Inject clocks for tests

scm-webapp/src/main/java/sonia/scm/security/JwtAccessToken.java

@@ -87,6 +87,10 @@ public final class JwtAccessToken implements AccessToken {
     return ofNullable(claims.get(REFRESHABLE_UNTIL_CLAIM_KEY, Date.class));
   }
 
+  public Optional<String> getParentKey() {
+    return ofNullable(claims.get(PARENT_TOKEN_ID_CLAIM_KEY).toString());
+  }
+
   @Override
   public Scope getScope() {
     return Scopes.fromClaims(claims);

scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java

@@ -36,6 +36,9 @@ import com.google.common.collect.Maps;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+
+import java.time.Clock;
+import java.time.Instant;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -60,6 +63,7 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
 
   private final KeyGenerator keyGenerator;
   private final SecureKeyResolver keyResolver;
+  private final Clock clock;
 
   private String subject;
   private String issuer;
@@ -72,9 +76,10 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
 
   private final Map<String,Object> custom = Maps.newHashMap();
 
-  JwtAccessTokenBuilder(KeyGenerator keyGenerator, SecureKeyResolver keyResolver)  {
+  JwtAccessTokenBuilder(KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Clock clock)  {
     this.keyGenerator = keyGenerator;
     this.keyResolver = keyResolver;
+    this.clock = clock;
   }
 
   @Override
@@ -157,18 +162,19 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
     // add scope to custom claims
     Scopes.toClaims(customClaims, scope);
 
-    Date now = new Date();
+    Instant now = clock.instant();
     long expiration = expiresInUnit.toMillis(expiresIn);
 
     Claims claims = Jwts.claims(customClaims)
       .setSubject(sub)
       .setId(id)
-      .setIssuedAt(now)
-      .setExpiration(new Date(now.getTime() + expiration));
+      .setIssuedAt(Date.from(now))
+      .setExpiration(new Date(now.toEpochMilli() + expiration));
+
 
     if (refreshableFor > 0) {
       long refreshExpiration = refreshableForUnit.toMillis(refreshableFor);
-      claims.put(JwtAccessToken.REFRESHABLE_UNTIL_CLAIM_KEY, new Date(now.getTime() + refreshExpiration).getTime());
+      claims.put(JwtAccessToken.REFRESHABLE_UNTIL_CLAIM_KEY, new Date(now.toEpochMilli() + refreshExpiration).getTime());
     }
     if (parentKeyId == null) {
       claims.put(JwtAccessToken.PARENT_TOKEN_ID_CLAIM_KEY, id);

scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilderFactory.java

@@ -30,6 +30,7 @@
  */
 package sonia.scm.security;
 
+import java.time.Clock;
 import java.util.Set;
 import javax.inject.Inject;
 import sonia.scm.plugin.Extension;
@@ -46,19 +47,25 @@ public final class JwtAccessTokenBuilderFactory implements AccessTokenBuilderFac
   private final KeyGenerator keyGenerator;
   private final SecureKeyResolver keyResolver;
   private final Set<AccessTokenEnricher> enrichers;
+  private final Clock clock;
 
   @Inject
   public JwtAccessTokenBuilderFactory(
-    KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Set<AccessTokenEnricher> enrichers
-  ) {
+    KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Set<AccessTokenEnricher> enrichers) {
+    this(keyGenerator, keyResolver, enrichers, Clock.systemDefaultZone());
+  }
+
+  JwtAccessTokenBuilderFactory(
+    KeyGenerator keyGenerator, SecureKeyResolver keyResolver, Set<AccessTokenEnricher> enrichers, Clock clock) {
     this.keyGenerator = keyGenerator;
     this.keyResolver = keyResolver;
     this.enrichers = enrichers;
+    this.clock = clock;
   }
 
   @Override
   public JwtAccessTokenBuilder create() {
-    JwtAccessTokenBuilder builder = new JwtAccessTokenBuilder(keyGenerator, keyResolver);
+    JwtAccessTokenBuilder builder = new JwtAccessTokenBuilder(keyGenerator, keyResolver, clock);
     
     // enrich access token builder
     enrichers.forEach((enricher) -> {