Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.
This commit is contained in:
parent
6db47de25e
commit
9a3c652a51
9 changed files with 51 additions and 70 deletions
|
@ -125,6 +125,8 @@ namespace ZeroTier {
|
|||
#define ZT_NETWORKCONFIG_DICT_KEY_TYPE "t"
|
||||
// text
|
||||
#define ZT_NETWORKCONFIG_DICT_KEY_NAME "n"
|
||||
// credential time to live in ms
|
||||
#define ZT_NETWORKCONFIG_DICT_KEY_CREDENTIAL_TTL "cttl"
|
||||
// binary serialized certificate of membership
|
||||
#define ZT_NETWORKCONFIG_DICT_KEY_COM "C"
|
||||
// specialists (binary array of uint64_t)
|
||||
|
@ -367,11 +369,24 @@ public:
|
|||
return (Tag *)0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether a capability or tag is expired
|
||||
*
|
||||
* @param cred Credential to check -- must have timestamp() accessor method
|
||||
* @return True if credential is NOT expired
|
||||
*/
|
||||
template<typename C>
|
||||
inline bool isCredentialTimestampValid(const C &cred) const
|
||||
{
|
||||
return ( (cred.timestamp() >= timestamp) || ((timestamp - cred.timestamp()) <= credentialTimeToLive) );
|
||||
}
|
||||
|
||||
/*
|
||||
inline void dump() const
|
||||
{
|
||||
printf("networkId==%.16llx\n",networkId);
|
||||
printf("timestamp==%llu\n",timestamp);
|
||||
printf("credentialTimeToLive==%llu\n",credentialTimeToLive);
|
||||
printf("revision==%llu\n",revision);
|
||||
printf("issuedTo==%.10llx\n",issuedTo.toInt());
|
||||
printf("multicastLimit==%u\n",multicastLimit);
|
||||
|
@ -405,6 +420,11 @@ public:
|
|||
*/
|
||||
uint64_t timestamp;
|
||||
|
||||
/**
|
||||
* TTL for capabilities and tags
|
||||
*/
|
||||
uint64_t credentialTimeToLive;
|
||||
|
||||
/**
|
||||
* Controller-side revision counter for this configuration
|
||||
*/
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue