From 3115f0dad84ef8ffde1116af8524557aa273431b Mon Sep 17 00:00:00 2001
From: Looly <loolly@gmail.com>
Date: Mon, 16 May 2022 18:43:48 +0800
Subject: [PATCH] fix jwt bug

---
 CHANGELOG.md                                   |  1 +
 .../main/java/cn/hutool/jwt/JWTValidator.java  |  8 ++++++--
 .../java/cn/hutool/jwt/JWTValidatorTest.java   | 18 ++++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d3f82a83d..d4f70dee8 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@
 * 【db     】     DialectName中修正为POSTGRESQL（issue#2308@Github）
 * 【core   】     修复BeanPath无法识别引号内的内容问题（issue#I56DE0@Gitee）
 * 【core   】     修复Map.entry方法返回可变不可变相反问题
+* 【jwt    】     修复jwt的过期容忍时间问题（issue#2329@Gitee）
 
 -------------------------------------------------------------------------------------------------------------
 
diff --git a/hutool-jwt/src/main/java/cn/hutool/jwt/JWTValidator.java b/hutool-jwt/src/main/java/cn/hutool/jwt/JWTValidator.java
index 77f7c2591..fc5d97210 100755
--- a/hutool-jwt/src/main/java/cn/hutool/jwt/JWTValidator.java
+++ b/hutool-jwt/src/main/java/cn/hutool/jwt/JWTValidator.java
@@ -222,7 +222,9 @@ public class JWTValidator {
 		if (null == dateToCheck) {
 			return;
 		}
-		now.setTime(now.getTime() + leeway * 1000);
+		if(leeway > 0){
+			now = DateUtil.date(now.getTime() + leeway * 1000);
+		}
 		if (dateToCheck.after(now)) {
 			throw new ValidateException("'{}':[{}] is after now:[{}]",
 					fieldName, DateUtil.date(dateToCheck), DateUtil.date(now));
@@ -244,7 +246,9 @@ public class JWTValidator {
 		if (null == dateToCheck) {
 			return;
 		}
-		now.setTime(now.getTime() - leeway * 1000);
+		if(leeway > 0){
+			now = DateUtil.date(now.getTime() - leeway * 1000);
+		}
 		if (dateToCheck.before(now)) {
 			throw new ValidateException("'{}':[{}] is before now:[{}]",
 					fieldName, DateUtil.date(dateToCheck), DateUtil.date(now));
diff --git a/hutool-jwt/src/test/java/cn/hutool/jwt/JWTValidatorTest.java b/hutool-jwt/src/test/java/cn/hutool/jwt/JWTValidatorTest.java
index b3df4faff..15365eeaf 100755
--- a/hutool-jwt/src/test/java/cn/hutool/jwt/JWTValidatorTest.java
+++ b/hutool-jwt/src/test/java/cn/hutool/jwt/JWTValidatorTest.java
@@ -6,6 +6,8 @@ import cn.hutool.jwt.signers.JWTSignerUtil;
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.util.Date;
+
 public class JWTValidatorTest {
 
 	@Test(expected = ValidateException.class)
@@ -79,4 +81,20 @@ public class JWTValidatorTest {
 
 		JWTValidator.of(jwt).validateDate(DateUtil.date());
 	}
+
+	@Test
+	public void issue2329Test(){
+		final long NOW = System.currentTimeMillis();
+		final Date NOW_TIME = new Date(NOW);
+		final long EXPIRED = 3 * 1000L;
+		final Date EXPIRED_TIME = new Date(NOW + EXPIRED);
+
+		// 使用这种方式生成token
+		final String token = JWT.create().setPayload("sub", "blue-light").setIssuedAt(NOW_TIME).setNotBefore(EXPIRED_TIME)
+				.setExpiresAt(EXPIRED_TIME).setKey("123456".getBytes()).sign();
+
+		// 使用这种方式验证token
+		JWTValidator.of(JWT.of(token)).validateDate(DateUtil.date(NOW - 4000), 10);
+		JWTValidator.of(JWT.of(token)).validateDate(DateUtil.date(NOW + 4000), 10);
+	}
 }