001package com.nimbusds.jwt.proc; 002 003 004import java.util.Date; 005 006import net.jcip.annotations.ThreadSafe; 007 008import com.nimbusds.jwt.JWTClaimsSet; 009 010 011/** 012 * Default JWT claims verifier. This class is thread-safe. 013 * 014 * <p>Performs the following checks: 015 * 016 * <ol> 017 * <li>If an expiration time (exp) claim is present, makes sure it is 018 * ahead of the current time, else the JWT claims set is rejected. 019 * <li>If a not-before-time (nbf) claim is present, makes sure it is 020 * before the current time, else the JWT claims set is rejected. 021 * </ol> 022 * 023 * <p>This class may be extended to perform additional checks. 024 * 025 * @author Vladimir Dzhuvinov 026 * @version 2015-08-27 027 */ 028@ThreadSafe 029public class DefaultJWTClaimsVerifier implements JWTClaimsVerifier { 030 031 032 @Override 033 public void verify(final JWTClaimsSet claimsSet) 034 throws BadJWTException { 035 036 final Date now = new Date(); 037 038 final Date exp = claimsSet.getExpirationTime(); 039 040 if (exp != null) { 041 042 if (now.after(exp)) { 043 throw new BadJWTException("Expired JWT"); 044 } 045 } 046 047 final Date nbf = claimsSet.getNotBeforeTime(); 048 049 if (nbf != null) { 050 051 if (now.before(nbf)) { 052 throw new BadJWTException("JWT before use time"); 053 } 054 } 055 } 056}