add_trust: check trust issued_at timestamp

service/src/service_api.rs

@@ -81,7 +81,6 @@ fn verify_trust(trust: Trust, issuer_peer_id: String, timestamp_sec: u64) -> Ver
     verify_trust_impl(trust, issuer_peer_id, timestamp_sec).into()
 }
 
-// TODO: check issued_at earlier than timestamp_sec
 #[marine]
 fn add_trust(trust: Trust, issuer_peer_id: String, timestamp_sec: u64) -> AddTrustResult {
     add_trust_impl(trust, issuer_peer_id, timestamp_sec).into()

service/src/service_impl.rs

@@ -70,6 +70,8 @@ pub enum ServiceError {
     ),
     #[error("you should use host peer.timestamp_sec to pass timestamp")]
     InvalidTimestampTetraplet,
+    #[error("Trust can't be issued later than the current timestamp")]
+    InvalidTrustTimestamp,
 }
 
 fn parse_peer_id(peer_id: String) -> Result<PeerId, ServiceError> {
@@ -184,6 +186,11 @@ pub fn add_trust_impl(
 ) -> Result<u32, ServiceError> {
     let public_key = extract_public_key(issuer_peer_id)?;
     check_timestamp_tetraplets(&marine_rs_sdk::get_call_parameters(), 2)?;
+
+    if trust.issued_at > timestamp_sec {
+        return Err(ServiceError::InvalidTrustTimestamp);
+    }
+
     let mut tg = get_data().lock();
     tg.add_trust(
         &trust.try_into()?,