Closes#938.
* Fix compression being omitted for JWEs with arbitrary content
The JWE content was compressed only when claims was used as payload, but
when using arbitrary content, the compression was omitted, while keeping
the "zip" header field, leading to decompression failing.
* Refactor duplicate payload -> input stream logic from sign()/encrypt()
* Preserve the content name
* Fix name for JWE payload
* Extended the pre-existing check for SUN PKCS11 generic secret to allow `SecretKey`s with `getAlgorithm()` names starting with `Generic` (e.g. `GenericSecret` and `Generic Secret`) as valid keys for `HmacSHA*` algorithm name checks in `DefaultMacAlgorithm`. This matches at least with the Sun PKCS11 and AWS CloudHSM JCE providers, but likely others as well.
* Ensured `NestedCollection`s do not need their `.and()` method called to apply collection changes. Instead, changes are applied immediately as they occur (via `.add`, `.remove`, etc), and `.and()` is now purely for returning to the parent builder if necessary/desired.
* Updated associated JavaDoc with code examples to make the `.and()` method's purpose a little clearer.
* Updated CHANGELOG.md
Closes#916
Released 0.12.4, with the following additional changes:
- Added 0.12.4 release version references
- Added CI 'workflow_dispatch' event trigger
- Changed git url from ssh to https
Ensured there is an upper bound (maximum) iterations enforced for PBES2 decryption to help mitigate potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!
- Ensured Secret JWK 'k' byte arrays for HMAC-SHA algorithms can be larger than the identified HS* algorithm. This is allowed per https://datatracker.ietf.org/doc/html/rfc7518#section-3.2: "A key of the same size as the hash output ... _or larger_ MUST be used with this algorithm"
- Ensured that, when using the JwkBuilder, Secret JWK 'alg' values would automatically be set to 'HS256', 'HS384', or 'HS512' if the specified Java SecretKey algorithm name equals a JCA standard name (HmacSHA256, HmacSHA384, etc) or JCA standard HMAC-SHA OID.
- Updated CHANGELOG.md accordingly.
Fixes#905
Blend of pre-0.11.0 behavior that cached implementation instances and post-0.11.0 behavior using the JDK ServiceLoader to find/create instances of an SPI interface. This change:
- Reinstates the <= 0.10.x behavior of caching application singleton service implementation instances in a thread-safe reference (previously an AtomicReference, but in this change, a ConcurrentMap). If an app singleton instance is cached and found, it is returned to be (re)used immediately when requested. This is ok for JJWT's purposes because all service implementations instances must be thread-safe application singletons by API contract/design, so caching them for repeated use is fine.
- Ensures that only if a service implementation instance is not in the app singleton cache, a new instance is located/created using a new JDK ServiceLoader instance, which doesn't require thread-safe considerations since it is used only in a single-threaded model for the short time it is used to discover a service implementation. This PR/change removes the post-0.11.0 concurrent cache of ServiceLoader instances since they themselves are not designed to be thread-safe.
- Ensures that if a ServiceLoader discovers an implementation and returns a new instance, that instance is then cached as an application singleton in the aforementioned ConcurrentMap for continued reuse.
- Renames Services#loadFirst to Services#get to more accurately reflect calling expectations: The fact that any 'loading' via the ServiceLoader may occur is not important for Services callers, and the previous method name was unnecessarily exposing internal implementation concepts. This is safe to do in a point release (0.12.3 -> 0.12.4) because the Services class and its methods, while public, are in the `impl` module, only to be used internally for JJWT's purpose and never intended to be used by application developers.
- Updates all test methods to use the renamed method accordingly.
Fixes#873
* Version reference changes in preparation for the 0.12.3 release (#863)
* [maven-release-plugin] prepare release 0.12.3
* [maven-release-plugin] prepare for next development iteration
* Closes#854.
- Replaced `ByteArrayInputStream` reflection with new `BytesInputStream` implementation. The reflection is what required `--add-opens java.base/java.io=jjwt.api` on JDK 17+.
- Refactored `KeysBridge` to perform our own key length logic instead of delegating to `sun.security.util.KeyUtil`. The reflection is what required `--add-opens java.base/sun.security.util=jjwt.api` on JDK 17+
- Removed `AddOpens.java` due to above refactoring (no longer needed).
- Returned a test-only `--add-opens` for `sun.security.util` for 3 test cases (added to `test.addOpens` maven property)
- enabled reflective access to `java.io.ByteArrayInputStream` and `sun.misc.security.KeyUtil` on JDK 17+
- Minor refactor to ServicesTest to avoid the need for PowerMock
* replaced JJWT_RELEASE_VERSION placeholders with 0.12.0
* [maven-release-plugin] prepare release 0.12.0
* [maven-release-plugin] prepare for next development iteration
* Closes#834
- Deprecated JwtParser parseContentJwt, parseClaimsJwt, parseContentJws and parseClaimsJws in favor of parseUnprotectedContent, parseUnprotectedClaims, parseSignedContent, and parseSignedClaims
- Renamed the not-yet-released JwtParser parseContentJwe and parseClaimsJwe to parseEncryptedContent and parseEncryptedClaims
- Renamed the not-yet-released JwtParser overloaded unencoded payload parseContentJws and parseClaimsJws methods to parseSignedContent and parseSignedClaims
- Deprecated JwtHandler and JwtHandlerAdapter in favor of JwtVisitor and SupportedJwtVisitor
Closes#328
- Ensured Parser worked with CharSequence, InputStream and Reader, not just String
- Changed Deserializer#deserialize(InputStream) to deserialize(Reader)
- JwtParser now extends from Parser to support these additional methods.
- Changed remaining JwtParser.parse* methods to accept CharSequence arguments instead of String args.
- Renamed X509Mutator#x509CertificateSha1Thumbprint to x509Sha1Thumbprint
- Renamed X509Mutator#x509CertificateSha256Thumbprint to x509Sha256Thumbprint
- Renamed X509Builder#withX509Sha1Thumbprint to x509Sha1Thumbprint
- Renamed X509Builder#withX509Sha256Thumbprint to x509Sha256Thumbprint
- Renamed X509Builder#x509CertificateChain to x509Chain
- Renamed X509Accessor#getX509CertificateChain to getX509Chain
- Renamed X509Accessor#getX509CertificateSha1Thumbprint getX509Sha1Thumbprint
- Renamed X509Accessor#getX509CertificateSha256Thumbprint to getX509Sha256Thumbprint
- Renamed JwtParserBuilder#enableUnsecured() to unsecured()
- Renamed JwtParserBuilder#enableUnsecuredDecompression() to unsecuredDecompression()
- Renamed KeyOperationPolicyBuilder#allowUnrelated(boolean) to unrelated() (removed boolean argument also to be consistent with JwtParserBuilder#unsecured())
Closes#837
Replaced raw `String` and `byte[]` usages with `CharSequence`, `InputStream`/`OutputStream` and `CharBuffer`/`ByteBuffer` concepts where possible to eliminate unnecessary creation of intermediate byte arrays and/or temporary Strings.
-----
- Changed TokenizedJwt and TokenizedJwe interfaces and implementations to return CharSequences instead of Strings to avoid creating new Strings on the heap
- Changed internal Base64 implementation to work with a CharSequence instead of a raw char[] to reduce need to create new arrays on the heap
- Changed Base64Decoder generics signature from Decoder<String,byte[]> to Decoder<CharSequence,byte[]>
- Decoders.BASE64 and Decoders.BASE64URL now reflect Decoder<CharSequence,byte[]>
- Changed Strings#utf8 implementation to accept a CharSequence instead of a String
- Added new Strings#wrap to wrap a CharSequence into a CharBuffer if necessary
- Renamed not-yet-released JwtBuilder#serializer method with JwtBuilder#json
- Renamed not-yet-released JwtParserBuilder#deserializer method with JwtParserBuilder#json
-----
- Moved JwtDeserializer from io.jsonwebtoken.impl to io.jsonwebtoken.impl.io package, created two new subclass implementations for use with Jwks and JwkSets
- Renamed JwtDeserializer to JsonObjectDeserializer that defaults to throwing MalformedJwtException. Added two subclasses, JwkDeserializer and JwkSetDeserializer that throws JWK and JWK Set-specific exceptions.
-----
Changed ParserBuilder#deserializer method name to ParserBuilder#jsonReader
-----
Removed all usages of Serializer#serialize and Deserializer#deserialize except for deprecated implementations. All other usages now use InputStream/OutputStream concepts
-----
Added Jwks#json and Jwks#UNSAFE_JSON for assistance in serializing JWKs to JSON (test cases, README examples, etc)
-----
- Ensured Encoder and CompressionAlgorithm supported streams instead of just byte arrays
- Copied over necessary (Apache-licensed) code from Apache commons-codec to obtain Base64OutputStream and Base64InputStream capability for efficient encoding during compact JWT creation. Hopefully this is temporary and we can strip out most if not all of this and modify our existing Base64.java class for simpler support since we have many less use cases than what commons-codec supports. All implementations are now in the `impl` module only.
-----
Converted all DigestAlgorithms to utilize an InputStream for data instead of byte[]
-----
- Added JwtBuilder InputStream payload support: added JwtBuilder#content(InputStream), JwtBuilder#content(InputStream, String contentType), JwtBuilder#content(String, String contentType)
- Added CountingInputStream as a way to check and assert that b64/unencoded payload InputStreams cannot be empty.
------
Renamed Encoder/Decoder and CompressionAlgorithm 'wrap' methods to encode/decode/compress/decompress for better readability and to make clearer the intent of the method. Also to avoid name/text/search collisions with 'wrap' references.
-----
Renamed new JwtBuilder#encoder and JwtParserBuilder#decoder methods to JwtBuilder#b64Url and JwtParserBuilder#b64Url for shorter method chains
-----
- Updated AeadAlgorithm and its AeadRequest/AeadResult concepts to utilize Input/Output Streams
- Renamed InitializationVectorSupplier to IvSupplier (was verbose, and it's a new interface, and it's not commonly referenced in the API, so the extra verbosity isn't needed)
The first ServiceLoaders found when looking up a class will be cached. This cache can be reset by calling `Services.reload()`, to help
facilitate testing or instances where a classpaths are dynamically changed at runtime.
Fixes: #752
Closes#515
[RFC 7797)(https://www.rfc-editor.org/rfc/rfc7797.html) support.
JwsHeader:
- Added new JwtHeader#isPayloadEncoded() to check for `b64` in crit values and as parameter value.
JwtBuilder:
- Added new #content(String) method for non-detached unencoded payloads
- Added new #encodePayload(boolean) method to disable payload Base64URL-encoding
JwtParserBuilder:
- Added new #critical(String) convenience method to append to the crit set
JwtParser:
- Added new #parseContentJws(String, byte[]) method to allow supplying detached payloads for signature verification at parse time
- Added new #parseClaimsJws(String, byte[]) method to allow supplying detached serialized JSON claims for signature verification at parse time
- Added all backing implementations and test cases to 100% coverage
- Added RFC7797Test class for bulk of this RFC's tests so they don't get 'lost' in the already-too-large JwtsTest class
- README.md documentation added in JWS section
- CHANGELOG.md updated
* Changed usages of UnsupportedKeyException to only those where a given key is actually not understood. Cases where the key is not valid for the current use case was changed to throw InvalidKeyException instead to better indicate validation failure.
* Changed superclass of UnsupportedKeyException to KeyException instead of InvalidKeyException (unsupported means 'I don't know what this key is', whereas InvalidKeyExceptions mean 'the key failed validation'). An unsupported key is not necessarily invalid, it just means we don't know how to handle it.
* Adjusted JWK .equals implementations to only account for kty value and material fields (two JWKs are equal if their type and key material are equal, regardless of other public parameters and/or custom name/value pairs).
* Adjusted JWK .hashCode implementation to pre-cache its value based on JwkThumpbrint fields since JWKs are immutable
* Ensured `aud` claim is an array by default, but allows a single string value on creation for recipients that do not understand array values:
- ClaimsMutator#audience(String) now appends to the `aud` set, and may be called multiple times
- Added new ClaimsMutator#audience(Collection) method for setting/full replacement
- Added new ClaimsMutator#audienceSingle for setting/full replacement of single string value
- Marked ClaimsMutator#audienceSingle as Deprecated (even though it's not!) to discourage its use when possible.
* Added new KeyOperation and KeyOperationBuilder concepts
Changed Jwk#getOperations and JwkBuilder#operations from methods that accepted and returned Strings to use new KeyOperation instances
Added Jwks.OP#builder() method to create a KeyOperationBuilder
* Changed Jwks.OP#WRAP to WRAP_KEY and UNWRAP to UNWRAP_KEY to match RFC names
* Added new KeyOperationPolicy and KeyOperationPolicyBuilder concepts
Added Jwks.OP#policy() builder method to create a KeyOperationPolicyBuilder
Added JwkBuilder#operationPolicy and JwkParserBuilder#operationPolicy methods for configuring custom KeyOperationPolicy instances during JWK building and parsing, respectively.
* Added regression tests for #365
* Removed default doDigest implementation from AbstractSecureDigestAlgorithm and put it in DefaultMacAlgorithm (where it should have been) since SignatureAlgorithms override it already
* Enabled key-specific Provider support during JwtParser execution. Usage patterns and documentation updated inn JwtParserBuilder#keyLocator and README.md.
* Updated Table of Contents with link to Key Locator key-specific Provider section
* Added Pkcs11Test test case that ensures explicit .provider calls for all JWS and JWE operations are not needed when the PKCS11 provider is installed in the JVM via Security.addProvider
* Removed unnecessary CryptoAlgorithm#nonPkcs11Provider method
* Ensured RSA key validation implementation is consistent with name/available-length validation checks in other SecureDigestAlgorithm implementations
* Added impl/src/main/resources/io/jsonwebtoken/impl/security/genkeys script for reuse/simplicity and help in CI
* Updated tests reflecting updated test key material from genkeys script
* Fixed license headers for newly generated test key files
* Removed conditional check for X448 and X25519 certificate/chains now that we have signed certs for those test key files
* Added new impl/src/test/scripts/softhsm script with `configure` and `import` subcommands for working with SoftHSMv2, used locally and in CI
* Enabling PKCS11 keystore interaction on macos and linux (CI) via Pkcs11Test
* Added new AbstractCurve#contains method and leveraged that to clean up code considerably in EcdhKeyAlgorithm.java
* Updated softhsm script to ensure EC key import used the pkcs11-tool `--usage-derive` flag to allow testing PKCS11 keys with ECDH-ES key algorithms
* Renamed CryptoAlgorithm#generateKey to #generateCek to be more explicit in its purpose.
* Introduced new CryptoAlgorithm#nonPkcs11Provider to ensure PKCS11 provider won't be used when key material is required (i.e. for ephemeral key(pair) KeyAlgorithms).
* Ensured CryptoAlgorithm#generateCek ignored applying a PKCS11 provider since required key material wouldn't be available otherwise.
* Ensured DefaultJwtBuilder and DefaultJwtParser would use the provider for the KeyAlgorithm, but not for the AeadAlgorithm (unless using direct encryption)
* Consolidated unsigned byte array length calculation for non-negative integers (used in a few places) to a new Bytes#uintLength method. Refactored other classes to use this new method to eliminate code duplication
* Added tests for JWS MAC algorithms (HS256, HS384, HS512) with PKCS11 secret keys
* Explicitly prevented Password instances in DefaultMacAlgorithm
* Fixed the EdwardsCurve#keyBitLength implementation to accurately reflect RFC key sizes and not encoded byte array sizes.
* OptionalMethodInvoker now supports static invocations in addition to the existing instance invocation support.
- Changed EC point multiplication montgomery ladder iteration to be a little faster (still has fixed number of operations of course)
- Moved Weierstrass calc/utility methods to ECCurve instead of AbstractEcJwkFactory
- Removed unnecessary Curves.java since StandardCurves is the preferred implementation
- Renamed CurvesTest to StandardCurvesTest
* Consolidating BouncyCastle lookup/fallback behavior to JcaTemplate to avoid complexity in Algorithm implementations
* Added JcaTemplate generateX509Certificate helper method to enable BC-fallback behavior if necessary
* Further reduced code dependencies on Providers class. Now only used by JcaTemplate, JcaTemplateTest and ProvidersTest
* Removed Condition and Conditions concepts - no longer needed now that Providers.java no longer requires conditional loading
* Made Curve concept part of the public API for key generation, and added Jwks.CRV utility class to reference standard curves
- Ensured PS256, PS384, and PS512 pem-encoded test key files accurately represented the rsassa-pss algorithmId (OID) with appropriate hash/mgf1 properties.
- Removed Jwts.SIG#Ed25519 and Jwts.SIG#Ed448 since they were only there for key generation and those keys can now be generated via the Jwks.CRV#Ed25519 and Jwks.CRV#Ed448 references.
- Consolidated duplicate use/key_ops logic for checking sig/sign/verify between SecretJwkFactory and RsaPrivateJwkFactory into JwkContext.isSigUse()
- Ensured if JwkContext.isSigUse() is true, and a JWK (from values only) is RSA and RSASSA-PSS is available (JDK 11+ or BC enabled), that the JWK's generated RSAPublicKey and RSAPrivateKey use the RSASSA-PSS algorithm instead of just RSA.
- Enforced that RSASSA-PSS keys cannot be used for encryption in the RSA KeyAlgorithm implementation (would be a security risk otherwise).
- Enforced that RSA encryption keys cannot be used to create RSASSA-PSS digital signatures (but can verify them) ala the "robustness principle" (to reduce security exposure).
- Ensured README.md and JavaReadmeTest reflected Jwks.CRV usage for keypair generation.
* Added TestCertificates workaround for https://bugs.openjdk.org/browse/JDK-8242556
* Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556
* Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556
* Reverted to former RsaSignatureAlgorithm logic for PSS key validation (no prevention of rsaEncryption keys with PSS) as RFC 7520 test vectors show using a standard RSA key to compute a PSS signature in https://www.rfc-editor.org/rfc/rfc7520.html#section-4.2.1
* Ensured Jwk tests that used RSASSA-PSS keys (from openssl files) used the BC provider since RSASSA-PSS isn't available natively before JDK 11
* Restored TestCertificates logic needed to address JDK 11 bug during tests https://bugs.openjdk.org/browse/JDK-8213363 (fixed in JDK 12+)
- Renamed Keys.forPassword to slightly cleaner/less verbose Keys.password
- Ensured ClaimsMutator extends MapMutator
- Ensured JwtBuilder verifyWith is overloaded and accepts only SecretKey and PublicKey instances
- Ensured JwtBuilder decryptWith is overloaded and accepts only SecretKey and PrivateKey instances
- Renamed JwtParserBuilder#enableUnsecuredJwts() to enableUnsecured() since any JWT or JWS without a header (or with an alg of none) are both considered 'unsecured', so the suffix was removed to avoid confusion.
- Renamed MapMutator `set` methods to `add` methods to avoid Java setter full replacement idiom confusion (as opposed to add/append)
- Removed MapMutator superinterface from ClaimsBuilder. Generic map mutation methods on the JwtBuilder are a little confusing.
- Added JwtBuilder#claims() method that returns a Claims mutator with an and() method to get back to the JwtBuilder
- Added a convenience JwtBuilder#claims(Map) method (modern builder-style name)
- Added a new JwtBuilder#encoder to eventually replace the now-deprecated JwtBuilder#base64UrlEncodeWith method
- Added a new JwtBuilder#serializer to eventually replace the now-deprecated JwtBuilder#serializeToJsonWith method
- Renamed JwtParserBuilder#base64UrlDecoder to just JwtParserBuilder#decoder
- Renamed JwtParserBuilder#jsonDeserializer to just JwtParserBuilder#deserializer
- Lots of README.md updates to reflect builder api name changes
- Renamed KeyBuilderSupplier#keyBuilder() to less verbose KeyBuilderSupplier#key()
- Renamed KeyPairBuilderSupplier#keyPairBuilder() to less verbose KeyPairBuilderSupplier#keyPair()
- Renamed ProtoJwkBuilder to DynamicJwkBuilder
- Renamed JwtBuilder.Header to JwtBuilder.BuilderHeader to avoid naming/import conflict with io.jsonwebtoken.Header
- Renamed JwtBuilder.Claims to JwtBuilder.BuilderClaims to avoid naming/import conflict with io.jsonwebtoken.Claims
- removed DynamicJwkBuilder chain methods with array arguments
- added generic DynamicJwkBuilder#keyPair(KeyPair) method
- added generic DynamicJwkBuilder#chain method
- Reintroduced deprecated Header mutation methods for a slightly easier transition to 0.12.0, will remove in next release
- Deprecated public String constants in Header.java and JwsHeader.java
- Documentation, JavaDoc and code example changes/formatting fixes and enhancements
Les Hazlewood
Mikko Nylén
Brian Demers