Les Hazlewood
af01cca922
122: added code comments so readers understand that JWT mandates seconds, not milliseconds
2016-09-12 10:37:34 -07:00
Les Hazlewood
5b15b9363e
Merge pull request #165 from jwtk/107-ex-msg-utc-format
...
107: ensured exception message printed UTC times correctly
2016-09-11 14:09:44 -07:00
Les Hazlewood
1974069561
107: ensured exception message printed UTC times correctly
2016-09-11 14:04:20 -07:00
Les Hazlewood
0f63ec8012
Merge pull request #117 from matzon/master
...
implement hashCode and equals in JwtMap
2016-09-11 12:57:02 -07:00
Les Hazlewood
0fb8ffcb76
Merge pull request #164 from jwtk/161-lib-versions
...
161: upgraded library versions to latest stable
2016-09-11 12:54:43 -07:00
Les Hazlewood
55fcf190cc
Merge pull request #162 from maurociancio/patch-2
...
Fix typo.
2016-09-11 12:49:44 -07:00
Les Hazlewood
79e95856a4
161: upgraded library versions to latest stable
2016-09-11 12:48:48 -07:00
Mauro Ciancio
77dcd9a9b3
Fix typo
2016-09-08 11:56:17 -03:00
Les Hazlewood
f522abe2cb
Merge pull request #158 from benbenw/parser-perf
...
improve jwt parser memory allocation
2016-08-31 12:23:20 -04:00
Les Hazlewood
8e26b937f6
Merge pull request #159 from benbenw/ignore-eclipse
...
add eclipse files to gitignore
2016-08-31 12:21:53 -04:00
benoit
d13d2eeffe
add eclipse files to gitignore
2016-08-31 16:54:10 +02:00
benoit
9735d1ad98
improve jwt parser memory allocation
...
re-use buffer instead of creating new ones
avoid creating unneeded buffers in the Strings util methods
Stop continuously copying array with StringBuilder#deleteCharAt
work directly on StringBuilder instead of creating a temporary String
test added to cover the modified methods
2016-08-31 16:39:42 +02:00
Michael Sims
3fb794ee91
#61 : Add support for clock skew to JwtParser for exp and nbf claims
2016-08-29 16:34:00 -05:00
Les Hazlewood
0408313d3f
Merge pull request #150 from mike9005/patch-1
...
Fix ES512 description typo in README
2016-07-21 13:08:54 -07:00
Michael Collis
c5ae6f53f1
Fix ES512 description typo in README
2016-07-21 15:30:36 -04:00
brentstormpath
ab76c850db
Readme Update
2016-07-12 17:24:26 -07:00
brentstormpath
007b82c6ad
Merge pull request #1 from jwtk/master
...
Merge Updates from Upstream Master
2016-07-12 17:19:12 -07:00
Les Hazlewood
3bd425a63d
updated coveralls logo
2016-07-04 12:16:16 -07:00
Les Hazlewood
e55ea34e95
Merge pull request #105 from aarondav/patch-2
...
Avoid potentially critical vulnerability in ECDSA signature validation
2016-07-04 11:56:48 -07:00
Les Hazlewood
8e6e165c1d
Merge pull request #141 from jwtk/coveralls_jacoco
...
updated to jacoco as only jacoco supports java 8
2016-07-04 11:52:20 -07:00
Les Hazlewood
07534487d3
Merge pull request #132 from alexanderkjall/patch-1
...
javadoc typo
2016-07-04 11:51:28 -07:00
Micah Silverman
82f4b0a696
updated to jacoco as only jacoco supports java 8 per: https://github.com/trautonen/coveralls-maven-plugin#faq
2016-07-04 01:01:42 -04:00
Les Hazlewood
09c96ce305
Merge pull request #140 from jwtk/readme_update
...
Readme update and move Changelog to its own file
2016-07-03 12:36:53 -07:00
Micah Silverman
7a2808af12
Expanded on intro section.
2016-07-03 12:29:13 -04:00
Micah Silverman
b053834dae
Updated README with more examples
2016-07-03 12:29:13 -04:00
Micah Silverman
78cb1707d7
moved older jackson section back into readme
2016-07-03 12:29:13 -04:00
Micah Silverman
0899261074
Separated CHANGELOG from README
2016-07-03 12:29:13 -04:00
Les Hazlewood
ceac032f11
Merge pull request #137 from martintreurnicht/master
...
Fixed ECDSA Signing and verification
2016-06-30 14:11:08 -07:00
Martin Treurnicht
c3e5f95242
Added more descriptive backwards compatibility information
2016-06-30 13:46:07 -07:00
Martin Treurnicht
174e1b13b8
Add back swarm test for 100% coverage
2016-06-28 12:19:54 -07:00
Martin Treurnicht
61510dfca5
Cleanup as per request of https://github.com/lhazlewood
2016-06-28 12:12:40 -07:00
Martin Treurnicht
c60deebb64
Removed java 8 dependencies in test
2016-06-27 16:02:06 -07:00
Martin Treurnicht
a73e0044b8
Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45
2016-06-27 15:43:35 -07:00
Alexander Kjäll
26a14fd3c3
javadoc typo
...
Updated the number of bits for the HS512 algorithm in the javadoc comment.
2016-06-13 14:40:35 +02:00
Brian Matzon
f08386c63b
formatting
2016-06-08 00:20:23 +02:00
Brian Matzon
4be4912cb2
moved Java test into groovy
2016-06-06 23:43:52 +02:00
Brian Matzon
39ee58a511
implement hashCode and equals in JwtMap
2016-04-27 12:15:36 +02:00
Les Hazlewood
29f980c5c9
coverage improvements. Removed unnecessary line from DefaultClaims
2016-04-17 14:26:28 -07:00
Les Hazlewood
e392524919
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
...
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
2016-04-17 13:51:30 -07:00
Les Hazlewood
3dfae9a31d
109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling.
2016-04-01 18:26:59 -07:00
Les Hazlewood
9e1ee67582
Clock time source for parsing
...
Clock source
2016-04-01 18:23:47 -07:00
Les Hazlewood
72e0e3b23c
109: enabled injection of a time source - a 'Clock'
2016-04-01 18:15:37 -07:00
Les Hazlewood
13d2e8370a
Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master
2016-04-01 17:42:32 -07:00
Aaron Davidson
707f7bc046
Change assert to require hmac
2016-03-26 12:17:26 -07:00
Aaron Davidson
5385e0d7d3
Avoid potentially critical vulnerability in ECDSA signature validation
...
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ ) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.
As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.
cc @thomaso-mirodin
2016-03-19 22:40:44 -07:00
Les Hazlewood
0534120f9c
Merge pull request #104 from brentstormpath/master
...
Update Readme
2016-03-16 17:43:36 -07:00
brentstormpath
42f89d283c
Moving change log notes back into readme
2016-03-16 17:30:58 -07:00
brentstormpath
7201704e94
Fixing a link and moving the author section down
2016-03-15 16:16:18 -07:00
Les Hazlewood
7686d43366
Merge pull request #102 from jwtk/101-update-jackson
...
Upgraded Jackson to 2.7.0
2016-03-08 19:42:33 -08:00
Les Hazlewood
1cb8568664
upgraded Jackson to 2.7.0
2016-03-08 19:38:00 -08:00