license headers, impl checkpoint

api/src/main/java/io/jsonwebtoken/Identifiable.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken;
 
 /**

api/src/main/java/io/jsonwebtoken/Jwe.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken;
 
 /**

api/src/main/java/io/jsonwebtoken/JweBuilder.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken;
 
 import io.jsonwebtoken.security.KeyAlgorithm;

api/src/main/java/io/jsonwebtoken/JweHeader.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken;
 
 /**
@@ -10,57 +25,57 @@ public interface JweHeader extends Header<JweHeader> {
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.1">Algorithm Header</a> name: the string literal <b><code>alg</code></b>
      */
-    public static final String ALGORITHM = "alg";
+    String ALGORITHM = "alg";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.2">Encryption Algorithm Header</a> name: the string literal <b><code>enc</code></b>
      */
-    public static final String ENCRYPTION_ALGORITHM = "enc";
+    String ENCRYPTION_ALGORITHM = "enc";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.3">Compression Algorithm Header</a> name: the string literal <b><code>zip</code></b>
      */
-    public static final String COMPRESSION_ALGORITHM = "zip";
+    String COMPRESSION_ALGORITHM = "zip";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.4">JWK Set URL Header</a> name: the string literal <b><code>jku</code></b>
      */
-    public static final String JWK_SET_URL = "jku";
+    String JWK_SET_URL = "jku";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.5">JSON Web Key Header</a> name: the string literal <b><code>jwk</code></b>
      */
-    public static final String JSON_WEB_KEY = "jwk";
+    String JSON_WEB_KEY = "jwk";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.6">Key ID Header</a> name: the string literal <b><code>kid</code></b>
      */
-    public static final String KEY_ID = "kid";
+    String KEY_ID = "kid";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.7">X.509 URL Header</a> name: the string literal <b><code>x5u</code></b>
      */
-    public static final String X509_URL = "x5u";
+    String X509_URL = "x5u";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.8">X.509 Certificate Chain Header</a> name: the string literal <b><code>x5c</code></b>
      */
-    public static final String X509_CERT_CHAIN = "x5c";
+    String X509_CERT_CHAIN = "x5c";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.9">X.509 Certificate SHA-1 Thumbprint Header</a> name: the string literal <b><code>x5t</code></b>
      */
-    public static final String X509_CERT_SHA1_THUMBPRINT = "x5t";
+    String X509_CERT_SHA1_THUMBPRINT = "x5t";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.10">X.509 Certificate SHA-256 Thumbprint Header</a> name: the string literal <b><code>x5t#S256</code></b>
      */
-    public static final String X509_CERT_SHA256_THUMBPRINT = "x5t#S256";
+    String X509_CERT_SHA256_THUMBPRINT = "x5t#S256";
 
     /**
      * JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.13">Critical Header</a> name: the string literal <b><code>crit</code></b>
      */
-    public static final String CRITICAL = "crit";
+    String CRITICAL = "crit";
 
     /**
      * Returns the JWE <a href="https://tools.ietf.org/html/rfc7516#section-4.1.2"><code>enc</code></a> (Encryption

api/src/main/java/io/jsonwebtoken/JwsBuilder.java

@@ -1,7 +0,0 @@
-package io.jsonwebtoken;
-
-/**
- * @since JJWT_RELEASE_VERSION
- */
-public interface JwsBuilder extends JwtBuilder<JwsBuilder> {
-}

api/src/main/java/io/jsonwebtoken/Locator.java

@@ -1,5 +1,23 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface Locator<H extends Header<H>, R> {
 
     R locate(H header);

api/src/main/java/io/jsonwebtoken/LocatorAdapter.java

@@ -1,11 +1,25 @@
-package io.jsonwebtoken.security;
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.jsonwebtoken;
 
-import io.jsonwebtoken.Header;
-import io.jsonwebtoken.JweHeader;
-import io.jsonwebtoken.JwsHeader;
-import io.jsonwebtoken.Locator;
 import io.jsonwebtoken.lang.Assert;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public abstract class LocatorAdapter<H extends Header<H>, R> implements Locator<H, R> {
 
     @Override

api/src/main/java/io/jsonwebtoken/SigningKeyResolverAdapter.java

@@ -21,10 +21,19 @@ import javax.crypto.spec.SecretKeySpec;
 import java.security.Key;
 
 /**
+ * <h4>Deprecation Notice</h4>
+ * <p>As of JJWT JJWT_RELEASE_VERSION, various Resolver concepts (including the {@code SigningKeyResolver}) have been
+ * unified into a single {@link Locator} interface.  For key location, (for both signing and encryption keys),
+ * use the {@link JwtParserBuilder#setKeyLocator(Locator)} to configure a parser with your desired Key locator instead
+ * of using a {@code SigningKeyResolver}. Also see {@link LocatorAdapter} for the Adapter pattern parallel of this
+ * class. <b>This {@code SigningKeyResolverAdapter} class will be removed before the 1.0 release.</b></p>
+ *
+ * <h4>Previous Documentation</h4>
  * An <a href="http://en.wikipedia.org/wiki/Adapter_pattern">Adapter</a> implementation of the
  * {@link SigningKeyResolver} interface that allows subclasses to process only the type of JWS body that
  * is known/expected for a particular case.
  *
+ * <h4>Previous Documentation</h4>
  * <p>The {@link #resolveSigningKey(JwsHeader, Claims)} and {@link #resolveSigningKey(JwsHeader, String)} method
  * implementations delegate to the
  * {@link #resolveSigningKeyBytes(JwsHeader, Claims)} and {@link #resolveSigningKeyBytes(JwsHeader, String)} methods
@@ -36,8 +45,13 @@ import java.security.Key;
  * are not overridden, one (or both) of the *KeyBytes variants must be overridden depending on your expected
  * use case.  You do not have to override any method that does not represent an expected condition.</p>
  *
+ * @see io.jsonwebtoken.JwtParserBuilder#setKeyLocator(Locator)
+ * @see LocatorAdapter
  * @since 0.4
+ * @deprecated since JJWT_RELEASE_VERSION. Use {@link LocatorAdapter LocatorAdapter} with
+ * {@link JwtParserBuilder#setKeyLocator(Locator)}
  */
+@Deprecated
 public class SigningKeyResolverAdapter implements SigningKeyResolver {
 
     @Override

api/src/main/java/io/jsonwebtoken/security/AeadResult.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 /**

api/src/main/java/io/jsonwebtoken/security/AssociatedDataSupplier.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 jsonwebtoken.io
+ * Copyright (C) 2021 jsonwebtoken.io
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

api/src/main/java/io/jsonwebtoken/security/AsymmetricJwk.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.net.URI;
@@ -5,6 +20,9 @@ import java.security.Key;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface AsymmetricJwk<K extends Key> extends Jwk<K> {
 
     String getPublicKeyUse();

api/src/main/java/io/jsonwebtoken/security/AsymmetricJwkBuilder.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.net.URI;
@@ -5,6 +20,9 @@ import java.security.Key;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface AsymmetricJwkBuilder<K extends Key, J extends AsymmetricJwk<K>, T extends AsymmetricJwkBuilder<K, J, T>> extends JwkBuilder<K, J, T> {
 
     T setPublicKeyUse(String use);

api/src/main/java/io/jsonwebtoken/security/AsymmetricKeyGenerator.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.KeyPair;

api/src/main/java/io/jsonwebtoken/security/AsymmetricKeySignatureAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;

api/src/main/java/io/jsonwebtoken/security/CryptoException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 jsonwebtoken.io
+ * Copyright (C) 2021 jsonwebtoken.io
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

api/src/main/java/io/jsonwebtoken/security/CryptoRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.Key;

api/src/main/java/io/jsonwebtoken/security/DigestSupplier.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 jsonwebtoken.io
+ * Copyright (C) 2021 jsonwebtoken.io
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

api/src/main/java/io/jsonwebtoken/security/EcKeyAlgorithm.java

@@ -1,8 +1,26 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.interfaces.ECKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface EcKeyAlgorithm<E extends ECKey & PublicKey, D extends ECKey & PrivateKey> extends KeyAlgorithm<E, D> {
 }

api/src/main/java/io/jsonwebtoken/security/EcPrivateJwk.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface EcPrivateJwk extends PrivateJwk<ECPrivateKey, ECPublicKey, EcPublicJwk> {
 }

api/src/main/java/io/jsonwebtoken/security/EcPrivateJwkBuilder.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface EcPrivateJwkBuilder extends PrivateJwkBuilder<ECPrivateKey, ECPublicKey, EcPublicJwk, EcPrivateJwk, EcPrivateJwkBuilder> {
 }

api/src/main/java/io/jsonwebtoken/security/EcPublicJwk.java

@@ -1,6 +1,24 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.ECPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface EcPublicJwk extends PublicJwk<ECPublicKey> {
 }

api/src/main/java/io/jsonwebtoken/security/EcPublicJwkBuilder.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface EcPublicJwkBuilder extends PublicJwkBuilder<ECPublicKey, ECPrivateKey, EcPublicJwk, EcPrivateJwk, EcPrivateJwkBuilder, EcPublicJwkBuilder> {
 }

api/src/main/java/io/jsonwebtoken/security/EllipticCurveSignatureAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;

api/src/main/java/io/jsonwebtoken/security/EncryptionAlgorithms.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.lang.Assert;

api/src/main/java/io/jsonwebtoken/security/InitializationVectorSupplier.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 /**

api/src/main/java/io/jsonwebtoken/security/Jwk.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.Identifiable;

api/src/main/java/io/jsonwebtoken/security/JwkBuilder.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.Key;

api/src/main/java/io/jsonwebtoken/security/Jwks.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.lang.Classes;

api/src/main/java/io/jsonwebtoken/security/KeyAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.Identifiable;

api/src/main/java/io/jsonwebtoken/security/KeyAlgorithms.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.lang.Assert;

api/src/main/java/io/jsonwebtoken/security/KeyRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.JweHeader;

api/src/main/java/io/jsonwebtoken/security/KeyResult.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;

api/src/main/java/io/jsonwebtoken/security/KeySupplier.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.Key;

api/src/main/java/io/jsonwebtoken/security/MalformedKeyException.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 /**

api/src/main/java/io/jsonwebtoken/security/PayloadSupplier.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 /**

api/src/main/java/io/jsonwebtoken/security/PbeKey.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface PbeKey extends SecretKey {
 
     char[] getPassword();

api/src/main/java/io/jsonwebtoken/security/PbeKeyBuilder.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.interfaces.PBEKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface PbeKeyBuilder<K extends PbeKey> {
 
     PbeKeyBuilder<K> forKey(PBEKey jcaKey);

api/src/main/java/io/jsonwebtoken/security/PrivateJwk.java

@@ -1,9 +1,27 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface PrivateJwk<K extends PrivateKey, L extends PublicKey, M extends PublicJwk<L>> extends AsymmetricJwk<K> {
 
     M toPublicJwk();

api/src/main/java/io/jsonwebtoken/security/PrivateJwkBuilder.java

@@ -1,8 +1,26 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;
 import java.security.PublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface PrivateJwkBuilder<K extends PrivateKey, L extends PublicKey,
     J extends PublicJwk<L>, M extends PrivateJwk<K, L, J>,
     T extends PrivateJwkBuilder<K, L, J, M, T>> extends AsymmetricJwkBuilder<K, M, T> {

api/src/main/java/io/jsonwebtoken/security/ProtoJwkBuilder.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;
@@ -8,6 +23,9 @@ import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface ProtoJwkBuilder<K extends Key, J extends Jwk<K>, T extends JwkBuilder<K, J, T>> extends JwkBuilder<K, J, T> {
 
     SecretJwkBuilder setKey(SecretKey key);

api/src/main/java/io/jsonwebtoken/security/PublicJwk.java

@@ -1,6 +1,24 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface PublicJwk<K extends PublicKey> extends AsymmetricJwk<K> {
 }

api/src/main/java/io/jsonwebtoken/security/PublicJwkBuilder.java

@@ -1,8 +1,26 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;
 import java.security.PublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface PublicJwkBuilder<K extends PublicKey, L extends PrivateKey, J extends PublicJwk<K>, M extends PrivateJwk<L, K, J>, P extends PrivateJwkBuilder<L, K, J, M, P>, T extends PublicJwkBuilder<K, L, J, M, P, T>> extends AsymmetricJwkBuilder<K, J, T> {
 
     P setPrivateKey(L privateKey);

api/src/main/java/io/jsonwebtoken/security/RsaKeyAlgorithm.java

@@ -1,8 +1,26 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.interfaces.RSAKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface RsaKeyAlgorithm<EK extends RSAKey & PublicKey, DK extends RSAKey & PrivateKey> extends KeyAlgorithm<EK, DK> {
 }

api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwk.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface RsaPrivateJwk extends PrivateJwk<RSAPrivateKey, RSAPublicKey, RsaPublicJwk> {
 }

api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwkBuilder.java

@@ -1,7 +1,25 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface RsaPrivateJwkBuilder extends PrivateJwkBuilder<RSAPrivateKey, RSAPublicKey, RsaPublicJwk, RsaPrivateJwk, RsaPrivateJwkBuilder> {
 }

api/src/main/java/io/jsonwebtoken/security/RsaPublicJwk.java

@@ -1,6 +1,24 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.RSAPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface RsaPublicJwk extends PublicJwk<RSAPublicKey> {
 }

api/src/main/java/io/jsonwebtoken/security/RsaPublicJwkBuilder.java

@@ -1,8 +1,26 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface RsaPublicJwkBuilder extends PublicJwkBuilder<RSAPublicKey, RSAPrivateKey, RsaPublicJwk, RsaPrivateJwk, RsaPrivateJwkBuilder, RsaPublicJwkBuilder> {
 
 }

api/src/main/java/io/jsonwebtoken/security/RsaSignatureAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.PrivateKey;

api/src/main/java/io/jsonwebtoken/security/SecretJwk.java

@@ -1,6 +1,24 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface SecretJwk extends Jwk<SecretKey> {
 }

api/src/main/java/io/jsonwebtoken/security/SecretJwkBuilder.java

@@ -1,6 +1,24 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;
 
+/**
+ * @since JJWT_RELEASE_VERSION
+ */
 public interface SecretJwkBuilder extends JwkBuilder<SecretKey, SecretJwk, SecretJwkBuilder> {
 }

api/src/main/java/io/jsonwebtoken/security/SecretKeyGenerator.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;

api/src/main/java/io/jsonwebtoken/security/SecretKeySignatureAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;

api/src/main/java/io/jsonwebtoken/security/SecurityRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.Provider;

api/src/main/java/io/jsonwebtoken/security/SignatureAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.Identifiable;

api/src/main/java/io/jsonwebtoken/security/SignatureAlgorithms.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.lang.Assert;

api/src/main/java/io/jsonwebtoken/security/SignatureRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.Key;

api/src/main/java/io/jsonwebtoken/security/SymmetricAeadAlgorithm.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import io.jsonwebtoken.Identifiable;

api/src/main/java/io/jsonwebtoken/security/SymmetricAeadDecryptionRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 /**

api/src/main/java/io/jsonwebtoken/security/SymmetricAeadRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import javax.crypto.SecretKey;

api/src/main/java/io/jsonwebtoken/security/UnsupportedKeyException.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 /**

api/src/main/java/io/jsonwebtoken/security/VerifySignatureRequest.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2021 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package io.jsonwebtoken.security;
 
 import java.security.Key;

impl/src/main/java/io/jsonwebtoken/impl/security/ConstantKeyLocator.java

@@ -4,9 +4,9 @@ import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Header;
 import io.jsonwebtoken.JweHeader;
 import io.jsonwebtoken.JwsHeader;
+import io.jsonwebtoken.LocatorAdapter;
 import io.jsonwebtoken.SigningKeyResolver;
 import io.jsonwebtoken.impl.lang.Function;
-import io.jsonwebtoken.security.LocatorAdapter;
 
 import java.security.Key;
 

impl/src/main/java/io/jsonwebtoken/impl/security/KeyAlgorithmsBridge.java

@@ -1,5 +1,6 @@
 package io.jsonwebtoken.impl.security;
 
+import io.jsonwebtoken.JweHeader;
 import io.jsonwebtoken.UnsupportedJwtException;
 import io.jsonwebtoken.impl.DefaultJweHeader;
 import io.jsonwebtoken.impl.IdRegistry;
@@ -121,6 +122,18 @@ public final class KeyAlgorithmsBridge {
         };
     }
 
+    private static char randomChar() {
+        return (char) Randoms.secureRandom().nextInt(Character.MAX_VALUE);
+    }
+
+    private static char[] randomChars(int length) {
+        char[] chars = new char[length];
+        for(int i = 0; i < length; i++) {
+            chars[i] = randomChar();
+        }
+        return chars;
+    }
+
     public static int estimateIterations(KeyAlgorithm<PbeKey, SecretKey> alg, long desiredMillis) {
 
         // The number of computational samples that land in our 'sweet spot' timing range matching desiredMillis.
@@ -129,17 +142,16 @@ public final class KeyAlgorithmsBridge {
         // reasonably close to desiredMillis:
         final int NUM_SAMPLES = 30;
         final int SKIP = 3;
+        // More important than the actual password (or characters) is the password length.
+        // 8 characters is a commonly-found minimum required length in many systems circa 2021.
+        final int PASSWORD_LENGTH = 8;
 
-        // This is used by `alg` to generate an encryption key during the PBE attempt.  While technically the time to
+        final JweHeader HEADER = new DefaultJweHeader(); // not used during execution, needed to satisfy API call.
-        // generate this key during the alg call is not part of the hashing time and shouldn't be counted towards
+        final SymmetricAeadAlgorithm ENC_ALG = EncryptionAlgorithms.A128GCM; // not used, needed to satisfy API
-        // desiredMillis, in practice, this is so fast (about ~ 3 milliseconds total aggregated across all
-        // NUM_SAMPLES on a developer laptop), it is in practice negligible, so we won't need to adjust our
-        // timing logic below to account for this.
-        SymmetricAeadAlgorithm encAlg = EncryptionAlgorithms.A128GCM;
 
-        // Strip away all things that cause time during computation except for the actual hashing algorithm:
         if (alg instanceof Pbes2HsAkwAlgorithm) {
-            alg = lean((Pbes2HsAkwAlgorithm) alg); //strip out everything except for the computation we care about
+            // Strip away all things that cause time during computation except for the actual hashing algorithm:
+            alg = lean((Pbes2HsAkwAlgorithm) alg);
         }
 
         int workFactor = 1000; // same as iterations for PBKDF2.  Different concept for Bcrypt/Scrypt
@@ -147,8 +159,10 @@ public final class KeyAlgorithmsBridge {
         List<Point> points = new ArrayList<>(NUM_SAMPLES);
         for (int i = 0; points.size() < NUM_SAMPLES; i++) {
 
-            PbeKey pbeKey = Keys.forPbe().setPassword("12345678").setWorkFactor(workFactor).build();
+            char[] password = randomChars(PASSWORD_LENGTH);
-            KeyRequest<SecretKey, PbeKey> request = new DefaultKeyRequest<>(null, null, null, pbeKey, new DefaultJweHeader(), encAlg);
+            PbeKey pbeKey = Keys.forPbe().setPassword(password).setWorkFactor(workFactor).build();
+            KeyRequest<SecretKey, PbeKey> request =
+                new DefaultKeyRequest<>(null, null, null, pbeKey, HEADER, ENC_ALG);
 
             long start = System.currentTimeMillis();
             alg.getEncryptionKey(request); // <-- Computation occurs here.  Don't need the result, just need to exec

impl/src/main/java/io/jsonwebtoken/impl/security/Pbes2HsAkwAlgorithm.java

@@ -147,10 +147,11 @@ public class Pbes2HsAkwAlgorithm extends CryptoAlgorithm implements KeyAlgorithm
     }
 
     private static char[] toChars(byte[] bytes) {
+        // use bytebuffer/charbuffer so we don't create a String that remains in the JVM string memory table (heap)
+        // the respective byte and char arrays will be cleared by the caller
         ByteBuffer buf = ByteBuffer.wrap(bytes);
         CharBuffer cbuf = StandardCharsets.UTF_8.decode(buf);
-        char[] chars = cbuf.compact().array();
+        return cbuf.compact().array();
-        return chars;
     }
 
     private char[] toPasswordChars(SecretKey key) {

impl/src/main/java/io/jsonwebtoken/impl/security/Randoms.java

@@ -1,8 +1,5 @@
 package io.jsonwebtoken.impl.security;
 
-import io.jsonwebtoken.lang.Assert;
-import io.jsonwebtoken.security.CryptoRequest;
-
 import java.security.SecureRandom;
 
 /**

impl/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy

@@ -25,7 +25,6 @@ import io.jsonwebtoken.security.SignatureException
 import org.junit.Test
 
 import javax.crypto.SecretKey
-import javax.crypto.spec.SecretKeySpec
 import java.security.SecureRandom
 
 import static ClaimJwtException.INCORRECT_EXPECTED_CLAIM_MESSAGE_TEMPLATE
@@ -33,6 +32,7 @@ import static ClaimJwtException.MISSING_EXPECTED_CLAIM_MESSAGE_TEMPLATE
 import static io.jsonwebtoken.DateTestUtils.truncateMillis
 import static org.junit.Assert.*
 
+@SuppressWarnings('GrDeprecatedAPIUsage')
 class JwtParserTest {
 
     private static final SecureRandom random = new SecureRandom() //doesn't need to be seeded - just testing

impl/src/test/groovy/io/jsonwebtoken/impl/security/Pbes2HsAkwAlgorithmTest.groovy

@@ -4,18 +4,20 @@ import io.jsonwebtoken.impl.DefaultJweHeader
 import io.jsonwebtoken.security.EncryptionAlgorithms
 import io.jsonwebtoken.security.KeyAlgorithms
 import io.jsonwebtoken.security.Keys
+import org.junit.Ignore
 import org.junit.Test
 
 import java.nio.charset.StandardCharsets
 
 class Pbes2HsAkwAlgorithmTest {
 
+    @Ignore // for manual/developer testing only.  Takes a long time and there is no deterministic output to assert
     @Test
     void test() {
 
         def alg = KeyAlgorithms.PBES2_HS256_A128KW
 
-        int desiredMillis = 200
+        int desiredMillis = 100
         int iterations = KeyAlgorithms.estimateIterations(alg, desiredMillis)
         println "Estimated iterations: $iterations"
 

impl/src/test/groovy/io/jsonwebtoken/impl/security/RandomsTest.groovy

@@ -2,6 +2,10 @@ package io.jsonwebtoken.impl.security
 
 import org.junit.Test
 
+import java.security.SecureRandom
+
+import static org.junit.Assert.assertTrue
+
 /**
  * @since JJWT_RELEASE_VERSION
  */
@@ -11,4 +15,10 @@ class RandomsTest {
     void testPrivateCtor() { //for code coverage only
         new Randoms()
     }
+
+    @Test
+    void testSecureRandom() {
+        def random = Randoms.secureRandom()
+        assertTrue random instanceof SecureRandom
+    }
 }