honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow the injection of a time source

This commit is contained in:
Mitchell Morris 2016-02-23 14:43:32 -06:00
parent 638d84963f
commit 83054a755d
3 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/io/jsonwebtoken/JwtParser.java
View File

@ -124,6 +124,15 @@ public interface JwtParser {
*/ */
JwtParser require(String claimName, Object value); JwtParser require(String claimName, Object value);
/**
* Replaces the system time-of-day call to return this fixed value instead. A {@code null} value will remove
* the fixed date output and return the system time-of-day instead.
*
* @param now the time-of-day to use for parsimg this JWT or {@code null} to use the current time-of-day
* @return the builder instance for method chaining.
*/
JwtParser setFixedClock(Date now);
/** /**
* Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not * Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not
* a JWS (no signature), this key is not used. * a JWS (no signature), this key is not used.

20
src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
View File

@ -69,6 +69,8 @@ public class DefaultJwtParser implements JwtParser {
Claims expectedClaims = new DefaultClaims(); Claims expectedClaims = new DefaultClaims();
private Date now = new Date();
@Override @Override
public JwtParser requireIssuedAt(Date issuedAt) { public JwtParser requireIssuedAt(Date issuedAt) {
expectedClaims.setIssuedAt(issuedAt); expectedClaims.setIssuedAt(issuedAt);
@ -127,6 +129,17 @@ public class DefaultJwtParser implements JwtParser {
return this; return this;
} }
@Override
public JwtParser setFixedClock(Date now) {
if (now == null) {
this.now = new Date();
} else {
this.now = now;
}
return this;
}
@Override @Override
public JwtParser setSigningKey(byte[] key) { public JwtParser setSigningKey(byte[] key) {
Assert.notEmpty(key, "signing key cannot be null or empty."); Assert.notEmpty(key, "signing key cannot be null or empty.");
@ -346,7 +359,6 @@ public class DefaultJwtParser implements JwtParser {
//since 0.3: //since 0.3:
if (claims != null) { if (claims != null) {
Date now = null;
SimpleDateFormat sdf; SimpleDateFormat sdf;
//https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.4 //https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.4
@ -354,8 +366,6 @@ public class DefaultJwtParser implements JwtParser {
Date exp = claims.getExpiration(); Date exp = claims.getExpiration();
if (exp != null) { if (exp != null) {
now = new Date();
if (now.equals(exp) || now.after(exp)) { if (now.equals(exp) || now.after(exp)) {
sdf = new SimpleDateFormat(ISO_8601_FORMAT); sdf = new SimpleDateFormat(ISO_8601_FORMAT);
String expVal = sdf.format(exp); String expVal = sdf.format(exp);
@ -371,10 +381,6 @@ public class DefaultJwtParser implements JwtParser {
Date nbf = claims.getNotBefore(); Date nbf = claims.getNotBefore();
if (nbf != null) { if (nbf != null) {
if (now == null) {
now = new Date();
}
if (now.before(nbf)) { if (now.before(nbf)) {
sdf = new SimpleDateFormat(ISO_8601_FORMAT); sdf = new SimpleDateFormat(ISO_8601_FORMAT);
String nbfVal = sdf.format(nbf); String nbfVal = sdf.format(nbf);

11
src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
View File

@ -1392,4 +1392,15 @@ class JwtParserTest {
) )
} }
} }
@Test
void testParseClockManipulation() {
def then = System.currentTimeMillis() - 1000
Date expiry = new Date(then)
Date beforeExpiry = new Date(then - 1000)
String compact = Jwts.builder().setSubject('Joe').setExpiration(expiry).compact()
Jwts.parser().setFixedClock(beforeExpiry).parse(compact)
}
} }