jjwt/NOTICE.md

72 lines
3.0 KiB
Markdown
Raw Permalink Normal View History

2018-07-20 17:23:23 -04:00
## Base64 implementation
2018-07-20 17:23:23 -04:00
JJWT's `io.jsonwebtoken.io.Base64` implementation is based on [MigBase64](https://github.com/brsanthu/migbase64) with
continued modifications for Base64 URL support and additional test cases. The MigBase64 copyright and license notice
have been retained and are repeated here per that code's requirements:
```
Licence (BSD):
==============
Copyright (c) 2004, Mikael Grev, MiG InfoCom AB. (base64 @ miginfocom . com)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list
of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
Neither the name of the MiG InfoCom AB nor the names of its contributors may be
used to endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
2018-07-20 17:23:23 -04:00
```
Replace String/byte[] with (N)IO streams (#838) Closes #837 Replaced raw `String` and `byte[]` usages with `CharSequence`, `InputStream`/`OutputStream` and `CharBuffer`/`ByteBuffer` concepts where possible to eliminate unnecessary creation of intermediate byte arrays and/or temporary Strings. ----- - Changed TokenizedJwt and TokenizedJwe interfaces and implementations to return CharSequences instead of Strings to avoid creating new Strings on the heap - Changed internal Base64 implementation to work with a CharSequence instead of a raw char[] to reduce need to create new arrays on the heap - Changed Base64Decoder generics signature from Decoder<String,byte[]> to Decoder<CharSequence,byte[]> - Decoders.BASE64 and Decoders.BASE64URL now reflect Decoder<CharSequence,byte[]> - Changed Strings#utf8 implementation to accept a CharSequence instead of a String - Added new Strings#wrap to wrap a CharSequence into a CharBuffer if necessary - Renamed not-yet-released JwtBuilder#serializer method with JwtBuilder#json - Renamed not-yet-released JwtParserBuilder#deserializer method with JwtParserBuilder#json ----- - Moved JwtDeserializer from io.jsonwebtoken.impl to io.jsonwebtoken.impl.io package, created two new subclass implementations for use with Jwks and JwkSets - Renamed JwtDeserializer to JsonObjectDeserializer that defaults to throwing MalformedJwtException. Added two subclasses, JwkDeserializer and JwkSetDeserializer that throws JWK and JWK Set-specific exceptions. ----- Changed ParserBuilder#deserializer method name to ParserBuilder#jsonReader ----- Removed all usages of Serializer#serialize and Deserializer#deserialize except for deprecated implementations. All other usages now use InputStream/OutputStream concepts ----- Added Jwks#json and Jwks#UNSAFE_JSON for assistance in serializing JWKs to JSON (test cases, README examples, etc) ----- - Ensured Encoder and CompressionAlgorithm supported streams instead of just byte arrays - Copied over necessary (Apache-licensed) code from Apache commons-codec to obtain Base64OutputStream and Base64InputStream capability for efficient encoding during compact JWT creation. Hopefully this is temporary and we can strip out most if not all of this and modify our existing Base64.java class for simpler support since we have many less use cases than what commons-codec supports. All implementations are now in the `impl` module only. ----- Converted all DigestAlgorithms to utilize an InputStream for data instead of byte[] ----- - Added JwtBuilder InputStream payload support: added JwtBuilder#content(InputStream), JwtBuilder#content(InputStream, String contentType), JwtBuilder#content(String, String contentType) - Added CountingInputStream as a way to check and assert that b64/unencoded payload InputStreams cannot be empty. ------ Renamed Encoder/Decoder and CompressionAlgorithm 'wrap' methods to encode/decode/compress/decompress for better readability and to make clearer the intent of the method. Also to avoid name/text/search collisions with 'wrap' references. ----- Renamed new JwtBuilder#encoder and JwtParserBuilder#decoder methods to JwtBuilder#b64Url and JwtParserBuilder#b64Url for shorter method chains ----- - Updated AeadAlgorithm and its AeadRequest/AeadResult concepts to utilize Input/Output Streams - Renamed InitializationVectorSupplier to IvSupplier (was verbose, and it's a new interface, and it's not commonly referenced in the API, so the extra verbosity isn't needed)
2023-09-27 19:31:11 -04:00
Additionally, the following classes were copied from the Apache Commons-Codec project, with further JJWT-specific
modifications:
* io.jsonwebtoken.impl.io.Base64Codec
* io.jsonwebtoken.impl.io.Base64InputStream
* io.jsonwebtoken.impl.io.Base64OutputStream
* io.jsonwebtoken.impl.io.BaseNCodec
* io.jsonwebtoken.impl.io.BaseNCodecInputStream
* io.jsonwebtoken.impl.io.BaseNCodecOutputStream
* io.jsonwebtoken.impl.io.CodecPolicy
Its attribution:
```
Apache Commons Codec
Copyright 2002-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
```
Also, the following classes were copied from the Apache Commons-IO project, with further JJWT-specific modifications:
* io.jsonwebtoken.impl.io.CharSequenceReader
Replace String/byte[] with (N)IO streams (#838) Closes #837 Replaced raw `String` and `byte[]` usages with `CharSequence`, `InputStream`/`OutputStream` and `CharBuffer`/`ByteBuffer` concepts where possible to eliminate unnecessary creation of intermediate byte arrays and/or temporary Strings. ----- - Changed TokenizedJwt and TokenizedJwe interfaces and implementations to return CharSequences instead of Strings to avoid creating new Strings on the heap - Changed internal Base64 implementation to work with a CharSequence instead of a raw char[] to reduce need to create new arrays on the heap - Changed Base64Decoder generics signature from Decoder<String,byte[]> to Decoder<CharSequence,byte[]> - Decoders.BASE64 and Decoders.BASE64URL now reflect Decoder<CharSequence,byte[]> - Changed Strings#utf8 implementation to accept a CharSequence instead of a String - Added new Strings#wrap to wrap a CharSequence into a CharBuffer if necessary - Renamed not-yet-released JwtBuilder#serializer method with JwtBuilder#json - Renamed not-yet-released JwtParserBuilder#deserializer method with JwtParserBuilder#json ----- - Moved JwtDeserializer from io.jsonwebtoken.impl to io.jsonwebtoken.impl.io package, created two new subclass implementations for use with Jwks and JwkSets - Renamed JwtDeserializer to JsonObjectDeserializer that defaults to throwing MalformedJwtException. Added two subclasses, JwkDeserializer and JwkSetDeserializer that throws JWK and JWK Set-specific exceptions. ----- Changed ParserBuilder#deserializer method name to ParserBuilder#jsonReader ----- Removed all usages of Serializer#serialize and Deserializer#deserialize except for deprecated implementations. All other usages now use InputStream/OutputStream concepts ----- Added Jwks#json and Jwks#UNSAFE_JSON for assistance in serializing JWKs to JSON (test cases, README examples, etc) ----- - Ensured Encoder and CompressionAlgorithm supported streams instead of just byte arrays - Copied over necessary (Apache-licensed) code from Apache commons-codec to obtain Base64OutputStream and Base64InputStream capability for efficient encoding during compact JWT creation. Hopefully this is temporary and we can strip out most if not all of this and modify our existing Base64.java class for simpler support since we have many less use cases than what commons-codec supports. All implementations are now in the `impl` module only. ----- Converted all DigestAlgorithms to utilize an InputStream for data instead of byte[] ----- - Added JwtBuilder InputStream payload support: added JwtBuilder#content(InputStream), JwtBuilder#content(InputStream, String contentType), JwtBuilder#content(String, String contentType) - Added CountingInputStream as a way to check and assert that b64/unencoded payload InputStreams cannot be empty. ------ Renamed Encoder/Decoder and CompressionAlgorithm 'wrap' methods to encode/decode/compress/decompress for better readability and to make clearer the intent of the method. Also to avoid name/text/search collisions with 'wrap' references. ----- Renamed new JwtBuilder#encoder and JwtParserBuilder#decoder methods to JwtBuilder#b64Url and JwtParserBuilder#b64Url for shorter method chains ----- - Updated AeadAlgorithm and its AeadRequest/AeadResult concepts to utilize Input/Output Streams - Renamed InitializationVectorSupplier to IvSupplier (was verbose, and it's a new interface, and it's not commonly referenced in the API, so the extra verbosity isn't needed)
2023-09-27 19:31:11 -04:00
* io.jsonwebtoken.impl.io.FilteredInputStream
* io.jsonwebtoken.impl.io.FilteredOutputStream
* io.jsonwebtoken.impl.io.ClosedInputStream
* io.jsonwebtoken.impl.io.UncloseableInputStream
It's attribution:
```
Apache Commons IO
Copyright 2002-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
```