Skip to content

Commit 198c91b

Browse files
kylefkylef
committed
[claim validation] Refactor date comparisons
1 parent 66b357f commit 198c91b

File tree

1 file changed

+16
-28
lines changed

1 file changed

+16
-28
lines changed

JWT/JWT.swift

Lines changed: 16 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,19 @@ func load(jwt:String) -> LoadResult {
111111

112112
// MARK: Validation
113113

114+
func validateDate(payload:Payload, key:String, comparison:NSComparisonResult, failure:InvalidToken, decodeError:String) -> InvalidToken? {
115+
if let timestamp = payload[key] as? NSTimeInterval {
116+
let date = NSDate(timeIntervalSince1970: timestamp)
117+
if date.compare(NSDate()) == comparison {
118+
return failure
119+
}
120+
} else if let timestamp:AnyObject = payload[key] {
121+
return .DecodeError(decodeError)
122+
}
123+
124+
return nil
125+
}
126+
114127
func validateClaims(payload:Payload, audience:String?, issuer:String?) -> InvalidToken? {
115128
if let issuer = issuer {
116129
if let iss = payload["iss"] as? String {
@@ -122,32 +135,7 @@ func validateClaims(payload:Payload, audience:String?, issuer:String?) -> Invali
122135
}
123136
}
124137

125-
if let exp = payload["exp"] as? NSTimeInterval {
126-
let expiary = NSDate(timeIntervalSince1970: exp)
127-
if expiary.compare(NSDate()) == .OrderedAscending {
128-
return .ExpiredSignature
129-
}
130-
} else if let exp:AnyObject = payload["exp"] {
131-
return .DecodeError("Expiration time claim (exp) must be an integer")
132-
}
133-
134-
if let nbf = payload["nbf"] as? NSTimeInterval {
135-
let date = NSDate(timeIntervalSince1970: nbf)
136-
if date.compare(NSDate()) == .OrderedDescending {
137-
return .ImmatureSignature
138-
}
139-
} else if let nbf:AnyObject = payload["nbf"] {
140-
return .DecodeError("Not before claim (nbf) must be an integer")
141-
}
142-
143-
if let iat = payload["iat"] as? NSTimeInterval {
144-
let date = NSDate(timeIntervalSince1970: iat)
145-
if date.compare(NSDate()) == .OrderedDescending {
146-
return .InvalidIssuedAt
147-
}
148-
} else if let iat:AnyObject = payload["iat"] {
149-
return .DecodeError("Issued at claim (iat) must be an integer")
150-
}
151-
152-
return nil
138+
return validateDate(payload, "exp", .OrderedAscending, .ExpiredSignature, "Expiration time claim (exp) must be an integer") ??
139+
validateDate(payload, "nbf", .OrderedDescending, .ImmatureSignature, "Not before claim (nbf) must be an integer") ??
140+
validateDate(payload, "iat", .OrderedDescending, .InvalidIssuedAt, "Issued at claim (iat) must be an integer")
153141
}

0 commit comments

Comments
 (0)