001package com.nimbusds.jwt.proc; 002 003 004import java.util.Date; 005 006import net.jcip.annotations.ThreadSafe; 007 008import com.nimbusds.jwt.JWTClaimsSet; 009 010 011/** 012 * Default JWT claims verifier. This class is thread-safe. 013 * 014 * <p>Performs the following checks: 015 * 016 * <ol> 017 * <li>If an expiration time (exp) claim is present, makes sure it is 018 * ahead of the current time, else the JWT claims set is rejected. 019 * <li>If a not-before-time (nbf) claim is present, makes sure it is 020 * before the current time, else the JWT claims set is rejected. 021 * </ol> 022 * 023 * <p>This class may be extended to perform additional checks. 024 * 025 * @author Vladimir Dzhuvinov 026 * @version 2015-10-20 027 */ 028@ThreadSafe 029public class DefaultJWTClaimsVerifier implements JWTClaimsVerifier { 030 031 032 // Cache exceptions 033 034 035 /** 036 * Expired JWT. 037 */ 038 private static final BadJWTException EXPIRED_JWT_EXCEPTION = new BadJWTException("Expired JWT"); 039 040 041 /** 042 * JWT before use time. 043 */ 044 private static final BadJWTException JWT_BEFORE_USE_EXCEPTION = new BadJWTException("JWT before use time"); 045 046 047 @Override 048 public void verify(final JWTClaimsSet claimsSet) 049 throws BadJWTException { 050 051 final Date now = new Date(); 052 053 final Date exp = claimsSet.getExpirationTime(); 054 055 if (exp != null) { 056 057 if (now.after(exp)) { 058 throw EXPIRED_JWT_EXCEPTION; 059 } 060 } 061 062 final Date nbf = claimsSet.getNotBeforeTime(); 063 064 if (nbf != null) { 065 066 if (now.before(nbf)) { 067 throw JWT_BEFORE_USE_EXCEPTION; 068 } 069 } 070 } 071}