Add new error to distinguish the reason for expired message.

Netflix · Feb 1, 2019 · 754dd4a · 754dd4a
1 parent 6326c83
commit 754dd4a
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 13 deletions.
diff --git a/core/src/main/java/com/netflix/msl/MslError.java b/core/src/main/java/com/netflix/msl/MslError.java
@@ -240,6 +240,8 @@ public class MslError {
     public static final MslError UNEXPECTED_LOCAL_MESSAGE_SENDER = new MslError(6041, ResponseCode.FAIL, "Message sender is equal to the local entity.");
     public static final MslError UNENCRYPTED_MESSAGE_WITH_USERAUTHDATA = new MslError(6042, ResponseCode.FAIL, "User authentication data included in unencrypted message header.");
     public static final MslError MESSAGE_SENDER_MISMATCH = new MslError(6043, ResponseCode.FAIL, "Message sender entity identity does not match expected identity.");
+    public static final MslError MESSAGE_EXPIRED_NOT_RENEWABLE = new MslError(6044, ResponseCode.EXPIRED, "Message expired and not renewable. Rejected.");
+    public static final MslError MESSAGE_EXPIRED_NO_KEYREQUEST_DATA = new MslError(6045, ResponseCode.EXPIRED, "Message expired and missing key request data. Rejected.");
 
     // 7 Key Exchange
     public static final MslError UNIDENTIFIED_KEYX_SCHEME = new MslError(7000, ResponseCode.FAIL, "Unable to identify key exchange scheme.");

diff --git a/core/src/main/java/com/netflix/msl/msg/MessageInputStream.java b/core/src/main/java/com/netflix/msl/msg/MessageInputStream.java
@@ -277,8 +277,13 @@ public MessageInputStream(final MslContext ctx, final InputStream source, final
                 if (masterToken.isExpired(null)) {
                     // If the message is not renewable or does not contain key
                     // request data then reject the message.
-                    if (!messageHeader.isRenewable() || messageHeader.getKeyRequestData().isEmpty())
-                        throw new MslMessageException(MslError.MESSAGE_EXPIRED, messageHeader.toString());
+                    if (!messageHeader.isRenewable()) {
+                        throw new MslMessageException(MslError.MESSAGE_EXPIRED_NOT_RENEWABLE, messageHeader.toString());
+                    }
+                    else if (messageHeader.getKeyRequestData().isEmpty()) {
+                        throw new MslMessageException(MslError.MESSAGE_EXPIRED_NO_KEYREQUEST_DATA, messageHeader.toString());
+                    }
+
 
                     // If the master token will not be renewed by the token
                     // factory then reject the message.

diff --git a/core/src/main/javascript/MslError.js b/core/src/main/javascript/MslError.js
@@ -269,6 +269,8 @@
 	    UNEXPECTED_LOCAL_MESSAGE_SENDER : new MslError(6041, MslConstants.ResponseCode.FAIL, "Message sender is equal to the local entity."),
 	    UNENCRYPTED_MESSAGE_WITH_USERAUTHDATA : new MslError(6042, MslConstants.ResponseCode.FAIL, "User authentication data included in unencrypted message header."),
 	    MESSAGE_SENDER_MISMATCH : new MslError(6043, MslConstants.ResponseCode.FAIL, "Message sender entity identity does not match expected identity."),
+        MESSAGE_EXPIRED_NOT_RENEWABLE : new MslError(6044, MslConstants.ResponseCode.EXPIRED, "Message expired and not renewable. Rejected."),
+        MESSAGE_EXPIRED_NO_KEYREQUEST_DATA : new MslError(6045, MslConstants.ResponseCode.EXPIRED, "Message expired and missing key request data. Rejected."),
 
 	    // 7 Key Exchange
 	    UNIDENTIFIED_KEYX_SCHEME : new MslError(7000, MslConstants.ResponseCode.FAIL, "Unable to identify key exchange scheme."),
@@ -302,4 +304,4 @@
 	    NONE : new MslError(9999, MslConstants.ResponseCode.FAIL, "Special unit test error.")
 	}));
 	Object.freeze(MslError);
-})(require, (typeof module !== 'undefined') ? module : mkmodule('MslError'));
+})(require, (typeof module !== 'undefined') ? module : mkmodule('MslError'));
diff --git a/core/src/main/javascript/msg/MessageInputStream.js b/core/src/main/javascript/msg/MessageInputStream.js
@@ -533,8 +533,17 @@
                     if (masterToken.isExpired(null)) {
                         // If the message is not renewable or does not contain key
                         // request data then reject the message.
-                        if (!messageHeader.isRenewable() || messageHeader.keyRequestData.length == 0) {
-                            self._errored = new MslMessageException(MslError.MESSAGE_EXPIRED, messageHeader)
+                        if (!messageHeader.isRenewable()) {
+                            self._errored = new MslMessageException(MslError.MESSAGE_EXPIRED_NOT_RENEWABLE, messageHeader)
+                            .setMasterToken(masterToken)
+                            .setUserIdToken(messageHeader.userIdToken)
+                            .setUserAuthenticationData(messageHeader.userAuthenticationData)
+                            .setMessageId(messageHeader.messageId);
+                            ready();
+                            return;
+                        }
+                        else if (messageHeader.keyRequestData.length == 0) {
+                            self._errored = new MslMessageException(MslError.MESSAGE_EXPIRED_NO_KEYREQUEST_DATA, messageHeader)
                             .setMasterToken(masterToken)
                             .setUserIdToken(messageHeader.userIdToken)
                             .setUserAuthenticationData(messageHeader.userAuthenticationData)

diff --git a/tests/src/test/java/com/netflix/msl/msg/MessageInputStreamTest.java b/tests/src/test/java/com/netflix/msl/msg/MessageInputStreamTest.java
@@ -638,7 +638,7 @@ public void expiredRenewablePeerMessage() throws MslEncodingException, MslCrypto
     @Test
     public void expiredNotRenewableClientMessage() throws IOException, MslUserAuthException, MslException, MslEncoderException {
         thrown.expect(MslMessageException.class);
-        thrown.expectMslError(MslError.MESSAGE_EXPIRED);
+        thrown.expectMslError(MslError.MESSAGE_EXPIRED_NOT_RENEWABLE);
         thrown.expectMessageId(MSG_ID);
 
         // Expired messages received by a trusted network server should be
@@ -658,7 +658,7 @@ public void expiredNotRenewableClientMessage() throws IOException, MslUserAuthEx
     @Test
     public void expiredNoKeyRequestDataClientMessage() throws MslEncodingException, MslCryptoException, MslMasterTokenException, MslEntityAuthException, MslMessageException, MslUserAuthException, MslKeyExchangeException, IOException, MslException, MslEncoderException {
         thrown.expect(MslMessageException.class);
-        thrown.expectMslError(MslError.MESSAGE_EXPIRED);
+        thrown.expectMslError(MslError.MESSAGE_EXPIRED_NO_KEYREQUEST_DATA);
         thrown.expectMessageId(MSG_ID);
 
         // Expired renewable messages received by a trusted network server
@@ -709,7 +709,7 @@ public void expiredNotRenewableServerMessage() throws MslEncodingException, MslC
     @Test
     public void expiredNoKeyRequestDataPeerMessage() throws MslEncodingException, MslCryptoException, MslMasterTokenException, MslEntityAuthException, MslMessageException, MslUserAuthException, MslKeyExchangeException, IOException, MslException, MslEncoderException {
         thrown.expect(MslMessageException.class);
-        thrown.expectMslError(MslError.MESSAGE_EXPIRED);
+        thrown.expectMslError(MslError.MESSAGE_EXPIRED_NO_KEYREQUEST_DATA);
         thrown.expectMessageId(MSG_ID);
 
         final Date renewalWindow = new Date(System.currentTimeMillis() - 20000);
@@ -727,7 +727,7 @@ public void expiredNoKeyRequestDataPeerMessage() throws MslEncodingException, Ms
     @Test
     public void expiredNotRenewablePeerMessage() throws MslEncodingException, MslCryptoException, MslMasterTokenException, MslEntityAuthException, MslMessageException, MslUserAuthException, MslKeyExchangeException, IOException, MslException, MslEncoderException {
         thrown.expect(MslMessageException.class);
-        thrown.expectMslError(MslError.MESSAGE_EXPIRED);
+        thrown.expectMslError(MslError.MESSAGE_EXPIRED_NOT_RENEWABLE);
         thrown.expectMessageId(MSG_ID);
 
         final Date renewalWindow = new Date(System.currentTimeMillis() - 20000);

diff --git a/tests/src/test/javascript/msg/MessageInputStreamTest.js b/tests/src/test/javascript/msg/MessageInputStreamTest.js
@@ -1827,7 +1827,7 @@ describe("MessageInputStream", function() {
 
         runs(function() {
             var f = function() { throw exception; };
-            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED), MSG_ID);
+            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED_NOT_RENEWABLE), MSG_ID);
         });
     });
 
@@ -1887,7 +1887,7 @@ describe("MessageInputStream", function() {
 
         runs(function() {
             var f = function() { throw exception; };
-            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED), MSG_ID);
+            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED_NO_KEYREQUEST_DATA), MSG_ID);
         });
     });
 
@@ -2031,7 +2031,7 @@ describe("MessageInputStream", function() {
 
         runs(function() {
             var f = function() { throw exception; };
-            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED), MSG_ID);
+            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED_NO_KEYREQUEST_DATA), MSG_ID);
         });
     });
 
@@ -2089,7 +2089,7 @@ describe("MessageInputStream", function() {
 
         runs(function() {
             var f = function() { throw exception; };
-            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED), MSG_ID);
+            expect(f).toThrow(new MslMessageException(MslError.MESSAGE_EXPIRED_NOT_RENEWABLE), MSG_ID);
         });
     });