Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 // Copyright 2012 The Go Authors. All rights reserved. | 1 // Copyright 2012 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "time" | 8 "time" |
9 ) | 9 ) |
10 | 10 |
(...skipping 22 matching lines...) Expand all Loading... | |
33 type tuple struct { | 33 type tuple struct { |
34 Name string | 34 Name string |
35 Data string | 35 Data string |
36 } | 36 } |
37 | 37 |
38 const ( | 38 const ( |
39 maxUint64 = 1<<64 - 1 | 39 maxUint64 = 1<<64 - 1 |
40 maxInt64 = 1<<63 - 1 | 40 maxInt64 = 1<<63 - 1 |
41 ) | 41 ) |
42 | 42 |
43 // A time.Time cannot represent seconds higher than maxInt64. However, | 43 // CertTime represents an unsigned 64-bit time value in seconds starting from |
44 // conversion from uint64 to int64 for values higher than this will result in | 44 // UNIX epoch. We use CertTime instead of time.Time in order to properly handle |
45 // negative int64 values and result in times before unix epoch that are not | 45 // the "infinite" time value ^0, which would become negative when expressed as |
46 // intended to be used with certs. maxInt64 in unix seconds would be | 46 // an int64. |
47 // 292277026596-12-04 15:30:07 +0000 UTC. We are safe until the year | |
48 // 292,277,026,596 in setting this value to maxInt64 for values above | |
49 // maxInt64. A use case for this is the "forever" setting where ValidAfter is 0 | |
50 // (all bytes 0x00) and ValidBefore is maxUint64 (all bytes 0xFF). OpenSSH does | |
51 // something similar to this by clamping to INT_MAX. | |
52 | |
53 // CertTime represents an unsigned 64bit time value in seconds starting from | |
54 // unix epoch. We use CertTime instead of time.Time in order to properly | |
55 // handle time values above what a time.Time can represent and prevent values | |
hanwen-google
2013/10/23 05:03:28
This comment is too large compared to what we're d
jmpittman
2013/10/23 11:34:48
I wrote two comments. One for the reader of the c
hanwen-google
2013/10/23 15:32:50
".. to properly handle the "infinite" time value ^
jmpittman
2013/10/23 16:30:34
Done.
| |
56 // before unix epoch. | |
57 type CertTime uint64 | 47 type CertTime uint64 |
58 | 48 |
59 func (ct CertTime) Time() time.Time { | 49 func (ct CertTime) Time() time.Time { |
60 if ct > maxInt64 { | 50 if ct > maxInt64 { |
61 return time.Unix(maxInt64, 0) | 51 return time.Unix(maxInt64, 0) |
62 } | 52 } |
63 return time.Unix(int64(ct), 0) | 53 return time.Unix(int64(ct), 0) |
64 } | 54 } |
65 | 55 |
66 func (ct CertTime) IsTheEnd() bool { | 56 func (ct CertTime) IsInfinite() bool { |
hanwen-google
2013/10/23 15:32:50
IsInfinite?
jmpittman
2013/10/23 16:30:34
Done.
| |
67 return ct == maxUint64 | 57 return ct == maxUint64 |
68 } | 58 } |
69 | 59 |
70 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in | 60 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in |
71 // [PROTOCOL.certkeys]?rev=1.8. | 61 // [PROTOCOL.certkeys]?rev=1.8. |
72 type OpenSSHCertV01 struct { | 62 type OpenSSHCertV01 struct { |
73 Nonce []byte | 63 Nonce []byte |
74 Key PublicKey | 64 Key PublicKey |
75 Serial uint64 | 65 Serial uint64 |
76 Type uint32 | 66 Type uint32 |
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
379 if sigBytes, rest, ok = parseString(in); !ok { | 369 if sigBytes, rest, ok = parseString(in); !ok { |
380 return | 370 return |
381 } | 371 } |
382 | 372 |
383 out, sigBytes, ok = parseSignatureBody(sigBytes) | 373 out, sigBytes, ok = parseSignatureBody(sigBytes) |
384 if !ok || len(sigBytes) > 0 { | 374 if !ok || len(sigBytes) > 0 { |
385 return nil, nil, false | 375 return nil, nil, false |
386 } | 376 } |
387 return | 377 return |
388 } | 378 } |
LEFT | RIGHT |