Fix: Credential's Expiration time (#136)

awslabs · Jan 9, 2023 · 1fd0a61 · 1fd0a61
1 parent faa1740
commit 1fd0a61
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 8 deletions.
diff --git a/Source/AwsCommonRuntimeKit/auth/credentials/Credentials.swift b/Source/AwsCommonRuntimeKit/auth/credentials/Credentials.swift
@@ -20,7 +20,8 @@ public final class Credentials {
     ///   - secret: value for the secret access key field
     ///   - sessionToken: (Optional) security token associated with the credentials
     ///   - expiration: (Optional) Point in time after which credentials will no longer be valid.
-    ///                 For credentials that do not expire, use nil. Timezone is always UTC.
+    ///                 For credentials that do not expire, use nil.
+    ///                 If expiration.timeIntervalSince1970 is greater than UInt64.max, it will be converted to nil.
     ///   - allocator: (Optional) allocator to override.
     /// - Throws: CommonRuntimeError.crtError
     public init(accessKey: String,
@@ -30,7 +31,8 @@ public final class Credentials {
                 allocator: Allocator = defaultAllocator) throws {
 
         let expirationTimeout: UInt64
-        if let expiration = expiration {
+        if let expiration = expiration,
+           expiration.timeIntervalSince1970 < Double(UInt64.max) {
             expirationTimeout = UInt64(expiration.timeIntervalSince1970)
         } else {
             expirationTimeout = UInt64.max
@@ -77,11 +79,16 @@ public final class Credentials {
         return token.toOptionalString()
     }
 
-    /// Gets the expiration timeout in seconds from the `aws_credentials` instance
+    /// Gets the expiration timeout from the `aws_credentials` instance
     ///
-    /// - Returns:`UInt64`: The timeout in seconds of when the credentials expire
-    public func getExpiration() -> Date {
-        return Date(timeIntervalSince1970: TimeInterval(aws_credentials_get_expiration_timepoint_seconds(rawValue)))
+    /// - Returns:`Data?`: The timeout in seconds of when the credentials expire.
+    ///                     It will return nil if credentials never expire
+    public func getExpiration() -> Date? {
+        let seconds = aws_credentials_get_expiration_timepoint_seconds(rawValue)
+        if seconds == UInt64.max {
+            return nil
+        }
+        return Date(timeIntervalSince1970: TimeInterval(seconds))
     }
 
     deinit {

diff --git a/Test/AwsCommonRuntimeKitTests/auth/CredentialsTests.swift b/Test/AwsCommonRuntimeKitTests/auth/CredentialsTests.swift
@@ -16,7 +16,26 @@ class CredentialsTests: XCBaseTestCase {
         XCTAssertEqual(accessKey, credentials.getAccessKey())
         XCTAssertEqual(secret, credentials.getSecret())
         XCTAssertEqual(sessionToken, credentials.getSessionToken())
-        XCTAssertEqual(UInt64(expiration.timeIntervalSince1970), UInt64(credentials.getExpiration().timeIntervalSince1970))
+        XCTAssertEqual(UInt64(expiration.timeIntervalSince1970), UInt64(credentials.getExpiration()!.timeIntervalSince1970))
+
+    }
+
+    func testCreateAWSCredentialsInfinity() async throws {
+        let accessKey = "AccessKey"
+        let secret = "Secret"
+        let sessionToken = "Token"
+        let expiration = Date(timeIntervalSince1970: (Double) (UInt64.max))
+
+        let credentials = try Credentials(accessKey: accessKey, secret: secret, sessionToken: sessionToken, expiration: expiration)
+
+        XCTAssertEqual(accessKey, credentials.getAccessKey())
+        XCTAssertEqual(secret, credentials.getSecret())
+        XCTAssertEqual(sessionToken, credentials.getSessionToken())
+        XCTAssertNil(credentials.getExpiration())
+
+        let expiration2 = Date(timeIntervalSince1970: (Double) (UInt64.max)+10)
+        let credentials2 = try Credentials(accessKey: accessKey, secret: secret, sessionToken: sessionToken, expiration: expiration2)
+        XCTAssertNil(credentials2.getExpiration())
     }
 
     func testCreateAWSCredentialsWithoutSessionToken() async throws {
@@ -29,8 +48,20 @@ class CredentialsTests: XCBaseTestCase {
         XCTAssertEqual(accessKey, credentials.getAccessKey())
         XCTAssertEqual(secret, credentials.getSecret())
         XCTAssertEqual(credentials.getSessionToken(), nil)
-        XCTAssertEqual(UInt64(expiration.timeIntervalSince1970), UInt64(credentials.getExpiration().timeIntervalSince1970))
+        XCTAssertEqual(UInt64(expiration.timeIntervalSince1970), UInt64(credentials.getExpiration()!.timeIntervalSince1970))
+
+    }
+
+    func testCreateAWSCredentialsWithoutExpiration() async throws {
+        let accessKey = "AccessKey"
+        let secret = "Secret"
+
+        let credentials = try Credentials(accessKey: accessKey, secret: secret, sessionToken: nil)
 
+        XCTAssertEqual(accessKey, credentials.getAccessKey())
+        XCTAssertEqual(secret, credentials.getSecret())
+        XCTAssertEqual(credentials.getSessionToken(), nil)
+        XCTAssertNil(credentials.getExpiration())
     }
 
     func testCreateAWSCredentialsWithoutAccessKeyThrows() async {