adapter.rb in ey-hmac-2.1.0

- old
+ new

@@ -8,17 +8,19 @@
 
   attr_reader :request, :options, :authorization_header, :service, :sign_with, :accept_digests
 
   # @param [Object] request signer-specific request implementation
   # @option options [Integer] :version signature version
+  # @option options [Integer] :ttl (nil) duration during which HMAC is valid after signed date
   # @option options [String] :authorization_header ('Authorization') Authorization header key.
   # @option options [String] :server ('EyHmac') service name prefixed to {#authorization}. set to {#service}
   # @option options [Symbol] :sign_with (:sha_256) outgoing signature digest algorithm. See {OpenSSL::Digest#new}
   # @option options [Array] :accepted_digests ([:sha_256]) accepted incoming signature digest algorithm. See {OpenSSL::Digest#new}
   def initialize(request, options={})
     @request, @options = request, options
 
+    @ttl                  = options[:ttl]
     @authorization_header = options[:authorization_header] || 'Authorization'
     @service              = options[:service] || 'EyHmac'
     @sign_with            = options[:sign_with] || :sha256
     @accept_digests       = Array(options[:accept_digests] || :sha256)
   end
@@ -117,9 +119,17 @@
     key_id          = authorization_match[1]
     signature_value = authorization_match[2]
 
     unless key_secret = block.call(key_id)
       raise(Ey::Hmac::MissingSecret, "Failed to find secret matching #{key_id.inspect}")
+    end
+
+    unless @ttl.nil?
+      expiry = Time.parse(date).to_i + @ttl
+      current_time = Time.now.to_i
+      unless expiry > current_time
+        raise(Ey::Hmac::ExpiredHmac, "Signature has expired passed #{expiry}. Current time is #{current_time}")
+      end
     end
 
     calculated_signatures = self.accept_digests.map { |ad| signature(key_secret, ad) }
 
     unless calculated_signatures.any? { |cs| secure_compare(signature_value, cs) }