You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by co...@apache.org on 2017/07/21 11:27:13 UTC

[26/50] [abbrv] directory-kerby git commit: DIRKRB-585 - Allow for optional expiry + NotBefore claims when processing a JWT token

DIRKRB-585 - Allow for optional expiry + NotBefore claims when processing a JWT token


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/97c587fe
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/97c587fe
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/97c587fe

Branch: refs/heads/gssapi
Commit: 97c587fe5886208a12595e8416ed5994b5d4e83c
Parents: 653f176
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:09:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 21 12:25:51 2017 +0100

----------------------------------------------------------------------
 .../kerby/kerberos/provider/token/JwtTokenDecoder.java    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c587fe/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index f4961e9..6d6e49e 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -269,17 +269,19 @@ public class JwtTokenDecoder implements TokenDecoder {
     }
 
     private boolean verifyExpiration(JWT jwtToken) throws IOException {
-        boolean valid = false;
         try {
             Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
+            if (expire != null && new Date().after(expire)) {
+                return false;
+            }
             Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
-            if (expire != null && new Date().before(expire) && new Date().after(notBefore)) {
-                valid = true;
+            if (notBefore != null && new Date().before(notBefore)) {
+                return false;
             }
         } catch (ParseException e) {
             throw new IOException("Failed to get JWT claims set", e);
         }
-        return valid;
+        return true;
     }
 
     /**