Skip to content

Commit

Permalink
Merge pull request #1479 from ivassile/ELY-2069
Browse files Browse the repository at this point in the history
[ELY-2069] JWT token validation uses int instead of long for the dates:exp (expiration) and nbf
  • Loading branch information
Skyllarr authored Jan 27, 2021
2 parents 77d6b22 + 1a57249 commit e92a6bc
Showing 1 changed file with 10 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -135,16 +135,17 @@ && verifyTimeConstraints(claims)) {
}

private boolean verifyTimeConstraints(JsonObject claims) {
int currentTime = currentTimeInSeconds();
boolean expired = currentTime > claims.getInt("exp", -1);
long currentTime = currentTimeInSeconds();
if (claims.containsKey("exp")) {
boolean expired = currentTime > claims.getJsonNumber("exp").longValue();

if (expired) {
log.debug("Token expired");
return false;
if (expired) {
log.debug("Token expired");
return false;
}
}

if (claims.containsKey("nbf")) {
boolean notBefore = currentTime >= claims.getInt("nbf");
boolean notBefore = currentTime >= claims.getJsonNumber("nbf").longValue();

if (!notBefore) {
log.debugf("Token is before [%s]", notBefore);
Expand Down Expand Up @@ -314,8 +315,8 @@ private PublicKey resolvePublicKey(JsonObject headers) {
}
}

private static int currentTimeInSeconds() {
return ((int) (System.currentTimeMillis() / 1000));
private static long currentTimeInSeconds() {
return System.currentTimeMillis() / 1000;
}

public static class Builder {
Expand Down

0 comments on commit e92a6bc

Please sign in to comment.