From 0ca86f8afeefb98f9a5578bfd1150da1fb4b7f69 Mon Sep 17 00:00:00 2001 From: Karel Maxa Date: Fri, 21 Jul 2023 13:08:23 +0200 Subject: [PATCH] Handle token validity maximum value. --- .../org/forgerock/openam/cts/api/tokens/Token.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/openam-core/src/main/java/org/forgerock/openam/cts/api/tokens/Token.java b/openam-core/src/main/java/org/forgerock/openam/cts/api/tokens/Token.java index d728926445..94b8ae4e54 100644 --- a/openam-core/src/main/java/org/forgerock/openam/cts/api/tokens/Token.java +++ b/openam-core/src/main/java/org/forgerock/openam/cts/api/tokens/Token.java @@ -13,7 +13,7 @@ * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions copyright [year] [name of copyright owner]". * - * Portions copyright 2022 Wren Security + * Portions copyright 2022-2023 Wren Security */ package org.forgerock.openam.cts.api.tokens; @@ -59,6 +59,9 @@ @Description(CORE_TOKEN_RESOURCE + "resource.schema." + DESCRIPTION) public class Token { + // Maximum allowed value of token validity + private static final String MAX_ALLOWED_DATETIME = "99991231235959.000Z"; + /** * Note: This map stores all data for the Token. It is intentionally using a String to Object mapping * rather than a CoreTokenField based key because this works better with Jackson based JSON @@ -315,7 +318,11 @@ private void put(CoreTokenField field, Object value) { } else if (CoreTokenField.TOKEN_TYPE.equals(field)) { s = ((TokenType) value).name(); } else if (CoreTokenFieldTypes.isCalendar(field)) { - s = GeneralizedTime.valueOf((Calendar) value).toString(); + if (((Calendar) value).get(Calendar.YEAR) > 9999) { + s = MAX_ALLOWED_DATETIME; + } else { + s = GeneralizedTime.valueOf((Calendar) value).toString(); + } } else if (CoreTokenFieldTypes.isByteArray(field)) { s = Base64.encode((byte[]) value); } else if (CoreTokenFieldTypes.isInteger(field)) {