honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
219 Commits 16 Branches 33 Tags 154 MiB
Commit Graph

219 Commits

Author SHA1 Message Date
Les Hazlewood 3bd425a63d updated coveralls logo 2016-07-04 12:16:16 -07:00
Les Hazlewood e55ea34e95 Merge pull request #105 from aarondav/patch-2 
Avoid potentially critical vulnerability in ECDSA signature validation
 2016-07-04 11:56:48 -07:00
Les Hazlewood 8e6e165c1d Merge pull request #141 from jwtk/coveralls_jacoco 
updated to jacoco as only jacoco supports java 8
 2016-07-04 11:52:20 -07:00
Les Hazlewood 07534487d3 Merge pull request #132 from alexanderkjall/patch-1 
javadoc typo
 2016-07-04 11:51:28 -07:00
Micah Silverman 82f4b0a696 updated to jacoco as only jacoco supports java 8 per: https://github.com/trautonen/coveralls-maven-plugin#faq 2016-07-04 01:01:42 -04:00
Les Hazlewood 09c96ce305 Merge pull request #140 from jwtk/readme_update 
Readme update and move Changelog to its own file
 2016-07-03 12:36:53 -07:00
Micah Silverman 7a2808af12 Expanded on intro section. 2016-07-03 12:29:13 -04:00
Micah Silverman b053834dae Updated README with more examples 2016-07-03 12:29:13 -04:00
Micah Silverman 78cb1707d7 moved older jackson section back into readme 2016-07-03 12:29:13 -04:00
Micah Silverman 0899261074 Separated CHANGELOG from README 2016-07-03 12:29:13 -04:00
Les Hazlewood ceac032f11 Merge pull request #137 from martintreurnicht/master 
Fixed ECDSA Signing and verification
 2016-06-30 14:11:08 -07:00
Martin Treurnicht c3e5f95242 Added more descriptive backwards compatibility information 2016-06-30 13:46:07 -07:00
Martin Treurnicht 174e1b13b8 Add back swarm test for 100% coverage 2016-06-28 12:19:54 -07:00
Martin Treurnicht 61510dfca5 Cleanup as per request of https://github.com/lhazlewood 2016-06-28 12:12:40 -07:00
Martin Treurnicht c60deebb64 Removed java 8 dependencies in test 2016-06-27 16:02:06 -07:00
Martin Treurnicht a73e0044b8 Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45 2016-06-27 15:43:35 -07:00
Alexander Kjäll 26a14fd3c3 javadoc typo 
Updated the number of bits for the HS512 algorithm in the javadoc comment.
 2016-06-13 14:40:35 +02:00
Les Hazlewood 29f980c5c9 coverage improvements. Removed unnecessary line from DefaultClaims 2016-04-17 14:26:28 -07:00
Les Hazlewood e392524919 cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change 
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change

113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
 2016-04-17 13:51:30 -07:00
Les Hazlewood 3dfae9a31d 109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling. 2016-04-01 18:26:59 -07:00
Les Hazlewood 9e1ee67582 Clock time source for parsing 
Clock source
 2016-04-01 18:23:47 -07:00
Les Hazlewood 72e0e3b23c 109: enabled injection of a time source - a 'Clock' 2016-04-01 18:15:37 -07:00
Les Hazlewood 13d2e8370a Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master 2016-04-01 17:42:32 -07:00
Aaron Davidson 707f7bc046 Change assert to require hmac 2016-03-26 12:17:26 -07:00
Aaron Davidson 5385e0d7d3 Avoid potentially critical vulnerability in ECDSA signature validation 
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.

As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.

cc @thomaso-mirodin
 2016-03-19 22:40:44 -07:00
Les Hazlewood 0534120f9c Merge pull request #104 from brentstormpath/master 
Update Readme
 2016-03-16 17:43:36 -07:00
brentstormpath 42f89d283c Moving change log notes back into readme 2016-03-16 17:30:58 -07:00
brentstormpath 7201704e94 Fixing a link and moving the author section down 2016-03-15 16:16:18 -07:00
Les Hazlewood 7686d43366 Merge pull request #102 from jwtk/101-update-jackson 
Upgraded Jackson to 2.7.0
 2016-03-08 19:42:33 -08:00
Les Hazlewood 1cb8568664 upgraded Jackson to 2.7.0 2016-03-08 19:38:00 -08:00
Les Hazlewood d747f09662 Merge pull request #99 from jwtk/95-osgi 
Enabled OSGi bundle
 2016-03-08 19:35:31 -08:00
Les Hazlewood 76b1263b05 Merge branch 'master' into 95-osgi 2016-03-08 19:24:04 -08:00
Les Hazlewood a5fe1b961b Merge pull request #98 from jwtk/97-openjdk7 
Removed openjdk7 from travis build.
 2016-03-08 19:17:37 -08:00
Les Hazlewood cbf9ff4e64 97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway 2016-03-08 19:10:25 -08:00
Dave LeBlanc 312763a00b Made the android dep optional in OSGi 
Changed the packaging type to bundle - required
by the bundle plugin.

Upgraded to the latest version of the maven
bundle plugin.
 2016-02-26 19:08:01 -08:00
brentstormpath f1fe04d70c Fixing a broken link in the readme 2016-02-23 17:48:04 -08:00
brentstormpath 5613d222ce Updating the JJWT readme to break out the changelog into a dedicated file and add useful links 2016-02-23 17:41:48 -08:00
Mitchell Morris a20c92c095 create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior 2016-02-23 19:30:20 -06:00
brentstormpath 1d525e94c6 Merge remote-tracking branch 'upstream/master' 2016-02-23 16:38:12 -08:00
Mitchell Morris 83054a755d allow the injection of a time source 2016-02-23 14:43:32 -06:00
Les Hazlewood 638d84963f Updated spec links to final RFC documents 2015-12-11 09:48:50 -08:00
Les Hazlewood d1058b0933 Merge pull request #69 from jwtk/ISSUE-68 
Issue 68
 2015-11-21 15:23:44 -08:00
Les Hazlewood 3595423576 #68: ensured branch code coverage 2015-11-21 15:16:42 -08:00
Les Hazlewood 4020dfc1d5 Ensures RSA Signatures can work on Android 23 2015-11-21 15:00:23 -08:00
Les Hazlewood b63a67516e Merge pull request #62 from jwtk/coverage_report 
Add Coveralls coverage report badge to README page
 2015-11-04 21:34:27 -08:00
Micah Silverman 7843179ad5 Improve coverage on compact by exercising JsonProcessingException. 2015-10-27 23:29:06 -04:00
Micah Silverman 4773224c74 Added code to build coverage report to .travis.yml 2015-10-27 22:15:48 -04:00
Micah Silverman 1d9fd734c9 Added coveralls maven plugin. 2015-10-27 22:15:48 -04:00
Micah Silverman 687fe6a737 Added coveralls coverage report. 2015-10-27 21:55:52 -04:00
Les Hazlewood 44b652777b [maven-release-plugin] prepare for next development iteration 2015-10-14 13:50:34 -07:00