Merge pull request #251 from jwtk/switch_to_clover

Switch to clover

.travis.yml

@@ -15,5 +15,5 @@ install: echo "No need to run mvn install -DskipTests then mvn install.  Running
 script: mvn install
 
 after_success:
-  - test -z "$BUILD_COVERAGE" || mvn clean test jacoco:report coveralls:report
+  - test -z "$BUILD_COVERAGE" || mvn clean test clover:check clover:clover coveralls:report
 

pom.xml

@@ -52,6 +52,29 @@
         <url>https://travis-ci.org/jwtk/jjwt</url>
     </ciManagement>
 
+    <!-- temporary fix until official release of coverall-maven-plugin with clover support -->
+    <repositories>
+        <repository>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+            <id>bintray-jwtk-coveralls-maven-plugin</id>
+            <name>bintray</name>
+            <url>https://dl.bintray.com/jwtk/coveralls-maven-plugin</url>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <pluginRepository>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+            <id>bintray-jwtk-coveralls-maven-plugin</id>
+            <name>bintray-plugins</name>
+            <url>https://dl.bintray.com/jwtk/coveralls-maven-plugin</url>
+        </pluginRepository>
+    </pluginRepositories>
+    <!-- temporary fix until official release of coverall-maven-plugin with clover support -->
+
     <properties>
 
         <maven.jar.version>3.0.2</maven.jar.version>
@@ -73,6 +96,7 @@
         <junit.version>4.12</junit.version>
         <powermock.version>1.6.6</powermock.version>
         <failsafe.plugin.version>2.19.1</failsafe.plugin.version>
+        <clover.version>4.2.0</clover.version>
 
     </properties>
 
@@ -151,7 +175,6 @@
             <version>4.12</version>
             <scope>test</scope>
         </dependency>
-
     </dependencies>
 
     <build>
@@ -270,19 +293,28 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.jacoco</groupId>
+                <groupId>org.openclover</groupId>
-                <artifactId>jacoco-maven-plugin</artifactId>
+                <artifactId>clover-maven-plugin</artifactId>
-                <version>0.7.9</version>
+                <version>${clover.version}</version>
                 <configuration>
                     <excludes>
-                        <exclude>**/io/jsonwebtoken/lang/*</exclude>
+                        <exclude>**/*Test*</exclude>
+                        <!-- leaving out lang as it mostly comes from other sources -->
+                        <exclude>io/jsonwebtoken/lang/*</exclude>
                     </excludes>
+                    <methodPercentage>100%</methodPercentage>
+                    <statementPercentage>100%</statementPercentage>
+                    <conditionalPercentage>100%</conditionalPercentage>
+                    <targetPercentage>100%</targetPercentage>
                 </configuration>
                 <executions>
                     <execution>
-                        <id>prepare-agent</id>
+                        <id>clover</id>
+                        <phase>test</phase>
                         <goals>
-                            <goal>prepare-agent</goal>
+                            <goal>instrument</goal>
+                            <goal>check</goal>
+                            <goal>clover</goal>
                         </goals>
                     </execution>
                 </executions>
@@ -331,11 +363,13 @@
                     </instructions>
                 </configuration>
             </plugin>
+            <!-- Temporarily host coveralls SNAPSHOT with clover support locally  -->
             <plugin>
-                <groupId>org.eluder.coveralls</groupId>
+                <groupId>org.jwtk.coveralls</groupId>
                 <artifactId>coveralls-maven-plugin</artifactId>
-                <version>4.3.0</version>
+                <version>4.4.0</version>
             </plugin>
+            <!-- Temporarily host coveralls SNAPSHOT with clover support locally  -->
         </plugins>
     </build>
     <profiles>

src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java

@@ -50,9 +50,10 @@ public class GzipCompressionCodec extends AbstractCompressionCodec implements Co
             inputStream = new ByteArrayInputStream(compressed);
             gzipInputStream = new GZIPInputStream(inputStream);
             outputStream = new ByteArrayOutputStream();
-            int read;
+            int read = gzipInputStream.read(buffer);
-            while ((read = gzipInputStream.read(buffer)) != -1) {
+            while (read != -1) {
                 outputStream.write(buffer, 0, read);
+                read = gzipInputStream.read(buffer);
             }
             return outputStream.toByteArray();
         } finally {

src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy

@@ -1518,4 +1518,76 @@ class JwtParserTest {
             assertTrue e.getMessage().startsWith('JWT expired at ')
         }
     }
+
+    @Test
+    void testParseMalformedJwt() {
+
+        String header = '{"alg":"none"}'
+
+        String payload = '{"subject":"Joe"}'
+
+        String badSig = ";aklsjdf;kajsd;fkjas;dklfj"
+
+        String bogus = 'bogus'
+
+        String bad = TextCodec.BASE64.encode(header) + '.' +
+            TextCodec.BASE64.encode(payload) + '.' +
+            TextCodec.BASE64.encode(badSig) + '.' +
+            TextCodec.BASE64.encode(bogus)
+
+
+        try {
+            Jwts.parser().setSigningKey(randomKey()).parse(bad)
+            fail()
+        } catch (MalformedJwtException se) {
+            assertEquals 'JWT strings must contain exactly 2 period characters. Found: 3', se.message
+        }
+
+    }
+
+    @Test
+    void testNoHeaderNoSig() {
+        String payload = '{"subject":"Joe"}'
+
+        String jwtStr = '.' + TextCodec.BASE64.encode(payload) + '.'
+
+        Jwt jwt = Jwts.parser().parse(jwtStr)
+
+        assertTrue jwt.header == null
+        assertEquals 'Joe', jwt.body.get('subject')
+    }
+
+    @Test
+    void testNoHeaderSig() {
+        String payload = '{"subject":"Joe"}'
+
+        String sig = ";aklsjdf;kajsd;fkjas;dklfj"
+
+        String jwtStr = '.' + TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(sig)
+
+        try {
+            Jwt jwt = Jwts.parser().parse(jwtStr)
+            fail()
+        } catch (MalformedJwtException se) {
+            assertEquals 'JWT string has a digest/signature, but the header does not reference a valid signature algorithm.', se.message
+        }
+    }
+
+    @Test
+    void testBadHeaderSig() {
+        String header = '{"alg":"none"}'
+
+        String payload = '{"subject":"Joe"}'
+
+        String sig = ";aklsjdf;kajsd;fkjas;dklfj"
+
+        String jwtStr = TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(payload) + '.' + TextCodec.BASE64.encode(sig)
+
+        try {
+            Jwt jwt = Jwts.parser().parse(jwtStr)
+            fail()
+        } catch (MalformedJwtException se) {
+            assertEquals 'JWT string has a digest/signature, but the header does not reference a valid signature algorithm.', se.message
+        }
+    }
 }