Work with numeric dates

Author: lestrrat

internal/json/json.go

@@ -105,8 +105,8 @@ func EncodeAudience(enc *Encoder, aud []string, flatten bool) error {
 type DecodeCtx interface {
 	SetRegistry(*Registry)
 	Registry() *Registry
-	SetPedantic(bool)
-	Pedantic() bool // returns true if pedantic mode is enabled
+	SetPedantic(*bool)     // Changed from bool to *bool
+	Pedantic() *bool        // Changed from bool to *bool
 }
 
 // DecodeCtxContainer is used to differentiate objects that can carry extra
@@ -119,7 +119,7 @@ type DecodeCtxContainer interface {
 // stock decodeCtx. should cover 80% of the cases
 type decodeCtx struct {
 	registry *Registry
-	pedantic bool
+	pedantic *bool   // Changed from bool to *bool
 }
 
 func NewDecodeCtx() DecodeCtx {
@@ -134,11 +134,11 @@ func (dc *decodeCtx) Registry() *Registry {
 	return dc.registry
 }
 
-func (dc *decodeCtx) SetPedantic(pedantic bool) {
+func (dc *decodeCtx) SetPedantic(pedantic *bool) {
 	dc.pedantic = pedantic
 }
 
-func (dc *decodeCtx) Pedantic() bool {
+func (dc *decodeCtx) Pedantic() *bool {
 	return dc.pedantic
 }
 

internal/tokens/tokens.go

@@ -11,6 +11,11 @@ const (
 	Period             = '.'
 )
 
+const (
+	Zero = '0'
+	Nine = '9'
+)
+
 // Cryptographic key sizes
 const (
 	KeySize16 = 16

jwe/headers_gen.go

@@ -22,8 +22,8 @@ type Base64Encoder = base64.Encoder
 
 type DecodeCtx interface {
 	CollectRaw() bool
-	SetPedantic(bool)
-	Pedantic() bool
+	SetPedantic(*bool)
+	Pedantic() *bool
 }
 
 // Message represents a full JWS encoded message. Flattened serialization

jwk/ecdsa_gen.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"sync/atomic"
 	"time"
 
 	"github.com/lestrrat-go/jwx/v3/internal/json"
@@ -52,21 +53,61 @@ func intToTime(v any, t *time.Time) bool {
 	return true
 }
 
-func parseNumericString(x string) (time.Time, error) {
-	var t time.Time // empty time for empty return value
+// shouldParseIntOnly determines whether strict integer-only parsing should be enforced.
+// This function implements option-override semantics:
+//
+// If parseIntOnly is non-nil (explicitly set):
+//   - Return the dereferenced value, ignoring the global Pedantic flag
+//   - This allows callers to override the global setting for specific operations
+//
+// If parseIntOnly is nil (unspecified):
+//   - Fall back to the global Pedantic flag value
+//   - This maintains the default behavior when no override is specified
+//
+// This design allows three distinct behaviors:
+//   - Pass nil: use global setting (backward compatible default)
+//   - Pass ptr to false: explicitly lenient, even if global is strict
+//   - Pass ptr to true: explicitly strict, even if global is lenient
+func shouldParseIntOnly(parseIntOnly *bool) bool {
+	if parseIntOnly != nil {
+		// Explicit override: use the specified value, ignore global
+		return *parseIntOnly
+	}
+	// No override: fall back to global setting
+	return atomic.LoadUint32(&Pedantic) == 1
+}
 
-	// Only check for the escape hatch if it's the pedantic
-	// flag is off
-	if Pedantic != 1 {
-		// This is an escape hatch for non-conformant providers
-		// that gives us RFC3339 instead of epoch time
-		for _, r := range x {
-			// 0x30 = '0', 0x39 = '9', 0x2E = tokens.Period
-			if (r >= 0x30 && r <= 0x39) || r == 0x2E {
-				continue
-			}
+func detectRFC3339(r rune) bool {
+	return !(r >= tokens.Zero && r <= tokens.Nine) && r != tokens.Period
+}
+
+// parseNumericString parses a string representation of a Unix timestamp and returns
+// the corresponding time.Time value. The function handles both integer and fractional
+// (floating-point) timestamp values.
+//
+// The parseIntOnly parameter controls whether RFC3339 timestamp strings are accepted.
+// When parseIntOnly is true, only numeric string representations (epoch timestamps) are
+// accepted, and the function will return an error for RFC3339 formatted strings.
+// When parseIntOnly is false, the function will attempt to parse RFC3339 timestamps
+// as a fallback for non-conformant providers.
+//
+// IMPORTANT: This function does not consult global state. The caller is responsible
+// for determining the effective parseIntOnly value by combining any per-parse flags
+// with the global Pedantic flag (see shouldParseIntOnly helper).
+//
+// For fractional timestamps, the ParsePrecision variable controls how many fractional
+// digits are considered. The function pads or truncates fractional values to 9 digits
+// (nanosecond precision) as needed.
+func parseNumericString(x string, parseIntOnly bool) (time.Time, error) {
+	var t time.Time // empty time for empty return value
 
-			// if it got here, then it probably isn't epoch time
+	// RFC3339 escape hatch for non-conformant providers.
+	// Only active when parseIntOnly is false (lenient mode).
+	if !parseIntOnly {
+		// Quick check: if string contains any non-numeric character (excluding period),
+		// try parsing as RFC3339. RFC3339 timestamps always contain non-numeric characters
+		// (T, Z, :, -) so this provides an early detection mechanism.
+		if strings.ContainsFunc(x, detectRFC3339) {
 			tv, err := time.Parse(time.RFC3339, x)
 			if err != nil {
 				return t, fmt.Errorf(`value is not number of seconds since the epoch, and attempt to parse it as RFC3339 timestamp failed: %w`, err)
@@ -107,7 +148,27 @@ func parseNumericString(x string) (time.Time, error) {
 	return time.Unix(n, nsecs).UTC(), nil
 }
 
-func (n *NumericDate) Accept(v any, errOnNull bool) error {
+// Accept validates and assigns a value to the NumericDate. The method supports
+// multiple input types including numeric values (int, float), json.Number, string
+// representations of numbers, and time.Time values.
+//
+// The errOnNull parameter controls whether nil values should be rejected (true)
+// or accepted as zero time (false). When errOnNull is true and v is nil, an error
+// is returned. When errOnNull is false and v is nil, the NumericDate is set to
+// the zero time value.
+//
+// The parseIntOnly parameter controls whether RFC3339 timestamp strings should
+// be rejected. This parameter uses option-override semantics:
+//   - If parseIntOnly is nil: use the global Pedantic flag setting
+//   - If parseIntOnly is non-nil: use the specified value, ignoring the global flag
+//
+// This allows callers to explicitly override the global setting when needed, while
+// defaulting to the global setting when no override is specified.
+//
+// Supported input types include int8, int16, int32, int64, int, float32, float64,
+// json.Number, string (numeric or RFC3339 when allowed), and time.Time. Any other
+// type will result in an error.
+func (n *NumericDate) Accept(v any, errOnNull bool, parseIntOnly *bool) error {
 	// Handle nil case first
 	if v == nil {
 		if errOnNull {
@@ -118,28 +179,31 @@ func (n *NumericDate) Accept(v any, errOnNull bool) error {
 		return nil
 	}
 
+	// Resolve effective pedantic mode by combining parameter with global flag
+	effectivePedantic := shouldParseIntOnly(parseIntOnly)
+
 	var t time.Time
 	switch x := v.(type) {
 	case float32:
-		tv, err := parseNumericString(fmt.Sprintf(`%.9f`, x))
+		tv, err := parseNumericString(fmt.Sprintf(`%.9f`, x), effectivePedantic)
 		if err != nil {
 			return fmt.Errorf(`failed to accept float32 %.9f: %w`, x, err)
 		}
 		t = tv
 	case float64:
-		tv, err := parseNumericString(fmt.Sprintf(`%.9f`, x))
+		tv, err := parseNumericString(fmt.Sprintf(`%.9f`, x), effectivePedantic)
 		if err != nil {
 			return fmt.Errorf(`failed to accept float32 %.9f: %w`, x, err)
 		}
 		t = tv
 	case json.Number:
-		tv, err := parseNumericString(x.String())
+		tv, err := parseNumericString(x.String(), effectivePedantic)
 		if err != nil {
 			return fmt.Errorf(`failed to accept json.Number %q: %w`, x.String(), err)
 		}
 		t = tv
 	case string:
-		tv, err := parseNumericString(x)
+		tv, err := parseNumericString(x, effectivePedantic)
 		if err != nil {
 			return fmt.Errorf(`failed to accept string %q: %w`, x, err)
 		}
@@ -194,7 +258,8 @@ func (n *NumericDate) UnmarshalJSON(data []byte) error {
 	}
 
 	var n2 NumericDate
-	if err := n2.Accept(v, false); err != nil {
+	// Pass nil to use global flag (no explicit override for direct unmarshaling)
+	if err := n2.Accept(v, false, nil); err != nil {
 		return fmt.Errorf(`invalid value for NumericDate: %w`, err)
 	}
 	*n = n2