From 1b8563a07679d764e239c612076e16c4ea65d5be Mon Sep 17 00:00:00 2001
From: liuzhijiang <liuzhijiang_123@126.com>
Date: Tue, 21 Apr 2020 09:55:43 +0800
Subject: [PATCH 1/2] fix ClientAuthenticationFilter.checkTimestamp

---
 .../apollo/configservice/filter/ClientAuthenticationFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java b/apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java
index 5f9648382ef..1cb43dfa94b 100644
--- a/apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java
+++ b/apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java
@@ -89,7 +89,7 @@ private boolean checkTimestamp(String timestamp) {
     }
 
     long x = System.currentTimeMillis() - requestTimeMillis;
-    return x <= TIMESTAMP_INTERVAL;
+    return x >= -TIMESTAMP_INTERVAL && x <= TIMESTAMP_INTERVAL;
   }
 
   private boolean checkAuthorization(String authorization, List<String> availableSecrets,

From 0b42e5c07fb7c39b0df363ac1d0522cf990178cb Mon Sep 17 00:00:00 2001
From: Zhijiang Liu <zhijiang.liu@shopee.com>
Date: Sat, 25 Apr 2020 23:52:01 +0800
Subject: [PATCH 2/2] =?UTF-8?q?Add=20Unit=20Test=EF=BC=8CCheck=20Timestamp?=
 =?UTF-8?q?=20>=20CurrentTime=20+=2060Seconds?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../filter/ClientAuthenticationFilterTest.java   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java b/apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java
index 2e7b1cb5671..a74ca2654cf 100644
--- a/apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java
+++ b/apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java
@@ -67,6 +67,22 @@ public void testRequestTimeTooSkewed() throws Exception {
     verify(filterChain, never()).doFilter(request, response);
   }
 
+  @Test
+  public void testRequestTimeOneMinFasterThenCurrentTime() throws Exception {
+    String appId = "someAppId";
+    List<String> secrets = Lists.newArrayList("someSecret");
+    String oneMinAfterTimestamp = Long.toString(System.currentTimeMillis() + 61 * 1000);
+
+    when(accessKeyUtil.extractAppIdFromRequest(any())).thenReturn(appId);
+    when(accessKeyUtil.findAvailableSecret(appId)).thenReturn(secrets);
+    when(request.getHeader(Signature.HTTP_HEADER_TIMESTAMP)).thenReturn(oneMinAfterTimestamp);
+
+    clientAuthenticationFilter.doFilter(request, response, filterChain);
+
+    verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "RequestTimeTooSkewed");
+    verify(filterChain, never()).doFilter(request, response);
+  }
+
   @Test
   public void testUnauthorized() throws Exception {
     String appId = "someAppId";