fix ClientAuthenticationFilter.checkTimestamp (#3029)

apollo-configservice/src/main/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilter.java

@@ -89,7 +89,7 @@ public class ClientAuthenticationFilter implements Filter {
     }
 
     long x = System.currentTimeMillis() - requestTimeMillis;
-    return x <= TIMESTAMP_INTERVAL;
+    return x >= -TIMESTAMP_INTERVAL && x <= TIMESTAMP_INTERVAL;
   }
 
   private boolean checkAuthorization(String authorization, List<String> availableSecrets,

apollo-configservice/src/test/java/com/ctrip/framework/apollo/configservice/filter/ClientAuthenticationFilterTest.java

@@ -67,6 +67,22 @@ public class ClientAuthenticationFilterTest {
     verify(filterChain, never()).doFilter(request, response);
   }
 
+  @Test
+  public void testRequestTimeOneMinFasterThenCurrentTime() throws Exception {
+    String appId = "someAppId";
+    List<String> secrets = Lists.newArrayList("someSecret");
+    String oneMinAfterTimestamp = Long.toString(System.currentTimeMillis() + 61 * 1000);
+
+    when(accessKeyUtil.extractAppIdFromRequest(any())).thenReturn(appId);
+    when(accessKeyUtil.findAvailableSecret(appId)).thenReturn(secrets);
+    when(request.getHeader(Signature.HTTP_HEADER_TIMESTAMP)).thenReturn(oneMinAfterTimestamp);
+
+    clientAuthenticationFilter.doFilter(request, response, filterChain);
+
+    verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "RequestTimeTooSkewed");
+    verify(filterChain, never()).doFilter(request, response);
+  }
+
   @Test
   public void testUnauthorized() throws Exception {
     String appId = "someAppId";