Les Hazlewood
f522abe2cb
Merge pull request #158 from benbenw/parser-perf
...
improve jwt parser memory allocation
2016-08-31 12:23:20 -04:00
Les Hazlewood
8e26b937f6
Merge pull request #159 from benbenw/ignore-eclipse
...
add eclipse files to gitignore
2016-08-31 12:21:53 -04:00
benoit
d13d2eeffe
add eclipse files to gitignore
2016-08-31 16:54:10 +02:00
benoit
9735d1ad98
improve jwt parser memory allocation
...
re-use buffer instead of creating new ones
avoid creating unneeded buffers in the Strings util methods
Stop continuously copying array with StringBuilder#deleteCharAt
work directly on StringBuilder instead of creating a temporary String
test added to cover the modified methods
2016-08-31 16:39:42 +02:00
Michael Sims
3fb794ee91
#61 : Add support for clock skew to JwtParser for exp and nbf claims
2016-08-29 16:34:00 -05:00
Les Hazlewood
0408313d3f
Merge pull request #150 from mike9005/patch-1
...
Fix ES512 description typo in README
2016-07-21 13:08:54 -07:00
Michael Collis
c5ae6f53f1
Fix ES512 description typo in README
2016-07-21 15:30:36 -04:00
brentstormpath
ab76c850db
Readme Update
2016-07-12 17:24:26 -07:00
brentstormpath
007b82c6ad
Merge pull request #1 from jwtk/master
...
Merge Updates from Upstream Master
2016-07-12 17:19:12 -07:00
Les Hazlewood
3bd425a63d
updated coveralls logo
2016-07-04 12:16:16 -07:00
Les Hazlewood
e55ea34e95
Merge pull request #105 from aarondav/patch-2
...
Avoid potentially critical vulnerability in ECDSA signature validation
2016-07-04 11:56:48 -07:00
Les Hazlewood
8e6e165c1d
Merge pull request #141 from jwtk/coveralls_jacoco
...
updated to jacoco as only jacoco supports java 8
2016-07-04 11:52:20 -07:00
Les Hazlewood
07534487d3
Merge pull request #132 from alexanderkjall/patch-1
...
javadoc typo
2016-07-04 11:51:28 -07:00
Micah Silverman
82f4b0a696
updated to jacoco as only jacoco supports java 8 per: https://github.com/trautonen/coveralls-maven-plugin#faq
2016-07-04 01:01:42 -04:00
Les Hazlewood
09c96ce305
Merge pull request #140 from jwtk/readme_update
...
Readme update and move Changelog to its own file
2016-07-03 12:36:53 -07:00
Micah Silverman
7a2808af12
Expanded on intro section.
2016-07-03 12:29:13 -04:00
Micah Silverman
b053834dae
Updated README with more examples
2016-07-03 12:29:13 -04:00
Micah Silverman
78cb1707d7
moved older jackson section back into readme
2016-07-03 12:29:13 -04:00
Micah Silverman
0899261074
Separated CHANGELOG from README
2016-07-03 12:29:13 -04:00
Les Hazlewood
ceac032f11
Merge pull request #137 from martintreurnicht/master
...
Fixed ECDSA Signing and verification
2016-06-30 14:11:08 -07:00
Martin Treurnicht
c3e5f95242
Added more descriptive backwards compatibility information
2016-06-30 13:46:07 -07:00
Martin Treurnicht
174e1b13b8
Add back swarm test for 100% coverage
2016-06-28 12:19:54 -07:00
Martin Treurnicht
61510dfca5
Cleanup as per request of https://github.com/lhazlewood
2016-06-28 12:12:40 -07:00
Martin Treurnicht
c60deebb64
Removed java 8 dependencies in test
2016-06-27 16:02:06 -07:00
Martin Treurnicht
a73e0044b8
Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45
2016-06-27 15:43:35 -07:00
Alexander Kjäll
26a14fd3c3
javadoc typo
...
Updated the number of bits for the HS512 algorithm in the javadoc comment.
2016-06-13 14:40:35 +02:00
Brian Matzon
f08386c63b
formatting
2016-06-08 00:20:23 +02:00
Brian Matzon
4be4912cb2
moved Java test into groovy
2016-06-06 23:43:52 +02:00
Brian Matzon
39ee58a511
implement hashCode and equals in JwtMap
2016-04-27 12:15:36 +02:00
Les Hazlewood
29f980c5c9
coverage improvements. Removed unnecessary line from DefaultClaims
2016-04-17 14:26:28 -07:00
Les Hazlewood
e392524919
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
...
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
2016-04-17 13:51:30 -07:00
Les Hazlewood
3dfae9a31d
109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling.
2016-04-01 18:26:59 -07:00
Les Hazlewood
9e1ee67582
Clock time source for parsing
...
Clock source
2016-04-01 18:23:47 -07:00
Les Hazlewood
72e0e3b23c
109: enabled injection of a time source - a 'Clock'
2016-04-01 18:15:37 -07:00
Les Hazlewood
13d2e8370a
Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master
2016-04-01 17:42:32 -07:00
Aaron Davidson
707f7bc046
Change assert to require hmac
2016-03-26 12:17:26 -07:00
Aaron Davidson
5385e0d7d3
Avoid potentially critical vulnerability in ECDSA signature validation
...
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ ) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.
As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.
cc @thomaso-mirodin
2016-03-19 22:40:44 -07:00
Les Hazlewood
0534120f9c
Merge pull request #104 from brentstormpath/master
...
Update Readme
2016-03-16 17:43:36 -07:00
brentstormpath
42f89d283c
Moving change log notes back into readme
2016-03-16 17:30:58 -07:00
brentstormpath
7201704e94
Fixing a link and moving the author section down
2016-03-15 16:16:18 -07:00
Les Hazlewood
7686d43366
Merge pull request #102 from jwtk/101-update-jackson
...
Upgraded Jackson to 2.7.0
2016-03-08 19:42:33 -08:00
Les Hazlewood
1cb8568664
upgraded Jackson to 2.7.0
2016-03-08 19:38:00 -08:00
Les Hazlewood
d747f09662
Merge pull request #99 from jwtk/95-osgi
...
Enabled OSGi bundle
2016-03-08 19:35:31 -08:00
Les Hazlewood
76b1263b05
Merge branch 'master' into 95-osgi
2016-03-08 19:24:04 -08:00
Les Hazlewood
a5fe1b961b
Merge pull request #98 from jwtk/97-openjdk7
...
Removed openjdk7 from travis build.
2016-03-08 19:17:37 -08:00
Les Hazlewood
cbf9ff4e64
97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway
2016-03-08 19:10:25 -08:00
Dave LeBlanc
312763a00b
Made the android dep optional in OSGi
...
Changed the packaging type to bundle - required
by the bundle plugin.
Upgraded to the latest version of the maven
bundle plugin.
2016-02-26 19:08:01 -08:00
brentstormpath
f1fe04d70c
Fixing a broken link in the readme
2016-02-23 17:48:04 -08:00
brentstormpath
5613d222ce
Updating the JJWT readme to break out the changelog into a dedicated file and add useful links
2016-02-23 17:41:48 -08:00
Mitchell Morris
a20c92c095
create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior
2016-02-23 19:30:20 -06:00