public static void validateJwtNotBefore(JwtClaims claims, int clockOffset, boolean claimRequired) { Long notBeforeTime = claims.getNotBefore(); if (notBeforeTime == null) { if (claimRequired) { throw new JwtException("The token cannot be accepted yet"); } return; } Instant validCreation = Instant.now(); if (clockOffset != 0) { validCreation = validCreation.plusSeconds(clockOffset); } Instant notBeforeDate = Instant.ofEpochMilli(notBeforeTime * 1000L); // Check to see if the not before time is in the future if (notBeforeDate.isAfter(validCreation)) { throw new JwtException("The token cannot be accepted yet"); } }
public static void validateJwtNotBefore(JwtClaims claims, int clockOffset, boolean claimRequired) { Long notBeforeTime = claims.getNotBefore(); if (notBeforeTime == null) { if (claimRequired) { throw new JwtException("The token cannot be accepted yet"); } return; } Instant validCreation = Instant.now(); if (clockOffset != 0) { validCreation = validCreation.plusSeconds(clockOffset); } Instant notBeforeDate = Instant.ofEpochMilli(notBeforeTime * 1000L); // Check to see if the not before time is in the future if (notBeforeDate.isAfter(validCreation)) { throw new JwtException("The token cannot be accepted yet"); } }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
atv.setTokenIssuer(claims.getIssuer()); if (claims.getNotBefore() != null) { atv.setTokenNotBefore(claims.getNotBefore());
atv.setTokenIssuer(claims.getIssuer()); if (claims.getNotBefore() != null) { atv.setTokenNotBefore(claims.getNotBefore());