Separated allowable clock skew setting from the maximum message age configuration setting.

1 files changed, 40 insertions, 11 deletions

diff --git a/src/DotNetOpenAuth/Configuration/MessagingElement.cs b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
index 86ff615..9e957fe 100644
--- a/src/DotNetOpenAuth/Configuration/MessagingElement.cs
+++ b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
@@ -27,33 +27,62 @@ namespace DotNetOpenAuth.Configuration {
 		private const string MaximumMessageLifetimeConfigName = "lifetime";
 
 		/// <summary>
+		/// The name of the attribute that stores the maximum allowable clock skew.
+		/// </summary>
+		private const string MaximumClockSkewConfigName = "clockSkew";
+
+		/// <summary>
+		/// Gets the actual maximum message lifetime that a program should allow.
+		/// </summary>
+		/// <value>The sum of the <see cref="MaximumMessageLifetime"/> and 
+		/// <see cref="MaximumClockSkew"/> property values.</value>
+		public TimeSpan MaximumMessageLifetime {
+			get { return this.MaximumMessageLifetimeNoSkew + this.MaximumClockSkew; }
+		}
+
+		/// <summary>
 		/// Gets or sets the time between a message's creation and its receipt
 		/// before it is considered expired.
 		/// </summary>
 		/// <value>
-		/// The default value value is 13 minutes.
+		/// The default value value is 3 minutes.
 		/// </value>
 		/// <remarks>
-		/// 	<para>Smaller timespans mean lower tolerance for delays in message delivery
-		/// and time variance due to server clocks not being synchronized.
+		/// 	<para>Smaller timespans mean lower tolerance for delays in message delivery.
 		/// Larger timespans mean more nonces must be stored to provide replay protection.</para>
 		/// 	<para>The maximum age a message implementing the
 		/// <see cref="IExpiringProtocolMessage"/> interface can be before
 		/// being discarded as too old.</para>
-		/// 	<para>This time limit should take into account expected time skew for servers
-		/// across the Internet.  For example, if a server could conceivably have its
-		/// clock d = 5 minutes off UTC time, then any two servers could have
-		/// their clocks disagree by as much as 2*d = 10 minutes.
-		/// If a message should live for at least t = 3 minutes,
-		/// this property should be set to (2*d + t) = 13 minutes.</para>
+		/// 	<para>This time limit should NOT take into account expected 
+		/// time skew for servers across the Internet.  Time skew is added to
+		/// this value and is controlled by the <see cref="MaximumClockSkew"/> property.</para>
 		/// </remarks>
-		[ConfigurationProperty(MaximumMessageLifetimeConfigName, DefaultValue = "00:13:00")]
-		public TimeSpan MaximumMessageLifetime {
+		[ConfigurationProperty(MaximumMessageLifetimeConfigName, DefaultValue = "00:03:00")]
+		internal TimeSpan MaximumMessageLifetimeNoSkew {
 			get { return (TimeSpan)this[MaximumMessageLifetimeConfigName]; }
 			set { this[MaximumMessageLifetimeConfigName] = value; }
 		}
 
 		/// <summary>
+		/// Gets or sets the maximum clock skew.
+		/// </summary>
+		/// <value>The default value is 10 minutes.</value>
+		/// <remarks>
+		/// 	<para>Smaller timespans mean lower tolerance for 
+		/// time variance due to server clocks not being synchronized.
+		/// Larger timespans mean greater chance for replay attacks and
+		/// larger nonce caches.</para>
+		/// 	<para>For example, if a server could conceivably have its
+		/// clock d = 5 minutes off UTC time, then any two servers could have
+		/// their clocks disagree by as much as 2*d = 10 minutes. </para>
+		/// </remarks>
+		[ConfigurationProperty(MaximumClockSkewConfigName, DefaultValue = "00:10:00")]
+		internal TimeSpan MaximumClockSkew {
+			get { return (TimeSpan)this[MaximumClockSkewConfigName]; }
+			set { this[MaximumClockSkewConfigName] = value; }
+		}
+
+		/// <summary>
 		/// Gets or sets the configuration for the <see cref="UntrustedWebRequestHandler"/> class.
 		/// </summary>
 		/// <value>The untrusted web request.</value>