mirror of https://github.com/jwtk/jjwt.git
21e243c376
* Added impl/src/main/resources/io/jsonwebtoken/impl/security/genkeys script for reuse/simplicity and help in CI * Updated tests reflecting updated test key material from genkeys script * Fixed license headers for newly generated test key files * Removed conditional check for X448 and X25519 certificate/chains now that we have signed certs for those test key files * Added new impl/src/test/scripts/softhsm script with `configure` and `import` subcommands for working with SoftHSMv2, used locally and in CI * Enabling PKCS11 keystore interaction on macos and linux (CI) via Pkcs11Test * Added new AbstractCurve#contains method and leveraged that to clean up code considerably in EcdhKeyAlgorithm.java * Updated softhsm script to ensure EC key import used the pkcs11-tool `--usage-derive` flag to allow testing PKCS11 keys with ECDH-ES key algorithms * Renamed CryptoAlgorithm#generateKey to #generateCek to be more explicit in its purpose. * Introduced new CryptoAlgorithm#nonPkcs11Provider to ensure PKCS11 provider won't be used when key material is required (i.e. for ephemeral key(pair) KeyAlgorithms). * Ensured CryptoAlgorithm#generateCek ignored applying a PKCS11 provider since required key material wouldn't be available otherwise. * Ensured DefaultJwtBuilder and DefaultJwtParser would use the provider for the KeyAlgorithm, but not for the AeadAlgorithm (unless using direct encryption) * Consolidated unsigned byte array length calculation for non-negative integers (used in a few places) to a new Bytes#uintLength method. Refactored other classes to use this new method to eliminate code duplication * Added tests for JWS MAC algorithms (HS256, HS384, HS512) with PKCS11 secret keys * Explicitly prevented Password instances in DefaultMacAlgorithm * Fixed the EdwardsCurve#keyBitLength implementation to accurately reflect RFC key sizes and not encoded byte array sizes. * OptionalMethodInvoker now supports static invocations in addition to the existing instance invocation support. |
||
---|---|---|
.. | ||
ci.yml |