Android: Fix #635: Temporary key expiration

wultra · Oct 8, 2024 · 54e67bd · 54e67bd
1 parent 7b4191f
commit 54e67bd
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 2 deletions.
diff --git a/...roidTest/java/io/getlime/security/powerauth/integration/tests/StandardActivationTest.java b/...roidTest/java/io/getlime/security/powerauth/integration/tests/StandardActivationTest.java
@@ -549,4 +549,43 @@ public void onGetEciesEncryptorFailed(@NonNull Throwable t) {
         });
         assertNotNull(encryptor);
     }
+
+    /*
+    @Test
+    public void testEciesTemporaryKeyExpiration() throws Exception {
+        // This test requires PAS configured for a very short temporary key lifespan.
+        activationHelper.createStandardActivation(true, null);
+
+        Boolean result = AsyncHelper.await(resultCatcher -> {
+            powerAuthSDK.fetchEncryptionKey(testHelper.getContext(), activationHelper.getValidAuthentication(), 1000, new IFetchEncryptionKeyListener() {
+                @Override
+                public void onFetchEncryptionKeySucceed(@NonNull byte[] encryptedEncryptionKey) {
+                    resultCatcher.completeWithResult(true);
+                }
+
+                @Override
+                public void onFetchEncryptionKeyFailed(@NonNull Throwable t) {
+                    resultCatcher.completeWithResult(false);
+                }
+            });
+        });
+        assertTrue(result);
+
+        Thread.sleep(15_000);
+        result = AsyncHelper.await(resultCatcher -> {
+            powerAuthSDK.fetchEncryptionKey(testHelper.getContext(), activationHelper.getValidAuthentication(), 1000, new IFetchEncryptionKeyListener() {
+                @Override
+                public void onFetchEncryptionKeySucceed(@NonNull byte[] encryptedEncryptionKey) {
+                    resultCatcher.completeWithResult(true);
+                }
+
+                @Override
+                public void onFetchEncryptionKeyFailed(@NonNull Throwable t) {
+                    resultCatcher.completeWithResult(false);
+                }
+            });
+        });
+        assertTrue(result);
+    }
+    */
 }
diff --git a/...hLibrary/src/main/java/io/getlime/security/powerauth/sdk/impl/DefaultKeystoreService.java b/...hLibrary/src/main/java/io/getlime/security/powerauth/sdk/impl/DefaultKeystoreService.java
@@ -82,7 +82,7 @@ public boolean containsKeyForEncryptor(int scope) {
             lock.lock();
             if (session.hasPublicKeyForEciesScope(scope)) {
                 final PublicKeyInfo publicKeyInfo = getPublicKeyInfoForScope(scope);
-                if (publicKeyInfo.expiration >= 0 && publicKeyInfo.expiration - EXPIRATION_THRESHOLD < timeService.getCurrentTime()) {
+                if (publicKeyInfo.expiration >= 0 && (timeService.getCurrentTime() < publicKeyInfo.expiration - EXPIRATION_THRESHOLD)) {
                     return true;
                 }
                 PowerAuthLog.d("Removing expired public key for ECIES encryptor " + scope);

diff --git a/proj-xcode/PowerAuth2/private/PA2KeystoreService.m b/proj-xcode/PowerAuth2/private/PA2KeystoreService.m
@@ -125,7 +125,7 @@ - (BOOL) hasKeyForEncryptorScope:(PowerAuthCoreEciesEncryptorScope)encryptorScop
     PA2PublicKeyInfo * pki = [self pkiForScope:encryptorScope];
     NSTimeInterval expiration = pki.expiration;
     keyIsSet = expiration >= 0.0;
-    keyIsExpired = expiration - PUBLIC_KEY_EXPIRATION_THRESHOLD < [_timeService currentTime];
+    keyIsExpired = [_timeService currentTime] >= expiration - PUBLIC_KEY_EXPIRATION_THRESHOLD;
     if (keyIsExpired) {
         pki.expiration = -1;
     }