mirror of https://github.com/jwtk/jjwt.git
Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master
This commit is contained in:
commit
13d2e8370a
|
@ -0,0 +1,7 @@
|
||||||
|
package io.jsonwebtoken;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public interface Clock {
|
||||||
|
Date now();
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
package io.jsonwebtoken;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class DefaultClock implements Clock {
|
||||||
|
@Override
|
||||||
|
public Date now() {
|
||||||
|
return new Date();
|
||||||
|
}
|
||||||
|
}
|
|
@ -124,6 +124,15 @@ public interface JwtParser {
|
||||||
*/
|
*/
|
||||||
JwtParser require(String claimName, Object value);
|
JwtParser require(String claimName, Object value);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Replace the {@code clock} used by the parser to determine the current time-of-day to use when validating
|
||||||
|
* the parsed JWT. If {@code null}, will reset the behavior to use the system clock.
|
||||||
|
*
|
||||||
|
* @param clock a {@code Clock} object to return the time-of-day or {@code null}
|
||||||
|
* @return the builder instance for method chaining.
|
||||||
|
*/
|
||||||
|
JwtParser setClock(Clock clock);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not
|
* Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not
|
||||||
* a JWS (no signature), this key is not used.
|
* a JWS (no signature), this key is not used.
|
||||||
|
|
|
@ -18,8 +18,10 @@ package io.jsonwebtoken.impl;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import io.jsonwebtoken.ClaimJwtException;
|
import io.jsonwebtoken.ClaimJwtException;
|
||||||
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.Claims;
|
||||||
|
import io.jsonwebtoken.Clock;
|
||||||
import io.jsonwebtoken.CompressionCodec;
|
import io.jsonwebtoken.CompressionCodec;
|
||||||
import io.jsonwebtoken.CompressionCodecResolver;
|
import io.jsonwebtoken.CompressionCodecResolver;
|
||||||
|
import io.jsonwebtoken.DefaultClock;
|
||||||
import io.jsonwebtoken.ExpiredJwtException;
|
import io.jsonwebtoken.ExpiredJwtException;
|
||||||
import io.jsonwebtoken.Header;
|
import io.jsonwebtoken.Header;
|
||||||
import io.jsonwebtoken.IncorrectClaimException;
|
import io.jsonwebtoken.IncorrectClaimException;
|
||||||
|
@ -69,6 +71,8 @@ public class DefaultJwtParser implements JwtParser {
|
||||||
|
|
||||||
Claims expectedClaims = new DefaultClaims();
|
Claims expectedClaims = new DefaultClaims();
|
||||||
|
|
||||||
|
private Clock clock = new DefaultClock();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public JwtParser requireIssuedAt(Date issuedAt) {
|
public JwtParser requireIssuedAt(Date issuedAt) {
|
||||||
expectedClaims.setIssuedAt(issuedAt);
|
expectedClaims.setIssuedAt(issuedAt);
|
||||||
|
@ -127,6 +131,17 @@ public class DefaultJwtParser implements JwtParser {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public JwtParser setClock(Clock clock) {
|
||||||
|
if (clock == null) {
|
||||||
|
this.clock = new DefaultClock();
|
||||||
|
} else {
|
||||||
|
this.clock = clock;
|
||||||
|
}
|
||||||
|
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public JwtParser setSigningKey(byte[] key) {
|
public JwtParser setSigningKey(byte[] key) {
|
||||||
Assert.notEmpty(key, "signing key cannot be null or empty.");
|
Assert.notEmpty(key, "signing key cannot be null or empty.");
|
||||||
|
@ -346,16 +361,15 @@ public class DefaultJwtParser implements JwtParser {
|
||||||
//since 0.3:
|
//since 0.3:
|
||||||
if (claims != null) {
|
if (claims != null) {
|
||||||
|
|
||||||
Date now = null;
|
|
||||||
SimpleDateFormat sdf;
|
SimpleDateFormat sdf;
|
||||||
|
|
||||||
|
final Date now = this.clock.now();
|
||||||
|
|
||||||
//https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.4
|
//https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.4
|
||||||
//token MUST NOT be accepted on or after any specified exp time:
|
//token MUST NOT be accepted on or after any specified exp time:
|
||||||
Date exp = claims.getExpiration();
|
Date exp = claims.getExpiration();
|
||||||
if (exp != null) {
|
if (exp != null) {
|
||||||
|
|
||||||
now = new Date();
|
|
||||||
|
|
||||||
if (now.equals(exp) || now.after(exp)) {
|
if (now.equals(exp) || now.after(exp)) {
|
||||||
sdf = new SimpleDateFormat(ISO_8601_FORMAT);
|
sdf = new SimpleDateFormat(ISO_8601_FORMAT);
|
||||||
String expVal = sdf.format(exp);
|
String expVal = sdf.format(exp);
|
||||||
|
@ -371,10 +385,6 @@ public class DefaultJwtParser implements JwtParser {
|
||||||
Date nbf = claims.getNotBefore();
|
Date nbf = claims.getNotBefore();
|
||||||
if (nbf != null) {
|
if (nbf != null) {
|
||||||
|
|
||||||
if (now == null) {
|
|
||||||
now = new Date();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (now.before(nbf)) {
|
if (now.before(nbf)) {
|
||||||
sdf = new SimpleDateFormat(ISO_8601_FORMAT);
|
sdf = new SimpleDateFormat(ISO_8601_FORMAT);
|
||||||
String nbfVal = sdf.format(nbf);
|
String nbfVal = sdf.format(nbf);
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
package io.jsonwebtoken.impl;
|
||||||
|
|
||||||
|
import io.jsonwebtoken.Clock;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class FixedClock implements Clock {
|
||||||
|
private final Date now;
|
||||||
|
|
||||||
|
public FixedClock() {
|
||||||
|
this(new Date());
|
||||||
|
}
|
||||||
|
|
||||||
|
public FixedClock(Date now) {
|
||||||
|
this.now = now;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Date now() {
|
||||||
|
return this.now;
|
||||||
|
}
|
||||||
|
}
|
|
@ -15,6 +15,7 @@
|
||||||
*/
|
*/
|
||||||
package io.jsonwebtoken
|
package io.jsonwebtoken
|
||||||
|
|
||||||
|
import io.jsonwebtoken.impl.FixedClock
|
||||||
import io.jsonwebtoken.impl.TextCodec
|
import io.jsonwebtoken.impl.TextCodec
|
||||||
import org.junit.Test
|
import org.junit.Test
|
||||||
|
|
||||||
|
@ -1392,4 +1393,43 @@ class JwtParserTest {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testParseClockManipulationWithFixedClock() {
|
||||||
|
def then = System.currentTimeMillis() - 1000
|
||||||
|
Date expiry = new Date(then)
|
||||||
|
Date beforeExpiry = new Date(then - 1000)
|
||||||
|
|
||||||
|
String compact = Jwts.builder().setSubject('Joe').setExpiration(expiry).compact()
|
||||||
|
|
||||||
|
Jwts.parser().setClock(new FixedClock(beforeExpiry)).parse(compact)
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testParseClockManipulationWithNullClock() {
|
||||||
|
Date expiry = new Date(System.currentTimeMillis() - 1000)
|
||||||
|
|
||||||
|
String compact = Jwts.builder().setSubject('Joe').setExpiration(expiry).compact()
|
||||||
|
|
||||||
|
try {
|
||||||
|
Jwts.parser().setClock(null).parse(compact)
|
||||||
|
fail()
|
||||||
|
} catch (ExpiredJwtException e) {
|
||||||
|
assertTrue e.getMessage().startsWith('JWT expired at ')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testParseClockManipulationWithDefaultClock() {
|
||||||
|
Date expiry = new Date(System.currentTimeMillis() - 1000)
|
||||||
|
|
||||||
|
String compact = Jwts.builder().setSubject('Joe').setExpiration(expiry).compact()
|
||||||
|
|
||||||
|
try {
|
||||||
|
Jwts.parser().setClock(new DefaultClock()).parse(compact)
|
||||||
|
fail()
|
||||||
|
} catch (ExpiredJwtException e) {
|
||||||
|
assertTrue e.getMessage().startsWith('JWT expired at ')
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue