GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

OidcIdTokenValidator ensures clockSkew is positive number 

Fixes gh-6443
pull/6495/head
Vishal Raj 7 years ago committed by Joe Grandja
parent
462b2ecdbb
commit
45891941b0
2 changed files with 17 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
  2. 16
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java

1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
Unescape View File

@ -132,6 +132,7 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> { @@ -132,6 +132,7 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
*/
public final void setClockSkew(Duration clockSkew) {
Assert.notNull(clockSkew, "clockSkew cannot be null");
Assert.isTrue(clockSkew.getSeconds() >= 0, "clockSkew must be >= 0");
this.clockSkew = clockSkew;
}

16
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
Unescape View File

@ -33,6 +33,7 @@ import java.util.HashMap; @@ -33,6 +33,7 @@ import java.util.HashMap;
import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
/**
* @author Rob Winch
@ -60,6 +61,21 @@ public class OidcIdTokenValidatorTests { @@ -60,6 +61,21 @@ public class OidcIdTokenValidatorTests {
assertThat(this.validateIdToken()).isEmpty();
}
@Test
public void setClockSkewWhenNullThenThrowIllegalArgumentException() {
OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
assertThatThrownBy(() -> idTokenValidator.setClockSkew(null))
.isInstanceOf(IllegalArgumentException.class);
}
@Test
public void setClockSkewWhenNegativeSecondsThenThrowIllegalArgumentException() {
OidcIdTokenValidator idTokenValidator = new OidcIdTokenValidator(this.registration.build());
assertThatThrownBy(() -> idTokenValidator.setClockSkew(Duration.ofSeconds(-1)))
.isInstanceOf(IllegalArgumentException.class);
}
@Test
public void validateWhenIssuerNullThenHasErrors() {
this.claims.remove(IdTokenClaimNames.ISS);

Write Preview
Loading…
Cancel
Save