use the same time for nbf and iat when "not-before" is present and empty

apigee · Oct 21, 2017 · f9f7521 · f9f7521
1 parent 3e49938
commit f9f7521
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 33 deletions.
diff --git a/jwt_signed/apiproxy/README.md b/jwt_signed/apiproxy/README.md
@@ -204,7 +204,7 @@ For example, this is how to configure the JWT creation with algorithm=HS256, whi
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -243,7 +243,7 @@ To configure JWT creation with private key signing using an RSA key:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -289,7 +289,7 @@ configuration, using the private-key Property, like this:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -315,7 +315,7 @@ To configure JWT parsing with HS256:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -366,7 +366,7 @@ the policy to get that behavior. Like so:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -396,7 +396,7 @@ To configure JWT parsing with RS256:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -447,7 +447,7 @@ public-key property, like so:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -495,7 +495,7 @@ certificate.
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -519,7 +519,7 @@ or, like so:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -546,7 +546,7 @@ those values:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 

diff --git a/...apigee-edge-callout-jwt-signed-1.0.12.jar → ...apigee-edge-callout-jwt-signed-1.0.13.jar b/...apigee-edge-callout-jwt-signed-1.0.12.jar → ...apigee-edge-callout-jwt-signed-1.0.13.jar
diff --git a/jwt_signed/callout/Readme.md b/jwt_signed/callout/Readme.md
@@ -63,7 +63,7 @@ To use it:
       <DisplayName>Java JWT Creator</DisplayName>
       <Properties>...</Properties>
       <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-      <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+      <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
     </JavaCallout>
    ```
 
@@ -136,7 +136,7 @@ form of properties on the policy.  Some examples follow.
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -162,7 +162,7 @@ There is no way to explicitly set the "issued at" (iat) time.  The iat
 time automatically gets the value accurately indicating when the JWT is
 generated.
 
-In v1.0.12 of the callout, you can set a not-before (nbf) time, to the same time the JWT was
+In v1.0.13 of the callout, you can set a not-before (nbf) time, to the same time the JWT was
 issued, by including this property:
 
 ```
@@ -247,7 +247,7 @@ To generate a key signed with RS256, you can specify the private RSA key inside
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -288,7 +288,7 @@ You can also specify the PEM as a named file resource that is bundled in the jar
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -329,7 +329,7 @@ the Properties elements, like this:
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -362,7 +362,7 @@ For parsing and verifying a JWT, you need to specify a different Java class. Con
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -435,7 +435,7 @@ For parsing without verifying a JWT, you can specify wantVerify = false.
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -476,7 +476,7 @@ To parse and verify a RS256 JWT, then you need to use a configuration like this:
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -530,7 +530,7 @@ a configuration like this:
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -574,7 +574,7 @@ Do this by specifying Property elements with name attributes that begin with cla
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -614,7 +614,7 @@ To do this, you need to recompile the jar with your desired pemfile contained wi
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -643,7 +643,7 @@ You can also specify a serialized X509 certificate which contains the public key
     </Properties>
 
     <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
   </JavaCallout>
 ```
 
@@ -676,7 +676,7 @@ those values, using the modulus and exponent properties:
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.12.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
 </JavaCallout>
 ```
 

diff --git a/jwt_signed/callout/pom.xml b/jwt_signed/callout/pom.xml
@@ -5,7 +5,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.apigee.callouts</groupId>
   <artifactId>apigee-edge-callout-jwt-signed</artifactId>
-  <version>1.0.12</version>
+  <version>1.0.13</version>
   <name>JwtSignedEdgeCallout</name>
   <url>http://maven.apache.org</url>
   <packaging>jar</packaging>

diff --git a/jwt_signed/callout/src/main/java/com/apigee/callout/jwtsigned/JwtCreatorCallout.java b/jwt_signed/callout/src/main/java/com/apigee/callout/jwtsigned/JwtCreatorCallout.java
@@ -286,15 +286,13 @@ private Date getExpiryDate(Date current,MessageContext msgCtxt) throws Exception
         return then;
     }
 
-    private Date getNotBefore(MessageContext msgCtxt) throws Exception {
+    private Date getNotBefore(MessageContext msgCtxt, Date now) throws Exception {
         String key = "not-before";
-        if (!this.properties.containsKey(key)) {
-            return null;
-        }
+        if (!this.properties.containsKey(key)) return null;
         String value = (String) this.properties.get(key);
-        if (StringUtils.isBlank(value)) { return new Date(); }
+        if (StringUtils.isBlank(value)) return now;
         value = (String) resolvePropertyValue(value, msgCtxt);
-        if (StringUtils.isBlank(value)) { return new Date(); }
+        if (StringUtils.isBlank(value)) return now;
         return parseDate(value.trim()); // unparsed date string
     }
 
@@ -456,17 +454,17 @@ public ExecutionResult execute(MessageContext msgCtxt, ExecutionContext exeCtxt)
         String wantDebug = this.properties.get("debug");
         boolean debug = (wantDebug != null) && Boolean.parseBoolean(wantDebug);
         try {
+            Date now = new Date();
             JWSAlgorithm jwsAlg;
             String ISSUER = getIssuer(msgCtxt);
             String ALG = getAlgorithm(msgCtxt);
             String[] AUDIENCE = getAudience(msgCtxt);
             String SUBJECT = getSubject(msgCtxt);
             String JTI = getJwtId(msgCtxt);
             String KEYID = getKeyId(msgCtxt);
-            Date NOTBEFORE = getNotBefore(msgCtxt);
+            Date NOTBEFORE = getNotBefore(msgCtxt, now);
             JWSSigner signer;
             String[] audiences = null;
-            Date now = new Date();
 
             // 1. Prepare JWT with the set of standard claims
             JWTClaimsSet claims = new JWTClaimsSet();