fix: Cap generated cargo TTL at 180 days (#734)

Which is the limit. When exceeded, an exception is thrown.

TODO:

- [x] Use `RAMFMessage.MAX_TTL_SECONDS`.

app/src/main/java/tech/relaycorp/gateway/domain/courier/GenerateCargo.kt

@@ -22,8 +22,10 @@ import tech.relaycorp.relaynet.messages.payloads.CargoMessageSetWithExpiry
 import tech.relaycorp.relaynet.messages.payloads.CargoMessageWithExpiry
 import tech.relaycorp.relaynet.messages.payloads.batch
 import tech.relaycorp.relaynet.nodes.GatewayManager
+import tech.relaycorp.relaynet.ramf.RAMFMessage
 import java.io.InputStream
 import java.time.Duration
+import java.util.Collections.min
 import java.util.logging.Level
 import javax.inject.Inject
 import javax.inject.Provider
@@ -82,7 +84,7 @@ class GenerateCargo
     private suspend fun CargoMessageSetWithExpiry.toCargoSerialized(): ByteArray {
         if (nowInUtc() > latestMessageExpiryDate) {
             logger.warning(
-                "The latest expiration date $latestMessageExpiryDate has expired already",
+                "The message with the latest expiry ($latestMessageExpiryDate) expired already",
             )
         }
 
@@ -99,12 +101,13 @@ class GenerateCargo
             internetGatewayPreferences.getId(),
             cda.subjectId,
         )
+        val ttl = Duration.between(creationDate, latestMessageExpiryDate).seconds.toInt()
         val cargo = Cargo(
             recipient = Recipient(recipientId, recipientAddress),
             payload = cargoMessageSetCiphertext,
             senderCertificate = cda,
             creationDate = creationDate,
-            ttl = Duration.between(creationDate, latestMessageExpiryDate).seconds.toInt(),
+            ttl = min(listOf(ttl, RAMFMessage.MAX_TTL_SECONDS)),
         )
         return cargo.serialize(identityKey)
     }

app/src/test/java/tech/relaycorp/gateway/domain/courier/GenerateCargoTest.kt

@@ -19,6 +19,7 @@ import tech.relaycorp.gateway.test.BaseDataTestCase
 import tech.relaycorp.gateway.test.factory.ParcelCollectionFactory
 import tech.relaycorp.gateway.test.factory.StoredParcelFactory
 import tech.relaycorp.relaynet.messages.Cargo
+import tech.relaycorp.relaynet.ramf.RAMFMessage
 import tech.relaycorp.relaynet.testing.pki.KeyPairSet
 import tech.relaycorp.relaynet.testing.pki.PDACertPath
 import java.io.InputStream
@@ -99,4 +100,24 @@ class GenerateCargoTest : BaseDataTestCase() {
         assertEquals(2, cargoMessages.messages.size)
         assertTrue(Duration.between(creationDate, cargo.creationDate).abs().seconds <= 1)
     }
+
+    @Test
+    fun `TTL should be capped at limit`() = runBlockingTest {
+        val nowUtc = nowInUtc()
+        val parcel = StoredParcelFactory.build().copy(
+            expirationTimeUtc = nowUtc.plusSeconds(RAMFMessage.MAX_TTL_SECONDS.toLong()),
+        )
+        whenever(storedParcelDao.listForRecipientLocation(any(), any())).thenReturn(listOf(parcel))
+        val parcelCollection = ParcelCollectionFactory.build()
+        whenever(parcelCollectionDao.getAll()).thenReturn(listOf(parcelCollection))
+        val creationDate = nowUtc.minusSeconds(1)
+        whenever(calculateCRCMessageCreationDate.calculate()).thenReturn(creationDate)
+
+        val cargoes = generateCargo.generate().toList()
+        assertEquals(1, cargoes.size)
+
+        val cargo = Cargo.deserialize(cargoes.first().readBytes())
+        val expectedTTL = RAMFMessage.MAX_TTL_SECONDS
+        assertEquals(expectedTTL, cargo.ttl)
+    }
 }