Fix overflow when using Long.MAX_VALUE as leeway

Author: jmerle

lib/src/main/java/com/auth0/jwt/JWTVerifier.java

@@ -356,11 +356,13 @@ private boolean assertValidInstantClaim(String claimName, Claim claim, long leew
         }
 
         private boolean assertInstantIsFuture(Instant claimVal, long leeway, Instant now) {
-            return claimVal == null || now.minus(Duration.ofSeconds(leeway)).isBefore(claimVal);
+            long safeLeeway = Math.min(leeway, now.getEpochSecond() - Instant.MIN.getEpochSecond());
+            return claimVal == null || now.minus(Duration.ofSeconds(safeLeeway)).isBefore(claimVal);
         }
 
         private boolean assertInstantIsLessThanOrEqualToNow(Instant claimVal, long leeway, Instant now) {
-            return !(claimVal != null && now.plus(Duration.ofSeconds(leeway)).isBefore(claimVal));
+            long safeLeeway = Math.min(leeway, Instant.MAX.getEpochSecond() - now.getEpochSecond());
+            return !(claimVal != null && now.plus(Duration.ofSeconds(safeLeeway)).isBefore(claimVal));
         }
 
         private boolean assertValidAudienceClaim(

lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java

@@ -685,6 +685,18 @@ public void shouldValidateExpiresAtWithLeeway() {
         assertThat(jwt, is(notNullValue()));
     }
 
+    @Test
+    public void shouldValidateExpiresAtWithMaxLeeway() {
+        String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0Nzc1OTJ9.isvT0Pqx0yjnZk53mUFSeYFJLDs-Ls9IsNAm86gIdZo";
+        JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret"))
+                .acceptExpiresAt(Long.MAX_VALUE);
+        DecodedJWT jwt = verification
+                .build(mockOneSecondLater)
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+    }
+
     @Test
     public void shouldValidateExpiresAtIfPresent() {
         String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0Nzc1OTJ9.isvT0Pqx0yjnZk53mUFSeYFJLDs-Ls9IsNAm86gIdZo";
@@ -745,6 +757,18 @@ public void shouldValidateNotBeforeWithLeeway() {
         assertThat(jwt, is(notNullValue()));
     }
 
+    @Test
+    public void shouldValidateNotBeforeWithMaxLeeway() {
+        String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0Nzc1OTJ9.wq4ZmnSF2VOxcQBxPLfeh1J2Ozy1Tj5iUaERm3FKaw8";
+        JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret"))
+                .acceptNotBefore(Long.MAX_VALUE);
+        DecodedJWT jwt = verification
+                .build(mockOneSecondEarlier)
+                .verify(token);
+
+        assertThat(jwt, is(notNullValue()));
+    }
+
     @Test
     public void shouldThrowOnInvalidNotBeforeIfPresent() {
         IncorrectClaimException e = assertThrows(null, IncorrectClaimException.class, () -> {