- changed status to open
JWKSourceBuilder cacheForever raises "JWKSetUnavailableException: Unable to refresh cache"
Issue #510
resolved
When setting cacheForever on JWKSourceBuilder the validation fails with the following exception:
Unable to refresh cache
com.nimbusds.jose.jwk.source.JWKSetUnavailableException: Unable to refresh cache
at app//com.nimbusds.jose.jwk.source.CachingJWKSetSource.loadJWKSetBlocking(CachingJWKSetSource.java:302)
at app//com.nimbusds.jose.jwk.source.CachingJWKSetSource.getJWKSet(CachingJWKSetSource.java:174)
at app//com.nimbusds.jose.jwk.source.JWKSetBasedJWKSource.get(JWKSetBasedJWKSource.java:76)
at app//com.nimbusds.jose.proc.JWSVerificationKeySelector.selectJWSKeys(JWSVerificationKeySelector.java:157)
at app//com.nimbusds.jwt.proc.DefaultJWTProcessor.selectKeys(DefaultJWTProcessor.java:283)
at app//com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:354)
at app//com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:303)
at app//com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:294)
The problem is in the following code in CachedObject:
public static long computeExpirationTime(final long currentTime, final long timeToLive) {
return currentTime + timeToLive;
}
When enabling cacheForever cacheTimeToLive is set to Long.MAX_VALUE, therefore we have a number overflow in the code above and the number becomes negative.
Comments (2)
-
-
- changed status to resolved
Fixed: 06a326c7 Fix released in: version 9.30.2 (2023-02-15)
- Log in to comment
Ouch. Thanks for the report.