timeless hotfix (#275)

types/src/keyless/mod.rs

@@ -141,8 +141,9 @@ impl KeylessSignature {
     }
 
     pub fn verify_expiry(&self, current_time_microseconds: u64) -> anyhow::Result<()> {
-        let block_time = UNIX_EPOCH + Duration::from_micros(current_time_microseconds);
-        let expiry_time = seconds_from_epoch(self.exp_date_secs);
+        let block_time = UNIX_EPOCH.checked_add(Duration::from_micros(current_time_microseconds))
+            .ok_or_else(|| anyhow::anyhow!("Overflowed on UNIX_EPOCH + current_time_microseconds when checking exp_date_secs"))?;
+        let expiry_time = seconds_from_epoch(self.exp_date_secs)?;
 
         if block_time > expiry_time {
             bail!("Keyless signature is expired");
@@ -428,8 +429,10 @@ fn base64url_decode_as_str(b64: &str) -> anyhow::Result<String> {
     Ok(str)
 }
 
-fn seconds_from_epoch(secs: u64) -> SystemTime {
-    UNIX_EPOCH + Duration::from_secs(secs)
+fn seconds_from_epoch(secs: u64) -> anyhow::Result<SystemTime> {
+    Ok(UNIX_EPOCH
+        .checked_add(Duration::from_secs(secs))
+        .ok_or_else(|| anyhow::anyhow!("Overflowed on UNIX_EPOCH + secs in seconds_from_epoch"))?)
 }
 
 #[cfg(test)]

types/src/keyless/openid_sig.rs

@@ -60,9 +60,16 @@ impl OpenIdSig {
     ) -> anyhow::Result<()> {
         let claims: Claims = serde_json::from_str(&self.jwt_payload_json)?;
 
-        let max_expiration_date =
-            seconds_from_epoch(claims.oidc_claims.iat + config.max_exp_horizon_secs);
-        let expiration_date = seconds_from_epoch(exp_timestamp_secs);
+        let max_expiration_date = seconds_from_epoch(
+            claims
+                .oidc_claims
+                .iat
+                .checked_add(config.max_exp_horizon_secs)
+                .ok_or_else(|| {
+                    anyhow::anyhow!("Overflow when adding iat and max_exp_horizon_secs")
+                })?,
+        )?;
+        let expiration_date = seconds_from_epoch(exp_timestamp_secs)?;
 
         ensure!(
             expiration_date < max_expiration_date,