From 4020dfc1d51395f295b63bc60346839ccd4ff942 Mon Sep 17 00:00:00 2001
From: Les Hazlewood <les@hazlewood.com>
Date: Sat, 21 Nov 2015 15:00:23 -0800
Subject: [PATCH] Ensures RSA Signatures can work on Android 23

---
 .../java/io/jsonwebtoken/impl/crypto/RsaSigner.java    | 10 ++++++----
 .../io/jsonwebtoken/impl/crypto/RsaSignerTest.groovy   |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/main/java/io/jsonwebtoken/impl/crypto/RsaSigner.java b/src/main/java/io/jsonwebtoken/impl/crypto/RsaSigner.java
index 3a3849df..087ac33f 100644
--- a/src/main/java/io/jsonwebtoken/impl/crypto/RsaSigner.java
+++ b/src/main/java/io/jsonwebtoken/impl/crypto/RsaSigner.java
@@ -22,15 +22,17 @@ import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.PrivateKey;
 import java.security.Signature;
-import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAKey;
 
 public class RsaSigner extends RsaProvider implements Signer {
 
     public RsaSigner(SignatureAlgorithm alg, Key key) {
         super(alg, key);
-        if (!(key instanceof RSAPrivateKey)) {
-            String msg = "RSA signatures must be computed using an RSAPrivateKey.  The specified key of type " +
-                         key.getClass().getName() + " is not an RSAPrivateKey.";
+        // https://github.com/jwtk/jjwt/issues/68
+        // Instead of checking for an instance of RSAPrivateKey, check for PrivateKey and RSAKey:
+        if (!(key instanceof PrivateKey && key instanceof RSAKey)) {
+            String msg = "RSA signatures must be computed using an RSA PrivateKey.  The specified key of type " +
+                         key.getClass().getName() + " is not an RSA PrivateKey.";
             throw new IllegalArgumentException(msg);
         }
     }
diff --git a/src/test/groovy/io/jsonwebtoken/impl/crypto/RsaSignerTest.groovy b/src/test/groovy/io/jsonwebtoken/impl/crypto/RsaSignerTest.groovy
index 39fe04c0..78032b61 100644
--- a/src/test/groovy/io/jsonwebtoken/impl/crypto/RsaSignerTest.groovy
+++ b/src/test/groovy/io/jsonwebtoken/impl/crypto/RsaSignerTest.groovy
@@ -58,8 +58,8 @@ class RsaSignerTest {
             new RsaSigner(SignatureAlgorithm.RS256, key);
             fail('RsaSigner should reject non RSAPrivateKey instances.')
         } catch (IllegalArgumentException expected) {
-            assertEquals expected.message, "RSA signatures must be computed using an RSAPrivateKey.  The specified key of type " +
-                    key.getClass().getName() + " is not an RSAPrivateKey.";
+            assertEquals expected.message, "RSA signatures must be computed using an RSA PrivateKey.  The specified key of type " +
+                    key.getClass().getName() + " is not an RSA PrivateKey.";
         }
     }