You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/21 11:27:13 UTC
[26/50] [abbrv] directory-kerby git commit: DIRKRB-585 - Allow for
optional expiry + NotBefore claims when processing a JWT token
DIRKRB-585 - Allow for optional expiry + NotBefore claims when processing a JWT token
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/97c587fe
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/97c587fe
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/97c587fe
Branch: refs/heads/gssapi
Commit: 97c587fe5886208a12595e8416ed5994b5d4e83c
Parents: 653f176
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:09:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 21 12:25:51 2017 +0100
----------------------------------------------------------------------
.../kerby/kerberos/provider/token/JwtTokenDecoder.java | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c587fe/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index f4961e9..6d6e49e 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -269,17 +269,19 @@ public class JwtTokenDecoder implements TokenDecoder {
}
private boolean verifyExpiration(JWT jwtToken) throws IOException {
- boolean valid = false;
try {
Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
+ if (expire != null && new Date().after(expire)) {
+ return false;
+ }
Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
- if (expire != null && new Date().before(expire) && new Date().after(notBefore)) {
- valid = true;
+ if (notBefore != null && new Date().before(notBefore)) {
+ return false;
}
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
}
- return valid;
+ return true;
}
/**