directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [32/48] directory-kerby git commit: DIRKRB-431 Check NotBeforeTime when processing JWT.
Date Wed, 04 Nov 2015 08:25:58 GMT
DIRKRB-431 Check NotBeforeTime when processing JWT.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/49482c42
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/49482c42
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/49482c42

Branch: refs/heads/pkinit-support
Commit: 49482c42e2b8585778ca6bc212f422c65c67fe87
Parents: d61b6ee
Author: plusplus_jiajia <jiajia.li@intel.com>
Authored: Tue Oct 20 10:58:31 2015 +0800
Committer: plusplus_jiajia <jiajia.li@intel.com>
Committed: Tue Oct 20 10:58:31 2015 +0800

----------------------------------------------------------------------
 .../kerberos/provider/token/JwtTokenDecoder.java  |  3 ++-
 .../kerby/kerberos/provider/token/TokenTest.java  | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49482c42/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index 4da2b93..50a2ece 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -265,7 +265,8 @@ public class JwtTokenDecoder implements TokenDecoder {
         boolean valid = false;
         try {
             Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
-            if (expire != null && new Date().before(expire)) {
+            Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
+            if (expire != null && new Date().before(expire) && new Date().after(notBefore))
{
                 valid = true;
             }
         } catch (ParseException e) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49482c42/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
index 0f15a50..6ca118e 100644
--- a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
+++ b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
@@ -283,6 +283,24 @@ public class TokenTest {
         Assertions.assertThat(token2).isNull();
     }
 
+    @Test
+    public void testNotBeforeTime() throws Exception {
+        authToken.setNotBeforeTime(new Date(new Date().getTime() + 1000 * 60));
+
+        TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+        TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+
+        setSignKey((JwtTokenEncoder) tokenEncoder, (JwtTokenDecoder) tokenDecoder);
+        setEncryptKey((JwtTokenEncoder) tokenEncoder, (JwtTokenDecoder) tokenDecoder);
+        setAudience((JwtTokenDecoder) tokenDecoder, auds);
+
+        String tokenStr = tokenEncoder.encodeAsString(authToken);
+        Assertions.assertThat(tokenStr).isNotNull();
+
+        AuthToken token2 = tokenDecoder.decodeFromString(tokenStr);
+        Assertions.assertThat(token2).isNull();
+    }
+
     private void setEncryptKey(JwtTokenEncoder encoder, JwtTokenDecoder decoder) {
         KeyPair encryptionKeyPair = getKeyPair();
         encoder.setEncryptionKey((RSAPublicKey) encryptionKeyPair.getPublic());


Mime
View raw message