honeymoose/jjwt
1
0
Fork 0
mirror of https://github.com/jwtk/jjwt.git synced 2025-03-01 18:19:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
275 Commits 16 Branches 33 Tags
Commit Graph

275 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Collis
c5ae6f53f1 Fix ES512 description typo in README 2016-07-21 15:30:36 -04:00
brentstormpath
ab76c850db Readme Update 2016-07-12 17:24:26 -07:00
brentstormpath
007b82c6ad Merge pull request #1 from jwtk/master 
Merge Updates from Upstream Master
 2016-07-12 17:19:12 -07:00
Les Hazlewood
3bd425a63d updated coveralls logo 2016-07-04 12:16:16 -07:00
Les Hazlewood
e55ea34e95 Merge pull request #105 from aarondav/patch-2 
Avoid potentially critical vulnerability in ECDSA signature validation
 2016-07-04 11:56:48 -07:00
Les Hazlewood
8e6e165c1d Merge pull request #141 from jwtk/coveralls_jacoco 
updated to jacoco as only jacoco supports java 8
 2016-07-04 11:52:20 -07:00
Les Hazlewood
07534487d3 Merge pull request #132 from alexanderkjall/patch-1 
javadoc typo
 2016-07-04 11:51:28 -07:00
Micah Silverman
82f4b0a696 updated to jacoco as only jacoco supports java 8 per: https://github.com/trautonen/coveralls-maven-plugin#faq 2016-07-04 01:01:42 -04:00
Les Hazlewood
09c96ce305 Merge pull request #140 from jwtk/readme_update 
Readme update and move Changelog to its own file
 2016-07-03 12:36:53 -07:00
Micah Silverman
7a2808af12 Expanded on intro section. 2016-07-03 12:29:13 -04:00
Micah Silverman
b053834dae Updated README with more examples 2016-07-03 12:29:13 -04:00
Micah Silverman
78cb1707d7 moved older jackson section back into readme 2016-07-03 12:29:13 -04:00
Micah Silverman
0899261074 Separated CHANGELOG from README 2016-07-03 12:29:13 -04:00
Les Hazlewood
ceac032f11 Merge pull request #137 from martintreurnicht/master 
Fixed ECDSA Signing and verification
 2016-06-30 14:11:08 -07:00
Martin Treurnicht
c3e5f95242 Added more descriptive backwards compatibility information 2016-06-30 13:46:07 -07:00
Martin Treurnicht
174e1b13b8 Add back swarm test for 100% coverage 2016-06-28 12:19:54 -07:00
Martin Treurnicht
61510dfca5 Cleanup as per request of https://github.com/lhazlewood 2016-06-28 12:12:40 -07:00
Martin Treurnicht
c60deebb64 Removed java 8 dependencies in test 2016-06-27 16:02:06 -07:00
Martin Treurnicht
a73e0044b8 Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45 2016-06-27 15:43:35 -07:00
Alexander Kjäll
26a14fd3c3 javadoc typo 
Updated the number of bits for the HS512 algorithm in the javadoc comment.
 2016-06-13 14:40:35 +02:00
Brian Matzon
f08386c63b formatting 2016-06-08 00:20:23 +02:00
Brian Matzon
4be4912cb2 moved Java test into groovy 2016-06-06 23:43:52 +02:00
Brian Matzon
39ee58a511 implement hashCode and equals in JwtMap 2016-04-27 12:15:36 +02:00
Les Hazlewood
29f980c5c9 coverage improvements. Removed unnecessary line from DefaultClaims 2016-04-17 14:26:28 -07:00
Les Hazlewood
e392524919 cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change 
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change

113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
 2016-04-17 13:51:30 -07:00
Les Hazlewood
3dfae9a31d 109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling. 2016-04-01 18:26:59 -07:00
Les Hazlewood
9e1ee67582 Clock time source for parsing 
Clock source
 2016-04-01 18:23:47 -07:00
Les Hazlewood
72e0e3b23c 109: enabled injection of a time source - a 'Clock' 2016-04-01 18:15:37 -07:00
Les Hazlewood
13d2e8370a Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master 2016-04-01 17:42:32 -07:00
Aaron Davidson
707f7bc046 Change assert to require hmac 2016-03-26 12:17:26 -07:00
Aaron Davidson
5385e0d7d3 Avoid potentially critical vulnerability in ECDSA signature validation 
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.

As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.

cc @thomaso-mirodin
 2016-03-19 22:40:44 -07:00
Les Hazlewood
0534120f9c Merge pull request #104 from brentstormpath/master 
Update Readme
 2016-03-16 17:43:36 -07:00
brentstormpath
42f89d283c Moving change log notes back into readme 2016-03-16 17:30:58 -07:00
brentstormpath
7201704e94 Fixing a link and moving the author section down 2016-03-15 16:16:18 -07:00
Les Hazlewood
7686d43366 Merge pull request #102 from jwtk/101-update-jackson 
Upgraded Jackson to 2.7.0
 2016-03-08 19:42:33 -08:00
Les Hazlewood
1cb8568664 upgraded Jackson to 2.7.0 2016-03-08 19:38:00 -08:00
Les Hazlewood
d747f09662 Merge pull request #99 from jwtk/95-osgi 
Enabled OSGi bundle
 2016-03-08 19:35:31 -08:00
Les Hazlewood
76b1263b05 Merge branch 'master' into 95-osgi 2016-03-08 19:24:04 -08:00
Les Hazlewood
a5fe1b961b Merge pull request #98 from jwtk/97-openjdk7 
Removed openjdk7 from travis build.
 2016-03-08 19:17:37 -08:00
Les Hazlewood
cbf9ff4e64 97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway 2016-03-08 19:10:25 -08:00
Dave LeBlanc
312763a00b Made the android dep optional in OSGi 
Changed the packaging type to bundle - required
by the bundle plugin.

Upgraded to the latest version of the maven
bundle plugin.
 2016-02-26 19:08:01 -08:00
brentstormpath
f1fe04d70c Fixing a broken link in the readme 2016-02-23 17:48:04 -08:00
brentstormpath
5613d222ce Updating the JJWT readme to break out the changelog into a dedicated file and add useful links 2016-02-23 17:41:48 -08:00
Mitchell Morris
a20c92c095 create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior 2016-02-23 19:30:20 -06:00
brentstormpath
1d525e94c6 Merge remote-tracking branch 'upstream/master' 2016-02-23 16:38:12 -08:00
Mitchell Morris
83054a755d allow the injection of a time source 2016-02-23 14:43:32 -06:00
Les Hazlewood
638d84963f Updated spec links to final RFC documents 2015-12-11 09:48:50 -08:00
Les Hazlewood
d1058b0933 Merge pull request #69 from jwtk/ISSUE-68 
Issue 68
 2015-11-21 15:23:44 -08:00
Les Hazlewood
3595423576 #68: ensured branch code coverage 2015-11-21 15:16:42 -08:00
Les Hazlewood
4020dfc1d5 Ensures RSA Signatures can work on Android 23 2015-11-21 15:00:23 -08:00