Les Hazlewood
9b434cdf9c
EncryptionAlgorithm changes, class cleanup, test coverage, etc. AES encryption, both GCM and HmacSha2 variants are complete. Classes might be moved to another package. Have not yet started Builder and Parser work to support JWE compact strings.
2016-04-21 18:16:32 -07:00
Les Hazlewood
d111dc8b22
EncryptionAlgorithm changes, class cleanup, test coverage, etc. Still a work in progress, but getting close to be finished with AES encryption.
2016-04-20 22:24:05 -07:00
Les Hazlewood
8ea397b609
Merge branch 'master' into jwe
2016-04-17 14:26:51 -07:00
Les Hazlewood
29f980c5c9
coverage improvements. Removed unnecessary line from DefaultClaims
2016-04-17 14:26:28 -07:00
Les Hazlewood
cb5734d8a6
Merge branch 'master' into jwe
...
# Conflicts:
# src/main/java/io/jsonwebtoken/Header.java
# src/main/java/io/jsonwebtoken/impl/DefaultHeader.java
2016-04-17 13:54:07 -07:00
Les Hazlewood
e392524919
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
...
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
2016-04-17 13:51:30 -07:00
Les Hazlewood
a543545dcf
113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
2016-04-17 13:24:15 -07:00
Les Hazlewood
e7aff4adf3
113: javadoc cleanup, compression backwards compatibility change, code coverage enhancements, cobertura config cleanup
2016-04-17 13:22:39 -07:00
Les Hazlewood
c62d012cf8
113: javadoc cleanup, compression backwards compatibility change
2016-04-15 17:14:10 -07:00
Les Hazlewood
fbce510164
113: test enhancements for the new crypto classes (fixed branch coverage failures)
2016-04-12 20:29:24 -07:00
Les Hazlewood
3bcd7632cd
113: moar tests
2016-04-12 18:56:48 -07:00
Les Hazlewood
716c6fd500
113: initial JWE (shared key AES) encryption support
2016-04-12 18:50:24 -07:00
Les Hazlewood
3dfae9a31d
109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling.
2016-04-01 18:26:59 -07:00
Les Hazlewood
9e1ee67582
Clock time source for parsing
...
Clock source
2016-04-01 18:23:47 -07:00
Les Hazlewood
72e0e3b23c
109: enabled injection of a time source - a 'Clock'
2016-04-01 18:15:37 -07:00
Les Hazlewood
13d2e8370a
Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master
2016-04-01 17:42:32 -07:00
Aaron Davidson
707f7bc046
Change assert to require hmac
2016-03-26 12:17:26 -07:00
Aaron Davidson
5385e0d7d3
Avoid potentially critical vulnerability in ECDSA signature validation
...
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ ) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.
As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.
cc @thomaso-mirodin
2016-03-19 22:40:44 -07:00
Les Hazlewood
0534120f9c
Merge pull request #104 from brentstormpath/master
...
Update Readme
2016-03-16 17:43:36 -07:00
brentstormpath
42f89d283c
Moving change log notes back into readme
2016-03-16 17:30:58 -07:00
brentstormpath
7201704e94
Fixing a link and moving the author section down
2016-03-15 16:16:18 -07:00
Les Hazlewood
7686d43366
Merge pull request #102 from jwtk/101-update-jackson
...
Upgraded Jackson to 2.7.0
2016-03-08 19:42:33 -08:00
Les Hazlewood
1cb8568664
upgraded Jackson to 2.7.0
2016-03-08 19:38:00 -08:00
Les Hazlewood
d747f09662
Merge pull request #99 from jwtk/95-osgi
...
Enabled OSGi bundle
2016-03-08 19:35:31 -08:00
Les Hazlewood
76b1263b05
Merge branch 'master' into 95-osgi
2016-03-08 19:24:04 -08:00
Les Hazlewood
a5fe1b961b
Merge pull request #98 from jwtk/97-openjdk7
...
Removed openjdk7 from travis build.
2016-03-08 19:17:37 -08:00
Les Hazlewood
cbf9ff4e64
97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway
2016-03-08 19:10:25 -08:00
Dave LeBlanc
312763a00b
Made the android dep optional in OSGi
...
Changed the packaging type to bundle - required
by the bundle plugin.
Upgraded to the latest version of the maven
bundle plugin.
2016-02-26 19:08:01 -08:00
brentstormpath
f1fe04d70c
Fixing a broken link in the readme
2016-02-23 17:48:04 -08:00
brentstormpath
5613d222ce
Updating the JJWT readme to break out the changelog into a dedicated file and add useful links
2016-02-23 17:41:48 -08:00
Mitchell Morris
a20c92c095
create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior
2016-02-23 19:30:20 -06:00
brentstormpath
1d525e94c6
Merge remote-tracking branch 'upstream/master'
2016-02-23 16:38:12 -08:00
Mitchell Morris
83054a755d
allow the injection of a time source
2016-02-23 14:43:32 -06:00
Les Hazlewood
638d84963f
Updated spec links to final RFC documents
2015-12-11 09:48:50 -08:00
Les Hazlewood
d1058b0933
Merge pull request #69 from jwtk/ISSUE-68
...
Issue 68
2015-11-21 15:23:44 -08:00
Les Hazlewood
3595423576
#68 : ensured branch code coverage
2015-11-21 15:16:42 -08:00
Les Hazlewood
4020dfc1d5
Ensures RSA Signatures can work on Android 23
2015-11-21 15:00:23 -08:00
Les Hazlewood
b63a67516e
Merge pull request #62 from jwtk/coverage_report
...
Add Coveralls coverage report badge to README page
2015-11-04 21:34:27 -08:00
Micah Silverman
7843179ad5
Improve coverage on compact by exercising JsonProcessingException.
2015-10-27 23:29:06 -04:00
Micah Silverman
4773224c74
Added code to build coverage report to .travis.yml
2015-10-27 22:15:48 -04:00
Micah Silverman
1d9fd734c9
Added coveralls maven plugin.
2015-10-27 22:15:48 -04:00
Micah Silverman
687fe6a737
Added coveralls coverage report.
2015-10-27 21:55:52 -04:00
Les Hazlewood
44b652777b
[maven-release-plugin] prepare for next development iteration
2015-10-14 13:50:34 -07:00
Les Hazlewood
8b3f6ab496
[maven-release-plugin] prepare release 0.6.0
2015-10-14 13:50:30 -07:00
Les Hazlewood
98970a7e19
Changed version references from 0.5.2 to 0.6.0 (no 0.5.2 release yet).
2015-10-12 16:23:21 -07:00
Les Hazlewood
a4f4da767b
Update README.md
...
Updated version references to reflect concrete version number per the release
2015-10-12 16:22:44 -07:00
Les Hazlewood
267bc09f6a
Changing the version from 0.5.2-SNAPSHOT to 0.6.0-SNAPSHOT in preparation for release
2015-10-12 16:19:30 -07:00
Les Hazlewood
efe20ee14b
Update README.md
2015-10-12 16:15:06 -07:00
Les Hazlewood
e4e37373b8
Update README.md
2015-10-12 16:12:43 -07:00
Les Hazlewood
1649066038
Update README.md
2015-10-12 16:08:06 -07:00