Reliability: Tweak comparison in key revocation checks

2015-03-18 15:12:16 -07:00 · 2015-03-18 15:12:16 -07:00 · d2def94712
parent fd08325918
commit d2def94712
2 changed files with 7 additions and 2 deletions
--- a/src/Microsoft.AspNet.DataProtection/KeyManagement/XmlKeyManager.cs
+++ b/src/Microsoft.AspNet.DataProtection/KeyManagement/XmlKeyManager.cs
@ -204,7 +204,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
            {
                foreach (var key in keyIdToKeyMap.Values)
                {
-                    if (key.CreationDate <= mostRecentMassRevocationDate)
+                    // The contract of IKeyManager.RevokeAllKeys is that keys created *strictly before* the
+                    // revocation date are revoked. The system clock isn't very granular, and if this were
+                    // a less-than-or-equal check we could end up with the weird case where a revocation
+                    // immediately followed by a key creation results in a newly-created revoked key (since
+                    // the clock hasn't yet stepped).
+                    if (key.CreationDate < mostRecentMassRevocationDate)
                    {
                        key.SetRevoked();
                        if (_logger.IsVerboseLevelEnabled())
--- a/test/Microsoft.AspNet.DataProtection.Test/KeyManagement/XmlKeyManagerTests.cs
+++ b/test/Microsoft.AspNet.DataProtection.Test/KeyManagement/XmlKeyManagerTests.cs
@ -403,7 +403,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
                  </revocation>
                  <revocation version='1'>
                    <!-- The below will revoke the first two keys. -->
-                    <revocationDate>2016-01-01T00:00:00Z</revocationDate>
+                    <revocationDate>2017-01-01T00:00:00Z</revocationDate>
                    <key id='*' />
                  </revocation>
                  <revocation version='1'>