Make Date header parsing locale-independent

diachenko-mischa · rustam-gamidov-here · commit 2a97da9c4766 · 2026-02-23T19:42:07.000+02:00
Use boost::date_time to ensure cross platform compatibility. Supersedes the b877dc4 Relates-To: HERESUP-57013 Signed-off-by: Mykhailo Diachenko <ext-mykhailo.z.diachenko@here.com>
diff --git a/external/boost/CMakeLists.txt.boost.in b/external/boost/CMakeLists.txt.boost.in
@@ -24,11 +24,16 @@ include(ExternalProject)
 ExternalProject_Add(boost-download
     GIT_REPOSITORY      @OLP_SDK_CPP_BOOST_URL@
     GIT_TAG             @OLP_SDK_CPP_BOOST_TAG@
-    GIT_SUBMODULES      libs/any
+    GIT_SUBMODULES      libs/algorithm
+                        libs/any
+                        libs/array
                         libs/assert
+                        libs/concept_check
                         libs/config
+                        libs/container
                         libs/container_hash
                         libs/core
+                        libs/date_time
                         libs/detail
                         libs/describe
                         libs/format
@@ -37,6 +42,7 @@ ExternalProject_Add(boost-download
                         libs/integer
                         libs/io
                         libs/iterator
+                        libs/lexical_cast
                         libs/move
                         libs/mpl
                         libs/mp11
@@ -45,10 +51,12 @@ ExternalProject_Add(boost-download
                         libs/predef
                         libs/preprocessor
                         libs/random
+                        libs/range
                         libs/serialization
                         libs/smart_ptr
                         libs/static_assert
                         libs/throw_exception
+                        libs/tokenizer
                         libs/tti
                         libs/type_index
                         libs/type_traits
diff --git a/olp-cpp-sdk-authentication/src/AuthenticationClientUtils.cpp b/olp-cpp-sdk-authentication/src/AuthenticationClientUtils.cpp
@@ -30,6 +30,9 @@
 #include <rapidjson/istreamwrapper.h>
 #include <rapidjson/stringbuffer.h>
 #include <rapidjson/writer.h>
+#include <boost/date_time/gregorian/gregorian.hpp>
+#include <boost/date_time/posix_time/posix_time.hpp>
+#include <boost/date_time/time_facet.hpp>
 #include "Constants.h"
 #include "ResponseFromJsonBuilder.h"
 #include "olp/core/http/NetworkResponse.h"
@@ -59,6 +62,18 @@ constexpr auto kOauthSignatureMethod = "oauth_signature_method";
 constexpr auto kVersion = "1.0";
 constexpr auto kHmac = "HMAC-SHA256";
 constexpr auto kLogTag = "AuthenticationClientUtils";
+// %e: day with optional leading space/zero.
+// %H remains strict two-digit hour in input facet.
+constexpr auto kRfc1123GmtFormat = "%a, %e %b %Y %H:%M:%S GMT";
+
+std::string TrimDateHeaderValue(const std::string& value) {
+  const auto begin = value.find_first_not_of(" \t\r\n");
+  if (begin == std::string::npos) {
+    return {};
+  }
+  const auto end = value.find_last_not_of(" \t\r\n");
+  return value.substr(begin, end - begin + 1);
+}
 
 std::string Base64Encode(const Crypto::Sha256Digest& digest) {
   std::string ret = olp::utils::Base64Encode(digest.data(), digest.size());
@@ -109,37 +124,74 @@ std::time_t ParseTime(const std::string& value) {
 
 #else
 
-std::string TrimDateHeaderValue(const std::string& value) {
-  const auto begin = value.find_first_not_of(" \t\r\n");
-  if (begin == std::string::npos) {
-    return {};
-  }
-  const auto end = value.find_last_not_of(" \t\r\n");
-  return value.substr(begin, end - begin + 1);
-}
-
 std::time_t ParseTime(const std::string& value) {
-  std::tm tm = {};
   const auto trimmed_value = TrimDateHeaderValue(value);
+  if (trimmed_value.empty()) {
+    OLP_SDK_LOG_WARNING_F(kLogTag,
+                          "Failed to parse Date header '%s': value is empty "
+                          "after trimming whitespace",
+                          value.c_str());
+    return static_cast<std::time_t>(-1);
+  }
+
+  std::istringstream stream(trimmed_value);
+
+  // Facet has internal counter, which is incremented by the std::locale.
+  // When last locale pointing to the facet is destroyed, the counter is
+  // decremented and the facet is destroyed.
+  stream.imbue(
+      std::locale(std::locale::classic(),
+                  new boost::posix_time::time_input_facet(kRfc1123GmtFormat)));
+
+  boost::posix_time::ptime parsed_time;
+  stream >> parsed_time;
+  if (stream.fail()) {
+    OLP_SDK_LOG_WARNING_F(kLogTag,
+                          "Failed to parse Date header '%s': format mismatch "
+                          "for RFC1123 timestamp",
+                          value.c_str());
+    return static_cast<std::time_t>(-1);
+  }
 
-  // Use a C locale to keep RFC1123 parsing locale-independent.
-  // Literal "GMT" avoids platform-specific %Z behaviour.
-  locale_t c_locale = newlocale(LC_ALL_MASK, "C", (locale_t)0);
-  if (c_locale == (locale_t)0) {
-    OLP_SDK_LOG_WARNING(kLogTag, "Failed to create C locale");
+  if (parsed_time.is_not_a_date_time()) {
+    OLP_SDK_LOG_WARNING_F(kLogTag,
+                          "Failed to parse Date header '%s': parsed value is "
+                          "not a valid date/time",
+                          value.c_str());
     return static_cast<std::time_t>(-1);
   }
 
-  const auto parsed_until = ::strptime_l(
-      trimmed_value.c_str(), "%a, %d %b %Y %H:%M:%S GMT", &tm, c_locale);
-  freelocale(c_locale);
+  stream >> std::ws;
+  if (!stream.eof()) {
+    OLP_SDK_LOG_WARNING_F(kLogTag,
+                          "Failed to parse Date header '%s': unexpected "
+                          "trailing characters after timestamp",
+                          value.c_str());
+    return static_cast<std::time_t>(-1);
+  }
+
+  const auto epoch =
+      boost::posix_time::ptime(boost::gregorian::date(1970, 1, 1));
+  if (parsed_time < epoch) {
+    OLP_SDK_LOG_WARNING_F(
+        kLogTag,
+        "Failed to parse Date header '%s': timestamp is before Unix epoch",
+        value.c_str());
+    return static_cast<std::time_t>(-1);
+  }
 
-  if (parsed_until != trimmed_value.c_str() + trimmed_value.size()) {
-    OLP_SDK_LOG_WARNING(kLogTag, "Timestamp is not fully parsed " << value);
+  const auto seconds_since_epoch = (parsed_time - epoch).total_seconds();
+  using SecondsType = boost::remove_cv_t<decltype(seconds_since_epoch)>;
+  if (seconds_since_epoch >
+      static_cast<SecondsType>(std::numeric_limits<std::time_t>::max())) {
+    OLP_SDK_LOG_WARNING_F(
+        kLogTag,
+        "Failed to parse Date header '%s': timestamp exceeds std::time_t range",
+        value.c_str());
     return static_cast<std::time_t>(-1);
   }
 
-  return timegm(&tm);
+  return static_cast<std::time_t>(seconds_since_epoch);
 }
 
 #endif
