From 5540d5ded036f10048052370a9cb86ee17738edc Mon Sep 17 00:00:00 2001
From: Les Hazlewood <les@hazlewood.com>
Date: Tue, 28 Oct 2014 17:46:30 -0700
Subject: [PATCH] resolved Issue #7

---
 .../jsonwebtoken/PrematureJwtException.java   | 33 +++++++++++++++++++
 .../jsonwebtoken/impl/DefaultJwtParser.java   |  3 +-
 .../io/jsonwebtoken/JwtParserTest.groovy      | 32 ++++++++++++++++--
 3 files changed, 64 insertions(+), 4 deletions(-)
 create mode 100644 src/main/java/io/jsonwebtoken/PrematureJwtException.java

diff --git a/src/main/java/io/jsonwebtoken/PrematureJwtException.java b/src/main/java/io/jsonwebtoken/PrematureJwtException.java
new file mode 100644
index 00000000..8b838425
--- /dev/null
+++ b/src/main/java/io/jsonwebtoken/PrematureJwtException.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2014 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.jsonwebtoken;
+
+/**
+ * Exception indicating that a JWT was accepted before it is allowed to be accessed and must be rejected.
+ *
+ * @since 0.3
+ */
+public class PrematureJwtException extends JwtException {
+
+    public PrematureJwtException(String message) {
+        super(message);
+    }
+
+    @SuppressWarnings("UnusedDeclaration")
+    public PrematureJwtException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java b/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
index cbc40ee9..02867701 100644
--- a/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
+++ b/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
@@ -26,6 +26,7 @@ import io.jsonwebtoken.JwtHandler;
 import io.jsonwebtoken.JwtHandlerAdapter;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.PrematureJwtException;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.SignatureException;
 import io.jsonwebtoken.UnsupportedJwtException;
@@ -190,7 +191,6 @@ public class DefaultJwtParser implements JwtParser {
                 }
             }
 
-            /*
             //https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.5
             //token MUST NOT be accepted before any specified nbf time:
             Date nbf = claims.getNotBefore();
@@ -209,7 +209,6 @@ public class DefaultJwtParser implements JwtParser {
                     throw new PrematureJwtException(msg);
                 }
             }
-            */
         }
 
         // =============== Signature =================
diff --git a/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy b/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
index 7f931bed..0a4569bf 100644
--- a/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
+++ b/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
@@ -174,7 +174,6 @@ class JwtParserTest {
         }
     }
 
-    /*
     @Test
     void testParseWithPrematureJwt() {
 
@@ -188,7 +187,6 @@ class JwtParserTest {
             assertTrue e.getMessage().startsWith('JWT must not be accepted before ')
         }
     }
-    */
 
     // ========================================================================
     // parsePlaintextJwt tests
@@ -322,6 +320,20 @@ class JwtParserTest {
         }
     }
 
+    @Test
+    void testParseClaimsJwtWithPrematureJwt() {
+
+        Date nbf = new Date(System.currentTimeMillis() + 100000);
+
+        String compact = Jwts.builder().setSubject('Joe').setNotBefore(nbf).compact();
+
+        try {
+            Jwts.parser().parseClaimsJwt(compact);
+        } catch (PrematureJwtException e) {
+            assertTrue e.getMessage().startsWith('JWT must not be accepted before ')
+        }
+    }
+
     // ========================================================================
     // parsePlaintextJws tests
     // ========================================================================
@@ -425,6 +437,22 @@ class JwtParserTest {
         }
     }
 
+    @Test
+    void testParseClaimsJwsWithPrematureJws() {
+
+        byte[] key = randomKey()
+
+        Date nbf = new Date(System.currentTimeMillis() + 100000);
+
+        String compact = Jwts.builder().setSubject('Joe').setNotBefore(nbf).signWith(SignatureAlgorithm.HS256, key).compact();
+
+        try {
+            Jwts.parser().parseClaimsJws(compact);
+        } catch (PrematureJwtException e) {
+            assertTrue e.getMessage().startsWith('JWT must not be accepted before ')
+        }
+    }
+
     @Test
     void testParseClaimsJwsWithPlaintextJwt() {