jjwt/pom.xml

794 lines
36 KiB
XML
Raw Normal View History

2014-09-18 22:14:22 -04:00
<?xml version="1.0" encoding="UTF-8"?>
<!--
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
~ Copyright (C) 2014-2023 jsonwebtoken.io
2014-09-18 22:14:22 -04:00
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
2014-09-18 22:14:22 -04:00
<modelVersion>4.0.0</modelVersion>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.12.6-SNAPSHOT</version>
<name>JJWT</name>
<description>JSON Web Token support for the JVM and Android</description>
<packaging>pom</packaging>
<url>https://github.com/jwtk/jjwt</url>
2014-09-18 22:14:22 -04:00
<organization>
<name>jsonwebtoken.io</name>
<url>https://github.com/jwtk/jjwt</url>
</organization>
<inceptionYear>2014</inceptionYear>
2014-09-18 22:14:22 -04:00
<licenses>
<license>
<name>Apache License, Version 2.0</name>
<url>https://www.apache.org/licenses/LICENSE-2.0</url>
2014-09-18 22:14:22 -04:00
<distribution>repo</distribution>
</license>
</licenses>
<developers>
<developer>
<name>Les Hazlewood</name>
<email>121180+lhazlewood@users.noreply.github.com</email>
<organization>JJWT</organization>
<organizationUrl>https://github.com/jwtk/jjwt</organizationUrl>
</developer>
</developers>
2014-09-18 22:14:22 -04:00
<scm>
<connection>scm:git:https://github.com/jwtk/jjwt.git</connection>
<developerConnection>scm:git:https://github.com/jwtk/jjwt.git</developerConnection>
<url>https://github.com/jwtk/jjwt.git</url>
<tag>HEAD</tag>
2014-09-18 22:14:22 -04:00
</scm>
<issueManagement>
<system>GitHub Issues</system>
<url>https://github.com/jwtk/jjwt/issues</url>
</issueManagement>
<ciManagement>
<system>TravisCI</system>
<url>https://travis-ci.org/jwtk/jjwt</url>
</ciManagement>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<repositories>
<repository>
<id>ossrh</id>
<name>OSSRH Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
2014-09-18 22:14:22 -04:00
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<arguments />
2014-09-19 22:00:39 -04:00
<jjwt.root>${basedir}</jjwt.root>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<jjwt.previousVersion>0.11.2</jjwt.previousVersion>
<maven.jar.version>3.3.0</maven.jar.version>
<maven.compiler.version>3.11.0</maven.compiler.version>
<maven.javadoc.version>3.1.1</maven.javadoc.version> <!-- max version allowed for JDK 7 builds -->
<maven.source.version>3.2.1</maven.source.version>
<maven.resources.version>3.1.0</maven.resources.version>
<maven.gpg.version>1.6</maven.gpg.version> <!-- max version allowed for JDK 7 builds -->
<maven.japicmp.version>0.13.1</maven.japicmp.version> <!-- max version allowed for JDK 7 builds -->
<gmavenplus.version>1.6.1</gmavenplus.version> <!-- higher version used in jdk8AndLater profile below -->
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<maven.license.version>4.2.rc3</maven.license.version>
<maven.license.skipExistingHeaders>true</maven.license.skipExistingHeaders>
2014-09-18 22:14:22 -04:00
<jdk.version>7</jdk.version>
2014-09-18 22:14:22 -04:00
<buildNumber>${user.name}-${maven.build.timestamp}</buildNumber>
<jackson.version>2.12.7.1</jackson.version>
<orgjson.version>20231013</orgjson.version>
<gson.version>2.9.0</gson.version>
2014-09-18 22:14:22 -04:00
<maven.javadoc.additionalOptions />
2014-09-18 22:14:22 -04:00
<!-- Optional Runtime Dependencies: -->
<bouncycastle.version>1.76</bouncycastle.version>
<bcprov.artifactId>bcprov-jdk18on</bcprov.artifactId>
<bcpkix.artifactId>bcpkix-jdk18on</bcpkix.artifactId>
2014-09-18 22:14:22 -04:00
<!-- Test Dependencies: Only required for testing when building. Not required by users at runtime: -->
<groovy.version>2.5.16</groovy.version> <!-- higher version used in jdk8AndLater profile below -->
<easymock.version>3.6</easymock.version> <!-- higher version used in jdk8AndLater profile below -->
<junit.version>4.12</junit.version>
<powermock.version>2.0.0-beta.5</powermock.version> <!-- higher version used in jdk8AndLater profile below -->
<failsafe.plugin.version>3.0.0-M5</failsafe.plugin.version>
<surefire.plugin.version>3.0.0-M5</surefire.plugin.version>
<clover.version>4.3.1</clover.version> <!-- max version allowed for JDK 7 builds -->
<clover.db>${jjwt.root}/target/clover/clover.db</clover.db>
<surefire.argLine />
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<test.addOpens>
--add-opens java.base/java.lang=ALL-UNNAMED, <!-- Needed by EasyMock/cglib -->
--add-opens java.desktop/java.beans=ALL-UNNAMED, <!-- Needed by EasyMock/cglib -->
--add-opens java.base/java.lang.ref=ALL-UNNAMED, <!-- Needed by PowerMock -->
<!-- needed by KeysImplTest.testKeyPairFor, KeysTest.testDeprecatedKeyPairFor, and
KeysTest.testKeyPairBuilder: -->
--add-opens java.base/sun.security.util=ALL-UNNAMED
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
</test.addOpens>
2014-09-19 22:00:39 -04:00
2014-09-18 22:14:22 -04:00
</properties>
<modules>
<module>api</module>
<module>impl</module>
<module>extensions</module>
<module>tdjar</module>
</modules>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-orgjson</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
2019-07-16 10:19:23 -04:00
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-gson</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>${orgjson.version}</version>
</dependency>
<dependency>
2019-07-16 10:19:23 -04:00
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${gson.version}</version>
</dependency>
<!-- Used only during testing for PS256, PS384 and PS512 since JDK <= 10 doesn't support them: -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>${bcprov.artifactId}</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>${bcpkix.artifactId}</artifactId>
<version>${bouncycastle.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
2014-09-18 22:14:22 -04:00
<!-- Test Dependencies: Only required for testing when building. Not required by users at runtime: -->
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy</artifactId>
2014-09-18 22:14:22 -04:00
<version>${groovy.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.easymock</groupId>
<artifactId>easymock</artifactId>
<version>${easymock.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
<version>${powermock.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-easymock</artifactId>
<version>${powermock.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-core</artifactId>
<version>${powermock.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.1</version>
<scope>test</scope>
</dependency>
2014-09-18 22:14:22 -04:00
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5.3</version>
<dependencies>
<dependency>
<groupId>org.apache.maven.scm</groupId>
<artifactId>maven-scm-provider-gitexe</artifactId>
<version>1.9.5</version>
</dependency>
</dependencies>
<configuration>
<mavenExecutorId>forked-path</mavenExecutorId>
<releaseProfiles>ossrh</releaseProfiles>
<autoVersionSubmodules>true</autoVersionSubmodules>
</configuration>
</plugin>
<plugin>
<groupId>org.openclover</groupId>
<artifactId>clover-maven-plugin</artifactId>
<version>${clover.version}</version>
<configuration>
<cloverDatabase>${clover.db}</cloverDatabase>
<!--
cloverDatabase>${user.home}/.clover/${project.groupId}/jjwt/clover.db</cloverDatabase>
<snapshot>${user.home}/.clover/${project.groupId}/jjwt/clover.snapshot</snapshot>
<historyDir>${user.home}/.clover/${project.groupId}/jjwt</historyDir> -->
<excludes>
<exclude>io/jsonwebtoken/lang/*</exclude>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<exclude>io/jsonwebtoken/all/JavaReadmeTest.java</exclude>
Replace String/byte[] with (N)IO streams (#838) Closes #837 Replaced raw `String` and `byte[]` usages with `CharSequence`, `InputStream`/`OutputStream` and `CharBuffer`/`ByteBuffer` concepts where possible to eliminate unnecessary creation of intermediate byte arrays and/or temporary Strings. ----- - Changed TokenizedJwt and TokenizedJwe interfaces and implementations to return CharSequences instead of Strings to avoid creating new Strings on the heap - Changed internal Base64 implementation to work with a CharSequence instead of a raw char[] to reduce need to create new arrays on the heap - Changed Base64Decoder generics signature from Decoder<String,byte[]> to Decoder<CharSequence,byte[]> - Decoders.BASE64 and Decoders.BASE64URL now reflect Decoder<CharSequence,byte[]> - Changed Strings#utf8 implementation to accept a CharSequence instead of a String - Added new Strings#wrap to wrap a CharSequence into a CharBuffer if necessary - Renamed not-yet-released JwtBuilder#serializer method with JwtBuilder#json - Renamed not-yet-released JwtParserBuilder#deserializer method with JwtParserBuilder#json ----- - Moved JwtDeserializer from io.jsonwebtoken.impl to io.jsonwebtoken.impl.io package, created two new subclass implementations for use with Jwks and JwkSets - Renamed JwtDeserializer to JsonObjectDeserializer that defaults to throwing MalformedJwtException. Added two subclasses, JwkDeserializer and JwkSetDeserializer that throws JWK and JWK Set-specific exceptions. ----- Changed ParserBuilder#deserializer method name to ParserBuilder#jsonReader ----- Removed all usages of Serializer#serialize and Deserializer#deserialize except for deprecated implementations. All other usages now use InputStream/OutputStream concepts ----- Added Jwks#json and Jwks#UNSAFE_JSON for assistance in serializing JWKs to JSON (test cases, README examples, etc) ----- - Ensured Encoder and CompressionAlgorithm supported streams instead of just byte arrays - Copied over necessary (Apache-licensed) code from Apache commons-codec to obtain Base64OutputStream and Base64InputStream capability for efficient encoding during compact JWT creation. Hopefully this is temporary and we can strip out most if not all of this and modify our existing Base64.java class for simpler support since we have many less use cases than what commons-codec supports. All implementations are now in the `impl` module only. ----- Converted all DigestAlgorithms to utilize an InputStream for data instead of byte[] ----- - Added JwtBuilder InputStream payload support: added JwtBuilder#content(InputStream), JwtBuilder#content(InputStream, String contentType), JwtBuilder#content(String, String contentType) - Added CountingInputStream as a way to check and assert that b64/unencoded payload InputStreams cannot be empty. ------ Renamed Encoder/Decoder and CompressionAlgorithm 'wrap' methods to encode/decode/compress/decompress for better readability and to make clearer the intent of the method. Also to avoid name/text/search collisions with 'wrap' references. ----- Renamed new JwtBuilder#encoder and JwtParserBuilder#decoder methods to JwtBuilder#b64Url and JwtParserBuilder#b64Url for shorter method chains ----- - Updated AeadAlgorithm and its AeadRequest/AeadResult concepts to utilize Input/Output Streams - Renamed InitializationVectorSupplier to IvSupplier (was verbose, and it's a new interface, and it's not commonly referenced in the API, so the extra verbosity isn't needed)
2023-09-27 19:31:11 -04:00
<!-- Imported from commons-codec 585497f09b026f6602daf986723a554e051bdfe6, don't
need full coverage: -->
<exclude>io/jsonwebtoken/impl/io/CodecPolicy.java</exclude>
<exclude>io/jsonwebtoken/impl/io/BaseNCodec.java</exclude>
<exclude>io/jsonwebtoken/impl/io/Base64Codec.java</exclude>
<exclude>io/jsonwebtoken/impl/io/BaseNCodecOutputStream.java</exclude>
<exclude>io/jsonwebtoken/impl/io/BaseNCodecInputStream.java</exclude>
<exclude>io/jsonwebtoken/impl/io/Base64OutputStream.java</exclude>
<exclude>io/jsonwebtoken/impl/io/Base64InputStream.java</exclude>
<exclude>io/jsonwebtoken/impl/io/FilteredInputStream.java</exclude>
<exclude>io/jsonwebtoken/impl/io/FilteredOutputStream.java</exclude>
<exclude>io/jsonwebtoken/impl/io/CharSequenceReader.java</exclude>
<exclude>io/jsonwebtoken/impl/lang/AddOpens.java</exclude>
</excludes>
<methodPercentage>100.000000%</methodPercentage>
<statementPercentage>100.000000%</statementPercentage>
<conditionalPercentage>100.000000%</conditionalPercentage>
<targetPercentage>100.000000%</targetPercentage>
</configuration>
</plugin>
<plugin>
<groupId>com.mycila</groupId>
<artifactId>license-maven-plugin</artifactId>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<version>${maven.license.version}</version>
<configuration>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<skipExistingHeaders>${maven.license.skipExistingHeaders}</skipExistingHeaders>
<mapping>
<toml>SCRIPT_STYLE</toml> <!-- yaml -->
<pem>SCRIPT_STYLE</pem> <!-- any will do -->
</mapping>
<licenseSets>
<licenseSet>
<header>${jjwt.root}/src/license/header.txt</header>
<excludes>
<exclude>**/license/header.txt</exclude>
<exclude>**/*.test.orgjson</exclude>
<exclude>**/*.test.gson</exclude>
<exclude>**/*.test.override</exclude>
<exclude>**/*.bnd</exclude>
<exclude>LICENSE</exclude>
<exclude>**/mvnw</exclude>
<exclude>**/lombok.config</exclude>
<exclude>.gitattributes</exclude>
PKCS11 testing with SoftHSM2 (#805) * Added impl/src/main/resources/io/jsonwebtoken/impl/security/genkeys script for reuse/simplicity and help in CI * Updated tests reflecting updated test key material from genkeys script * Fixed license headers for newly generated test key files * Removed conditional check for X448 and X25519 certificate/chains now that we have signed certs for those test key files * Added new impl/src/test/scripts/softhsm script with `configure` and `import` subcommands for working with SoftHSMv2, used locally and in CI * Enabling PKCS11 keystore interaction on macos and linux (CI) via Pkcs11Test * Added new AbstractCurve#contains method and leveraged that to clean up code considerably in EcdhKeyAlgorithm.java * Updated softhsm script to ensure EC key import used the pkcs11-tool `--usage-derive` flag to allow testing PKCS11 keys with ECDH-ES key algorithms * Renamed CryptoAlgorithm#generateKey to #generateCek to be more explicit in its purpose. * Introduced new CryptoAlgorithm#nonPkcs11Provider to ensure PKCS11 provider won't be used when key material is required (i.e. for ephemeral key(pair) KeyAlgorithms). * Ensured CryptoAlgorithm#generateCek ignored applying a PKCS11 provider since required key material wouldn't be available otherwise. * Ensured DefaultJwtBuilder and DefaultJwtParser would use the provider for the KeyAlgorithm, but not for the AeadAlgorithm (unless using direct encryption) * Consolidated unsigned byte array length calculation for non-negative integers (used in a few places) to a new Bytes#uintLength method. Refactored other classes to use this new method to eliminate code duplication * Added tests for JWS MAC algorithms (HS256, HS384, HS512) with PKCS11 secret keys * Explicitly prevented Password instances in DefaultMacAlgorithm * Fixed the EdwardsCurve#keyBitLength implementation to accurately reflect RFC key sizes and not encoded byte array sizes. * OptionalMethodInvoker now supports static invocations in addition to the existing instance invocation support.
2023-09-02 22:53:29 -04:00
<exclude>**/genkeys</exclude>
<exclude>**/softhsm</exclude>
<exclude>**.adoc</exclude>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
</excludes>
</licenseSet>
</licenseSets>
</configuration>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<dependencies>
<dependency>
<groupId>com.mycila</groupId>
<artifactId>license-maven-plugin-git</artifactId>
<version>${maven.license.version}</version>
</dependency>
</dependencies>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>${maven.javadoc.version}</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
<configuration>
<source>${jdk.version}</source>
<failOnError>true</failOnError>
<failOnWarnings>false</failOnWarnings>
<additionalOptions>${maven.javadoc.additionalOptions}</additionalOptions>
</configuration>
<dependencies>
<!-- Workaround for Java 9 -->
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>${maven.jar.version}</version>
<configuration>
<archive>
<manifest>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
<manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>${maven.source.version}</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>${maven.resources.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${maven.gpg.version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<!-- japicmp will scan code for binary breaking changes, Open api/target/japicmp/japicmp.html
for a report of the changes since ${jjwt.previousVersion} -->
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<version>${maven.japicmp.version}</version>
<configuration>
<oldVersion>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}</artifactId>
<version>${jjwt.previousVersion}</version>
<type>jar</type>
</dependency>
</oldVersion>
<parameter>
<onlyModified>true</onlyModified>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<!-- <breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications> -->
<!-- TODO: enable after 1.0 -->
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<breakBuildBasedOnSemanticVersioning>true</breakBuildBasedOnSemanticVersioning>
<!-- All of the following can be removed after 0.11.1 is released: -->
<!-- <excludes>
<exclude>io.jsonwebtoken.Header#getAlgorithm()</exclude>
<exclude>io.jsonwebtoken.Header#setAlgorithm(java.lang.String)</exclude>
<exclude>io.jsonwebtoken.JwsHeader#getAlgorithm()</exclude>
<exclude>io.jsonwebtoken.JwsHeader#setAlgorithm(java.lang.String)</exclude>
<exclude>io.jsonwebtoken.lang.Assert#notNull(java.lang.Object,java.lang.String)</exclude>
</excludes> -->
</parameter>
</configuration>
<executions>
<execution>
<id>japicmp</id>
<goals>
<goal>cmp</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.2.1</version>
<configuration>
<shadedClassifierName>deprecated</shadedClassifierName>
<shadedArtifactAttached>true</shadedArtifactAttached>
<createDependencyReducedPom>false</createDependencyReducedPom>
<artifactSet>
<includes>
<include>${project.groupId}:${project.artifactId}</include>
</includes>
</artifactSet>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
</transformers>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
2014-09-18 22:14:22 -04:00
<plugins>
2014-09-19 22:00:39 -04:00
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
2017-05-13 11:43:43 -04:00
<version>1.4.1</version>
2014-09-19 22:00:39 -04:00
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<exclude>commons-logging</exclude>
</excludes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
<!-- <plugin>-->
<!-- <groupId>org.apache.maven.plugins</groupId>-->
<!-- <artifactId>maven-compiler-plugin</artifactId>-->
<!-- <version>${maven.compiler.version}</version>-->
<!-- <executions>-->
<!-- <execution>-->
<!-- <id>default-compile</id>-->
<!-- <configuration>-->
<!-- <release>9</release>-->
<!-- &lt;!&ndash; no excludes: compile everything to ensure module-info contains right entries &ndash;&gt;-->
<!-- </configuration>-->
<!-- </execution>-->
<!-- <execution>-->
<!-- <id>base-compile</id>-->
<!-- <goals>-->
<!-- <goal>compile</goal>-->
<!-- </goals>-->
<!-- <configuration>-->
<!-- &lt;!&ndash; recompile everything for target VM except the module-info.java &ndash;&gt;-->
<!-- <excludes>-->
<!-- <exclude>module-info.java</exclude>-->
<!-- </excludes>-->
<!-- </configuration>-->
<!-- </execution>-->
<!-- </executions>-->
<!-- &lt;!&ndash; defaults for compile and testCompile &ndash;&gt;-->
<!-- <configuration>-->
<!-- <release>${jdk.version}</release>-->
<!--&lt;!&ndash; &lt;!&ndash; Only required when Maven runtime JAVA_HOME isn't at least Java 9 and when haven't configured the maven-toolchains-plugin &ndash;&gt;&ndash;&gt;-->
<!--&lt;!&ndash; <jdkToolchain>&ndash;&gt;-->
<!--&lt;!&ndash; <version>9</version>&ndash;&gt;-->
<!--&lt;!&ndash; </jdkToolchain>&ndash;&gt;-->
<!-- </configuration>-->
<!-- </plugin>-->
2014-09-18 22:14:22 -04:00
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven.compiler.version}</version>
<configuration>
<source>${jdk.version}</source>
<target>${jdk.version}</target>
<encoding>${project.build.sourceEncoding}</encoding>
</configuration>
</plugin>
<!-- Allow for writing tests in Groovy: -->
<plugin>
<groupId>org.codehaus.gmavenplus</groupId>
<artifactId>gmavenplus-plugin</artifactId>
<version>${gmavenplus.version}</version>
2014-09-18 22:14:22 -04:00
<executions>
<execution>
<goals>
<goal>addSources</goal>
<goal>addTestSources</goal>
2014-09-18 22:14:22 -04:00
<goal>generateStubs</goal>
<goal>compile</goal>
<goal>generateTestStubs</goal>
<goal>compileTests</goal>
<goal>removeStubs</goal>
<goal>removeTestStubs</goal>
2014-09-18 22:14:22 -04:00
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy</artifactId>
2014-09-18 22:14:22 -04:00
<version>${groovy.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${surefire.plugin.version}</version>
<configuration>
<argLine>${surefire.argLine}</argLine>
</configuration>
</plugin>
2014-09-18 22:14:22 -04:00
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>${failsafe.plugin.version}</version>
2014-09-18 22:14:22 -04:00
<configuration>
<includes>
<include>**/*IT.java</include>
<include>**/*IT.groovy</include>
<include>**/*ITCase.java</include>
<include>**/*ITCase.groovy</include>
</includes>
<excludes>
<exclude>**/*ManualIT.java</exclude>
<exclude>**/*ManualIT.groovy</exclude>
</excludes>
</configuration>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.openclover</groupId>
<artifactId>clover-maven-plugin</artifactId>
2014-09-18 22:14:22 -04:00
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<id>bundle-manifest</id>
<phase>process-classes</phase>
<goals>
<goal>manifest</goal>
</goals>
</execution>
</executions>
<configuration>
<instructions>
<_include>-bnd.bnd</_include>
</instructions>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
</plugin>
2015-10-27 22:01:36 -04:00
<plugin>
<groupId>io.jsonwebtoken.coveralls</groupId>
2015-10-27 22:01:36 -04:00
<artifactId>coveralls-maven-plugin</artifactId>
<version>4.4.1</version>
2015-10-27 22:01:36 -04:00
</plugin>
2014-09-18 22:14:22 -04:00
</plugins>
</build>
2014-09-19 22:00:39 -04:00
<profiles>
<profile>
<id>jdk7</id>
<activation>
<jdk>1.7</jdk>
</activation>
<properties>
<maven.jar.version>3.2.2</maven.jar.version>
<maven.compiler.version>3.8.1</maven.compiler.version>
<orgjson.version>20230618</orgjson.version>
<bcprov.artifactId>bcprov-jdk15to18</bcprov.artifactId>
<bcpkix.artifactId>bcpkix-jdk15to18</bcpkix.artifactId>
</properties>
</profile>
2014-09-19 23:34:04 -04:00
<profile>
<id>jdk8AndLater</id>
2014-09-19 23:34:04 -04:00
<activation>
<jdk>[1.8,)</jdk>
2014-09-19 23:34:04 -04:00
</activation>
<properties>
<gmavenplus.version>3.0.2</gmavenplus.version>
<groovy.version>3.0.19</groovy.version>
<easymock.version>4.2</easymock.version>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<powermock.version>2.0.7</powermock.version>
<maven.japicmp.version>0.15.6</maven.japicmp.version>
<failsafe.plugin.version>3.1.2</failsafe.plugin.version>
<surefire.plugin.version>3.1.2</surefire.plugin.version>
2014-09-19 23:34:04 -04:00
</properties>
</profile>
<!-- <profile>-->
<!-- <id>jdk7And8</id>-->
<!-- <activation>-->
<!-- <jdk>[1.7,9)</jdk>-->
<!-- </activation>-->
<!-- <build>-->
<!-- <plugins>-->
<!-- <plugin>-->
<!-- <groupId>org.apache.maven.plugins</groupId>-->
<!-- <artifactId>maven-compiler-plugin</artifactId>-->
<!-- <version>${maven.compiler.version}</version>-->
<!-- <configuration>-->
<!-- <source>${jdk.version}</source>-->
<!-- <target>${jdk.version}</target>-->
<!-- <release />-->
<!-- <encoding>${project.build.sourceEncoding}</encoding>-->
<!-- <excludes>-->
<!-- <exclude>module-info.java</exclude>-->
<!-- </excludes>-->
<!-- </configuration>-->
<!-- </plugin>-->
<!-- </plugins>-->
<!-- </build>-->
<!-- </profile>-->
<profile>
<!-- Added profile to address https://github.com/jwtk/jjwt/issues/364 -->
<id>jdk9AndLater</id>
<activation>
<jdk>[1.9,)</jdk>
</activation>
<properties>
<maven.compiler.version>3.11.0</maven.compiler.version>
<surefire.useModulePath>false</surefire.useModulePath>
<maven.javadoc.additionalOptions>-html5</maven.javadoc.additionalOptions>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<surefire.argLine>${test.addOpens}, --illegal-access=debug</surefire.argLine>
</properties>
</profile>
2014-09-19 22:00:39 -04:00
<profile>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<id>jdk17AndLater</id>
<activation>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<jdk>[17,)</jdk>
</activation>
<properties>
JWE support (#279) * JWE support. Resolves #113 Huge feature/code change - see CHANGELOG.MD for an in-depth review of changes. Commit note log: - Added JWE AeadAlgorithm and KeyAlgorithm and supporting interfaces/implementations, and refactored SignatureAlgorithm to be an interface instead of an enum to enable custom algorithms - NoneSignatureAlgorithm cleanup. Added UnsupportedKeyExceptionTest. - Added JWK support! * Removed the previous SignatureAlgorithm implementation concepts (Provider/Signer/Validator implementations). Implementations are now interface-driven and fully pluggable. * adding tests, working towards 100% coverage. Moved api static factory class tests to impl module to avoid mocking static calls due to bridge/reflection logic. * adding tests, removed unused class * implementation checkpoint (safety save) * clean build checkpoint * continued testing w/ more coverage. Replaced PbeKey concept with PasswordKey * fixed erroneous optimize imports * Added ECDH-ES key algorithms + RFC tests * 1. Enabled targeted/limited use of BouncyCastle only when required by eliminating use of RuntimeEnvironment in favor of new Providers implementation. JJWT will no longer modify the system providers list. 2. Changed SecretKeyGenerator.generateKey() to KeyBuilderSupplier.keyBuilder() and a new SecretKeyBuilder interface. This allows users to customize the Provider and SecureRandom used during key generation if desired. 3. Added KeyLengthSupplier to allow certain algorithms the ability to determine a key bit length without forcing a key generation. 4. Ensured Pbes2 algorithms defaulted to OWASP-recommended iteration counts if not specified by the user. * 1. EcdhKeyAlgorithm: consolidated duplicate logic to a single private helper method 2. Updated RequiredTypeConverter exception message to represent the expected type as well as the found type * Minor javadoc update * 1. Javadoc cleanup. 2. Ensured CompressionException extends from io.jsonwebtoken.io.IOException 3. Deleted old POC unused JwkParser interface 4. Ensured NoneSignatureAlgorithm reflected the correct exception message for `sign` * Fixed erroneous JavaDoc, enhanced code coverage for DefaultClaims * Added jwe compression test * Added TestKeys concept for Groovy test authoring * Added tests, cleaned up state assertions for code coverage * Added tests, cleaned up state assertions for code coverage * Removed unused code * Merge branch 'master' into jwe-merge * using groovy syntax to avoid conflict with legacy SignatureAlgorithm type * JavaDoc fixes * JavaDoc fixes, test additions to work on JDK >= 15 * JavaDoc fixes, test additions to work on JDK 7 and JDK >= 15 * Test adjustment to work on Java 7 * Test adjustment to work on Java 7 * code coverage work cont'd * code coverage work cont'd * JavaDoc fix * Update impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> * lift edits * lift edits * lift edits * code coverage testing cont'd * PayloadSupplier renamed to Message * Added new KeyPairBuilder/KeyPairBuilderSupplier for parity with KeyBuilder/KeyBuilderSupplier. Switched all generate* calls to use the new API methods. * - Added lots of JavaDoc - JwtMap: Ensured Groovy GString implementations that invoke Groovy's InvokerHelper on a JwtMap implementation will print redacted values instead of the actual secret values. * - JavaDoc additions cont'd * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc additions and syntax cleanup cont'd - Minor work to fix compilation errors on a few Groovy test classes * - JavaDoc cont'd * Code coverage updates cont'd * Propagating exception wrapper function enhancements * 100% code coverage! * Minor test changes to work with JDK >= 11 * Ensured all JWK secret or private values were wrapped in a RedactedSupplier instance to prevent accidental printing of secure values * - Updated JavaDoc to reflect JWK toString safety and property access - Updated README to reflect new GsonSerializer requirements for io.jsonwebtoken.lang.Supplier * Documentation enhancements * Fixed erroneous JavaDoc element * Fixed LocatorAdapter usage now that it's abstract * Minor JavaDoc fix * JavaDoc is now complete (no warnings) for api module * Ensured JWS signatures are computed first before deserializing the body if no SigningKeyResolver has been configured. * Removed EllipticCurveSignatureAlgorithm and RsaSignatureAlgorithm concepts due to some PKCS11 and HSM security providers that cannot provide keys that implement the ECKey or RSAKey interfaces. * Removed reliance on io.jsonwebtoken.security.KeyPair now that KeyPairBuilder implementations cannot guarantee RSAKey or ECKey types * Ensured RsaKeyAlgorithm used PublicKey and PrivateKey parameters due to PKCS11 and HSM key stores that may not expose the RSAKey interface on their RSA key implementations * cleaned up EC point addition/doubling logic to be more readable and match equations in literature * Deprecated JwtParserBuilder setSigningKey* methods in favor of verifyWith for name accuracy and congruence with decryptWith * Added PositiveIntegerConverter and PublicJwkConverter for JWE Header "p2c" and "jwk" fields * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * Ensured CompressionCodec inherited Identifiable for consistency w/ all other algorithms * JavaDoc enhancement * Added Jwks.parserBuilder(), JwkParserBuilder and JwkParser concepts * Ensured ProtoJwkBuilder method names were all congruent (remaining set* methods were renamed to for*) * Minor JavaDoc organization change * Changed JweBuilder to have only two encryptWith* methods for consistency with JwtBuilder signWith* methods. Also prevents incorrect configuration by forgetting to call follow-up methods. * Removed DefaultValueGetter in favor of new FieldReadable concept to leverage Field instances instead of duplicating logic. * Adding copyright headers * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Deprecated CompressionCodecResolver in favor of Locator<CompressionCodec> * Folded in JweBuilder concept and implementation into the existing JwtBuilder * Cleanup to reduce duplicate logic * Changed plaintext JWT payload type from String to byte[] * Minor internal doc fixes * - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Updated changelog to reflect the following changes: - Added UnprotectedHeader interface - Renamed DefaultHeader to AbstractHeader - Renamed JwtParser 'plaintext'* methods to 'payload'* methods to more accurately reflect the JWT nomenclature * Adding RFC 7520 test cases. * Changed JwtBuilder/JwtParser/JwtHandler/JwtHandlerAdapter `payload` concept to `content` concept * JavaDoc error fix * Added JwtParserBuilder#addCompressionCodecs method and supporting tests * Updated changelog to reflect recent changes * doc updates * Fixed minor types in JWE related change log * Enabled Mutator and HeaderBuilder interfaces and implementations * Fixed erroneous JavaDoc * Added additional .pem files for testing PEM parsing (TBD at a later date) * Updating documentation to prepare for JWE release * more docs * docs cont'd * Update README.md Trying to prevent table wrap * Update README.md testing table whitespace wrap * Update README.md formatting testing * Update README.md formatting testing cont'd * docs cont'd * docs cont'd * docs cont'd * documentation checkpoint * documentation checkpoint, still work in progress * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * added extra info about Android BouncyCastle registration * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * documentation cont'd * Upgraded Jackson to 2.12.7 due to Jackson CVE * trying to get sonatype lift working again * Removed unnecessary println statement in test * Added JDK 19 * Removing JDK 19 until we can resolve incompatible groovy version * doc formatting test * Update README.md Fixed 'JWE Encryption Algorithms' table formatting * renamed PasswordKey to just Password, removed unnecessary WrappedSecretKey class and its one usage in favor of JDK-standard SecretKeySpec * Updated PasswordKey references to Password * Renamed DefaultPassword to PasswordSpec while also implementing KeySpec per JDK conventions. * documentation cont'd * documentation cont'd * documentation cont'd * JWT expired exception is now shows difference as now - expired Instead of now + skew - expired Fixes: #660 * documentation cont'd * Fixed erroneous error message (should be '521' not '512'). * - Removed EcKeyAlgorithm and RsaKeyAlgorithm in favor of KeyAlgorithm<PublicKey, PrivateKey> due to HSM key types unable to conform to respective ECKey or RSAKey types - added Curve concept with DefaultCurve and ECCurve implementations for use across EC/EdEC SignatureAlgorithm and KeyAlgorithm implementations - disabled Zulu JDK 10 - compiler was failing, and that is a short-term-supported version anyway - added Temurin JDK 19 and Zulu JDK 19 to the build * Removed JDK 19 builds due to error with Groovy compiler version compatibility * removed unused test, created https://github.com/jwtk/jjwt/issues/765 to address later * updated test case to reflect Edwards keys algorithm name differences between BouncyCastle and JDK 11/15 * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm * - Reordered JwtBuilder .encryptWith method arguments to match signWith conventions - Added key validation logic to DefaultRsaKeyAlgorithm - Removed mutation methods on InvalidClaimException and its subclasses, IncorrectClaimException and MissingClaimException - renamed Jwks.parserBuilder() to Jwks.parser() to reduce verbosity since we'll never likely offer a Jwts.parser() that returns a Parser instance directly. * Documentation updates * Documentation updates * Documentation updates * Adding Java-based tests for README.md code snippets (e.g. new Examples section). * Testing README code snippet in examples * Testing README code snippet in examples * Testing README code snippet in examples * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Ensured README.md examples would compile/run by testing code in a JavaReadmeTest.java class * Testing coveralls failure fix for JavaReadmeTest (unnecessary for coverage) * Message* API refactoring cleanup * Refactored SignatureAlgorithm(s) concept as a new DigestAlgorithm hierarchy to support non-keyed digests, as well as to reflect correct cryptographic taxonomy. Renamed SignatureAlgorithms utility class to JwsAlgorithms. * - Added JwkThumbprint and JWK Thumbprint URI support - Fixed various copyright headers * Updated README with JWK examples * - Added logic and test to ensure Parser builder does not allow both a signature verification key and SigningKeyResolver to be configured. - Updated README code example, and added test for verification * - Added proactive checks to ensure PublicKey instances cannot be specified on JwtBuilder to create digital signatures - Added additional tests to ensure that Password instances cannot be used with Mac algorithm instances (HS256, HS384, HS512, etc) * minor edit to reflect latest # of test cases * Minor JavaDoc improvement * Disabled parsing of unsecured compressed payloads by default, with a JwtParserBuilder#enableUnsecuredDecompression method added for override if necessary. * Refactored JcaTemplate to avoid reflection * minor readme clarification * Edwards Curve keys checkpoint * Edwards Curve keys and related functionality checkpoint. Added lots of tests. * Edwards Curve keys and related functionality checkpoint. Reached 100% code coverage. * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 15+). * Addressed EdwardsCurve differences (and a JDK 11 PKCS8 encoding bug) between JDK versions (1.7 through 18). * Adding --add-opens lines to surefire/test config to avoid unnecessary build warnings * Improved Edwards Key encoding error checks * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * added some code to test errors in CI * Improved Field/FieldBuilder implementation to make it more robust and catch type errors. JwkBuilder/Factory refactoring is likely to follow on subsequent commits. * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * Updating CI config to use the Oracle no-fee JDK builds * JavaDoc fixes * JavaDoc fixes * JavaDoc fixes * Ensured license headers are updated with correct dates based on git history, as well as ensured this is enforced in CI * fixed various build warnings and javadoc errors * Maven license plugin config cleanup. Removed now-unused header_format.xml file. * fixed javadoc error causing build failures * Changed Algorithms + Bridge concept to allow nested inner classes for simpler authoring all stemming from an 'Algorithms' class (easier to find algorithms via code completion than knowing off the top of your head which *Algorithms classes to reference). * Added license headers * Moved JwsAlgorithms to an inner class of Algorithms. Will rename to `StandardSecureDigestAlgorithms` to maintain the convention used with the other Algorithms inner classes. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. * Extracting Algorithms inner classes up a level - cleaner/easier to maintain, document and reference as JavaDoc links. Renamed JwsAlgorithms to StandardSecureDigestAlgorithms to retain the JDK 'Standard*' convention. * Removed Algorithms class in favor of direct `Standard*` `Registry` references in `Jwts` and `Jwks` helper classes to keep the references 'close' to where they are used the most. * Minor README.md documentation updates. * Copying over 6e74486 to test on the jwe branch * Ensured CI license-check build pulls full (non-shallow) git history to perform full year checks. * JavaDoc + impl + test checkpoint * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * JavaDoc + impl + test checkpoint. Returned to 100% code coverage * - Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms - Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk - Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * Ensured correct message assertion on all JDKs (value was different on JDK 15 and later) * - enabled more IANA algorithms in StandardHashAlgorithms - JavaDoc update * - JavaDoc fixes/enhancements - Fixed erroneous README.md method name reference - ensured DefaultJwkContext#getName() supports Octet keys as well. * - JavaDoc fixes/enhancements * - JavaDoc fixes/enhancements required to pass the build on later JDKs * Minor JavaDoc typo fix * Finished implementing all [RFC 8037](https://www.rfc-editor.org/rfc/rfc8037) test vectors in the Appendix * Removed accidentally-committed visibility modifier * Added copyright header * Enabled PublicKey derivation from Edwards curve PrivateKey * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Enabled PublicKey derivation from Edwards curve PrivateKey. Updated documentation and code example showing this. * Doc update to reference Octet JWK RFC. * Minor JavaDoc fix * Fixed OctetPrivateJwk discrepancy with generic parameter ordering (compared to other PrivateJwk interfaces) * Changed Jwts.header to Jwts.unprotectedHeader, and Jwts.headerBuilder is now Jwts.header --------- Co-authored-by: sonatype-lift[bot] <37194012+sonatype-lift[bot]@users.noreply.github.com> Co-authored-by: Brian Demers <bdemers@apache.org>
2023-05-18 18:21:17 -04:00
<maven.javadoc.additionalOptions>-html5</maven.javadoc.additionalOptions>
<surefire.argLine>${test.addOpens}</surefire.argLine>
</properties>
2014-09-19 22:00:39 -04:00
</profile>
<profile>
<id>jdk21AndLater</id>
<activation>
<jdk>[21,)</jdk>
</activation>
<properties>
<!-- normally this is 1.7, but as of 21, JDK 8 is the lowest source/target -->
<jdk.version>8</jdk.version>
</properties>
</profile>
2014-09-19 22:00:39 -04:00
<profile>
<id>docs</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>ossrh</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
2014-09-19 22:00:39 -04:00
</profiles>
2015-10-27 22:01:36 -04:00
</project>