You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/04 09:25:58 UTC
[32/48] directory-kerby git commit: DIRKRB-431 Check NotBeforeTime
when processing JWT.
DIRKRB-431 Check NotBeforeTime when processing JWT.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/49482c42
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/49482c42
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/49482c42
Branch: refs/heads/pkinit-support
Commit: 49482c42e2b8585778ca6bc212f422c65c67fe87
Parents: d61b6ee
Author: plusplus_jiajia <ji...@intel.com>
Authored: Tue Oct 20 10:58:31 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Tue Oct 20 10:58:31 2015 +0800
----------------------------------------------------------------------
.../kerberos/provider/token/JwtTokenDecoder.java | 3 ++-
.../kerby/kerberos/provider/token/TokenTest.java | 18 ++++++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49482c42/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index 4da2b93..50a2ece 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -265,7 +265,8 @@ public class JwtTokenDecoder implements TokenDecoder {
boolean valid = false;
try {
Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
- if (expire != null && new Date().before(expire)) {
+ Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
+ if (expire != null && new Date().before(expire) && new Date().after(notBefore)) {
valid = true;
}
} catch (ParseException e) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49482c42/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
index 0f15a50..6ca118e 100644
--- a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
+++ b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
@@ -283,6 +283,24 @@ public class TokenTest {
Assertions.assertThat(token2).isNull();
}
+ @Test
+ public void testNotBeforeTime() throws Exception {
+ authToken.setNotBeforeTime(new Date(new Date().getTime() + 1000 * 60));
+
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+
+ setSignKey((JwtTokenEncoder) tokenEncoder, (JwtTokenDecoder) tokenDecoder);
+ setEncryptKey((JwtTokenEncoder) tokenEncoder, (JwtTokenDecoder) tokenDecoder);
+ setAudience((JwtTokenDecoder) tokenDecoder, auds);
+
+ String tokenStr = tokenEncoder.encodeAsString(authToken);
+ Assertions.assertThat(tokenStr).isNotNull();
+
+ AuthToken token2 = tokenDecoder.decodeFromString(tokenStr);
+ Assertions.assertThat(token2).isNull();
+ }
+
private void setEncryptKey(JwtTokenEncoder encoder, JwtTokenDecoder decoder) {
KeyPair encryptionKeyPair = getKeyPair();
encoder.setEncryptionKey((RSAPublicKey) encryptionKeyPair.getPublic());