Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity.

This commit is contained in:
Adam Ierymenko 2016-08-22 18:06:46 -07:00
parent 6db47de25e
commit 9a3c652a51
9 changed files with 51 additions and 70 deletions

View file

@ -125,6 +125,8 @@ namespace ZeroTier {
#define ZT_NETWORKCONFIG_DICT_KEY_TYPE "t"
// text
#define ZT_NETWORKCONFIG_DICT_KEY_NAME "n"
// credential time to live in ms
#define ZT_NETWORKCONFIG_DICT_KEY_CREDENTIAL_TTL "cttl"
// binary serialized certificate of membership
#define ZT_NETWORKCONFIG_DICT_KEY_COM "C"
// specialists (binary array of uint64_t)
@ -367,11 +369,24 @@ public:
return (Tag *)0;
}
/**
* Check whether a capability or tag is expired
*
* @param cred Credential to check -- must have timestamp() accessor method
* @return True if credential is NOT expired
*/
template<typename C>
inline bool isCredentialTimestampValid(const C &cred) const
{
return ( (cred.timestamp() >= timestamp) || ((timestamp - cred.timestamp()) <= credentialTimeToLive) );
}
/*
inline void dump() const
{
printf("networkId==%.16llx\n",networkId);
printf("timestamp==%llu\n",timestamp);
printf("credentialTimeToLive==%llu\n",credentialTimeToLive);
printf("revision==%llu\n",revision);
printf("issuedTo==%.10llx\n",issuedTo.toInt());
printf("multicastLimit==%u\n",multicastLimit);
@ -405,6 +420,11 @@ public:
*/
uint64_t timestamp;
/**
* TTL for capabilities and tags
*/
uint64_t credentialTimeToLive;
/**
* Controller-side revision counter for this configuration
*/