honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
247 Commits 16 Branches 33 Tags 154 MiB
Commit Graph

247 Commits

Author SHA1 Message Date
Les Hazlewood 13d2e8370a Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master 2016-04-01 17:42:32 -07:00
Aaron Davidson 707f7bc046 Change assert to require hmac 2016-03-26 12:17:26 -07:00
Aaron Davidson 5385e0d7d3 Avoid potentially critical vulnerability in ECDSA signature validation 
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.

As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.

cc @thomaso-mirodin
 2016-03-19 22:40:44 -07:00
Les Hazlewood 0534120f9c Merge pull request #104 from brentstormpath/master 
Update Readme
 2016-03-16 17:43:36 -07:00
brentstormpath 42f89d283c Moving change log notes back into readme 2016-03-16 17:30:58 -07:00
brentstormpath 7201704e94 Fixing a link and moving the author section down 2016-03-15 16:16:18 -07:00
Les Hazlewood 7686d43366 Merge pull request #102 from jwtk/101-update-jackson 
Upgraded Jackson to 2.7.0
 2016-03-08 19:42:33 -08:00
Les Hazlewood 1cb8568664 upgraded Jackson to 2.7.0 2016-03-08 19:38:00 -08:00
Les Hazlewood d747f09662 Merge pull request #99 from jwtk/95-osgi 
Enabled OSGi bundle
 2016-03-08 19:35:31 -08:00
Les Hazlewood 76b1263b05 Merge branch 'master' into 95-osgi 2016-03-08 19:24:04 -08:00
Les Hazlewood a5fe1b961b Merge pull request #98 from jwtk/97-openjdk7 
Removed openjdk7 from travis build.
 2016-03-08 19:17:37 -08:00
Les Hazlewood cbf9ff4e64 97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway 2016-03-08 19:10:25 -08:00
Dave LeBlanc 312763a00b Made the android dep optional in OSGi 
Changed the packaging type to bundle - required
by the bundle plugin.

Upgraded to the latest version of the maven
bundle plugin.
 2016-02-26 19:08:01 -08:00
brentstormpath f1fe04d70c Fixing a broken link in the readme 2016-02-23 17:48:04 -08:00
brentstormpath 5613d222ce Updating the JJWT readme to break out the changelog into a dedicated file and add useful links 2016-02-23 17:41:48 -08:00
Mitchell Morris a20c92c095 create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior 2016-02-23 19:30:20 -06:00
brentstormpath 1d525e94c6 Merge remote-tracking branch 'upstream/master' 2016-02-23 16:38:12 -08:00
Mitchell Morris 83054a755d allow the injection of a time source 2016-02-23 14:43:32 -06:00
Les Hazlewood 638d84963f Updated spec links to final RFC documents 2015-12-11 09:48:50 -08:00
Les Hazlewood d1058b0933 Merge pull request #69 from jwtk/ISSUE-68 
Issue 68
 2015-11-21 15:23:44 -08:00
Les Hazlewood 3595423576 #68: ensured branch code coverage 2015-11-21 15:16:42 -08:00
Les Hazlewood 4020dfc1d5 Ensures RSA Signatures can work on Android 23 2015-11-21 15:00:23 -08:00
Les Hazlewood b63a67516e Merge pull request #62 from jwtk/coverage_report 
Add Coveralls coverage report badge to README page
 2015-11-04 21:34:27 -08:00
Micah Silverman 7843179ad5 Improve coverage on compact by exercising JsonProcessingException. 2015-10-27 23:29:06 -04:00
Micah Silverman 4773224c74 Added code to build coverage report to .travis.yml 2015-10-27 22:15:48 -04:00
Micah Silverman 1d9fd734c9 Added coveralls maven plugin. 2015-10-27 22:15:48 -04:00
Micah Silverman 687fe6a737 Added coveralls coverage report. 2015-10-27 21:55:52 -04:00
Les Hazlewood 44b652777b [maven-release-plugin] prepare for next development iteration 2015-10-14 13:50:34 -07:00
Les Hazlewood 8b3f6ab496 [maven-release-plugin] prepare release 0.6.0 2015-10-14 13:50:30 -07:00
Les Hazlewood 98970a7e19 Changed version references from 0.5.2 to 0.6.0 (no 0.5.2 release yet). 2015-10-12 16:23:21 -07:00
Les Hazlewood a4f4da767b Update README.md 
Updated version references to reflect concrete version number per the release
 2015-10-12 16:22:44 -07:00
Les Hazlewood 267bc09f6a Changing the version from 0.5.2-SNAPSHOT to 0.6.0-SNAPSHOT in preparation for release 2015-10-12 16:19:30 -07:00
Les Hazlewood efe20ee14b Update README.md 2015-10-12 16:15:06 -07:00
Les Hazlewood e4e37373b8 Update README.md 2015-10-12 16:12:43 -07:00
Les Hazlewood 1649066038 Update README.md 2015-10-12 16:08:06 -07:00
Les Hazlewood 65f9b02de3 Update README.md 2015-10-12 16:07:33 -07:00
Les Hazlewood 6a422211c8 Update README.md 2015-10-12 16:07:01 -07:00
Les Hazlewood dad6dcf0f2 minor formatting change 2015-10-12 16:05:09 -07:00
Les Hazlewood 76de67fe5d updating readme to reflect 0.6 release features 2015-10-12 16:02:15 -07:00
Les Hazlewood 4d230a0725 #58: added toString implementations for JwtMap, DefaultJwt and DefaultJws with tests 2015-10-12 14:17:13 -07:00
Les Hazlewood 0e8ee78fc4 #52: class naming and JavaDoc cleanup 2015-10-12 13:57:36 -07:00
Les Hazlewood bb471be0e9 Merge pull request #54 from josebarrueta/Issue-52 
Issue 52
 2015-10-12 12:50:58 -07:00
josebarrueta fef553ad72 Issue-52 Improving Javadoc for compression 2015-10-09 18:07:06 -07:00
josebarrueta 269a143899 Merge branch 'Issue-52' of github.com:josebarrueta/jjwt into Issue-52 2015-09-24 16:41:26 -07:00
josebarrueta 257bddc3e2 Merge branch 'master' of github.com:jwtk/jjwt into Issue-52 2015-09-24 16:38:41 -07:00
Jose Luis Barrueta 20e80ffa47 Merge pull request #2 from jhericks/Issue-52 
Issue-52: Refactoring and adding unit tests to cover the compression …
 2015-09-23 17:27:42 -07:00
Jason Erickson 7e15e2de02 Issue-52: Refactoring and adding unit tests to cover the compression functionality 2015-09-23 17:24:47 -07:00
Jason Erickson 806844a89a Issue-52: Refactoring and adding unit tests to cover the compression functionality 2015-09-23 15:44:07 -07:00
Les Hazlewood e7dc7a74d0 Merge pull request #53 from jwtk/required_field_assertion_documentation 
Update README to cover required field assertions
 2015-09-23 15:10:31 -07:00
Les Hazlewood 3e80cd647b Minor readability update 2015-09-23 15:07:46 -07:00