Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OidcIdTokenValidator ensures clockSkew is positive number 

Fixes gh-6443
This commit is contained in:
Vishal Raj 2019-02-07 23:46:17 +05:30 committed by Joe Grandja
parent 462b2ecdbb
commit 45891941b0
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
View File

@ -132,6 +132,7 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
*/ */
public final void setClockSkew(Duration clockSkew) { public final void setClockSkew(Duration clockSkew) {
Assert.notNull(clockSkew, "clockSkew cannot be null"); Assert.notNull(clockSkew, "clockSkew cannot be null");
Assert.isTrue(clockSkew.getSeconds() >= 0, "clockSkew must be >= 0");
this.clockSkew = clockSkew; this.clockSkew = clockSkew;
} }

16
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
View File

@ -33,6 +33,7 @@ import java.util.HashMap;
import java.util.Map; import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
/** /**
* @author Rob Winch * @author Rob Winch
@ -60,6 +61,21 @@ public class OidcIdTokenValidatorTests {
assertThat(this.validateIdToken()).isEmpty(); assertThat(this.validateIdToken()).isEmpty();
} }
@Test
public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
assertThatThrownBy(() -> idTokenValidator.setClockSkew(null))
.isInstanceOf(IllegalArgumentException.class);
}
@Test
public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
assertThatThrownBy(() -> idTokenValidator.setClockSkew(Duration.ofSeconds(-1)))
.isInstanceOf(IllegalArgumentException.class);
}
@Test @Test
public void validateWhenIssuerNullThenHasErrors() { public void validateWhenIssuerNullThenHasErrors() {
this.claims.remove(IdTokenClaimNames.ISS); this.claims.remove(IdTokenClaimNames.ISS);