diff --git a/.travis.yml b/.travis.yml
index 5b8836e2..0d370bd3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,5 +15,5 @@ install: echo "No need to run mvn install -DskipTests then mvn install. Running
script: mvn install
after_success:
- - test -z "$BUILD_COVERAGE" || mvn clean test jacoco:report coveralls:report
+ - test -z "$BUILD_COVERAGE" || mvn clean test clover:check clover:clover coveralls:report
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68022b8e..697cb256 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
## Release Notes
+### 0.8.0
+
+This is a minor feature enhancement, dependency version update and build update release. We switched from Jacoco to
+OpenClover as OpenClover delivers a higher quality of test metrics. As an interim measure, we introduced a new
+repository that has an updated version of the coveralls-maven-plugin which includes support for Clover reporting to
+Coveralls. Once this change has been merged and released to the official coveralls-maven-plugin on maven central,
+this repository will be removed. The following dependencies were updated to the latest release version: maven
+compiler, maven enforcer, maven failsafe, maven release, maven scm provider, maven bundle, maven gpg, maven source,
+maven javadoc, jackson, bouncy castle, groovy, logback and powermock. Of significance, is the upgrade for jackson as
+a security issue was addressed in its latest release.
+
+An `addClaims` method is added to the `JwtBuilder` interface in this release. It adds all given name/value pairs to
+the JSON Claims in the payload.
+
+Additional tests were added to improve overall test coverage.
+
### 0.7.0
This is a minor feature enhancement and bugfix release. One of the bug fixes is particularly important if using
diff --git a/README.md b/README.md
index 1984b3cf..0a8a3b93 100644
--- a/README.md
+++ b/README.md
@@ -7,10 +7,10 @@ JJWT aims to be the easiest to use and understand library for creating and verif
JJWT is a Java implementation based on the [JWT](https://tools.ietf.org/html/rfc7519), [JWS](https://tools.ietf.org/html/rfc7515), [JWE](https://tools.ietf.org/html/rfc7516), [JWK](https://tools.ietf.org/html/rfc7517) and [JWA](https://tools.ietf.org/html/rfc7518) RFC specifications.
-The library was created by [Stormpath's](http://www.stormpath.com) CTO, [Les Hazlewood](https://github.com/lhazlewood)
+The library was created by [Okta's](http://www.okta.com) Senior Architect, [Les Hazlewood](https://github.com/lhazlewood)
and is now maintained by a [community](https://github.com/jwtk/jjwt/graphs/contributors) of contributors.
-[Stormpath](https://stormpath.com/) is a complete authentication and user management API for developers.
+[Okta](https://developer.okta.com/) is a complete authentication and user management API for developers.
We've also added some convenience extensions that are not part of the specification, such as JWT compression and claim enforcement.
@@ -225,13 +225,13 @@ JJWT depends on Jackson 2.8.x (or later). If you are already using a Jackson ve
com.fasterxml.jackson.core
jackson-databind
- 2.8.2
+ 2.8.9
```
## Author
-Maintained by [Stormpath](https://stormpath.com/)
+Maintained by [Okta](https://okta.com/)
## Licensing
diff --git a/pom.xml b/pom.xml
index 0202977e..f313eff4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
io.jsonwebtoken
jjwt
- 0.8.0-SNAPSHOT
+ 0.9.0-SNAPSHOT
JSON Web Token support for the JVM
jar
@@ -52,6 +52,29 @@
https://travis-ci.org/jwtk/jjwt
+
+
+
+
+ false
+
+ bintray-jwtk-coveralls-maven-plugin
+ bintray
+ https://dl.bintray.com/jwtk/coveralls-maven-plugin
+
+
+
+
+
+ false
+
+ bintray-jwtk-coveralls-maven-plugin
+ bintray-plugins
+ https://dl.bintray.com/jwtk/coveralls-maven-plugin
+
+
+
+
3.0.2
@@ -73,6 +96,7 @@
4.12
1.6.6
2.19.1
+ 4.2.0
@@ -151,7 +175,6 @@
4.12
test
-
@@ -270,19 +293,28 @@
- org.jacoco
- jacoco-maven-plugin
- 0.7.9
+ org.openclover
+ clover-maven-plugin
+ ${clover.version}
- **/io/jsonwebtoken/lang/*
+ **/*Test*
+
+ io/jsonwebtoken/lang/*
+ 100%
+ 100%
+ 100%
+ 100%
- prepare-agent
+ clover
+ test
- prepare-agent
+ instrument
+ check
+ clover
@@ -331,11 +363,13 @@
+
- org.eluder.coveralls
+ org.jwtk.coveralls
coveralls-maven-plugin
- 4.3.0
+ 4.4.0
+
diff --git a/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java b/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
index 19bf7e20..0355a76a 100644
--- a/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
+++ b/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
@@ -50,9 +50,10 @@ public class GzipCompressionCodec extends AbstractCompressionCodec implements Co
inputStream = new ByteArrayInputStream(compressed);
gzipInputStream = new GZIPInputStream(inputStream);
outputStream = new ByteArrayOutputStream();
- int read;
- while ((read = gzipInputStream.read(buffer)) != -1) {
+ int read = gzipInputStream.read(buffer);
+ while (read != -1) {
outputStream.write(buffer, 0, read);
+ read = gzipInputStream.read(buffer);
}
return outputStream.toByteArray();
} finally {
diff --git a/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy b/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
index 187711fe..00dc67f2 100644
--- a/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
+++ b/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
@@ -1518,4 +1518,76 @@ class JwtParserTest {
assertTrue e.getMessage().startsWith('JWT expired at ')
}
}
+
+ @Test
+ void testParseMalformedJwt() {
+
+ String header = '{"alg":"none"}'
+
+ String payload = '{"subject":"Joe"}'
+
+ String badSig = ";aklsjdf;kajsd;fkjas;dklfj"
+
+ String bogus = 'bogus'
+
+ String bad = TextCodec.BASE64.encode(header) + '.' +
+ TextCodec.BASE64.encode(payload) + '.' +
+ TextCodec.BASE64.encode(badSig) + '.' +
+ TextCodec.BASE64.encode(bogus)
+
+
+ try {
+ Jwts.parser().setSigningKey(randomKey()).parse(bad)
+ fail()
+ } catch (MalformedJwtException se) {
+ assertEquals 'JWT strings must contain exactly 2 period characters. Found: 3', se.message
+ }
+
+ }
+
+ @Test
+ void testNoHeaderNoSig() {
+ String payload = '{"subject":"Joe"}'
+
+ String jwtStr = '.' + TextCodec.BASE64.encode(payload) + '.'
+
+ Jwt jwt = Jwts.parser().parse(jwtStr)
+
+ assertTrue jwt.header == null
+ assertEquals 'Joe', jwt.body.get('subject')
+ }
+
+ @Test
+ void testNoHeaderSig() {
+ String payload = '{"subject":"Joe"}'
+
+ String sig = ";aklsjdf;kajsd;fkjas;dklfj"
+
+ String jwtStr = '.' + TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(sig)
+
+ try {
+ Jwt jwt = Jwts.parser().parse(jwtStr)
+ fail()
+ } catch (MalformedJwtException se) {
+ assertEquals 'JWT string has a digest/signature, but the header does not reference a valid signature algorithm.', se.message
+ }
+ }
+
+ @Test
+ void testBadHeaderSig() {
+ String header = '{"alg":"none"}'
+
+ String payload = '{"subject":"Joe"}'
+
+ String sig = ";aklsjdf;kajsd;fkjas;dklfj"
+
+ String jwtStr = TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(sig)
+
+ try {
+ Jwt jwt = Jwts.parser().parse(jwtStr)
+ fail()
+ } catch (MalformedJwtException se) {
+ assertEquals 'JWT string has a digest/signature, but the header does not reference a valid signature algorithm.', se.message
+ }
+ }
}