Commit Graph

47 Commits

Author SHA1 Message Date
Les Hazlewood 23743f5a59 [maven-release-plugin] prepare for next development iteration 2020-02-05 12:29:05 -08:00
Les Hazlewood 3cd48fade7 [maven-release-plugin] prepare release 0.11.0 2020-02-05 12:28:58 -08:00
Les Hazlewood c38f4af239
Ensured DeflateCompressionCodec could fallback to <= 0.10.6 implementation if encountering an IOException. This allows compressed JWTs created before 0.10.7 to still work. Fixes #536 (#556) (#557) 2020-02-04 14:29:16 -08:00
Les Hazlewood 950e6fbcc7
cherry-pick 4821395c06b0786e19b1a3153be65f39a2a524d9: Ensured SignatureAlgorithm `PS256`, `PS384`, and `PS512` worked properly on JDK 11 and later without requiring BouncyCastle. (#555) 2020-02-04 00:10:39 -08:00
Brian Demers 2fd3f06b7b
Update SignatureValidator to use MessageDigest (#548) 2020-01-27 14:20:21 -05:00
Micah Silverman dacdb2ce25
relocated Service.java to impl module (along with tests). (#529) 2019-10-27 17:13:49 -04:00
Brian Demers 7037d64d24 Reduce scope of Service Loader work to CompressionCodecs and JsonSerializers
Fixes: #458
2019-10-23 09:14:08 -07:00
Jaap Coomans ef32a1386d Use ServiceLoader instead of reflection to resolve implementation classes.
By using ServiceLoader the hardcoded dependency of implementation classes becomes obsolete, so that the API will be truly independent from the implementation. Also this approach paves the way for migration to JPMS modules, as these also leverage the ServiceLoader API.

Use ServiceLoader instead of reflection to resolve CompressionCodec implementation classes.

Isolate key- and key-pair generators and use ServiceLoader instead of reflection to invert dependencies.

Move FactoryLoader logic to Services class and improve package layout.

Resolve Deserializer using the ServiceLoader instead of reflection and hardcoded reference.

Resolve Serializer using the ServiceLoader instead of reflection and hardcoded reference.
2019-10-23 09:13:58 -07:00
Brian Demers ebdb4426f6
Update version to 0.11.0-SNAPSHOT (#506)
via: `mvn versions:set -DnewVersion=0.11.0-SNAPSHOT -DgenerateBackupPoms=false`
2019-10-03 12:09:48 -04:00
Brian Demers 7eb9c514b0
Fixes test error caused by groovy type coercion (#509)
* Fixes test error caused by groovy type coercion

A long was being treated as a float

* Fixes test error caused by groovy type coercion

A long was being treated as a float
2019-10-03 12:09:23 -04:00
Brian Demers 94d151129d
Add JwtParserBuilder as the preferred way to create a JwtParser instance (#486)
- Added new JwtParserBuilder
- Copied mutator methods from JwtParser into new JwtParserBuilder
- Marked said methods as deprecated in JwtParser
- Copied JwtParserTest and JwtsTest to Deprecated*, as to retain coverage on methods that will be removed in 1.0
- Added ImmutableJwtParser
  This is a stop gap until 1.0, all of the mutable methods will now throw a IllegalStateException.
  NOTE: this only comes into place when using the new Jwts.parserBuilder(), Jwts.parser() is unchanged.

Fixes: #473
2019-10-01 12:03:20 -04:00
Brian Demers 7090bf39c3
Add support for custom type deserialization with Jackson (#495)
- Adds new constructor JacksonDeserializer(Map<String, Class> claimTypeMap), which will enable later calls Claims.get("key", CustomType.class) to work as expectd
 - Adds new Maps utility class to make map creation fluent

Fixes: #369
2019-09-30 17:24:57 -04:00
Brian Demers 6e74be0b8d
Fix split package issue in extensions/jackson and extensions/orgjson (#488)
* Fix split package issue in extensions/jackson and extensions/orgjson

This moves the implementation specific classes:
- `io.jsonwebtoken.io.Jackson*` to `io.jsonwebtoken.jackson.io.Jackson*`
- `io.jsonwebtoken.io.OrgJson*` to `io.jsonwebtoken.orgjson.io.OrgJson*`

* Add Backwards Compatibility Warning to CHANGELOG
* Add `jjwt-jackson:deprecated` and `jjwt-orgjson:deprecated` modules to retain backward-compatible versions of the Jackson and OrgJson Serializers (this is built with the shade plugin and binary compatibility validated with japicmp)

Fixes: #399
2019-09-27 17:11:19 -04:00
Brian Demers 5339faf87f
Add license-maven-plugin to mange headers
and apply missing headers

usage:
# validate license headers exist
mvn license:check

# apply headers (to files without headers)
mvn license:format
2019-09-17 16:19:07 -04:00
Les Hazlewood ff8a6bfe58
Merge pull request #414 from patton73/master
Added Gson serialization/deserialization Extension
2019-07-17 22:13:58 -04:00
patton73 73f7f9915b Fixes for reviews. Hope i did not forget something. 2019-07-17 22:51:18 +02:00
patton73 2bb8e4d02e Fixes for reviews. Hope i did not forget something. 2019-07-17 22:46:18 +02:00
Andrea Paternesi e3a172b93d Fix to pom file. 2019-07-16 16:41:58 +02:00
Andrea Paternesi 222032a208 Final fix. Typo fixes. And test coverage. 2019-07-16 16:36:12 +02:00
Andrea Paternesi 134f25b536 Fix locator paths and added tests. 2019-07-16 16:19:13 +02:00
patton73 fd52e0ffc2 Merge remote-tracking branch 'upstream/master' 2019-07-15 20:51:57 +02:00
Paul Polishchuk dd638c2b3a JwtBuilder.setClaims() now accepts `Map<String, ?> claims`
This would allow to pass `Map<String,String>`
2019-07-15 10:46:02 +03:00
Les Hazlewood caa7b0e942 [maven-release-plugin] prepare for next development iteration 2019-07-11 20:12:25 -04:00
Les Hazlewood b292b891ca [maven-release-plugin] prepare release 0.10.7 2019-07-11 20:12:20 -04:00
patton73 9bf487f0b7 Updated RuntimeClasspath Serializer/Deserializer 2019-06-21 19:55:05 +02:00
Les Hazlewood af72fabbf3 Refactored DeflateCompressionCodec to eliminate memory leak. Refactored GzipCompressionCodec and AbstractCompressionCodec to utilize consistent logic across compression algorithms. Resolves #392. 2019-03-10 12:01:37 -04:00
Francois JACQUES 1b5b89304a Fixes #397 : avoid dependency side effect to affect choice of json serializer/deserializer. 2019-03-10 11:59:31 -04:00
Les Hazlewood 70e6845b82 Ensure version is 0.10.7-SNAPSHOT to prep for the next release. 2019-03-10 11:59:31 -04:00
Micah Silverman af73a02786 [maven-release-plugin] prepare for next development iteration 2019-02-25 13:33:47 -05:00
Micah Silverman d29d6da989 [maven-release-plugin] prepare release jjwt-root-0.10.6 2019-02-25 13:33:39 -05:00
Les Hazlewood bcfc0655e4 [maven-release-plugin] prepare for next development iteration 2018-08-13 20:28:38 -04:00
Les Hazlewood 2ceae3bc37 [maven-release-plugin] prepare release 0.10.3 2018-08-13 20:28:32 -04:00
Les Hazlewood 85d8920d79 Ensured symmetric logic between the Keys and SignatureAlgorithm helper methods for hmac key lengths.
Updated Android dependencies and ProGuard exclusion definitions
Updating docs to reflect 0.10.3 release
Resolves #381, #382
2018-08-13 20:26:14 -04:00
Les Hazlewood d7071faeae [maven-release-plugin] prepare release 0.10.2 2018-08-07 13:43:48 -04:00
Les Hazlewood f19c34a763 Ensured JJWT's org.json use is compatible with Android's org.json API as defined in https://developer.android.com/reference/org/json/package-summary. Resolves #380. 2018-08-07 13:32:20 -04:00
Les Hazlewood 5e5f29d8b1 [maven-release-plugin] prepare release 0.10.1 2018-08-02 17:30:09 -04:00
Les Hazlewood 7f662627cc Ensured BouncyCastle was optional. Also ensured EllipticCurve algorithms could be used without BouncyCastle since the JDK supports EC by default. Moved RuntimeEnvironment.enableBouncyCastleIfPossible() call out of SignatureAlgorithm into RsaProvider since BC is only necessary for RSASSA-PSS algorithms (PS256, PS384, PS512) and nothing else in JJWT's codebase.
Resolves #372
2018-08-02 16:59:59 -04:00
Les Hazlewood b58e1b6dc5 [maven-release-plugin] prepare for next development iteration 2018-08-01 18:10:41 -04:00
Les Hazlewood 6b980553cf [maven-release-plugin] prepare release 0.10.0 2018-08-01 18:10:34 -04:00
Les Hazlewood 17af933665 [maven-release-plugin] rollback the release of 0.10.0 2018-08-01 18:02:51 -04:00
Les Hazlewood 9cfd861250 [maven-release-plugin] prepare for next development iteration 2018-08-01 18:00:33 -04:00
Les Hazlewood cd62ed1bbf [maven-release-plugin] prepare release 0.10.0 2018-08-01 18:00:27 -04:00
Les Hazlewood a669cad29b - Added JwtBuilder#signWith(Key) with tests and refactoring. Deprecated additional signWith methods that can lead to confusion.
- Made some tests more deterministic with mocks instead of relying on Random number generator - BigInteger values were non-deterministic because of a random leading sign bit being there (or not) during test runs.

Resolves #366
2018-07-27 23:57:22 -04:00
Les Hazlewood 9189253668 334: key strength assertions and signature validation. Resolves #334 2018-07-27 15:17:01 -04:00
Les Hazlewood 9d244b9fca Added new io.jsonwebtoken.crypto.Keys utility class for generating SecretKeys and KeyPairs. Resolves #350 2018-07-24 22:55:02 -04:00
Les Hazlewood d330f2d4cc Updated Claims implementation as well as put/putAll to better handle specification dates. 2018-07-23 17:08:00 -04:00
Les Hazlewood 439c027c2e 348: Reorganize into a multi-module project. Includes test enhancements and code reorganization 2018-07-20 12:18:40 -04:00