Commit Graph

312 Commits

Author SHA1 Message Date
Les Hazlewood 9b434cdf9c EncryptionAlgorithm changes, class cleanup, test coverage, etc. AES encryption, both GCM and HmacSha2 variants are complete. Classes might be moved to another package. Have not yet started Builder and Parser work to support JWE compact strings. 2016-04-21 18:16:32 -07:00
Les Hazlewood d111dc8b22 EncryptionAlgorithm changes, class cleanup, test coverage, etc. Still a work in progress, but getting close to be finished with AES encryption. 2016-04-20 22:24:05 -07:00
Les Hazlewood 8ea397b609 Merge branch 'master' into jwe 2016-04-17 14:26:51 -07:00
Les Hazlewood 29f980c5c9 coverage improvements. Removed unnecessary line from DefaultClaims 2016-04-17 14:26:28 -07:00
Les Hazlewood cb5734d8a6 Merge branch 'master' into jwe
# Conflicts:
#	src/main/java/io/jsonwebtoken/Header.java
#	src/main/java/io/jsonwebtoken/impl/DefaultHeader.java
2016-04-17 13:54:07 -07:00
Les Hazlewood e392524919 cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change

113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
2016-04-17 13:51:30 -07:00
Les Hazlewood a543545dcf 113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder 2016-04-17 13:24:15 -07:00
Les Hazlewood e7aff4adf3 113: javadoc cleanup, compression backwards compatibility change, code coverage enhancements, cobertura config cleanup 2016-04-17 13:22:39 -07:00
Les Hazlewood c62d012cf8 113: javadoc cleanup, compression backwards compatibility change 2016-04-15 17:14:10 -07:00
Les Hazlewood fbce510164 113: test enhancements for the new crypto classes (fixed branch coverage failures) 2016-04-12 20:29:24 -07:00
Les Hazlewood 3bcd7632cd 113: moar tests 2016-04-12 18:56:48 -07:00
Les Hazlewood 716c6fd500 113: initial JWE (shared key AES) encryption support 2016-04-12 18:50:24 -07:00
Les Hazlewood 3dfae9a31d 109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling. 2016-04-01 18:26:59 -07:00
Les Hazlewood 9e1ee67582 Clock time source for parsing
Clock source
2016-04-01 18:23:47 -07:00
Les Hazlewood 72e0e3b23c 109: enabled injection of a time source - a 'Clock' 2016-04-01 18:15:37 -07:00
Les Hazlewood 13d2e8370a Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master 2016-04-01 17:42:32 -07:00
Aaron Davidson 707f7bc046 Change assert to require hmac 2016-03-26 12:17:26 -07:00
Aaron Davidson 5385e0d7d3 Avoid potentially critical vulnerability in ECDSA signature validation
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.

As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.

cc @thomaso-mirodin
2016-03-19 22:40:44 -07:00
Les Hazlewood 0534120f9c Merge pull request #104 from brentstormpath/master
Update Readme
2016-03-16 17:43:36 -07:00
brentstormpath 42f89d283c Moving change log notes back into readme 2016-03-16 17:30:58 -07:00
brentstormpath 7201704e94 Fixing a link and moving the author section down 2016-03-15 16:16:18 -07:00
Les Hazlewood 7686d43366 Merge pull request #102 from jwtk/101-update-jackson
Upgraded Jackson to 2.7.0
2016-03-08 19:42:33 -08:00
Les Hazlewood 1cb8568664 upgraded Jackson to 2.7.0 2016-03-08 19:38:00 -08:00
Les Hazlewood d747f09662 Merge pull request #99 from jwtk/95-osgi
Enabled OSGi bundle
2016-03-08 19:35:31 -08:00
Les Hazlewood 76b1263b05 Merge branch 'master' into 95-osgi 2016-03-08 19:24:04 -08:00
Les Hazlewood a5fe1b961b Merge pull request #98 from jwtk/97-openjdk7
Removed openjdk7 from travis build.
2016-03-08 19:17:37 -08:00
Les Hazlewood cbf9ff4e64 97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway 2016-03-08 19:10:25 -08:00
Dave LeBlanc 312763a00b Made the android dep optional in OSGi
Changed the packaging type to bundle - required
by the bundle plugin.

Upgraded to the latest version of the maven
bundle plugin.
2016-02-26 19:08:01 -08:00
brentstormpath f1fe04d70c Fixing a broken link in the readme 2016-02-23 17:48:04 -08:00
brentstormpath 5613d222ce Updating the JJWT readme to break out the changelog into a dedicated file and add useful links 2016-02-23 17:41:48 -08:00
Mitchell Morris a20c92c095 create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior 2016-02-23 19:30:20 -06:00
brentstormpath 1d525e94c6 Merge remote-tracking branch 'upstream/master' 2016-02-23 16:38:12 -08:00
Mitchell Morris 83054a755d allow the injection of a time source 2016-02-23 14:43:32 -06:00
Les Hazlewood 638d84963f Updated spec links to final RFC documents 2015-12-11 09:48:50 -08:00
Les Hazlewood d1058b0933 Merge pull request #69 from jwtk/ISSUE-68
Issue 68
2015-11-21 15:23:44 -08:00
Les Hazlewood 3595423576 #68: ensured branch code coverage 2015-11-21 15:16:42 -08:00
Les Hazlewood 4020dfc1d5 Ensures RSA Signatures can work on Android 23 2015-11-21 15:00:23 -08:00
Les Hazlewood b63a67516e Merge pull request #62 from jwtk/coverage_report
Add Coveralls coverage report badge to README page
2015-11-04 21:34:27 -08:00
Micah Silverman 7843179ad5 Improve coverage on compact by exercising JsonProcessingException. 2015-10-27 23:29:06 -04:00
Micah Silverman 4773224c74 Added code to build coverage report to .travis.yml 2015-10-27 22:15:48 -04:00
Micah Silverman 1d9fd734c9 Added coveralls maven plugin. 2015-10-27 22:15:48 -04:00
Micah Silverman 687fe6a737 Added coveralls coverage report. 2015-10-27 21:55:52 -04:00
Les Hazlewood 44b652777b [maven-release-plugin] prepare for next development iteration 2015-10-14 13:50:34 -07:00
Les Hazlewood 8b3f6ab496 [maven-release-plugin] prepare release 0.6.0 2015-10-14 13:50:30 -07:00
Les Hazlewood 98970a7e19 Changed version references from 0.5.2 to 0.6.0 (no 0.5.2 release yet). 2015-10-12 16:23:21 -07:00
Les Hazlewood a4f4da767b Update README.md
Updated version references to reflect concrete version number per the release
2015-10-12 16:22:44 -07:00
Les Hazlewood 267bc09f6a Changing the version from 0.5.2-SNAPSHOT to 0.6.0-SNAPSHOT in preparation for release 2015-10-12 16:19:30 -07:00
Les Hazlewood efe20ee14b Update README.md 2015-10-12 16:15:06 -07:00
Les Hazlewood e4e37373b8 Update README.md 2015-10-12 16:12:43 -07:00
Les Hazlewood 1649066038 Update README.md 2015-10-12 16:08:06 -07:00