Change expiration for JWT authentification of engine port to 60 secon…

…ds (hyperledger#4168) * change expiration for JWT authentification of engine port to 60 seconds Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
daniellehrner · Jul 26, 2022 · 0a2d805 · 0a2d805
1 parent 9799887
commit 0a2d805
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## 22.7.0
 
 ### Additions and Improvements
+- Engine API: Change expiration time for JWT tokens to 60s [#4168](https://github.com/hyperledger/besu/pull/4168)
 
 ### Bug Fixes
 

diff --git a/...main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthService.java b/...main/java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthService.java
@@ -44,6 +44,8 @@
 public class EngineAuthService implements AuthenticationService {
 
   private static final Logger LOG = LoggerFactory.getLogger(EngineAuthService.class);
+  private static final int JWT_EXPIRATION_TIME = 60;
+
   private final JWTAuth jwtAuthProvider;
 
   public EngineAuthService(final Vertx vertx, final Optional<File> signingKey, final Path datadir) {
@@ -167,6 +169,6 @@ public boolean isPermitted(
   private boolean issuedRecently(final long iat) {
     long iatSecondsSinceEpoch = iat;
     long nowSecondsSinceEpoch = System.currentTimeMillis() / 1000;
-    return (Math.abs((nowSecondsSinceEpoch - iatSecondsSinceEpoch)) <= 5);
+    return (Math.abs((nowSecondsSinceEpoch - iatSecondsSinceEpoch)) <= JWT_EXPIRATION_TIME);
   }
 }
diff --git a/.../java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthServiceTest.java b/.../java/org/hyperledger/besu/ethereum/api/jsonrpc/authentication/EngineAuthServiceTest.java
@@ -110,15 +110,10 @@ public void denyExpired() throws IOException, URISyntaxException {
     assertThat(auth).isNotNull();
     JWTAuth jwtAuth = auth.getJwtAuthProvider();
     String token =
-        jwtAuth.generateToken(new JsonObject().put("iat", (System.currentTimeMillis() / 1000) - 6));
+        jwtAuth.generateToken(
+            new JsonObject().put("iat", (System.currentTimeMillis() / 1000) - 61));
 
-    Handler<Optional<User>> authHandler =
-        new Handler<Optional<User>>() {
-          @Override
-          public void handle(final Optional<User> event) {
-            assertThat(event).isEmpty();
-          }
-        };
+    Handler<Optional<User>> authHandler = event -> assertThat(event).isEmpty();
     auth.authenticate(token, authHandler);
   }
 }