fix bug

hutool-json/src/main/java/cn/hutool/json/jwt/JWTValidator.java

@@ -218,11 +218,13 @@ public class JWTValidator {
 	 * @param leeway      容忍空间，单位：秒。向后容忍
 	 * @throws ValidateException 验证异常
 	 */
-	private static void validateNotAfter(final String fieldName, final Date dateToCheck, final Date now, final long leeway) throws ValidateException {
+	private static void validateNotAfter(final String fieldName, final Date dateToCheck, Date now, final long leeway) throws ValidateException {
 		if (null == dateToCheck) {
 			return;
 		}
-		now.setTime(now.getTime() + leeway * 1000);
+		if(leeway > 0){
+			now = DateUtil.date(now.getTime() + leeway * 1000);
+		}
 		if (dateToCheck.after(now)) {
 			throw new ValidateException("'{}':[{}] is after now:[{}]",
 					fieldName, DateUtil.date(dateToCheck), DateUtil.date(now));

hutool-json/src/test/java/cn/hutool/json/jwt/JWTValidatorTest.java

@@ -6,6 +6,8 @@ import cn.hutool.json.jwt.signers.JWTSignerUtil;
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.util.Date;
+
 public class JWTValidatorTest {
 
 	@Test(expected = ValidateException.class)
@@ -79,4 +81,19 @@ public class JWTValidatorTest {
 
 		JWTValidator.of(jwt).validateDate(DateUtil.date());
 	}
+
+	@Test
+	public void issue2329Test(){
+		final long NOW = System.currentTimeMillis();
+		final Date NOW_TIME = new Date(NOW);
+		final long EXPIRED = 3 * 1000L;
+		final Date EXPIRED_TIME = new Date(NOW + EXPIRED);
+
+		// 使用这种方式生成token
+		final String token = JWT.create().setPayload("sub", "blue-light").setIssuedAt(NOW_TIME).setNotBefore(EXPIRED_TIME)
+				.setExpiresAt(EXPIRED_TIME).setKey("123456".getBytes()).sign();
+
+		// 使用这种方式验证token
+		JWTValidator.of(JWT.of(token)).validateDate(DateUtil.date(NOW + 4000), 10);
+	}
 }