Releasing 0.12.6
Additional changes from existing main branch:
- Updated README.adoc `:project-version:` to be `0.12.6`.
- Updated CHANGELOG.md change notes to link to the BC upgrade PR.
- [maven-release-plugin] prepare release 0.12.6
- [maven-release-plugin] prepare for next development iteration
Released 0.12.4, with the following additional changes:
- Added 0.12.4 release version references
- Added CI 'workflow_dispatch' event trigger
- Changed git url from ssh to https
* Version reference changes in preparation for the 0.12.3 release (#863)
* [maven-release-plugin] prepare release 0.12.3
* [maven-release-plugin] prepare for next development iteration
* replaced JJWT_RELEASE_VERSION placeholders with 0.12.0
* [maven-release-plugin] prepare release 0.12.0
* [maven-release-plugin] prepare for next development iteration
* Made Curve concept part of the public API for key generation, and added Jwks.CRV utility class to reference standard curves
- Ensured PS256, PS384, and PS512 pem-encoded test key files accurately represented the rsassa-pss algorithmId (OID) with appropriate hash/mgf1 properties.
- Removed Jwts.SIG#Ed25519 and Jwts.SIG#Ed448 since they were only there for key generation and those keys can now be generated via the Jwks.CRV#Ed25519 and Jwks.CRV#Ed448 references.
- Consolidated duplicate use/key_ops logic for checking sig/sign/verify between SecretJwkFactory and RsaPrivateJwkFactory into JwkContext.isSigUse()
- Ensured if JwkContext.isSigUse() is true, and a JWK (from values only) is RSA and RSASSA-PSS is available (JDK 11+ or BC enabled), that the JWK's generated RSAPublicKey and RSAPrivateKey use the RSASSA-PSS algorithm instead of just RSA.
- Enforced that RSASSA-PSS keys cannot be used for encryption in the RSA KeyAlgorithm implementation (would be a security risk otherwise).
- Enforced that RSA encryption keys cannot be used to create RSASSA-PSS digital signatures (but can verify them) ala the "robustness principle" (to reduce security exposure).
- Ensured README.md and JavaReadmeTest reflected Jwks.CRV usage for keypair generation.
* Added TestCertificates workaround for https://bugs.openjdk.org/browse/JDK-8242556
* Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556
* Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556
* Reverted to former RsaSignatureAlgorithm logic for PSS key validation (no prevention of rsaEncryption keys with PSS) as RFC 7520 test vectors show using a standard RSA key to compute a PSS signature in https://www.rfc-editor.org/rfc/rfc7520.html#section-4.2.1
* Ensured Jwk tests that used RSASSA-PSS keys (from openssl files) used the BC provider since RSASSA-PSS isn't available natively before JDK 11
* Restored TestCertificates logic needed to address JDK 11 bug during tests https://bugs.openjdk.org/browse/JDK-8213363 (fixed in JDK 12+)
* Jwts#header() and JwtBuilder#header() API cleanup
* added license headers, removed unused Conjunctor interface concept
* impl checkpoint for Registry-to-Map implementation change
* Jwts.SIG and Jwts.ENC conversion checkpoint (complete)
* Jwts.KEY and Jwks.HASH conversion checkpoint (complete)
* File header and Javadoc cleanup. Removed unused SignatureRequest.java concept.
* Changed deprecated API usage in test case
* - Removed *Accessor concepts where possible, just using the *Header interfaces was sufficient
- KeyAlgorithm#getEncryptionKey now accepts a JweHeader that is mutable. Implementations can just use Map#put to modify the header state if desired.
* MapMutator method renaming to avoid odd conventions
* introduced ProtectedJwt concept and intermediate DefaultProtectedJwt implementation
* Removed all usages of CompressionCodecs.java in favor of a new Jwts.ZIP entry.
Renamed all Standard***AlgorithmsBridge to Standard***Algorithms
* CompressionCodec to CompressionAlgorithm transition (complete, code coverage 100%)
* Changed README references from 0.11.4 to 0.11.5
* [maven-release-plugin] prepare release 0.11.5
* [maven-release-plugin] prepare for next development iteration
# This is the 1st commit message:
[maven-release-plugin] prepare for next development iteration
# This is the commit message #2:
rebased from master before merge
Les Hazlewood
Brian Demers
patton73
Andrea Paternesi
Micah Silverman