Les Hazlewood
07534487d3
Merge pull request #132 from alexanderkjall/patch-1
...
javadoc typo
2016-07-04 11:51:28 -07:00
Micah Silverman
82f4b0a696
updated to jacoco as only jacoco supports java 8 per: https://github.com/trautonen/coveralls-maven-plugin#faq
2016-07-04 01:01:42 -04:00
Les Hazlewood
09c96ce305
Merge pull request #140 from jwtk/readme_update
...
Readme update and move Changelog to its own file
2016-07-03 12:36:53 -07:00
Micah Silverman
7a2808af12
Expanded on intro section.
2016-07-03 12:29:13 -04:00
Micah Silverman
b053834dae
Updated README with more examples
2016-07-03 12:29:13 -04:00
Micah Silverman
78cb1707d7
moved older jackson section back into readme
2016-07-03 12:29:13 -04:00
Micah Silverman
0899261074
Separated CHANGELOG from README
2016-07-03 12:29:13 -04:00
Les Hazlewood
ceac032f11
Merge pull request #137 from martintreurnicht/master
...
Fixed ECDSA Signing and verification
2016-06-30 14:11:08 -07:00
Martin Treurnicht
c3e5f95242
Added more descriptive backwards compatibility information
2016-06-30 13:46:07 -07:00
Martin Treurnicht
174e1b13b8
Add back swarm test for 100% coverage
2016-06-28 12:19:54 -07:00
Martin Treurnicht
61510dfca5
Cleanup as per request of https://github.com/lhazlewood
2016-06-28 12:12:40 -07:00
Martin Treurnicht
c60deebb64
Removed java 8 dependencies in test
2016-06-27 16:02:06 -07:00
Martin Treurnicht
a73e0044b8
Fixed ECDSA Signing and verification to use R + S curve points as per spec https://tools.ietf.org/html/rfc7515#page-45
2016-06-27 15:43:35 -07:00
Alexander Kjäll
26a14fd3c3
javadoc typo
...
Updated the number of bits for the HS512 algorithm in the javadoc comment.
2016-06-13 14:40:35 +02:00
Brian Matzon
f08386c63b
formatting
2016-06-08 00:20:23 +02:00
Brian Matzon
4be4912cb2
moved Java test into groovy
2016-06-06 23:43:52 +02:00
Brian Matzon
39ee58a511
implement hashCode and equals in JwtMap
2016-04-27 12:15:36 +02:00
Les Hazlewood
29f980c5c9
coverage improvements. Removed unnecessary line from DefaultClaims
2016-04-17 14:26:28 -07:00
Les Hazlewood
e392524919
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
...
cherry pick from c62d012cf80341747f3f3aa8b43127cde0ab4dce: javadoc cleanup, compression backwards compatibility change
113: increased code coverage threshold for DefaultJwtParser and DefaultJwtBuilder
2016-04-17 13:51:30 -07:00
Les Hazlewood
3dfae9a31d
109: removed implementation coupling from Clock interface. DefaultClock.INSTANCE achieves the same thing without coupling.
2016-04-01 18:26:59 -07:00
Les Hazlewood
9e1ee67582
Clock time source for parsing
...
Clock source
2016-04-01 18:23:47 -07:00
Les Hazlewood
72e0e3b23c
109: enabled injection of a time source - a 'Clock'
2016-04-01 18:15:37 -07:00
Les Hazlewood
13d2e8370a
Merge branch 'master' of https://github.com/Blackbaud-MitchellMorris/jjwt into Blackbaud-MitchellMorris-master
2016-04-01 17:42:32 -07:00
Aaron Davidson
707f7bc046
Change assert to require hmac
2016-03-26 12:17:26 -07:00
Aaron Davidson
5385e0d7d3
Avoid potentially critical vulnerability in ECDSA signature validation
...
Quite possible we're missing something here, so please forgive if so. After seeing [this article](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ ) (see "RSA or HMAC?" section), we did a quick scan through the JJWT implementation to see if it was vulnerable. While it seems like the RSA check should work, no such check seemed to exist for ECDSA signatures.
As a result, it may be possible for users of this library to use `setSigningKey(byte[] key)` while intending to use ECDSA, but have the client alter the algorithm and signature to use HMAC with the public key as the "secret key", allowing the client to inject arbitrary payloads.
cc @thomaso-mirodin
2016-03-19 22:40:44 -07:00
Les Hazlewood
0534120f9c
Merge pull request #104 from brentstormpath/master
...
Update Readme
2016-03-16 17:43:36 -07:00
brentstormpath
42f89d283c
Moving change log notes back into readme
2016-03-16 17:30:58 -07:00
brentstormpath
7201704e94
Fixing a link and moving the author section down
2016-03-15 16:16:18 -07:00
Les Hazlewood
7686d43366
Merge pull request #102 from jwtk/101-update-jackson
...
Upgraded Jackson to 2.7.0
2016-03-08 19:42:33 -08:00
Les Hazlewood
1cb8568664
upgraded Jackson to 2.7.0
2016-03-08 19:38:00 -08:00
Les Hazlewood
d747f09662
Merge pull request #99 from jwtk/95-osgi
...
Enabled OSGi bundle
2016-03-08 19:35:31 -08:00
Les Hazlewood
76b1263b05
Merge branch 'master' into 95-osgi
2016-03-08 19:24:04 -08:00
Les Hazlewood
a5fe1b961b
Merge pull request #98 from jwtk/97-openjdk7
...
Removed openjdk7 from travis build.
2016-03-08 19:17:37 -08:00
Les Hazlewood
cbf9ff4e64
97: removed openjdk7 from travis build. Oracle JDK 7 works fine and JDK 7 is end-of-life anyway
2016-03-08 19:10:25 -08:00
Dave LeBlanc
312763a00b
Made the android dep optional in OSGi
...
Changed the packaging type to bundle - required
by the bundle plugin.
Upgraded to the latest version of the maven
bundle plugin.
2016-02-26 19:08:01 -08:00
brentstormpath
f1fe04d70c
Fixing a broken link in the readme
2016-02-23 17:48:04 -08:00
brentstormpath
5613d222ce
Updating the JJWT readme to break out the changelog into a dedicated file and add useful links
2016-02-23 17:41:48 -08:00
Mitchell Morris
a20c92c095
create a new Interface "Clock" plus implementations of Clock to exhibit desired behavior
2016-02-23 19:30:20 -06:00
brentstormpath
1d525e94c6
Merge remote-tracking branch 'upstream/master'
2016-02-23 16:38:12 -08:00
Mitchell Morris
83054a755d
allow the injection of a time source
2016-02-23 14:43:32 -06:00
Les Hazlewood
638d84963f
Updated spec links to final RFC documents
2015-12-11 09:48:50 -08:00
Les Hazlewood
d1058b0933
Merge pull request #69 from jwtk/ISSUE-68
...
Issue 68
2015-11-21 15:23:44 -08:00
Les Hazlewood
3595423576
#68 : ensured branch code coverage
2015-11-21 15:16:42 -08:00
Les Hazlewood
4020dfc1d5
Ensures RSA Signatures can work on Android 23
2015-11-21 15:00:23 -08:00
Les Hazlewood
b63a67516e
Merge pull request #62 from jwtk/coverage_report
...
Add Coveralls coverage report badge to README page
2015-11-04 21:34:27 -08:00
Micah Silverman
7843179ad5
Improve coverage on compact by exercising JsonProcessingException.
2015-10-27 23:29:06 -04:00
Micah Silverman
4773224c74
Added code to build coverage report to .travis.yml
2015-10-27 22:15:48 -04:00
Micah Silverman
1d9fd734c9
Added coveralls maven plugin.
2015-10-27 22:15:48 -04:00
Micah Silverman
687fe6a737
Added coveralls coverage report.
2015-10-27 21:55:52 -04:00
Les Hazlewood
44b652777b
[maven-release-plugin] prepare for next development iteration
2015-10-14 13:50:34 -07:00