Check whether system clock is reasonable at startup.

bramble-core/src/main/java/org/briarproject/bramble/lifecycle/LifecycleManagerImpl.java

@@ -12,6 +12,7 @@ import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
 import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.Clock;
 
 import java.util.List;
 import java.util.concurrent.CopyOnWriteArrayList;
@@ -34,6 +35,7 @@ import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleS
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STARTING_SERVICES;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.ALREADY_RUNNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.CLOCK_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DATA_TOO_NEW_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DATA_TOO_OLD_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DB_ERROR;
@@ -52,6 +54,7 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 
 	private final DatabaseComponent db;
 	private final EventBus eventBus;
+	private final Clock clock;
 	private final List<Service> services;
 	private final List<OpenDatabaseHook> openDatabaseHooks;
 	private final List<ExecutorService> executors;
@@ -63,9 +66,11 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 	private volatile LifecycleState state = STARTING;
 
 	@Inject
-	LifecycleManagerImpl(DatabaseComponent db, EventBus eventBus) {
+	LifecycleManagerImpl(DatabaseComponent db, EventBus eventBus,
+			Clock clock) {
 		this.db = db;
 		this.eventBus = eventBus;
+		this.clock = clock;
 		services = new CopyOnWriteArrayList<>();
 		openDatabaseHooks = new CopyOnWriteArrayList<>();
 		executors = new CopyOnWriteArrayList<>();
@@ -99,6 +104,13 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 			LOG.info("Already starting or stopping");
 			return ALREADY_RUNNING;
 		}
+		long now = clock.currentTimeMillis();
+		if (now < MIN_REASONABLE_TIME_MS || now > MAX_REASONABLE_TIME_MS) {
+			if (LOG.isLoggable(WARNING)) {
+				LOG.warning("System clock is unreasonable: " + now);
+			}
+			return CLOCK_ERROR;
+		}
 		try {
 			LOG.info("Opening database");
 			long start = now();

bramble-core/src/test/java/org/briarproject/bramble/lifecycle/LifecycleManagerImplTest.java

@@ -6,6 +6,7 @@ import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager.OpenDatabaseHook;
 import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
+import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.briarproject.bramble.test.DbExpectations;
 import org.junit.Before;
@@ -14,6 +15,9 @@ import org.junit.Test;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import static junit.framework.TestCase.assertTrue;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.MAX_REASONABLE_TIME_MS;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.MIN_REASONABLE_TIME_MS;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.CLOCK_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.SUCCESS;
 import static org.briarproject.bramble.test.TestUtils.getSecretKey;
 import static org.junit.Assert.assertEquals;
@@ -22,6 +26,7 @@ public class LifecycleManagerImplTest extends BrambleMockTestCase {
 
 	private final DatabaseComponent db = context.mock(DatabaseComponent.class);
 	private final EventBus eventBus = context.mock(EventBus.class);
+	private final Clock clock = context.mock(Clock.class);
 
 	private final SecretKey dbKey = getSecretKey();
 
@@ -29,16 +34,19 @@ public class LifecycleManagerImplTest extends BrambleMockTestCase {
 
 	@Before
 	public void setUp() {
-		lifecycleManager = new LifecycleManagerImpl(db, eventBus);
+		lifecycleManager = new LifecycleManagerImpl(db, eventBus, clock);
 	}
 
 	@Test
 	public void testOpenDatabaseHooksAreCalledAtStartup() throws Exception {
+		long now = System.currentTimeMillis();
 		Transaction txn = new Transaction(null, false);
 		AtomicBoolean called = new AtomicBoolean(false);
 		OpenDatabaseHook hook = transaction -> called.set(true);
 
 		context.checking(new DbExpectations() {{
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(now));
 			oneOf(db).open(dbKey, lifecycleManager);
 			will(returnValue(false));
 			oneOf(db).transaction(with(false), withDbRunnable(txn));
@@ -51,4 +59,26 @@ public class LifecycleManagerImplTest extends BrambleMockTestCase {
 		assertEquals(SUCCESS, lifecycleManager.startServices(dbKey));
 		assertTrue(called.get());
 	}
+
+	@Test
+	public void testStartupFailsIfClockIsUnreasonablyBehind() {
+
+		context.checking(new DbExpectations() {{
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(MIN_REASONABLE_TIME_MS - 1));
+		}});
+
+		assertEquals(CLOCK_ERROR, lifecycleManager.startServices(dbKey));
+	}
+
+	@Test
+	public void testStartupFailsIfClockIsUnreasonablyAhead() {
+
+		context.checking(new DbExpectations() {{
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(MAX_REASONABLE_TIME_MS + 1));
+		}});
+
+		assertEquals(CLOCK_ERROR, lifecycleManager.startServices(dbKey));
+	}
 }