Java Code Examples for org.jose4j.jwt.JwtClaims#getExpirationTime()

The following examples show how to use org.jose4j.jwt.JwtClaims#getExpirationTime() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultJWTTokenParser.java    From smallrye-jwt with Apache License 2.0 6 votes vote down vote up 
private void verifyTimeToLive(JWTAuthContextInfo authContextInfo, JwtClaims claimsSet) throws ParseException {
    final Long maxTimeToLiveSecs = authContextInfo.getMaxTimeToLiveSecs();

    if (maxTimeToLiveSecs != null) {
        final NumericDate iat;
        final NumericDate exp;

        try {
            iat = claimsSet.getIssuedAt();
            exp = claimsSet.getExpirationTime();
        } catch (Exception e) {
            throw PrincipalMessages.msg.failedToVerifyMaxTTL(e);
        }

        if (exp.getValue() - iat.getValue() > maxTimeToLiveSecs) {
            throw PrincipalMessages.msg.expExceeded(exp, maxTimeToLiveSecs, iat);
        }
    } else {
        PrincipalLogging.log.noMaxTTLSpecified();
    }
}
Example 2
Source File: JwtSignTest.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up 
private static void checkDefaultClaimsAndHeaders(Map<String, Object> headers, JwtClaims claims, String algo,
        long expectedLifespan)
        throws Exception {
    NumericDate iat = claims.getIssuedAt();
    Assert.assertNotNull(iat);
    NumericDate exp = claims.getExpirationTime();
    Assert.assertNotNull(exp);
    long tokenLifespan = exp.getValue() - iat.getValue();
    Assert.assertTrue(tokenLifespan >= expectedLifespan && tokenLifespan <= expectedLifespan + 2);
    Assert.assertNotNull(claims.getJwtId());
    Assert.assertEquals(algo, headers.get("alg"));
    Assert.assertEquals("JWT", headers.get("typ"));
}
Example 3
Source File: OpenIDConnectAuthenticator.java    From java with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean isExpired(Map<String, Object> config) {
  String idToken = (String) config.get(OIDC_ID_TOKEN);

  if (idToken == null) {
    return true;
  } else {
    JsonWebSignature jws = new JsonWebSignature();
    try {
      jws.setCompactSerialization(idToken);
      // we don't care if its valid or not cryptographicly as the only way to verify is to query
      // the remote identity provider's configuration url which is the same chanel as the token
      // request.  If there is a malicious proxy there's no way for the client to know.  Also,
      // the client doesn't need to trust the, token, only bear it to the server which will verify
      // it.

      String jwt = jws.getUnverifiedPayload();
      JwtClaims claims = JwtClaims.parse(jwt);

      // expired now is >= expiration AND exp is present
      return claims.getExpirationTime() == null
          || NumericDate.now().isOnOrAfter(claims.getExpirationTime());
    } catch (JoseException | InvalidJwtException | MalformedClaimException e) {
      throw new RuntimeException(e);
    }
  }
}
Example 4
Source File: TokenHelper.java    From git-as-svn with GNU General Public License v2.0 5 votes vote down vote up 
@Nullable
public static User parseToken(@NotNull JsonWebEncryption jwe, @NotNull String token, int tokenEnsureTime) {
  try {
    jwe.setCompactSerialization(token);
    final JwtClaims claims = JwtClaims.parse(jwe.getPayload());
    final NumericDate now = NumericDate.now();
    final NumericDate expire = NumericDate.fromMilliseconds(now.getValueInMillis());
    if (tokenEnsureTime > 0) {
      expire.addSeconds(tokenEnsureTime);
    }
    if (claims.getExpirationTime() == null || claims.getExpirationTime().isBefore(expire)) {
      return null;
    }
    if (claims.getNotBefore() == null || claims.getNotBefore().isAfter(now)) {
      return null;
    }
    if (claims.getSubject() == null) {
      return User.getAnonymous();
    }
    return User.create(
        claims.getSubject(),
        claims.getClaimValue("name", String.class),
        claims.getClaimValue("email", String.class),
        claims.getClaimValue("external", String.class),
        UserType.valueOf(claims.getClaimValue("type", String.class)),
        null
    );
  } catch (JoseException | MalformedClaimException | InvalidJwtException e) {
    log.warn("Token parsing error: " + e.getMessage());
    return null;
  }
}
Example 5
Source File: NumericDateValidator.java    From Jose4j with Apache License 2.0 4 votes vote down vote up 
@Override
public String validate(JwtContext jwtContext) throws MalformedClaimException
{
    JwtClaims jwtClaims = jwtContext.getJwtClaims();
    NumericDate expirationTime = jwtClaims.getExpirationTime();
    NumericDate issuedAt = jwtClaims.getIssuedAt();
    NumericDate notBefore = jwtClaims.getNotBefore();

    if (requireExp && expirationTime == null)
    {
        return "No Expiration Time (exp) claim present.";
    }

    if (requireIat && issuedAt == null)
    {
        return "No Issued At (iat) claim present.";
    }

    if (requireNbf && notBefore == null)
    {
        return "No Not Before (nbf) claim present.";
    }

    NumericDate evaluationTime = (staticEvaluationTime == null) ? NumericDate.now() : staticEvaluationTime;

    if (expirationTime != null)
    {
        // if (!evaluationTime.isBefore(expirationTime, allowedClockSkewSeconds))
        if ((evaluationTime.getValue() - allowedClockSkewSeconds) >= expirationTime.getValue())
        {
            return "The JWT is no longer valid - the evaluation time " + evaluationTime + " is on or after the Expiration Time (exp="+expirationTime+") claim value" + skewMessage();
        }

        if (issuedAt != null && expirationTime.isBefore(issuedAt))
        {
            return "The Expiration Time (exp="+expirationTime+") claim value cannot be before the Issued At (iat="+issuedAt+") claim value.";
        }

        if (notBefore != null && expirationTime.isBefore(notBefore))
        {
            return "The Expiration Time (exp="+expirationTime+") claim value cannot be before the Not Before (nbf="+notBefore+") claim value.";
        }

        if (maxFutureValidityInMinutes > 0)
        {
            long deltaInSeconds = (expirationTime.getValue() - allowedClockSkewSeconds) - evaluationTime.getValue();
            if (deltaInSeconds > (maxFutureValidityInMinutes * 60))
            {
                return "The Expiration Time (exp="+expirationTime+") claim value cannot be more than " + maxFutureValidityInMinutes
                        + " minutes in the future relative to the evaluation time " + evaluationTime + skewMessage();
            }
        }
    }

    if (notBefore != null)
    {
        if ((evaluationTime.getValue() + allowedClockSkewSeconds) < notBefore.getValue())
        {
            return "The JWT is not yet valid as the evaluation time " + evaluationTime + " is before the Not Before (nbf="+notBefore+") claim time" + skewMessage();
        }
    }

    return null;
}