}
}
- public void signAndSend(long secret) throws IOException, Message.Malformed {
+ public void signAndSend(long secret, Date now) throws IOException, Message.Malformed {
SMTP.Outgoing.accept(new Message(new Stream("From: " + FROM + "\r\n" +
"To: " + who.toString(true) + "\r\n" +
"Subject: confirm " + getDescription() + "\r\n" +
"\r\n" +
"Please click the link below to " + getDescription() + "\r\n" +
sign(secret)),
- new Message.Envelope(FROM, who, new Date())
+ new Message.Envelope(FROM, who, now)
)
);
}
return sb.toString();
}
- public static Confirmation decode(String encoded, long secret) {
+ public static Confirmation decode(String encoded, long secret, Date now) {
try {
- // FIXME: not prevayler-safe!
String payload = encoded.substring(0, encoded.indexOf('.'));
ObjectInputStream ois = new ObjectInputStream(new InflaterInputStream(new Base64.InputStream(payload)));
Confirmation cve = (Confirmation)ois.readObject();
if (!cve.sign(secret).equals(encoded)) throw new InvalidSignature();
- if (System.currentTimeMillis() > cve.expiration) throw new Expired();
+ if (now.getTime() > cve.expiration) throw new Expired();
return cve;
} catch (ClassNotFoundException e) {
Log.error(Confirmation.class, e);