directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject directory-kerby git commit: DIRKRB-585 - Allow for optional expiry + NotBefore claims when processing a JWT token
Date Wed, 15 Jun 2016 16:09:43 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 4b3e7042d -> ca326b836


DIRKRB-585 - Allow for optional expiry + NotBefore claims when processing a JWT token


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ca326b83
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ca326b83
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ca326b83

Branch: refs/heads/trunk
Commit: ca326b8369102823e863aa24d68eb3dbe1f357f2
Parents: 4b3e704
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jun 15 17:09:28 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jun 15 17:09:28 2016 +0100

----------------------------------------------------------------------
 .../kerby/kerberos/provider/token/JwtTokenDecoder.java    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca326b83/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index f4961e9..6d6e49e 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -269,17 +269,19 @@ public class JwtTokenDecoder implements TokenDecoder {
     }
 
     private boolean verifyExpiration(JWT jwtToken) throws IOException {
-        boolean valid = false;
         try {
             Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
+            if (expire != null && new Date().after(expire)) {
+                return false;
+            }
             Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
-            if (expire != null && new Date().before(expire) && new Date().after(notBefore))
{
-                valid = true;
+            if (notBefore != null && new Date().before(notBefore)) {
+                return false;
             }
         } catch (ParseException e) {
             throw new IOException("Failed to get JWT claims set", e);
         }
-        return valid;
+        return true;
     }
 
     /**


Mime
View raw message