devicecheck-appattest icon indicating copy to clipboard operation
devicecheck-appattest copied to clipboard

Published 20 hours ago verified publisher icon veehaitch

Minor issue with exception message on creation time check

Open seik0ixtem opened this issue 1 year ago • 2 comments

https://github.com/veehaitch/devicecheck-appattest/blob/cb26211f63c1e2e7949deafe2efdf352daca27fa/src/main/kotlin/ch/veehait/devicecheck/appattest/receipt/ReceiptValidator.kt#L172

        // 5. Verify that the receipt’s creation time, given in field 12, is no more than five minutes old.
        //    This helps to thwart replay attacks.
        if (notAfter.isAfter(receiptPayload.creationTime.value)) {
            throw ReceiptException.InvalidPayload("Receipt's creation time is after $notAfter")
        }

right message should be: "Receipt's creation time is before $notAfter"

(yeah, message still not very easy-understandable. best i have in mind - "Receipt's creation time is older than $maxAge")

seik0ixtem avatar Jun 30 '23 14:06 seik0ixtem

Thanks a lot for reporting. You're right, the exception's message isn't accurate.

After giving it some more thought, I even came to the conclusion that the name of the parameter should be notBefore rather than notAfter. I'd appreciate it if you cold take a look at #38 which hopefully addresses this issue while also making the parameter more approachable.

veehaitch avatar Jul 03 '23 08:07 veehaitch

Looks good, thanks :))

seik0ixtem avatar Jul 31 '23 23:07 seik0ixtem