honeymoose/jjwt
1
0
Fork 0
mirror of https://github.com/jwtk/jjwt.git synced 2025-02-17 04:24:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
486 Commits 16 Branches 33 Tags
Commit Graph

486 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Les Hazlewood
0f63ec8012 Merge pull request #117 from matzon/master 
implement hashCode and equals in JwtMap
 2016-09-11 12:57:02 -07:00
Les Hazlewood
0fb8ffcb76 Merge pull request #164 from jwtk/161-lib-versions 
161: upgraded library versions to latest stable
 2016-09-11 12:54:43 -07:00
Les Hazlewood
55fcf190cc Merge pull request #162 from maurociancio/patch-2 
Fix typo.
 2016-09-11 12:49:44 -07:00
Les Hazlewood
79e95856a4 161: upgraded library versions to latest stable 2016-09-11 12:48:48 -07:00
Mauro Ciancio
77dcd9a9b3 Fix typo 2016-09-08 11:56:17 -03:00
Les Hazlewood
f522abe2cb Merge pull request #158 from benbenw/parser-perf 
improve jwt parser memory allocation
 2016-08-31 12:23:20 -04:00
Les Hazlewood
8e26b937f6 Merge pull request #159 from benbenw/ignore-eclipse 
add eclipse files to gitignore
 2016-08-31 12:21:53 -04:00
benoit
d13d2eeffe add eclipse files to gitignore 2016-08-31 16:54:10 +02:00
benoit
9735d1ad98 improve jwt parser memory allocation 
re-use buffer instead of creating new ones
avoid creating unneeded buffers in the Strings util methods
Stop continuously copying array with StringBuilder#deleteCharAt
work directly on StringBuilder instead of creating a temporary String

test added to cover the modified methods
 2016-08-31 16:39:42 +02:00
Michael Sims
3fb794ee91 #61: Add support for clock skew to JwtParser for exp and nbf claims 2016-08-29 16:34:00 -05:00
Les Hazlewood
0408313d3f Merge pull request #150 from mike9005/patch-1 
Fix ES512 description typo in README
 2016-07-21 13:08:54 -07:00
Michael Collis
c5ae6f53f1 Fix ES512 description typo in README 2016-07-21 15:30:36 -04:00
brentstormpath
ab76c850db Readme Update 2016-07-12 17:24:26 -07:00
brentstormpath
007b82c6ad Merge pull request #1 from jwtk/master 
Merge Updates from Upstream Master
 2016-07-12 17:19:12 -07:00
Les Hazlewood
3bd425a63d updated coveralls logo 2016-07-04 12:16:16 -07:00
Les Hazlewood
e55ea34e95 Merge pull request #105 from aarondav/patch-2 
Avoid potentially critical vulnerability in ECDSA signature validation
 2016-07-04 11:56:48 -07:00
Les Hazlewood
8e6e165c1d Merge pull request #141 from jwtk/coveralls_jacoco 
updated to jacoco as only jacoco supports java 8
 2016-07-04 11:52:20 -07:00
Les Hazlewood
07534487d3 Merge pull request #132 from alexanderkjall/patch-1 
javadoc typo
 2016-07-04 11:51:28 -07:00
Micah Silverman
82f4b0a696 updated to jacoco as only jacoco supports java 8 per: https://github.com/trautonen/coveralls-maven-plugin#faq 2016-07-04 01:01:42 -04:00
Les Hazlewood
09c96ce305 Merge pull request #140 from jwtk/readme_update 
Readme update and move Changelog to its own file
 2016-07-03 12:36:53 -07:00
Micah Silverman
7a2808af12 Expanded on intro section. 2016-07-03 12:29:13 -04:00
Micah Silverman
b053834dae Updated README with more examples 2016-07-03 12:29:13 -04:00
Micah Silverman
78cb1707d7 moved older jackson section back into readme 2016-07-03 12:29:13 -04:00
Micah Silverman
0899261074 Separated CHANGELOG from README 2016-07-03 12:29:13 -04:00
Les Hazlewood
ceac032f11 Merge pull request #137 from martintreurnicht/master 
Fixed ECDSA Signing and verification
 2016-06-30 14:11:08 -07:00
Martin Treurnicht
c3e5f95242 Added more descriptive backwards compatibility information 2016-06-30 13:46:07 -07:00
Martin Treurnicht
174e1b13b8 Add back swarm test for 100% coverage 2016-06-28 12:19:54 -07:00
Martin Treurnicht
61510dfca5 Cleanup as per request of https://github.com/lhazlewood 2016-06-28 12:12:40 -07:00
Martin Treurnicht
c60deebb64 Removed java 8 dependencies in test 2016-06-27 16:02:06 -07:00
Martin Treurnicht
a73e0044b8 Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45 2016-06-27 15:43:35 -07:00
Alexander Kjäll
26a14fd3c3 javadoc typo 
Updated the number of bits for the HS512 algorithm in the javadoc comment.
 2016-06-13 14:40:35 +02:00
Brian Matzon
f08386c63b formatting 2016-06-08 00:20:23 +02:00
Brian Matzon
4be4912cb2 moved Java test into groovy 2016-06-06 23:43:52 +02:00
Brian Matzon
39ee58a511 implement hashCode and equals in JwtMap 2016-04-27 12:15:36 +02:00
Les Hazlewood
29f980c5c9 coverage improvements. Removed unnecessary line from DefaultClaims 2016-04-17 14:26:28 -07:00
Les Hazlewood
e392524919 cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change 
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change

113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
 2016-04-17 13:51:30 -07:00
Les Hazlewood
3dfae9a31d 109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling. 2016-04-01 18:26:59 -07:00
Les Hazlewood
9e1ee67582 Clock time source for parsing 
Clock source
 2016-04-01 18:23:47 -07:00
Les Hazlewood
72e0e3b23c 109: enabled injection of a time source - a 'Clock' 2016-04-01 18:15:37 -07:00
Les Hazlewood
13d2e8370a Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master 2016-04-01 17:42:32 -07:00
Aaron Davidson
707f7bc046 Change assert to require hmac 2016-03-26 12:17:26 -07:00
Aaron Davidson
5385e0d7d3 Avoid potentially critical vulnerability in ECDSA signature validation 
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.

As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.

cc @thomaso-mirodin
 2016-03-19 22:40:44 -07:00
Les Hazlewood
0534120f9c Merge pull request #104 from brentstormpath/master 
Update Readme
 2016-03-16 17:43:36 -07:00
brentstormpath
42f89d283c Moving change log notes back into readme 2016-03-16 17:30:58 -07:00
brentstormpath
7201704e94 Fixing a link and moving the author section down 2016-03-15 16:16:18 -07:00
Les Hazlewood
7686d43366 Merge pull request #102 from jwtk/101-update-jackson 
Upgraded Jackson to 2.7.0
 2016-03-08 19:42:33 -08:00
Les Hazlewood
1cb8568664 upgraded Jackson to 2.7.0 2016-03-08 19:38:00 -08:00
Les Hazlewood
d747f09662 Merge pull request #99 from jwtk/95-osgi 
Enabled OSGi bundle
 2016-03-08 19:35:31 -08:00
Les Hazlewood
76b1263b05 Merge branch 'master' into 95-osgi 2016-03-08 19:24:04 -08:00
Les Hazlewood
a5fe1b961b Merge pull request #98 from jwtk/97-openjdk7 
Removed openjdk7 from travis build.
 2016-03-08 19:17:37 -08:00