honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '0.10.x'

This commit is contained in:
Les Hazlewood 2018-08-14 12:31:34 -04:00
parent 31b4386b64 eca0b0614d
commit a7ee38053d
3 changed files with 35 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -179,18 +179,18 @@ If you're building a (non-Android) JDK project, you will want to define the foll
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.10.3</version>
<version>0.10.4</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.10.3</version>
<version>0.10.4</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.10.3</version>
<version>0.10.4</version>
<scope>runtime</scope>
</dependency>
<!-- Uncomment this next dependency if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
@ -209,11 +209,11 @@ If you're building a (non-Android) JDK project, you will want to define the foll
```groovy
dependencies {
compile 'io.jsonwebtoken:jjwt-api:0.10.3'
runtime 'io.jsonwebtoken:jjwt-impl:0.10.3',
compile 'io.jsonwebtoken:jjwt-api:0.10.4'
runtime 'io.jsonwebtoken:jjwt-impl:0.10.4',
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
//'org.bouncycastle:bcprov-jdk15on:1.60',
'io.jsonwebtoken:jjwt-jackson:0.10.3'
'io.jsonwebtoken:jjwt-jackson:0.10.4'
}
```
@ -229,9 +229,9 @@ Add the dependencies to your project:
```groovy
dependencies {
api 'io.jsonwebtoken:jjwt-api:0.10.3'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.3'
runtimeOnly('io.jsonwebtoken:jjwt-orgjson:0.10.3') {
api 'io.jsonwebtoken:jjwt-api:0.10.4'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.4'
runtimeOnly('io.jsonwebtoken:jjwt-orgjson:0.10.4') {
exclude group: 'org.json', module: 'json' //provided by Android natively
}
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
@ -1194,7 +1194,7 @@ scope which is the typical JJWT default). That is:
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.10.3</version>
<version>0.10.4</version>
<scope>compile</scope> <!-- Not runtime -->
</dependency>
```
@ -1203,7 +1203,7 @@ scope which is the typical JJWT default). That is:
```groovy
dependencies {
compile 'io.jsonwebtoken:jjwt-jackson:0.10.3'
compile 'io.jsonwebtoken:jjwt-jackson:0.10.4'
}
```

6
api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java
View File

@ -349,7 +349,11 @@ public enum SignatureAlgorithm {
if (alg == null) {
throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm cannot be null.");
}
if (!HS256.jcaName.equals(alg) && !HS384.jcaName.equals(alg) && !HS512.jcaName.equals(alg)) {
// These next checks use equalsIgnoreCase per https://github.com/jwtk/jjwt/issues/381#issuecomment-412912272
if (!HS256.jcaName.equalsIgnoreCase(alg) &&
!HS384.jcaName.equalsIgnoreCase(alg) &&
!HS512.jcaName.equalsIgnoreCase(alg)) {
throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm '" + alg +
"' does not equal a valid HmacSHA* algorithm name and cannot be used with " + name() + ".");
}

19
api/src/test/groovy/io/jsonwebtoken/SignatureAlgorithmTest.groovy
View File

@ -372,6 +372,25 @@ class SignatureAlgorithmTest {
}
}
@Test // https://github.com/jwtk/jjwt/issues/381
void testAssertValidHmacSigningKeyCaseInsensitiveJcaName() {
for (SignatureAlgorithm alg : SignatureAlgorithm.values().findAll { it.isHmac() }) {
SecretKey key = createMock(SecretKey)
int numBits = alg.minKeyLength
int numBytes = numBits / 8 as int
expect(key.getEncoded()).andReturn(new byte[numBytes])
expect(key.getAlgorithm()).andReturn(alg.jcaName.toUpperCase()) // <-- upper case, non standard JCA name
replay key
alg.assertValidSigningKey(key)
verify key
}
}
@Test
void testAssertValidHmacSigningKeyUnsupportedAlgorithm() {