honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
243 Commits 16 Branches 33 Tags 154 MiB
Commit Graph

98 Commits

Author SHA1 Message Date
Les Hazlewood 6c4b58e4fe edits to exception message to be a little more helpful and to ensure previous GH issue tests passed 2016-09-12 16:40:52 -07:00
Les Hazlewood ab4f9ff9e8 edits to exception message to be a little more helpful and to ensure previous GH issue tests passed 2016-09-12 16:39:17 -07:00
Les Hazlewood 8f1b528d8c Minor edits to @MichaelSims pull request - prepping for release 2016-09-12 16:12:30 -07:00
Les Hazlewood ff932e9838 Merge branch 'master' of https://github.com/MichaelSims/jjwt into MichaelSims-master 
# Conflicts:
#	src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
 2016-09-12 16:03:53 -07:00
Les Hazlewood af01cca922 122: added code comments so readers understand that JWT mandates seconds, not milliseconds 2016-09-12 10:37:34 -07:00
Les Hazlewood 1974069561 107: ensured exception message printed UTC times correctly 2016-09-11 14:04:20 -07:00
Les Hazlewood 0f63ec8012 Merge pull request #117 from matzon/master 
implement hashCode and equals in JwtMap
 2016-09-11 12:57:02 -07:00
Les Hazlewood 79e95856a4 161: upgraded library versions to latest stable 2016-09-11 12:48:48 -07:00
benoit 9735d1ad98 improve jwt parser memory allocation 
re-use buffer instead of creating new ones
avoid creating unneeded buffers in the Strings util methods
Stop continuously copying array with StringBuilder#deleteCharAt
work directly on StringBuilder instead of creating a temporary String

test added to cover the modified methods
 2016-08-31 16:39:42 +02:00
Michael Sims 3fb794ee91 #61: Add support for clock skew to JwtParser for exp and nbf claims 2016-08-29 16:34:00 -05:00
Les Hazlewood e55ea34e95 Merge pull request #105 from aarondav/patch-2 
Avoid potentially critical vulnerability in ECDSA signature validation
 2016-07-04 11:56:48 -07:00
Les Hazlewood 07534487d3 Merge pull request #132 from alexanderkjall/patch-1 
javadoc typo
 2016-07-04 11:51:28 -07:00
Martin Treurnicht c3e5f95242 Added more descriptive backwards compatibility information 2016-06-30 13:46:07 -07:00
Martin Treurnicht 174e1b13b8 Add back swarm test for 100% coverage 2016-06-28 12:19:54 -07:00
Martin Treurnicht 61510dfca5 Cleanup as per request of https://github.com/lhazlewood 2016-06-28 12:12:40 -07:00
Martin Treurnicht c60deebb64 Removed java 8 dependencies in test 2016-06-27 16:02:06 -07:00
Martin Treurnicht a73e0044b8 Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45 2016-06-27 15:43:35 -07:00
Alexander Kjäll 26a14fd3c3 javadoc typo 
Updated the number of bits for the HS512 algorithm in the javadoc comment.
 2016-06-13 14:40:35 +02:00
Brian Matzon f08386c63b formatting 2016-06-08 00:20:23 +02:00
Brian Matzon 4be4912cb2 moved Java test into groovy 2016-06-06 23:43:52 +02:00
Brian Matzon 39ee58a511 implement hashCode and equals in JwtMap 2016-04-27 12:15:36 +02:00
Les Hazlewood 29f980c5c9 coverage improvements. Removed unnecessary line from DefaultClaims 2016-04-17 14:26:28 -07:00
Les Hazlewood e392524919 cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change 
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change

113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
 2016-04-17 13:51:30 -07:00
Les Hazlewood 3dfae9a31d 109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling. 2016-04-01 18:26:59 -07:00
Les Hazlewood 72e0e3b23c 109: enabled injection of a time source - a 'Clock' 2016-04-01 18:15:37 -07:00
Aaron Davidson 707f7bc046 Change assert to require hmac 2016-03-26 12:17:26 -07:00
Aaron Davidson 5385e0d7d3 Avoid potentially critical vulnerability in ECDSA signature validation 
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.

As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.

cc @thomaso-mirodin
 2016-03-19 22:40:44 -07:00
Mitchell Morris a20c92c095 create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior 2016-02-23 19:30:20 -06:00
Mitchell Morris 83054a755d allow the injection of a time source 2016-02-23 14:43:32 -06:00
Les Hazlewood 3595423576 #68: ensured branch code coverage 2015-11-21 15:16:42 -08:00
Les Hazlewood 4020dfc1d5 Ensures RSA Signatures can work on Android 23 2015-11-21 15:00:23 -08:00
Micah Silverman 7843179ad5 Improve coverage on compact by exercising JsonProcessingException. 2015-10-27 23:29:06 -04:00
Les Hazlewood 98970a7e19 Changed version references from 0.5.2 to 0.6.0 (no 0.5.2 release yet). 2015-10-12 16:23:21 -07:00
Les Hazlewood 4d230a0725 #58: added toString implementations for JwtMap, DefaultJwt and DefaultJws with tests 2015-10-12 14:17:13 -07:00
Les Hazlewood 0e8ee78fc4 #52: class naming and JavaDoc cleanup 2015-10-12 13:57:36 -07:00
josebarrueta fef553ad72 Issue-52 Improving Javadoc for compression 2015-10-09 18:07:06 -07:00
josebarrueta 269a143899 Merge branch 'Issue-52' of github.com:josebarrueta/jjwt into Issue-52 2015-09-24 16:41:26 -07:00
josebarrueta 257bddc3e2 Merge branch 'master' of github.com:jwtk/jjwt into Issue-52 2015-09-24 16:38:41 -07:00
Jason Erickson 7e15e2de02 Issue-52: Refactoring and adding unit tests to cover the compression functionality 2015-09-23 17:24:47 -07:00
Jason Erickson 806844a89a Issue-52: Refactoring and adding unit tests to cover the compression functionality 2015-09-23 15:44:07 -07:00
Les Hazlewood 4b59e4bf71 Merge pull request #49 from dogeared/issue-42_assert_claims_new 
#42 assert claims match required values
 2015-09-23 14:48:42 -07:00
Micah Silverman a22a76ad79 Update to javadocs to make more clear. 2015-09-23 17:40:50 -04:00
Micah Silverman 681a3fc0ba Added coverage test for JwtMap. 2015-09-23 17:20:02 -04:00
Micah Silverman 6401727b2a Refactored generic get with required type to handle the official claim types that are dates. Updated javadocs to reflect 'require' language. 2015-09-23 17:03:07 -04:00
josebarrueta 19f6fcaa51 Issue-52 Adding ability to compress/decompress. Added tests for happy path. 2015-09-23 13:21:08 -07:00
Micah Silverman 5d320d22a5 Handled generic require for Date. Added ability to specify required type on get method of claim 2015-09-23 16:17:44 -04:00
Micah Silverman b4015be11e Added in test that does NOT work for custom claim with Date type. 2015-09-23 04:36:57 -04:00
Micah Silverman 2e452a42b1 Added requireExpiration and requireNotBefore 2015-09-23 04:35:14 -04:00
Micah Silverman ddda2f92d3 Renamed all the expect methods to require. 2015-09-23 03:35:41 -04:00
Micah Silverman 72acd649c7 Updated custom Exception javadocs. 2015-09-23 03:25:29 -04:00