Fixed OAuth2Util crash with IllegalArgumentException when extracting expiration time from arbitrary Bearer token that looks like jwt.

Ning Kang · Ning Kang · commit 9d4d10d5846d · 2025-05-30T10:59:34.000-07:00
diff --git a/core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Util.java b/core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Util.java
@@ -441,7 +441,7 @@ static Long expiresAtMillis(String token) {
     JsonNode node;
     try {
       node = JsonUtil.mapper().readTree(Base64.getUrlDecoder().decode(parts.get(1)));
-    } catch (IOException e) {
+    } catch (IOException | IllegalArgumentException e) {
       return null;
     }
 
diff --git a/core/src/test/java/org/apache/iceberg/rest/auth/TestOAuth2Util.java b/core/src/test/java/org/apache/iceberg/rest/auth/TestOAuth2Util.java
@@ -73,6 +73,10 @@ public void testOAuthScopeTokenValidation() {
   public void testExpiresAt() {
     assertThat(OAuth2Util.expiresAtMillis(null)).isNull();
     assertThat(OAuth2Util.expiresAtMillis("not a token")).isNull();
+    assertThat(
+            OAuth2Util.expiresAtMillis(
+                "a.b.c token looks like jwt but not jwt and too short per section"))
+        .isNull();
 
     // expires at epoch second = 1
     String token =

Original file line number	Diff line number	Diff line change
`@@ -441,7 +441,7 @@ static Long expiresAtMillis(String token) {`
`441`	`441`	`JsonNode node;`
`442`	`442`	`try {`
`443`	`443`	`node = JsonUtil.mapper().readTree(Base64.getUrlDecoder().decode(parts.get(1)));`
`444`		`- } catch (IOException e) {`
	`444`	`+ } catch (IOException \| IllegalArgumentException e) {`
`445`	`445`	`return null;`
`446`	`446`	`}`
`447`	`447`