X-Git-Url: http://git.megacz.com/?a=blobdiff_plain;f=src%2Forg%2Fibex%2Fmail%2FConfirmation.java;h=c5e00228dc833a3644ef4f66581fe8850da417ea;hb=25f50e4019a17089cfd06ebae9fe949b6b8ff9d5;hp=9fa487f82c0677d2a0f2337f38c0ca8bb52e15e3;hpb=88ee94f69d25a1d257de5a8a0f6283174c618a4b;p=org.ibex.mail.git diff --git a/src/org/ibex/mail/Confirmation.java b/src/org/ibex/mail/Confirmation.java index 9fa487f..c5e0022 100644 --- a/src/org/ibex/mail/Confirmation.java +++ b/src/org/ibex/mail/Confirmation.java @@ -83,14 +83,14 @@ public abstract class Confirmation implements Externalizable { } } - public void signAndSend(long secret) throws IOException, Message.Malformed { + public void signAndSend(long secret, Date now) throws IOException, Message.Malformed { SMTP.Outgoing.accept(new Message(new Stream("From: " + FROM + "\r\n" + "To: " + who.toString(true) + "\r\n" + "Subject: confirm " + getDescription() + "\r\n" + "\r\n" + "Please click the link below to " + getDescription() + "\r\n" + sign(secret)), - new Message.Envelope(FROM, who, new Date()) + new Message.Envelope(FROM, who, now) ) ); } @@ -112,14 +112,13 @@ public abstract class Confirmation implements Externalizable { return sb.toString(); } - public static Confirmation decode(String encoded, long secret) { + public static Confirmation decode(String encoded, long secret, Date now) { try { - // FIXME: not prevayler-safe! String payload = encoded.substring(0, encoded.indexOf('.')); ObjectInputStream ois = new ObjectInputStream(new InflaterInputStream(new Base64.InputStream(payload))); Confirmation cve = (Confirmation)ois.readObject(); if (!cve.sign(secret).equals(encoded)) throw new InvalidSignature(); - if (System.currentTimeMillis() > cve.expiration) throw new Expired(); + if (now.getTime() > cve.expiration) throw new Expired(); return cve; } catch (ClassNotFoundException e) { Log.error(Confirmation.class, e);