Change expiration for JWT authentification of engine port to 60 seconds (#4168)

* change expiration for JWT authentification of engine port to 60 seconds Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
2 years ago · 0a2d80518f
parent 979988707b
commit 0a2d80518f
3 changed files with 7 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@
 ## 22.7.0

 ### Additions and Improvements
+- Engine API: Change expiration time for JWT tokens to 60s [#4168](https://github.com/hyperledger/besu/pull/4168)

 ### Bug Fixes

--- a/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthService.java
+++ b/ethereum/api/src/main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthService.java
@ -44,6 +44,8 @@ import org.slf4j.LoggerFactory;
 public class EngineAuthService implements AuthenticationService {

  private static final Logger LOG = LoggerFactory.getLogger(EngineAuthService.class);
+  private static final int JWT_EXPIRATION_TIME = 60;
+
  private final JWTAuth jwtAuthProvider;

  public EngineAuthService(final Vertx vertx, final Optional<File> signingKey, final Path datadir) {
@ -167,6 +169,6 @@ public class EngineAuthService implements AuthenticationService {
  private boolean issuedRecently(final long iat) {
    long iatSecondsSinceEpoch = iat;
    long nowSecondsSinceEpoch = System.currentTimeMillis() / 1000;
-    return (Math.abs((nowSecondsSinceEpoch - iatSecondsSinceEpoch)) <= 5);
+    return (Math.abs((nowSecondsSinceEpoch - iatSecondsSinceEpoch)) <= JWT_EXPIRATION_TIME);
  }
 }
--- a/ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthServiceTest.java
+++ b/ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthServiceTest.java
@ -110,15 +110,10 @@ public class EngineAuthServiceTest {
    assertThat(auth).isNotNull();
    JWTAuth jwtAuth = auth.getJwtAuthProvider();
    String token =
-        jwtAuth.generateToken(new JsonObject().put("iat", (System.currentTimeMillis() / 1000) - 6));
+        jwtAuth.generateToken(
+            new JsonObject().put("iat", (System.currentTimeMillis() / 1000) - 61));

-    Handler<Optional<User>> authHandler =
-        new Handler<Optional<User>>() {
-          @Override
-          public void handle(final Optional<User> event) {
-            assertThat(event).isEmpty();
-          }
-        };
+    Handler<Optional<User>> authHandler = event -> assertThat(event).isEmpty();
    auth.authenticate(token, authHandler);
  }
 }