 		now := time.Date(2024, time.May, 24, 0, 52, 25, 0, time.UTC)
 
-		actual, err := issuer.findActiveKeys(now)
+		actual, err := issuer.findActiveKeys(now, 1*time.Hour)
 		must.Equal(t, nil, err)
 
-		should.Equal(t, []*IssuerKeys{&issuer.Keys[0]}, actual)
+		should.Equal(t, []*IssuerKeys{&issuer.Keys[1], &issuer.Keys[0]}, actual)
 	})
 
-	t.Run("b_and_c", func(t *testing.T) {
+	t.Run("strict_b_leeway_c", func(t *testing.T) {
 		now := time.Date(2024, time.May, 24, 23, 52, 25, 0, time.UTC)
 
-		actual, err := issuer.findActiveKeys(now)
+		actual, err := issuer.findActiveKeys(now, 1*time.Hour)
 		must.Equal(t, nil, err)
 
 		should.Equal(t, []*IssuerKeys{&issuer.Keys[1], &issuer.Keys[2]}, actual)