Developing over the period of a day light savings change - blessing or curse??? :-)

client/ASExchange.go

@@ -11,11 +11,6 @@ import (
 	"sort"
 )
 
-// Login the client with the KDC via an AS exchange.
-func (cl *Client) Login() error {
-	return cl.ASExchange()
-}
-
 // Perform an AS exchange for the client to retrieve a TGT.
 func (cl *Client) ASExchange() error {
 	if !cl.IsConfigured() {

client/TGSExchange.go

@@ -53,7 +53,7 @@ func (cl *Client) GetServiceTicket(spn string) (types.Ticket, types.EncryptionKe
 		return tkt, skey, nil
 	}
 	// Ensure TGT still valid
-	if time.Now().After(cl.Session.EndTime) {
+	if time.Now().UTC().After(cl.Session.EndTime) {
 		err := cl.updateTGT()
 		if err != nil {
 			return tkt, skey, err

client/cache.go

@@ -56,9 +56,9 @@ func (c *Cache) RemoveEntry(spn string) {
 func (cl *Client) GetCachedTicket(spn string) (types.Ticket, types.EncryptionKey, bool) {
 	if e, ok := cl.Cache.GetEntry(spn); ok {
 		//If within time window of ticket return it
-		if time.Now().After(e.AuthTime) && time.Now().Before(e.EndTime) {
+		if time.Now().UTC().After(e.AuthTime) && time.Now().UTC().Before(e.EndTime) {
 			return e.Ticket, e.SessionKey, true
-		} else if time.Now().Before(e.RenewTill) {
+		} else if time.Now().UTC().Before(e.RenewTill) {
 			e, err := cl.RenewTicket(e)
 			if err != nil {
 				return e.Ticket, e.SessionKey, false

client/client.go

@@ -75,3 +75,8 @@ func (cl *Client) IsConfigured() bool {
 	}
 	return false
 }
+
+// Login the client with the KDC via an AS exchange.
+func (cl *Client) Login() error {
+	return cl.ASExchange()
+}

client/session.go

@@ -21,7 +21,7 @@ func (cl *Client) EnableAutoSessionRenewal() {
 	go func() {
 		for {
 			//Wait until one minute before endtime
-			w := (cl.Session.EndTime.Sub(time.Now()) * 5) / 6
+			w := (cl.Session.EndTime.Sub(time.Now().UTC()) * 5) / 6
 			if w < 0 {
 				return
 			}
@@ -53,7 +53,7 @@ func (cl *Client) RenewTGT() error {
 }
 
 func (cl *Client) updateTGT() error {
-	if time.Now().Before(cl.Session.RenewTill) {
+	if time.Now().UTC().Before(cl.Session.RenewTill) {
 		err := cl.RenewTGT()
 		if err != nil {
 			return err

debug.go

@@ -7,9 +7,9 @@ import (
 	"github.com/jcmturner/gokrb5/config"
 	"github.com/jcmturner/gokrb5/keytab"
 	"github.com/jcmturner/gokrb5/testdata"
+	"net/http"
 	"os"
 	"time"
-	"net/http"
 )
 
 const krb5conf = `[libdefaults]
@@ -34,8 +34,8 @@ const krb5conf = `[libdefaults]
  `
 
 func main() {
-	httpRequest()
-	//runClient()
+	//httpRequest()
+	runClient()
 }
 
 func runClient() {

messages/KDCRep.go

@@ -211,7 +211,7 @@ func (k *ASRep) IsValid(cfg *config.Config, asReq ASReq) (bool, error) {
 	if len(asReq.ReqBody.Addresses) > 0 {
 		//TODO compare if address list is the same
 	}
-	if time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now()) > cfg.LibDefaults.Clockskew {
+	if time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now().UTC()) > cfg.LibDefaults.Clockskew {
 		return false, fmt.Errorf("Clock skew with KDC too large. Greater than %v seconds", cfg.LibDefaults.Clockskew.Seconds())
 	}
 	if asReq.PAData.Contains(patype.PA_REQ_ENC_PA_REP) {
@@ -293,8 +293,8 @@ func (k *TGSRep) IsValid(cfg *config.Config, tgsReq TGSReq) (bool, error) {
 	if len(tgsReq.ReqBody.Addresses) > 0 {
 		//TODO compare if address list is the same
 	}
-	if time.Since(k.DecryptedEncPart.StartTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.StartTime.Sub(time.Now()) > cfg.LibDefaults.Clockskew {
-		if time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now()) > cfg.LibDefaults.Clockskew {
+	if time.Since(k.DecryptedEncPart.StartTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.StartTime.Sub(time.Now().UTC()) > cfg.LibDefaults.Clockskew {
+		if time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now().UTC()) > cfg.LibDefaults.Clockskew {
 			return false, fmt.Errorf("Clock skew with KDC too large. Greater than %v seconds.", cfg.LibDefaults.Clockskew.Seconds())
 		}
 	}

messages/KDCReq.go

@@ -87,7 +87,7 @@ func NewASReq(c *config.Config, cname types.PrincipalName) ASReq {
 		},
 	}
 	nonce := int(rand.Int31())
-	t := time.Now()
+	t := time.Now().UTC()
 
 	a := ASReq{
 		KDCReqFields{
@@ -97,7 +97,7 @@ func NewASReq(c *config.Config, cname types.PrincipalName) ASReq {
 			ReqBody: KDCReqBody{
 				KDCOptions: c.LibDefaults.Kdc_default_options,
 				Realm:      c.LibDefaults.Default_realm,
-				CName: cname,
+				CName:      cname,
 				SName: types.PrincipalName{
 					NameType:   nametype.KRB_NT_SRV_INST,
 					NameString: []string{"krbtgt", c.LibDefaults.Default_realm},
@@ -130,7 +130,7 @@ func NewASReq(c *config.Config, cname types.PrincipalName) ASReq {
 // Generate a new KRB_TGS_REQ struct.
 func NewTGSReq(cname types.PrincipalName, c *config.Config, tkt types.Ticket, sessionKey types.EncryptionKey, spn types.PrincipalName, renewal bool) (TGSReq, error) {
 	nonce := int(rand.Int31())
-	t := time.Now()
+	t := time.Now().UTC()
 	a := TGSReq{
 		KDCReqFields{
 			PVNO:    iana.PVNO,

types/Authenticator.go

@@ -3,10 +3,10 @@ package types
 import (
 	"fmt"
 	"github.com/jcmturner/asn1"
+	"github.com/jcmturner/gokrb5/asn1tools"
 	"github.com/jcmturner/gokrb5/iana"
 	"github.com/jcmturner/gokrb5/iana/asnAppTag"
 	"time"
-	"github.com/jcmturner/gokrb5/asn1tools"
 )
 
 /*Authenticator   ::= [APPLICATION 2] SEQUENCE  {
@@ -42,14 +42,14 @@ type Authenticator struct {
 }
 
 func NewAuthenticator(realm string, cname PrincipalName) Authenticator {
-	t := time.Now()
+	t := time.Now().UTC()
 	return Authenticator{
 		AVNO:   iana.PVNO,
 		CRealm: realm,
-		CName: cname,
-		Cksum: Checksum{},
-		Cusec: int((t.UnixNano() / int64(time.Microsecond)) - (t.Unix() * 1e6)),
-		CTime: t,
+		CName:  cname,
+		Cksum:  Checksum{},
+		Cusec:  int((t.UnixNano() / int64(time.Microsecond)) - (t.Unix() * 1e6)),
+		CTime:  t,
 	}
 }
 
@@ -65,4 +65,4 @@ func (a *Authenticator) Marshal() ([]byte, error) {
 	}
 	b = asn1tools.AddASNAppTag(b, asnAppTag.Authenticator)
 	return b, nil
-}
+}

types/PAData.go

@@ -35,7 +35,7 @@ func (pas *PADataSequence) Contains(patype int) bool {
 }
 
 func GetPAEncTSEncAsnMarshalled() ([]byte, error) {
-	t := time.Now()
+	t := time.Now().UTC()
 	p := PAEncTSEnc{
 		PATimestamp: t,
 		PAUSec:      int((t.UnixNano() / int64(time.Microsecond)) - (t.Unix() * 1e6)),