honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 26026d63cd
         Upgrade BC to 1.76 (#810) lhazlewood 2023-09-05 14:29:17 -0700
  • f52b3d7c7e Updated README.md to show BC version 1.76 Les Hazlewood 2023-09-05 14:11:31 -0700
  • cb2cdff16b Upgraded BC to 1.76 Address Pkcs11Test that fails on Mac OS (arm64) with JDK 1.7 (x86_64) Les Hazlewood 2023-09-05 13:54:01 -0700
  • 8e0f740329
         Enabled key-specific Provider support during JwtParser execution. (#809) lhazlewood 2023-09-05 13:08:31 -0700
  • f42c0f6533 Removed unnecessary CryptoAlgorithm#nonPkcs11Provider method Ensured RSA key validation implementation is consistent with name/available-length validation checks in other SecureDigestAlgorithm implementations Les Hazlewood 2023-09-05 12:07:42 -0700
  • 2e43a860a8 Added snyk open-source ratings badges to readme Micah Silverman 2021-11-08 09:13:33 -0500
  • b9ad2d8e21 Added Pkcs11Test test case that ensures explicit .provider calls for all JWS and JWE operations are not needed when the PKCS11 provider is installed in the JVM via Security.addProvider Les Hazlewood 2023-09-05 11:08:17 -0700
  • 780bf30838 README.md documentation updates/fixes/improvements Les Hazlewood 2023-09-05 10:37:23 -0700
  • 403d3f36a1 Added missing license headers Les Hazlewood 2023-09-05 00:02:41 -0700
  • b8c213b7f9 Updated Table of Contents with link to Key Locator key-specific Provider section Les Hazlewood 2023-09-04 21:59:06 -0700
  • 2551bfa07d Enabled key-specific Provider support during JwtParser execution. Usage patterns and documentation updated inn JwtParserBuilder#keyLocator and README.md. Les Hazlewood 2023-09-04 21:53:47 -0700
  • c3ff0bbf12
         Updated README.md to reflect GitHub Discussions support. (#808) lhazlewood 2023-09-03 12:17:18 -0700
  • 202df6f298 Updated README.md to reflect GitHub Discussions support. Les Hazlewood 2023-09-03 11:51:55 -0700
  • 21e243c376
         PKCS11 testing with SoftHSM2 (#805) lhazlewood 2023-09-02 19:53:29 -0700
  • ba609b1bf8 Updated CHANGELOG.md to reflect PCKS11 testing Les Hazlewood 2023-09-02 19:18:53 -0700
  • a2bfddd88c Deleted unused *.pkcs11.cfg files Les Hazlewood 2023-09-02 19:03:14 -0700
  • a5eea43de4 - Added tests for JWS MAC algorithms (HS256, HS384, HS512) with PKCS11 secret keys - Explicitly prevented Password instances in DefaultMacAlgorithm - Fixed the EdwardsCurve#keyBitLength implementation to accurately reflect RFC key sizes and not encoded byte array sizes. - OptionalMethodInvoker now supports static invocations in addition to the existing instance invocation support. Les Hazlewood 2023-09-02 15:32:55 -0700
  • 09d0dab196 - Adjusted test case to ensure deterministic outcomes - Consolidated unsigned byte array length calculation for non-negative integers (used in a few places) to a new Bytes#uintLength method. Refactored other classes to use this new method to eliminate code duplication Les Hazlewood 2023-09-01 19:34:41 -0700
  • 20bfe4a937 - Adjusted test case to ensure deterministic outcomes - Consolidated unsigned byte array length calculation for non-negative integers (used in a few places) to a new Bytes#uintLength method. Refactored other classes to use this new method to eliminate code duplication Les Hazlewood 2023-09-01 18:48:08 -0700
  • 637d76e3fd - Renamed CryptoAlgorithm#generateKey to #generateCek to be more explicit in its purpose. - Introduced new CryptoAlgorithm#nonPkcs11Provider to ensure PKCS11 provider won't be used when required key material is required (i.e. for ephemeral key(pair) KeyAlgorithms). - Ensured CryptoAlgorithm#generateCek ignored applying a PKCS11 provider since required key material wouldn't be available otherwise. - Ensured DefaultJwtBuilder and DefaultJwtParser would use the provider for the KeyAlgorithm, but not for the AeadAlgorithm (unless using direct encryption) Les Hazlewood 2023-09-01 17:14:21 -0700
  • 1a72ba1c20 - Renamed CryptoAlgorithm#generateKey to #generateCek to be more explicit in its purpose. - Introduced new CryptoAlgorithm#nonPkcs11Provider to ensure PKCS11 provider won't be used when required key material is required (i.e. for ephemeral key(pair) KeyAlgorithms). - Ensured CryptoAlgorithm#generateCek ignored applying a PKCS11 provider since required key material wouldn't be available otherwise. Les Hazlewood 2023-09-01 15:33:48 -0700
  • a4d7ae491c - Updated softhsm script to ensure EC key import used the pkcs11-tool `--usage-derive` flag to allow testing PKCS11 keys with ECDH-ES key algorithms Les Hazlewood 2023-09-01 02:18:05 -0700
  • 4afa451189 - renamed Keys#associate to Keys#wrap to be a little clearer on what's happening - Updated README.md to document how to account for ECDH-ES and PKCS11 PrivateKeys Les Hazlewood 2023-08-31 22:24:54 -0700
  • cfc05795ce - renamed Keys#associate to Keys#wrap to be a little clearer on what's happening - Updated README.md to document how to account for ECDH-ES and PKCS11 PrivateKeys Les Hazlewood 2023-08-31 22:23:14 -0700
  • 59bf3c64fb - renamed Keys#associate to Keys#wrap to be a little clearer on what's happening - Updated README.md to document how to account for ECDH-ES and PKCS11 PrivateKeys Les Hazlewood 2023-08-31 22:18:51 -0700
  • 99654569aa - Updated Pkcs11Test to account for nested ProviderExceptions that we can't control across JVM versions w/ SoftHSM Les Hazlewood 2023-08-31 19:37:36 -0700
  • 26f31ce327 - Moved Curve#contains method to AbstractCurve since we don't necessarily want to make that available before ED curve calculations are ready Les Hazlewood 2023-08-31 19:21:43 -0700
  • 8e4eb2bb2a - PKCS11 testing cleanup - Added new Curve#contains method and leveraged that to clean up code considerably in EcdhKeyAlgorithm.java Les Hazlewood 2023-08-31 19:16:34 -0700
  • 0f2e70053d - PKCS11 Certificate access adjustment that should support windows as well Les Hazlewood 2023-08-30 15:51:12 -0700
  • 37fee95e78 - PKCS11 Certificate access adjustment on JVMs that don't support a discovered algorithm Les Hazlewood 2023-08-30 14:40:05 -0700
  • 94aa57658e - PKCS11 Certificate access adjustment on JVMs that don't support a discovered algorithm Les Hazlewood 2023-08-30 13:12:04 -0700
  • 3ab2518f5c - PKCS11 Certificate access adjustment on JVMs that don't support a discovered algorithm Les Hazlewood 2023-08-30 13:06:01 -0700
  • 3f1580b5dc - updating CI to use new softhsm script Les Hazlewood 2023-08-30 12:51:44 -0700
  • 19ce1aac5e - minor scope fix Les Hazlewood 2023-08-30 12:44:30 -0700
  • ac0d0539fb - minor scope fix Les Hazlewood 2023-08-30 12:39:29 -0700
  • dc5c91f428 - minor scope fix Les Hazlewood 2023-08-30 12:34:47 -0700
  • 10c7c150f6 - minor scope fix Les Hazlewood 2023-08-30 12:29:44 -0700
  • a267170dc5 - moved softhsmimport to impl/src/test/scripts/softhsm and refactored to support 'import' and 'configure' subcommands Les Hazlewood 2023-08-30 12:24:57 -0700
  • 23d3cd3b68 - Enabling PKCS11 keystore interaction on macos and linux (CI) Les Hazlewood 2023-08-29 23:20:06 -0700
  • 35b8127804 - Enabling PKCS11 keystore interaction on macos and linux (CI) Les Hazlewood 2023-08-29 23:13:24 -0700
  • 19a5ef64ae - Enabling PKCS11 keystore interaction on macos and linux (CI) Les Hazlewood 2023-08-29 22:47:29 -0700
  • e375d03e24 - Enabling PKCS11 keystore interaction on macos and linux (CI) Les Hazlewood 2023-08-29 22:44:09 -0700
  • f86b9f7aca - Enabling PKCS11 keystore interaction on macos and linux (CI) Les Hazlewood 2023-08-29 22:27:03 -0700
  • 3e76221535 - Added test JDK pkcs11 config files Les Hazlewood 2023-08-29 20:22:10 -0700
  • 9c9e41a5e4 - Adding script to import test keys into softhsm2 Les Hazlewood 2023-08-29 16:55:57 -0700
  • 6f652a6108 - Adding script to import test keys into softhsm2 Les Hazlewood 2023-08-29 15:11:47 -0700
  • a7ed853519 - Adding script to import test keys into softhsm2 Les Hazlewood 2023-08-29 15:10:51 -0700
  • 109116e0d4 - Adding script to import test keys into softhsm2 Les Hazlewood 2023-08-29 13:42:40 -0700
  • bac33285a0 - Fixed license headers for newly generated test key files - removed conditional check for X448 and X25519 certificate/chains now that we have signed certs for those test key files Les Hazlewood 2023-08-28 18:13:58 -0700
  • 7db579d193 - Updated tests reflecting updated test key material from genkeys script Les Hazlewood 2023-08-28 18:04:56 -0700
  • 6a554cc49c - Adding genkeys script for reuse/simplicity and help in CI Les Hazlewood 2023-08-28 17:12:55 -0700
  • fea9dcc0f4 - Adding genkeys script for reuse/simplicity and help in CI Les Hazlewood 2023-08-28 15:18:57 -0700
  • d6dac16042
         Move EC curve utility functions (#803) lhazlewood 2023-08-27 16:56:15 -0700
  • b49c290f52 - Moved Weierstrass calculation and related utility methods to ECCurve instead of AbstractEcJwkFactory - Removed unnecessary Curves.java since StandardCurves is the preferred implementation - Renamed CurvesTest to StandardCurvesTest Les Hazlewood 2023-08-27 16:48:21 -0700
  • 6251529000 - Changed EC point multiplication montgomery ladder iteration to be a little faster (still has fixed number of operations of course) Les Hazlewood 2023-08-27 10:40:41 -0700
  • c39f72cf77 - Changed EC point multiplication montgomery ladder iteration to be a little faster (still has fixed number of operations of course) Les Hazlewood 2023-08-27 10:35:32 -0700
  • 095f446c37
         - Ensured EdwardsCurve#findByKey checked encoded key length if possible (#802) lhazlewood 2023-08-27 08:18:12 -0700
  • f071fda89d - Ensured EdwardsCurve#findByKey checked encoded key length if possible Les Hazlewood 2023-08-27 07:38:02 -0700
  • eca568ec16
         Consolidate BouncyCastle lookup/fallback logic to JcaTemplate (#798) lhazlewood 2023-08-24 11:56:23 -0700
  • cbbb871c90 - Removed Condition and Conditions concepts - no longer needed now that Providers.java no longer requires conditional loading Les Hazlewood 2023-08-24 11:45:55 -0700
  • c20d5a7671 - Further reducing code dependencies on Providers class. Now only used by JcaTemplate, JcaTemplateTest and ProvidersTest Les Hazlewood 2023-08-23 19:41:54 -0700
  • aca6d68cdd Merge remote-tracking branch 'origin/master' into bc-fallback Les Hazlewood 2023-08-22 13:23:27 -0700
  • ed98f3d706
         Replace duplicate code with global environment variable (#800) Dabeen Jeong 2023-08-23 05:23:11 +0900
  • 7d607e3325 - Addressed JDK-specific test expectations Les Hazlewood 2023-08-22 13:07:04 -0700
  • 0d5b943e81 - Addressed JDK-specific test expectations Les Hazlewood 2023-08-22 13:03:51 -0700
  • 8297995492 - Addressed JDK-specific test expectations Les Hazlewood 2023-08-22 12:57:08 -0700
  • 9517f27d24 - Removed unused/unnecessary code. - JcaTemplate tests now up to 100% coverage. Les Hazlewood 2023-08-22 12:16:43 -0700
  • 932d29e9dd Replace duplicate code with global environment variable 70825 2023-08-21 16:30:01 +0900
  • 95b6699c12 Added JcaTemplate generateX509Certificate helper method to enable BC-fallback behavior if necessary Les Hazlewood 2023-08-20 20:41:18 -0700
  • 6ac4fd8e51 Consolidating BouncyCastle lookup/fallback behavior to JcaTemplate to avoid complexity in Algorithm implementations Les Hazlewood 2023-08-20 15:00:29 -0700
  • e8b6592924 Consolidating BouncyCastle lookup/fallback behavior to JcaTemplate to avoid complexity in Algorithm implementations Les Hazlewood 2023-08-17 23:40:34 -0700
  • 7bb97fac72 README.md fix (and associated JweReadmeTest) to ensure docs accurately reflected new Jwks.CRV references Les Hazlewood 2023-08-17 15:37:35 -0700
  • 620cc5d97f
         Made Curve and Jwks.CRV part of the public API (#797) lhazlewood 2023-08-17 15:21:54 -0700
  • 2d52724573 Restored TestCertificates logic needed to address JDK 11 bug during tests https://bugs.openjdk.org/browse/JDK-8213363 (fixed in JDK 12+) Les Hazlewood 2023-08-17 13:58:15 -0700
  • ee056d6cc0 Code coverage to 100% Les Hazlewood 2023-08-17 13:30:47 -0700
  • 129c0e3a51 Minor JavaDoc issues Les Hazlewood 2023-08-17 13:21:33 -0700
  • d4956c1029 Ensured Jwk tests that used RSASSA-PSS keys (from openssl files) used the BC provider since RSASSA-PSS isn't available natively before JDK 11 Les Hazlewood 2023-08-16 19:03:56 -0700
  • 62a48af050 Reverted to former RsaSignatureAlgorithm logic for PSS key validation (no prevention of rsaEncryption keys with PSS) as RFC 7520 test vectors show using a standard RSA key to compute a PSS signature in https://www.rfc-editor.org/rfc/rfc7520.html#section-4.2.1 Les Hazlewood 2023-08-16 18:35:10 -0700
  • e5bc7f1230 - Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556 Les Hazlewood 2023-08-16 00:31:49 -0700
  • f639914751 - Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556 Les Hazlewood 2023-08-15 17:27:49 -0700
  • 80ce9f87dd - Added TestCertificates workaround for https://bugs.openjdk.org/browse/JDK-8242556 Les Hazlewood 2023-08-15 13:17:35 -0700
  • 07470ab00b - Ensured PS256, PS384, and PS512 pem-encoded test key files accurately represented the rsassa-pss algorithmId (OID) with appropriate hash/mgf1 properties. - Removed Jwts.SIG#Ed25519 and Jwts.SIG#Ed448 since they were only there for key generation and those keys can now be generated via the Jwks.CRV#Ed25519 and Jwks.CRV#Ed448 references. - Consolidated duplicate use/key_ops logic for checking sig/sign/verify between SecretJwkFactory and RsaPrivateJwkFactory into JwkContext.isSigUse() - Ensured if JwkContext.isSigUse() is true, and a JWK (from values only) is RSA and RSASSA-PSS is available (JDK 11+ or BC enabled), that the JWK's generated RSAPublicKey and RSAPrivateKey use the RSASSA-PSS algorithm instead of just RSA. - Enforced that RSASSA-PSS keys cannot be used for encryption in the RSA KeyAlgorithm implementation (would be a security risk otherwise). - Enforced that RSA encryption keys cannot be used to create RSASSA-PSS digital signatures (but can verify them) ala the "robustness principle" (to reduce security exposure). - Ensured README.md and JavaReadmeTest reflected Jwks.CRV usage for keypair generation. Les Hazlewood 2023-08-14 23:03:17 -0700
  • f8dbd63ae0 JavaDoc syntax fixes Les Hazlewood 2023-08-09 19:23:15 -0700
  • 71b020013e Made Curve concept part of the public API for key generation, and added Jwks.CRV utility class to reference standard curves Les Hazlewood 2023-08-09 18:29:45 -0700
  • c142fb5c7a
         Automatic compact `cty` header (#795) lhazlewood 2023-08-09 12:20:10 -0700
  • 31d9fa5711 JavaDoc syntax error Les Hazlewood 2023-08-09 12:11:21 -0700
  • 0f7241e7b0 JavaDoc syntax error Les Hazlewood 2023-08-09 12:10:07 -0700
  • c881dd8b25 - Ensured Header.contentType used compact form rules - JavaDoc updates Les Hazlewood 2023-08-09 12:03:52 -0700
  • c32cba58da minor code cleanup Les Hazlewood 2023-08-08 19:22:20 -0700
  • 73f53be0cb deleted unnecessary commented line Les Hazlewood 2023-08-08 19:20:28 -0700
  • 0ac5ecc7b4 - Ensured header 'cty' raw value reflects a compact form but getContentType() return value reflects a normalized value per per https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 Les Hazlewood 2023-08-08 19:17:36 -0700
  • 7ed0b772ae
         Builder setters (#794) lhazlewood 2023-08-08 19:13:34 -0700
  • 651f2790db - Deprecated public String constants in Header.java and JwsHeader.java Les Hazlewood 2023-08-08 18:21:46 -0700
  • e7ad356e1f Fixed groovy syntax that wasn't working on JDK 7 (only 8+) Les Hazlewood 2023-08-08 18:11:46 -0700
  • 761ed684d5 Reintroduced deprecated Header mutation methods for a slightly easier transition to 0.12.0, will remove in next release Les Hazlewood 2023-08-08 18:10:28 -0700
  • b597337df1 Added license header Les Hazlewood 2023-08-08 17:22:07 -0700
  • 596a406193 Fixed JavaDoc syntax error Les Hazlewood 2023-08-08 17:15:55 -0700
  • 65ad196056 doc enhancements Les Hazlewood 2023-08-08 17:09:45 -0700
  • a06d403edf doc/naming fixes Les Hazlewood 2023-08-08 16:23:54 -0700
  • 083da95a26 - removed DynamicJwkBuilder chain methods with array arguments - added generic DynamicJwkBuilder#keyPair(KeyPair) method - added generic DynamicJwkBuilder#chain method Les Hazlewood 2023-08-08 15:46:40 -0700