check time values against TODAY date instead of receiving a date

lbalmaceda · lbalmaceda · commit 7760b2d08bb9 · 2016-11-08T18:50:57.000-03:00
diff --git a/lib/src/main/java/com/auth0/jwt/Clock.java b/lib/src/main/java/com/auth0/jwt/Clock.java
@@ -0,0 +1,21 @@
+package com.auth0.jwt;
+
+import java.util.Date;
+
+/**
+ * The Clock class is used to wrap calls to Date class.
+ */
+class Clock {
+
+    Clock() {
+    }
+
+    /**
+     * Returns a new Date representing Today's time.
+     *
+     * @return a new Date representing Today's time.
+     */
+    Date getToday() {
+        return new Date();
+    }
+}
diff --git a/lib/src/main/java/com/auth0/jwt/JWT.java b/lib/src/main/java/com/auth0/jwt/JWT.java
@@ -37,11 +37,6 @@ public static JWTVerifier.Verification require(Algorithm algorithm) throws Illeg
         return JWTVerifier.init(algorithm);
     }
 
-    @Override
-    public boolean isExpired() {
-        return jwt.isExpired();
-    }
-
     @Override
     public String getSignature() {
         return jwt.getSignature();
diff --git a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java
@@ -110,17 +110,4 @@ public String getSignature() {
         return signature;
     }
 
-    @Override
-    public boolean isExpired() {
-        final Date iat = getIssuedAt();
-        final Date nbf = getNotBefore();
-        final Date exp = getExpiresAt();
-        final Date today = new Date();
-
-        boolean issuedAtValid = iat == null || iat.before(today);
-        boolean notBeforeValid = nbf == null || nbf.after(today);
-        boolean expiresAtValid = exp == null || exp.after(today);
-
-        return !issuedAtValid || !notBeforeValid || !expiresAtValid;
-    }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java
@@ -12,10 +12,12 @@
 class JWTVerifier {
     private final Algorithm algorithm;
     final Map<String, Object> claims;
+    private final Clock clock;
 
-    private JWTVerifier(Algorithm algorithm, Map<String, Object> claims) {
+    private JWTVerifier(Algorithm algorithm, Map<String, Object> claims, Clock clock) {
         this.algorithm = algorithm;
         this.claims = Collections.unmodifiableMap(claims);
+        this.clock = clock;
     }
 
     /**
@@ -35,6 +37,7 @@ static JWTVerifier.Verification init(Algorithm algorithm) throws IllegalArgument
     static class Verification {
         private final Algorithm algorithm;
         private final Map<String, Object> claims;
+        private long defaultDelta;
 
         Verification(Algorithm algorithm) throws IllegalArgumentException {
             if (algorithm == null) {
@@ -43,6 +46,7 @@ static class Verification {
 
             this.algorithm = algorithm;
             this.claims = new HashMap<>();
+            this.defaultDelta = 0;
         }
 
         /**
@@ -76,32 +80,66 @@ public Verification withAudience(String[] audience) {
         }
 
         /**
-         * Require a specific Expires At ("exp") claim.
+         * Define the default window in milliseconds in which the Not Before, Issued At and Expires At Claims will still be valid.
+         * Setting a specific delta value on a given Claim will override this value for that Claim.
          *
+         * @param delta the window in milliseconds in which the Not Before, Issued At and Expires At Claims will still be valid.
          * @return this same Verification instance.
+         * @throws IllegalArgumentException if delta is negative.
          */
-        public Verification withExpiresAt(Date expiresAt) {
-            requireClaim(PublicClaims.EXPIRES_AT, expiresAt);
+        public Verification acceptTimeDelta(long delta) throws IllegalArgumentException {
+            if (delta < 0) {
+                throw new IllegalArgumentException("Delta value can't be negative.");
+            }
+            this.defaultDelta = delta;
+            return this;
+        }
+
+        /**
+         * Set a specific delta window in milliseconds in which the Expires At ("exp") Claim will still be valid.
+         * Expiration Date is always verified when the value is present. This method overrides the value set with acceptTimeDelta
+         *
+         * @param delta the window in milliseconds in which the Expires At Claim will still be valid.
+         * @return this same Verification instance.
+         * @throws IllegalArgumentException if delta is negative.
+         */
+        public Verification acceptExpiresAt(long delta) throws IllegalArgumentException {
+            if (delta < 0) {
+                throw new IllegalArgumentException("Delta value can't be negative.");
+            }
+            requireClaim(PublicClaims.EXPIRES_AT, delta);
             return this;
         }
 
         /**
-         * Require a specific Not Before ("nbf") claim.
+         * Set a specific delta window in milliseconds in which the Not Before ("nbf") Claim will still be valid.
+         * Not Before Date is always verified when the value is present. This method overrides the value set with acceptTimeDelta
          *
+         * @param delta the window in milliseconds in which the Not Before Claim will still be valid.
          * @return this same Verification instance.
+         * @throws IllegalArgumentException if delta is negative.
          */
-        public Verification withNotBefore(Date notBefore) {
-            requireClaim(PublicClaims.NOT_BEFORE, notBefore);
+        public Verification acceptNotBefore(long delta) throws IllegalArgumentException {
+            if (delta < 0) {
+                throw new IllegalArgumentException("Delta value can't be negative.");
+            }
+            requireClaim(PublicClaims.NOT_BEFORE, delta);
             return this;
         }
 
         /**
-         * Require a specific Issued At ("iat") claim.
+         * Set a specific delta window in milliseconds in which the Issued At ("iat") Claim will still be valid.
+         * Issued At Date is always verified when the value is present. This method overrides the value set with acceptTimeDelta
          *
+         * @param delta the window in milliseconds in which the Issued At Claim will still be valid.
          * @return this same Verification instance.
+         * @throws IllegalArgumentException if delta is negative.
          */
-        public Verification withIssuedAt(Date issuedAt) {
-            requireClaim(PublicClaims.ISSUED_AT, issuedAt);
+        public Verification acceptIssuedAt(long delta) throws IllegalArgumentException {
+            if (delta < 0) {
+                throw new IllegalArgumentException("Delta value can't be negative.");
+            }
+            requireClaim(PublicClaims.ISSUED_AT, delta);
             return this;
         }
 
@@ -121,7 +159,31 @@ public Verification withJWTId(String jwtId) {
          * @return a new JWTVerifier instance.
          */
         public JWTVerifier build() {
-            return new JWTVerifier(algorithm, claims);
+            return this.build(new Clock());
+        }
+
+        /**
+         * Creates a new and reusable instance of the JWTVerifier with the configuration already provided.
+         * ONLY FOR TEST PURPOSES.
+         *
+         * @param clock the instance that will handle the current time.
+         * @return a new JWTVerifier instance with a custom Clock.
+         */
+        JWTVerifier build(Clock clock) {
+            addDeltaToDateClaims();
+            return new JWTVerifier(algorithm, claims, clock);
+        }
+
+        private void addDeltaToDateClaims() {
+            if (!claims.containsKey(PublicClaims.EXPIRES_AT)) {
+                claims.put(PublicClaims.EXPIRES_AT, defaultDelta);
+            }
+            if (!claims.containsKey(PublicClaims.NOT_BEFORE)) {
+                claims.put(PublicClaims.NOT_BEFORE, defaultDelta);
+            }
+            if (!claims.containsKey(PublicClaims.ISSUED_AT)) {
+                claims.put(PublicClaims.ISSUED_AT, defaultDelta);
+            }
         }
 
         private void requireClaim(String name, Object value) {
@@ -167,19 +229,30 @@ private void verifyClaims(JWT jwt, Map<String, Object> claims) {
     }
 
     private void assertValidClaim(JWT jwt, String claimName, Object expectedValue) throws InvalidClaimException {
+        String errMessage = String.format("The Claim '%s' value doesn't match the required one.", claimName);
         boolean isValid;
         if (PublicClaims.AUDIENCE.equals(claimName)) {
             isValid = Arrays.equals(jwt.getAudience(), (String[]) expectedValue);
         } else if (PublicClaims.NOT_BEFORE.equals(claimName) || PublicClaims.EXPIRES_AT.equals(claimName) || PublicClaims.ISSUED_AT.equals(claimName)) {
-            Date dateValue = (Date) expectedValue;
-            isValid = dateValue.equals(jwt.getClaim(claimName).asDate());
+            long deltaValue = (long) expectedValue;
+            Date today = clock.getToday();
+            Date date = jwt.getClaim(claimName).asDate();
+            if (PublicClaims.EXPIRES_AT.equals(claimName)) {
+                today.setTime(today.getTime() - deltaValue);
+                isValid = date == null || !today.after(date);
+                errMessage = String.format("The Token has expired on %s.", date);
+            } else {
+                today.setTime(today.getTime() + deltaValue);
+                isValid = date == null || !today.before(date);
+                errMessage = String.format("The Token can't be used before %s.", date);
+            }
         } else {
             String stringValue = (String) expectedValue;
             isValid = stringValue.equals(jwt.getClaim(claimName).asString());
         }
 
         if (!isValid) {
-            throw new InvalidClaimException(String.format("The Claim '%s' value doesn't match the required one.", claimName));
+            throw new InvalidClaimException(errMessage);
         }
     }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/JWT.java b/lib/src/main/java/com/auth0/jwt/interfaces/JWT.java
@@ -4,12 +4,4 @@
  * The JWT class represents a Json Web Token.
  */
 public interface JWT extends Payload, Header, Signature {
-
-    /**
-     * Tests whether this token's DateTime values IssuedAt, ExpiresAt and NotBefore are time valid.
-     * If any of them are missing they won't be taken into account. If the token it's expired it shouldn't be used.
-     *
-     * @return whether the token should be used or not.
-     */
-    boolean isExpired();
 }
diff --git a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
@@ -12,10 +12,8 @@
 import java.util.Date;
 
 import static com.auth0.jwt.SignUtils.base64Encode;
-import static junit.framework.TestCase.assertFalse;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
-import static org.junit.Assert.assertTrue;
 
 public class JWTDecoderTest {
     @Rule
@@ -173,49 +171,6 @@ public void shouldGetType() throws Exception {
         assertThat(jwt.getType(), is("JWS"));
     }
 
-    @Test
-    public void shouldBeExpired() throws Exception {
-        long pastSeconds = System.currentTimeMillis() / 1000;
-        long futureSeconds = (System.currentTimeMillis() + 10000) / 1000;
-
-        JWT issuedAndExpiresInTheFuture = customTimeJWT(futureSeconds, futureSeconds, futureSeconds);
-        assertTrue(issuedAndExpiresInTheFuture.isExpired());
-        JWT issuedInTheFuture = customTimeJWT(futureSeconds, null, null);
-        assertTrue(issuedInTheFuture.isExpired());
-
-        JWT issuedAndExpiresInThePast = customTimeJWT(pastSeconds, pastSeconds, pastSeconds);
-        assertTrue(issuedAndExpiresInThePast.isExpired());
-        JWT expiresInThePast = customTimeJWT(null, pastSeconds, null);
-        assertTrue(expiresInThePast.isExpired());
-
-        JWT issuedInTheFutureExpiresInThePast = customTimeJWT(futureSeconds, pastSeconds, pastSeconds);
-        assertTrue(issuedInTheFutureExpiresInThePast.isExpired());
-
-        JWT notBeforeThePast = customTimeJWT(null, null, pastSeconds);
-        assertTrue(notBeforeThePast.isExpired());
-    }
-
-    @Test
-    public void shouldNotBeExpired() throws Exception {
-        long pastSeconds = System.currentTimeMillis() / 1000;
-        long futureSeconds = (System.currentTimeMillis() + 10000) / 1000;
-
-        JWT missingDates = customTimeJWT(null, null, null);
-        assertFalse(missingDates.isExpired());
-
-        JWT issuedInThePastExpiresInTheFuture = customTimeJWT(pastSeconds, futureSeconds, futureSeconds);
-        assertFalse(issuedInThePastExpiresInTheFuture.isExpired());
-
-        JWT issuedInThePast = customTimeJWT(pastSeconds, null, null);
-        assertFalse(issuedInThePast.isExpired());
-
-        JWT expiresInTheFuture = customTimeJWT(null, futureSeconds, null);
-        assertFalse(expiresInTheFuture.isExpired());
-
-        JWT notBeforeTheFuture = customTimeJWT(null, null, futureSeconds);
-        assertFalse(notBeforeTheFuture.isExpired());
-    }
-
     //Private PublicClaims
 
     @Test
@@ -244,35 +199,10 @@ public void shouldGetNullClaimIfClaimValueIsNull() throws Exception {
 
     //Helper Methods
 
-    private JWT customTimeJWT(Long iat, Long exp, Long nbf) {
-        String header = base64Encode("{}");
-        StringBuilder bodyBuilder = new StringBuilder("{");
-        if (iat != null) {
-            bodyBuilder.append("\"iat\":").append(iat.longValue());
-        }
-        if (exp != null) {
-            if (iat != null) {
-                bodyBuilder.append(",");
-            }
-            bodyBuilder.append("\"exp\":").append(exp.longValue());
-        }
-        if (nbf != null) {
-            if (iat != null || exp != null) {
-                bodyBuilder.append(",");
-            }
-            bodyBuilder.append("\"nbf\":").append(nbf.longValue());
-        }
-        bodyBuilder.append("}");
-        String body = base64Encode(bodyBuilder.toString());
-        String signature = "sign";
-        return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature));
-    }
-
     private JWT customJWT(String jsonHeader, String jsonPayload, String signature) {
         String header = base64Encode(jsonHeader);
         String body = base64Encode(jsonPayload);
         return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature));
     }
 
-
 }
diff --git a/lib/src/test/java/com/auth0/jwt/JWTTest.java b/lib/src/test/java/com/auth0/jwt/JWTTest.java
diff --git a/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java b/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java
