diff --git a/.gitignore b/.gitignore index bc177c84..fd163d0b 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,6 @@ .mtj.tmp/ # Package Files # -*.jar *.war *.ear diff --git a/.travis.settings.xml b/.travis.settings.xml new file mode 100644 index 00000000..29189719 --- /dev/null +++ b/.travis.settings.xml @@ -0,0 +1,35 @@ + + + + + + + + + false + + bintray-jwtk-coveralls-maven-plugin + bintray + https://dl.bintray.com/jwtk/coveralls-maven-plugin + + + + + + false + + bintray-jwtk-coveralls-maven-plugin + bintray-plugins + https://dl.bintray.com/jwtk/coveralls-maven-plugin + + + bintray + + + + bintray + + + diff --git a/.travis.yml b/.travis.yml index 5b8836e2..0d370bd3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,5 +15,5 @@ install: echo "No need to run mvn install -DskipTests then mvn install. Running script: mvn install after_success: - - test -z "$BUILD_COVERAGE" || mvn clean test jacoco:report coveralls:report + - test -z "$BUILD_COVERAGE" || mvn clean test clover:check clover:clover coveralls:report diff --git a/pom.xml b/pom.xml index 0202977e..2c1a6410 100644 --- a/pom.xml +++ b/pom.xml @@ -52,6 +52,29 @@ https://travis-ci.org/jwtk/jjwt + + + + + false + + bintray-jwtk-coveralls-maven-plugin + bintray + https://dl.bintray.com/jwtk/coveralls-maven-plugin + + + + + + false + + bintray-jwtk-coveralls-maven-plugin + bintray-plugins + https://dl.bintray.com/jwtk/coveralls-maven-plugin + + + + 3.0.2 @@ -73,6 +96,7 @@ 4.12 1.6.6 2.19.1 + 4.2.0 @@ -151,7 +175,6 @@ 4.12 test - @@ -270,19 +293,28 @@ - org.jacoco - jacoco-maven-plugin - 0.7.9 + org.openclover + clover-maven-plugin + ${clover.version} - **/io/jsonwebtoken/lang/* + **/*Test* + + io/jsonwebtoken/lang/* + 100% + 100% + 100% + 100% - prepare-agent + clover + test - prepare-agent + instrument + check + clover @@ -331,11 +363,13 @@ + - org.eluder.coveralls + org.jwtk.coveralls coveralls-maven-plugin - 4.3.0 + 4.4.0 + diff --git a/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java b/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java index 19bf7e20..0355a76a 100644 --- a/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java +++ b/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java @@ -50,9 +50,10 @@ public class GzipCompressionCodec extends AbstractCompressionCodec implements Co inputStream = new ByteArrayInputStream(compressed); gzipInputStream = new GZIPInputStream(inputStream); outputStream = new ByteArrayOutputStream(); - int read; - while ((read = gzipInputStream.read(buffer)) != -1) { + int read = gzipInputStream.read(buffer); + while (read != -1) { outputStream.write(buffer, 0, read); + read = gzipInputStream.read(buffer); } return outputStream.toByteArray(); } finally { diff --git a/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy b/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy index 187711fe..00dc67f2 100644 --- a/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy +++ b/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy @@ -1518,4 +1518,76 @@ class JwtParserTest { assertTrue e.getMessage().startsWith('JWT expired at ') } } + + @Test + void testParseMalformedJwt() { + + String header = '{"alg":"none"}' + + String payload = '{"subject":"Joe"}' + + String badSig = ";aklsjdf;kajsd;fkjas;dklfj" + + String bogus = 'bogus' + + String bad = TextCodec.BASE64.encode(header) + '.' + + TextCodec.BASE64.encode(payload) + '.' + + TextCodec.BASE64.encode(badSig) + '.' + + TextCodec.BASE64.encode(bogus) + + + try { + Jwts.parser().setSigningKey(randomKey()).parse(bad) + fail() + } catch (MalformedJwtException se) { + assertEquals 'JWT strings must contain exactly 2 period characters. Found: 3', se.message + } + + } + + @Test + void testNoHeaderNoSig() { + String payload = '{"subject":"Joe"}' + + String jwtStr = '.' + TextCodec.BASE64.encode(payload) + '.' + + Jwt jwt = Jwts.parser().parse(jwtStr) + + assertTrue jwt.header == null + assertEquals 'Joe', jwt.body.get('subject') + } + + @Test + void testNoHeaderSig() { + String payload = '{"subject":"Joe"}' + + String sig = ";aklsjdf;kajsd;fkjas;dklfj" + + String jwtStr = '.' + TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(sig) + + try { + Jwt jwt = Jwts.parser().parse(jwtStr) + fail() + } catch (MalformedJwtException se) { + assertEquals 'JWT string has a digest/signature, but the header does not reference a valid signature algorithm.', se.message + } + } + + @Test + void testBadHeaderSig() { + String header = '{"alg":"none"}' + + String payload = '{"subject":"Joe"}' + + String sig = ";aklsjdf;kajsd;fkjas;dklfj" + + String jwtStr = TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(sig) + + try { + Jwt jwt = Jwts.parser().parse(jwtStr) + fail() + } catch (MalformedJwtException se) { + assertEquals 'JWT string has a digest/signature, but the header does not reference a valid signature algorithm.', se.message + } + } }