├── impl ├── bnd.bnd └── src │ ├── test │ ├── resources │ │ ├── io.jsonwebtoken.io.Serializer.test.gson │ │ ├── META-INF │ │ │ └── services │ │ │ │ └── io.jsonwebtoken.StubService │ │ ├── io.jsonwebtoken.io.Deserializer.test.gson │ │ ├── io.jsonwebtoken.io.Serializer.test.orgjson │ │ ├── io.jsonwebtoken.io.Deserializer.test.orgjson │ │ ├── io.jsonwebtoken.io.compression.CompressionCodec.test.override │ │ └── io │ │ │ └── jsonwebtoken │ │ │ └── impl │ │ │ └── security │ │ │ ├── Ed25519.pub.pem │ │ │ ├── X25519.pub.pem │ │ │ ├── Ed25519.pkcs8.pem │ │ │ ├── X25519.pkcs8.pem │ │ │ ├── X448.pub.pem │ │ │ ├── Ed448.pub.pem │ │ │ ├── X448.pkcs8.pem │ │ │ ├── Ed448.pkcs8.pem │ │ │ ├── ES256.pub.pem │ │ │ ├── ES384.pub.pem │ │ │ ├── ES256.pkcs8.pem │ │ │ ├── ES512.pub.pem │ │ │ ├── ES384.pkcs8.pem │ │ │ ├── README.md │ │ │ ├── ES512.pkcs8.pem │ │ │ ├── RS256.pub.pem │ │ │ ├── PS256.pub.pem │ │ │ ├── X25519.crt.pem │ │ │ ├── RS384.pub.pem │ │ │ ├── X448.crt.pem │ │ │ ├── PS384.pub.pem │ │ │ └── Ed25519.crt.pem │ └── groovy │ │ └── io │ │ └── jsonwebtoken │ │ ├── StubService.groovy │ │ ├── impl │ │ ├── DefaultStubService.groovy │ │ ├── security │ │ │ ├── TestPublicKey.groovy │ │ │ ├── TestSecretKey.groovy │ │ │ ├── TestECField.groovy │ │ │ ├── TestECPrivateKey.groovy │ │ │ ├── TestProvider.groovy │ │ │ ├── TestECPublicKey.groovy │ │ │ ├── TestECKey.groovy │ │ │ ├── TestRSAPrivateKey.groovy │ │ │ ├── DefaultMessageTest.groovy │ │ │ ├── StandardSecureDigestAlgorithmsTest.groovy │ │ │ ├── TestKey.groovy │ │ │ ├── TestPrivateKey.groovy │ │ │ ├── RandomsTest.groovy │ │ │ ├── TestRSAKey.groovy │ │ │ ├── TestKeyAlgorithm.groovy │ │ │ ├── DefaultSecretKeyBuilderTest.groovy │ │ │ ├── PrivateConstructorsTest.groovy │ │ │ ├── ProvidedSecretKeyBuilderTest.groovy │ │ │ ├── TestAeadAlgorithm.groovy │ │ │ ├── DefaultKeyPairBuilderTest.groovy │ │ │ └── KeyOperationConverterTest.groovy │ │ ├── lang │ │ │ ├── ConvertersTest.groovy │ │ │ ├── TestParameterReadable.groovy │ │ │ ├── StringRegistryTest.groovy │ │ │ ├── JwtDateConverterTest.groovy │ │ │ ├── EncodedObjectConverterTest.groovy │ │ │ └── NullSafeConverterTest.groovy │ │ ├── io │ │ │ ├── ClosedInputStreamTest.groovy │ │ │ └── CodecTest.groovy │ │ ├── DefaultJwsHeaderTest.groovy │ │ ├── FixedClockTest.groovy │ │ ├── Base64CodecTest.groovy │ │ ├── Base64UrlCodecTest.groovy │ │ └── AndroidBase64CodecTest.groovy │ │ ├── DateTestUtils.groovy │ │ └── issues │ │ └── Issue438Test.groovy │ └── main │ ├── resources │ └── META-INF │ │ └── services │ │ └── io.jsonwebtoken.CompressionCodec │ └── java │ └── io │ └── jsonwebtoken │ └── impl │ ├── lang │ ├── Function.java │ ├── Nameable.java │ ├── BiConsumer.java │ ├── CheckedFunction.java │ ├── ParameterReadable.java │ ├── CheckedSupplier.java │ ├── Parameter.java │ ├── DelegatingCheckedFunction.java │ ├── FormattedStringFunction.java │ ├── ConstantFunction.java │ ├── LocatorFunction.java │ ├── ParameterBuilder.java │ ├── NullSafeConverter.java │ ├── Converter.java │ ├── FormattedStringSupplier.java │ ├── DefaultNestedCollection.java │ ├── UriStringConverter.java │ └── CompoundConverter.java │ ├── TokenizedJwe.java │ ├── X509Context.java │ ├── security │ ├── KeyUseStrategy.java │ ├── JwkFactory.java │ ├── ProviderSecretKey.java │ ├── ProviderPrivateKey.java │ ├── FamilyJwkFactory.java │ ├── JwkDeserializer.java │ ├── RandomSecretKeyBuilder.java │ ├── JwkSetDeserializer.java │ ├── DefaultMessage.java │ ├── ProvidedSecretKeyBuilder.java │ ├── DefaultSecureRequest.java │ ├── AbstractPublicJwk.java │ ├── AbstractJwkParserBuilder.java │ ├── ProvidedKeyBuilder.java │ ├── StandardKeyOperations.java │ └── DefaultRequest.java │ ├── io │ ├── Base64UrlStreamEncoder.java │ ├── UncloseableInputStream.java │ ├── ClosedInputStream.java │ └── BytesInputStream.java │ ├── Base64Codec.java │ ├── AndroidBase64Codec.java │ ├── Base64UrlCodec.java │ ├── DefaultClock.java │ ├── AbstractAudienceCollection.java │ └── DefaultJws.java ├── .github └── ISSUE_TEMPLATE │ ├── config.yml │ ├── bug_report.md │ └── feature_request.md ├── extensions ├── gson │ ├── bnd.bnd │ └── src │ │ └── main │ │ ├── resources │ │ └── META-INF │ │ │ └── services │ │ │ ├── io.jsonwebtoken.io.Serializer │ │ │ └── io.jsonwebtoken.io.Deserializer │ │ └── java │ │ └── io │ │ └── jsonwebtoken │ │ └── gson │ │ └── io │ │ └── GsonSupplierSerializer.java ├── jackson │ ├── bnd.bnd │ └── src │ │ ├── main │ │ └── resources │ │ │ └── META-INF │ │ │ └── services │ │ │ ├── io.jsonwebtoken.io.Deserializer │ │ │ └── io.jsonwebtoken.io.Serializer │ │ └── test │ │ └── groovy │ │ └── io │ │ └── jsonwebtoken │ │ └── jackson │ │ └── io │ │ └── TestSupplier.groovy └── orgjson │ ├── bnd.bnd │ └── src │ └── main │ └── resources │ └── META-INF │ └── services │ ├── io.jsonwebtoken.io.Deserializer │ └── io.jsonwebtoken.io.Serializer ├── .gitignore ├── src └── license │ └── header.txt ├── api └── src │ ├── main │ └── java │ │ └── io │ │ └── jsonwebtoken │ │ ├── security │ │ ├── SecretJwkBuilder.java │ │ ├── PublicJwk.java │ │ ├── SecretKeyBuilder.java │ │ ├── SecretKeyAlgorithm.java │ │ ├── EcPrivateJwkBuilder.java │ │ ├── SecureRequest.java │ │ ├── RsaPrivateJwkBuilder.java │ │ ├── EcPublicJwkBuilder.java │ │ ├── RsaPublicJwkBuilder.java │ │ ├── AeadRequest.java │ │ ├── DecryptAeadRequest.java │ │ ├── KeyLengthSupplier.java │ │ ├── WeakKeyException.java │ │ ├── KeySupplier.java │ │ ├── JwkParserBuilder.java │ │ ├── KeyPairBuilder.java │ │ ├── DigestSupplier.java │ │ ├── OctetPrivateJwkBuilder.java │ │ ├── VerifyDigestRequest.java │ │ ├── Message.java │ │ └── KeyResult.java │ │ ├── io │ │ ├── Base64UrlDecoder.java │ │ ├── Base64UrlEncoder.java │ │ ├── Base64Support.java │ │ ├── Decoder.java │ │ ├── Encoder.java │ │ ├── EncodingException.java │ │ ├── Base64Decoder.java │ │ └── Base64Encoder.java │ │ ├── ClaimsBuilder.java │ │ ├── lang │ │ ├── Conjunctor.java │ │ ├── Builder.java │ │ ├── Supplier.java │ │ ├── NestedCollection.java │ │ └── InstantiationException.java │ │ └── Clock.java │ └── test │ └── groovy │ └── io │ └── jsonwebtoken │ ├── io │ ├── CodecExceptionTest.groovy │ ├── DecodingExceptionTest.groovy │ ├── EncodingExceptionTest.groovy │ ├── Base64EncoderTest.groovy │ ├── Base64DecoderTest.groovy │ ├── SerializationExceptionTest.groovy │ ├── DeserializationExceptionTest.groovy │ ├── EncodersTest.groovy │ └── DecodersTest.groovy │ ├── security │ ├── UnsupportedKeyExceptionTest.groovy │ ├── SignatureExceptionTest.groovy │ ├── InvalidKeyExceptionTest.groovy │ └── MalformedKeyExceptionTest.groovy │ ├── lang │ ├── MapsTest.groovy │ └── DateFormatsTest.groovy │ ├── SignatureExceptionTest.groovy │ ├── CompressionExceptionTest.groovy │ ├── MalformedJwtExceptionTest.groovy │ ├── RequiredTypeExceptionTest.groovy │ └── UnsupportedJwtExceptionTest.groovy └── .mvn └── wrapper └── maven-wrapper.properties /impl/bnd.bnd: -------------------------------------------------------------------------------- 1 | Fragment-Host: io.jsonwebtoken.jjwt-api 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | -------------------------------------------------------------------------------- /extensions/gson/bnd.bnd: -------------------------------------------------------------------------------- 1 | Fragment-Host: io.jsonwebtoken.jjwt-api 2 | -------------------------------------------------------------------------------- /extensions/jackson/bnd.bnd: -------------------------------------------------------------------------------- 1 | Fragment-Host: io.jsonwebtoken.jjwt-api 2 | -------------------------------------------------------------------------------- /extensions/orgjson/bnd.bnd: -------------------------------------------------------------------------------- 1 | Fragment-Host: io.jsonwebtoken.jjwt-api 2 | -------------------------------------------------------------------------------- /impl/src/test/resources/io.jsonwebtoken.io.Serializer.test.gson: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.gson.io.GsonSerializer -------------------------------------------------------------------------------- /impl/src/test/resources/META-INF/services/io.jsonwebtoken.StubService: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.impl.DefaultStubService -------------------------------------------------------------------------------- /impl/src/test/resources/io.jsonwebtoken.io.Deserializer.test.gson: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.gson.io.GsonDeserializer -------------------------------------------------------------------------------- /impl/src/test/resources/io.jsonwebtoken.io.Serializer.test.orgjson: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.orgjson.io.OrgJsonSerializer -------------------------------------------------------------------------------- /impl/src/test/resources/io.jsonwebtoken.io.Deserializer.test.orgjson: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.orgjson.io.OrgJsonDeserializer -------------------------------------------------------------------------------- /extensions/gson/src/main/resources/META-INF/services/io.jsonwebtoken.io.Serializer: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.gson.io.GsonSerializer -------------------------------------------------------------------------------- /extensions/gson/src/main/resources/META-INF/services/io.jsonwebtoken.io.Deserializer: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.gson.io.GsonDeserializer -------------------------------------------------------------------------------- /extensions/jackson/src/main/resources/META-INF/services/io.jsonwebtoken.io.Deserializer: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.jackson.io.JacksonDeserializer -------------------------------------------------------------------------------- /extensions/jackson/src/main/resources/META-INF/services/io.jsonwebtoken.io.Serializer: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.jackson.io.JacksonSerializer -------------------------------------------------------------------------------- /extensions/orgjson/src/main/resources/META-INF/services/io.jsonwebtoken.io.Deserializer: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.orgjson.io.OrgJsonDeserializer -------------------------------------------------------------------------------- /extensions/orgjson/src/main/resources/META-INF/services/io.jsonwebtoken.io.Serializer: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.orgjson.io.OrgJsonSerializer -------------------------------------------------------------------------------- /impl/src/test/resources/io.jsonwebtoken.io.compression.CompressionCodec.test.override: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.impl.compression.YagCompressionCodec -------------------------------------------------------------------------------- /impl/src/main/resources/META-INF/services/io.jsonwebtoken.CompressionCodec: -------------------------------------------------------------------------------- 1 | io.jsonwebtoken.impl.compression.DeflateCompressionAlgorithm 2 | io.jsonwebtoken.impl.compression.GzipCompressionAlgorithm -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | 3 | # Mobile Tools for Java (J2ME) 4 | .mtj.tmp/ 5 | 6 | # Package Files # 7 | *.jar 8 | *.war 9 | *.ear 10 | 11 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 12 | hs_err_pid* 13 | 14 | target/ 15 | .idea 16 | *.iml 17 | *.iws 18 | 19 | .classpath 20 | .project 21 | .settings 22 | -------------------------------------------------------------------------------- /src/license/header.txt: -------------------------------------------------------------------------------- 1 | Copyright © ${license.git.copyrightCreationYear} ${project.organization.name} 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/StubService.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | interface StubService { 19 | } 20 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/Function.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public interface Function { 19 | 20 | R apply(T t); 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/Nameable.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public interface Nameable { 19 | 20 | String getName(); 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/Ed25519.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MCowBQYDK2VwAyEAwx8U8mal570mXZkuWuBrv19BD3KjH8CD+piN65v6G+o= 18 | -----END PUBLIC KEY----- 19 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/X25519.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MCowBQYDK2VuAyEA3UpG2jKsHGL52tU3K87tqPS3j2arQO9oGu8W3eT5Bkg= 18 | -----END PUBLIC KEY----- 19 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/Ed25519.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MC4CAQAwBQYDK2VwBCIEIMOwpslwByhdqA3jP8cPDbAvYiYNU0r8TmIpqo87rXy3 18 | -----END PRIVATE KEY----- 19 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/X25519.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MC4CAQAwBQYDK2VuBCIEIECBHYocYAlHkDtyWQC2luStNys0iYQwZ1CrtRZ8kVhk 18 | -----END PRIVATE KEY----- 19 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/BiConsumer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public interface BiConsumer { 19 | 20 | void accept(T t, U u); 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/CheckedFunction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public interface CheckedFunction { 19 | R apply(T t) throws Exception; 20 | } 21 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/ParameterReadable.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public interface ParameterReadable { 19 | 20 | T get(Parameter param); 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/X448.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MEIwBQYDK2VvAzkAXxQlWa22S36qjui/M2IBT5vg0CmmLJkpBhXeiuBptUxJ/nnD 18 | 0uITBH5N9PHkhOM8gfGtNkh6Jwc= 19 | -----END PUBLIC KEY----- 20 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/DefaultStubService.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl 17 | 18 | import io.jsonwebtoken.StubService 19 | 20 | class DefaultStubService implements StubService { 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/Ed448.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MEMwBQYDK2VxAzoAqB5OAJpMvfO7k3TNzqmI4XxdfZQZyXOgWRVdIk7XatCTw8r2 18 | /U95MEDhFLCT4E4eW4qNbVqLOrqA 19 | -----END PUBLIC KEY----- 20 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/X448.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MEYCAQAwBQYDK2VvBDoEOLhgwDP91iAq39CN2sVdt+wYX0ocn+qZnwpmXzmyZnPj 18 | iec8mcz2DVlE25HO1R0qGI05VRuTJSP+ 19 | -----END PRIVATE KEY----- 20 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/Ed448.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MEcCAQAwBQYDK2VxBDsEOdkMuoGEPRrYF+JkBH30MRnluPYscGnG2b4+HJUswsh9 18 | lLqmeQFwmwtxeKxY38ItkfJKujQ3Ff5gOQ== 19 | -----END PRIVATE KEY----- 20 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestPublicKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.PublicKey 19 | 20 | class TestPublicKey extends TestKey implements PublicKey { 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestSecretKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import javax.crypto.SecretKey 19 | 20 | class TestSecretKey extends TestKey implements SecretKey { 21 | } 22 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/CheckedSupplier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | /** 19 | * @since 0.12.0 20 | */ 21 | public interface CheckedSupplier { 22 | 23 | T get() throws Exception; 24 | } 25 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/TokenizedJwe.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | public interface TokenizedJwe extends TokenizedJwt { 19 | 20 | CharSequence getEncryptedKey(); 21 | 22 | CharSequence getIv(); 23 | } 24 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/ES256.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZWF7HQuzPoW/HarfomiU+HCMELJ4 18 | 86IzskTXL5fwuy4d/dYv9gAaPVcJJrkdIgAWwi1j5JA2NFvVN0pAURvehQ== 19 | -----END PUBLIC KEY----- 20 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/ES384.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEaHUc0CmkLoWgfCcf/WizipHNkQSU5hCo 18 | xWwfAv09u2H6SxWyuvt4f2ypAAtv+OX7jLqL6QTgXPxQOgMirmJoBOZij99SfgVb 19 | atVI8vMBOvm9w1F+HXGLyDc/ixG/CWu/ 20 | -----END PUBLIC KEY----- 21 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/lang/ConvertersTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang 17 | 18 | import org.junit.Test 19 | 20 | class ConvertersTest { 21 | 22 | @Test 23 | void testPrivateCtor() { // only for code coverage 24 | new Converters() 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/X509Context.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.security.X509Accessor; 19 | import io.jsonwebtoken.security.X509Mutator; 20 | 21 | public interface X509Context> extends X509Accessor, X509Mutator { 22 | } 23 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/KeyUseStrategy.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | //TODO: Make a non-impl concept? 19 | public interface KeyUseStrategy { 20 | 21 | //TODO: change argument to have more information? 22 | String toJwkValue(KeyUsage keyUses); 23 | } 24 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/ES256.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKAne0CF1mPPdITlu 18 | blG8ROELgOEd5LuqxJ6wDt09yfihRANCAARlYXsdC7M+hb8dqt+iaJT4cIwQsnjz 19 | ojOyRNcvl/C7Lh391i/2ABo9VwkmuR0iABbCLWPkkDY0W9U3SkBRG96F 20 | -----END PRIVATE KEY----- 21 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/lang/TestParameterReadable.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang 17 | 18 | class TestParameterReadable implements ParameterReadable { 19 | 20 | def value = null 21 | 22 | @Override 23 | Object get(Parameter param) { 24 | return value 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestECField.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.spec.ECField 19 | 20 | class TestECField implements ECField { 21 | 22 | int fieldSize 23 | 24 | @Override 25 | int getFieldSize() { 26 | return fieldSize 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/ES512.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAo9sLfnmdUf4hPLG6r4ijT1AVy9dR 18 | TtJTAWJcZbBO2VmD2EhoS3WEl7ebCyEX+G+E2QjKDnnxlV0oWYRcJLMaDCoAMAdY 19 | J3iBXXgzVZJsVKyt+7911NDrOhUg42Wv+uh1OznIeH9Sh7uTND+fLzlgi8sXFaef 20 | wie7MG2Vs14bC21YIZg= 21 | -----END PUBLIC KEY----- 22 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/SecretJwkBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import javax.crypto.SecretKey; 19 | 20 | /** 21 | * A {@link JwkBuilder} that creates {@link SecretJwk}s. 22 | * 23 | * @since 0.12.0 24 | */ 25 | public interface SecretJwkBuilder extends JwkBuilder { 26 | } 27 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/io/ClosedInputStreamTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class ClosedInputStreamTest { 23 | 24 | @Test 25 | void read() { 26 | assertEquals Streams.EOF, ClosedInputStream.INSTANCE.read() 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestECPrivateKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.interfaces.ECPrivateKey 19 | 20 | class TestECPrivateKey extends TestECKey implements ECPrivateKey { 21 | 22 | BigInteger s 23 | 24 | @Override 25 | BigInteger getS() { 26 | return s 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestProvider.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.Provider 19 | 20 | class TestProvider extends Provider { 21 | 22 | TestProvider() { 23 | this('test') 24 | } 25 | 26 | TestProvider(String name) { 27 | super(name, 1.0d, 'info') 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/JwkFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.security.Jwk; 19 | 20 | import java.security.Key; 21 | 22 | public interface JwkFactory> { 23 | 24 | JwkContext newContext(JwkContext src, K key); 25 | 26 | J createJwk(JwkContext ctx); 27 | } 28 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/ES384.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCyzsm+32MR1A+yoWSp 18 | u+VE4NxuICamQ2snfJt0F5dAYJtQMRT1xswLuhDKE0BQPWKhZANiAARodRzQKaQu 19 | haB8Jx/9aLOKkc2RBJTmEKjFbB8C/T27YfpLFbK6+3h/bKkAC2/45fuMuovpBOBc 20 | /FA6AyKuYmgE5mKP31J+BVtq1Ujy8wE6+b3DUX4dcYvINz+LEb8Ja78= 21 | -----END PRIVATE KEY----- 22 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/Parameter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.Identifiable; 19 | 20 | public interface Parameter extends Identifiable, Converter { 21 | 22 | String getName(); 23 | 24 | boolean supports(Object value); 25 | 26 | T cast(Object value); 27 | 28 | boolean isSecret(); 29 | } 30 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/PublicJwk.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.PublicKey; 19 | 20 | /** 21 | * JWK representation of a {@link PublicKey}. 22 | * 23 | * @param The type of {@link PublicKey} represented by this JWK 24 | * @since 0.12.0 25 | */ 26 | public interface PublicJwk extends AsymmetricJwk { 27 | } 28 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestECPublicKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.interfaces.ECPublicKey 19 | import java.security.spec.ECPoint 20 | 21 | class TestECPublicKey extends TestECKey implements ECPublicKey { 22 | 23 | ECPoint w 24 | 25 | @Override 26 | ECPoint getW() { 27 | return w 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwsHeaderTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class DefaultJwsHeaderTest { 23 | 24 | @Test 25 | void testGetName() { 26 | def header = new DefaultJwsHeader([:]) 27 | assertEquals 'JWS header', header.getName() 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/ProviderSecretKey.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import javax.crypto.SecretKey; 19 | import java.security.Provider; 20 | 21 | public final class ProviderSecretKey extends ProviderKey implements SecretKey { 22 | 23 | ProviderSecretKey(Provider provider, SecretKey key) { 24 | super(provider, key); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestECKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.interfaces.ECKey 19 | import java.security.spec.ECParameterSpec 20 | 21 | class TestECKey extends TestKey implements ECKey { 22 | 23 | ECParameterSpec params 24 | 25 | @Override 26 | ECParameterSpec getParams() { 27 | return params 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/ProviderPrivateKey.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import java.security.PrivateKey; 19 | import java.security.Provider; 20 | 21 | public final class ProviderPrivateKey extends ProviderKey implements PrivateKey { 22 | 23 | ProviderPrivateKey(Provider provider, PrivateKey key) { 24 | super(provider, key); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/README.md: -------------------------------------------------------------------------------- 1 | ## Test Key Files 2 | 3 | All test key files in this directory were generated with `openssl` version 3 or greater by executing the `genkeys` 4 | script in this directory. For example: 5 | 6 | $ openssl version 7 | OpenSSL 3.1.2 1 Aug 2023 (Library: OpenSSL 3.1.2 1 Aug 2023) 8 | $ ./genkeys 9 | 10 | The `genkeys` script creates, for each relevant JWA standard algorithm ID: 11 | 12 | 1. A (non-password-protected) PKCS8 private key, e.g. `RS256.pkcs8.pem` 13 | 2. It's complement public key as an X.509 public key .pem file, e.g. `RS256.pub.pem` 14 | 3. A self-signed X.509 certificate for the associated key valid for 1000 years, e.g. `RS256.crt.pem` 15 | 16 | Each file name is prefixed with the JWA (signature or curve) algorithm identifier, allowing for easy file lookup 17 | based on the `SignatureAlgorithm#getId()` or `EdwardsCurve#getId()` value when authoring tests. 18 | 19 | > **Warning** 20 | > 21 | > Naturally, these files are intended for testing purposes only and should never be used in a production system. 22 | 23 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/FamilyJwkFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.Identifiable; 19 | import io.jsonwebtoken.security.Jwk; 20 | 21 | import java.security.Key; 22 | 23 | public interface FamilyJwkFactory> extends JwkFactory, Identifiable { 24 | 25 | boolean supports(Key key); 26 | 27 | boolean supports(JwkContext context); 28 | } 29 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Base64UrlDecoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | /** 19 | * Very fast Base64Url decoder guaranteed to 20 | * work in all >= Java 7 JDK and Android environments. 21 | * 22 | * @since 0.10.0 23 | */ 24 | class Base64UrlDecoder extends Base64Decoder { 25 | 26 | Base64UrlDecoder() { 27 | super(Base64.URL_SAFE); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Base64UrlEncoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | /** 19 | * Very fast Base64Url encoder guaranteed to 20 | * work in all >= Java 7 JDK and Android environments. 21 | * 22 | * @since 0.10.0 23 | */ 24 | class Base64UrlEncoder extends Base64Encoder { 25 | 26 | Base64UrlEncoder() { 27 | super(Base64.URL_SAFE); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/SecretKeyBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import javax.crypto.SecretKey; 19 | 20 | /** 21 | * A {@link KeyBuilder} that creates new secure-random {@link SecretKey}s with a length sufficient to be used by 22 | * the security algorithm that produced this builder. 23 | * 24 | * @since 0.12.0 25 | */ 26 | public interface SecretKeyBuilder extends KeyBuilder { 27 | } 28 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestRSAPrivateKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.interfaces.RSAPrivateKey 19 | 20 | class TestRSAPrivateKey extends TestRSAKey implements RSAPrivateKey { 21 | 22 | TestRSAPrivateKey(RSAPrivateKey key) { 23 | super(key) 24 | } 25 | 26 | @Override 27 | BigInteger getPrivateExponent() { 28 | return src.privateExponent 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/SecretKeyAlgorithm.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import javax.crypto.SecretKey; 19 | 20 | /** 21 | * A {@link KeyAlgorithm} that uses symmetric {@link SecretKey}s to obtain AEAD encryption and decryption keys. 22 | * 23 | * @since 0.12.0 24 | */ 25 | public interface SecretKeyAlgorithm extends KeyAlgorithm, KeyBuilderSupplier, KeyLengthSupplier { 26 | } 27 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/ES512.pkcs8.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PRIVATE KEY----- 17 | MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAKu6PEna7zQnJKAJm 18 | pX1BXxq5RQRb6DiAzZA8Pp/GE19c3k/gnXH5GME9/uQUIa2VUZ6Yahuhufg+JvFI 19 | D46x9IqhgYkDgYYABACj2wt+eZ1R/iE8sbqviKNPUBXL11FO0lMBYlxlsE7ZWYPY 20 | SGhLdYSXt5sLIRf4b4TZCMoOefGVXShZhFwksxoMKgAwB1gneIFdeDNVkmxUrK37 21 | v3XU0Os6FSDjZa/66HU7Och4f1KHu5M0P58vOWCLyxcVp5/CJ7swbZWzXhsLbVgh 22 | mA== 23 | -----END PRIVATE KEY----- 24 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Base64Support.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | /** 21 | * Parent class for Base64 encoders and decoders. 22 | * 23 | * @since 0.10.0 24 | */ 25 | class Base64Support { 26 | 27 | protected final Base64 base64; 28 | 29 | Base64Support(Base64 base64) { 30 | Assert.notNull(base64, "Base64 argument cannot be null"); 31 | this.base64 = base64; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/ClaimsBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken; 17 | 18 | import io.jsonwebtoken.lang.Builder; 19 | import io.jsonwebtoken.lang.MapMutator; 20 | 21 | /** 22 | * {@link Builder} used to create an immutable {@link Claims} instance. 23 | * 24 | * @see JwtBuilder 25 | * @see Claims 26 | * @since 0.12.0 27 | */ 28 | public interface ClaimsBuilder extends MapMutator, ClaimsMutator, Builder { 29 | } 30 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/EcPrivateJwkBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.interfaces.ECPrivateKey; 19 | import java.security.interfaces.ECPublicKey; 20 | 21 | /** 22 | * A {@link PrivateJwkBuilder} that creates {@link EcPrivateJwk}s. 23 | * 24 | * @since 0.12.0 25 | */ 26 | public interface EcPrivateJwkBuilder extends PrivateJwkBuilder { 27 | } 28 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/SecureRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.Key; 19 | 20 | /** 21 | * A request to a cryptographic algorithm requiring a {@link Key}. 22 | * 23 | * @param the type of payload in the request 24 | * @param they type of key used by the algorithm during the request 25 | * @since 0.12.0 26 | */ 27 | public interface SecureRequest extends Request, KeySupplier { 28 | } 29 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/FixedClockTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl 17 | 18 | import org.junit.Test 19 | import static org.junit.Assert.* 20 | 21 | class FixedClockTest { 22 | 23 | @Test 24 | void testFixedClockDefaultConstructor() { 25 | 26 | def clock = new FixedClock() 27 | 28 | def date1 = clock.now() 29 | Thread.sleep(100) 30 | def date2 = clock.now() 31 | 32 | assertSame date1, date2 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultMessageTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2018 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import org.junit.Test 19 | 20 | class DefaultMessageTest { 21 | 22 | @Test(expected = IllegalArgumentException) 23 | void testNullData() { 24 | new DefaultMessage(null) 25 | } 26 | 27 | @Test(expected = IllegalArgumentException) 28 | void testEmptyByteArrayData() { 29 | new DefaultMessage(new byte[0]) 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwkBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.interfaces.RSAPrivateKey; 19 | import java.security.interfaces.RSAPublicKey; 20 | 21 | /** 22 | * A {@link PrivateJwkBuilder} that creates {@link RsaPrivateJwk}s. 23 | * 24 | * @since 0.12.0 25 | */ 26 | public interface RsaPrivateJwkBuilder extends PrivateJwkBuilder { 27 | } 28 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/EcPublicJwkBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.interfaces.ECPrivateKey; 19 | import java.security.interfaces.ECPublicKey; 20 | 21 | /** 22 | * A {@link PublicJwkBuilder} that creates {@link EcPublicJwk}s. 23 | * 24 | * @since 0.12.0 25 | */ 26 | public interface EcPublicJwkBuilder extends PublicJwkBuilder { 27 | } 28 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/DelegatingCheckedFunction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public class DelegatingCheckedFunction implements CheckedFunction { 19 | 20 | final Function delegate; 21 | 22 | public DelegatingCheckedFunction(Function delegate) { 23 | this.delegate = delegate; 24 | } 25 | 26 | @Override 27 | public R apply(T t) throws Exception { 28 | return delegate.apply(t); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/lang/StringRegistryTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertNull 21 | 22 | class StringRegistryTest { 23 | 24 | @Test(expected = ClassCastException) 25 | void testGetWithoutString() { 26 | def registry = new StringRegistry('foo', 'id', ['one', 'two'], Functions.identity(), true) 27 | assertNull registry.get(1) // not a string key 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/StandardSecureDigestAlgorithmsTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertNull 21 | 22 | class StandardSecureDigestAlgorithmsTest { 23 | 24 | @Test 25 | void testFindByPublicSigningKey() { 26 | //public keys are not supported for signing: 27 | assertNull StandardSecureDigestAlgorithms.findBySigningKey(new TestPublicKey()) 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/RsaPublicJwkBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.interfaces.RSAPrivateKey; 19 | import java.security.interfaces.RSAPublicKey; 20 | 21 | /** 22 | * A {@link PublicJwkBuilder} that creates {@link RsaPublicJwk}s. 23 | * 24 | * @since 0.12.0 25 | */ 26 | public interface RsaPublicJwkBuilder extends PublicJwkBuilder { 27 | 28 | } 29 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/lang/Conjunctor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang; 17 | 18 | /** 19 | * A {@code Conjunctor} supplies a joined object. It is typically used for nested builders to return 20 | * to the source/original builder. 21 | * 22 | * @param the type of joined object to return. 23 | * @since 0.12.0 24 | */ 25 | public interface Conjunctor { 26 | 27 | /** 28 | * Returns the joined object. 29 | * 30 | * @return the joined object. 31 | */ 32 | T and(); 33 | } 34 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/Clock.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken; 17 | 18 | import java.util.Date; 19 | 20 | /** 21 | * A clock represents a time source that can be used when creating and verifying JWTs. 22 | * 23 | * @since 0.7.0 24 | */ 25 | public interface Clock { 26 | 27 | /** 28 | * Returns the clock's current timestamp at the instant the method is invoked. 29 | * 30 | * @return the clock's current timestamp at the instant the method is invoked. 31 | */ 32 | Date now(); 33 | } 34 | -------------------------------------------------------------------------------- /extensions/jackson/src/test/groovy/io/jsonwebtoken/jackson/io/TestSupplier.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.jackson.io 17 | 18 | import io.jsonwebtoken.lang.Supplier 19 | 20 | class TestSupplier implements Supplier { 21 | 22 | private static final TestSupplier INSTANCE = new TestSupplier<>("test") 23 | private final T value; 24 | 25 | private TestSupplier(T value) { 26 | this.value = value; 27 | } 28 | 29 | @Override 30 | T get() { 31 | return value; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/RS256.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPYf1VSy58i6ic93goen 18 | zF5UO9oLxyiTSF64lGFUJ6/MBDydAvY9PS76ymvhUcSrsDUHgb0arsp6MDXOfZxY 19 | Hn2C7o39n8+bQ7yS4hQm6kkl8KB5OiOkJFkFjEHrwnqykXygx1VFpcVpbBvxDn64 20 | 0ODEScWyoUUPd4sOK+esTt4D9+q0PXsXzfRT4eOrnpXHJTan/KK/a+UYmfWPr+xI 21 | EPUxnLPCD68mIHoSPAaJiv37SkAWHJ9+fm/DfnYTwTi0rxe2FRQ1+vkOxe6C2+n1 22 | ebsqCZPKr0J/2MfwqP0raxLfyGicxM5ee5RSTTRMCA4UyX5dubZvh2pLoaS8PCZa 23 | jwIDAQAB 24 | -----END PUBLIC KEY----- 25 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.Key 19 | 20 | class TestKey implements Key { 21 | 22 | String algorithm 23 | String format 24 | byte[] encoded 25 | 26 | @Override 27 | String getAlgorithm() { 28 | return algorithm 29 | } 30 | 31 | @Override 32 | String getFormat() { 33 | return format 34 | } 35 | 36 | @Override 37 | byte[] getEncoded() { 38 | return encoded 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/Base64CodecTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | @Deprecated //remove just before 1.0.0 release 23 | class Base64CodecTest { 24 | 25 | @Test 26 | void testEncodeDecode() { 27 | 28 | String s = "Hello 世界" 29 | 30 | def codec = new Base64Codec() 31 | 32 | String encoded = codec.encode(s) 33 | 34 | assertEquals s, codec.decodeToString(encoded) 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/CodecExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class CodecExceptionTest { 23 | 24 | @Test 25 | void testConstructorWithCause() { 26 | def ioException = new java.io.IOException("root error") 27 | def exception = new CodecException("wrapping", ioException) 28 | assertEquals "wrapping", exception.getMessage() 29 | assertEquals ioException, exception.getCause() 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/FormattedStringFunction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | public class FormattedStringFunction implements Function { 21 | 22 | private final String msg; 23 | 24 | public FormattedStringFunction(String msg) { 25 | this.msg = Assert.hasText(msg, "msg argument cannot be null or empty."); 26 | } 27 | 28 | @Override 29 | public String apply(T arg) { 30 | return String.format(msg, arg); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/ConstantFunction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | 19 | /** 20 | * Function that always returns the same value 21 | * 22 | * @param Input type 23 | * @param Return value type 24 | */ 25 | public final class ConstantFunction implements Function { 26 | 27 | private final R value; 28 | 29 | public ConstantFunction(R value) { 30 | this.value = value; 31 | } 32 | 33 | @Override 34 | public R apply(T t) { 35 | return this.value; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/DecodingExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class DecodingExceptionTest { 23 | 24 | @Test 25 | void testConstructorWithCause() { 26 | def ioException = new java.io.IOException("root error") 27 | def exception = new DecodingException("wrapping", ioException) 28 | assertEquals "wrapping", exception.getMessage() 29 | assertEquals ioException, exception.getCause() 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/EncodingExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class EncodingExceptionTest { 23 | 24 | @Test 25 | void testConstructorWithCause() { 26 | def ioException = new java.io.IOException("root error") 27 | def exception = new EncodingException("wrapping", ioException) 28 | assertEquals "wrapping", exception.getMessage() 29 | assertEquals ioException, exception.getCause() 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/DateTestUtils.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | final class DateTestUtils { 19 | 20 | /** 21 | * Date util method for lopping truncate the millis from a date. 22 | * @param date input date 23 | * @return The date time in millis with the precision of seconds 24 | */ 25 | static long truncateMillis(Date date) { 26 | Calendar cal = Calendar.getInstance() 27 | cal.setTime(date) 28 | cal.set(Calendar.MILLISECOND, 0) 29 | return cal.getTimeInMillis() 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/lang/Builder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang; 17 | 18 | /** 19 | * Type-safe interface that reflects the Builder pattern. 20 | * 21 | * @param The type of object that will be created when {@link #build()} is invoked. 22 | * @since 0.12.0 23 | */ 24 | public interface Builder { 25 | 26 | /** 27 | * Creates and returns a new instance of type {@code T}. 28 | * 29 | * @return a new instance of type {@code T}. 30 | */ 31 | T build(); 32 | } 33 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestPrivateKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import javax.security.auth.DestroyFailedException 19 | import javax.security.auth.Destroyable 20 | import java.security.PrivateKey 21 | 22 | class TestPrivateKey extends TestKey implements PrivateKey, Destroyable { 23 | 24 | boolean destroyed 25 | 26 | @Override 27 | void destroy() throws DestroyFailedException { 28 | destroyed = true 29 | } 30 | 31 | @Override 32 | boolean isDestroyed() { 33 | return destroyed 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/AeadRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import javax.crypto.SecretKey; 19 | import java.io.InputStream; 20 | 21 | /** 22 | * A request to an {@link AeadAlgorithm} to perform authenticated encryption with a supplied symmetric 23 | * {@link SecretKey}, allowing for additional data to be authenticated and integrity-protected. 24 | * 25 | * @see SecureRequest 26 | * @see AssociatedDataSupplier 27 | * @since 0.12.0 28 | */ 29 | public interface AeadRequest extends SecureRequest, AssociatedDataSupplier { 30 | } 31 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/security/UnsupportedKeyExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2018 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | import static org.junit.Assert.assertSame 22 | 23 | class UnsupportedKeyExceptionTest { 24 | 25 | @Test 26 | void testCauseWithMessage() { 27 | def cause = new IllegalStateException() 28 | def msg = 'foo' 29 | def ex = new UnsupportedKeyException(msg, cause) 30 | assertEquals msg, ex.getMessage() 31 | assertSame cause, ex.getCause() 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/RandomsTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2018 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import org.junit.Test 19 | 20 | import java.security.SecureRandom 21 | 22 | import static org.junit.Assert.assertTrue 23 | 24 | /** 25 | * @since 0.12.0 26 | */ 27 | class RandomsTest { 28 | 29 | @Test 30 | void testPrivateCtor() { //for code coverage only 31 | new Randoms() 32 | } 33 | 34 | @Test 35 | void testSecureRandom() { 36 | def random = Randoms.secureRandom() 37 | assertTrue random instanceof SecureRandom 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/PS256.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MIIBVjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcN 18 | AQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEPADCCAQoCggEBAO65S+Le4BXJbEvy 19 | 8DwNqGIgSeusyHBcVPhqImxFnmnhyQ1ooH8N4MawxCuDkh2Y6kV2Ar0MpKysV3+2 20 | KB16Q2YY5TN8Hr2ECvava83CCOuSJC4zClw+zqBHKYe1up9VUDsjQd1ybRhrXyIw 21 | ++Pv5BdhSk6qU7oBEa2e/dFDS5v7xxD2Paj/FZmL3y866Ipg2v0LDVr0EICkIF9A 22 | gXdw2CF0FPRn+PWYh8RB4RbssBvoMa+GKK5tyBWfPBlcKTRL5sEAh6hEzs3P61Pg 23 | DIZNybLDqJXaYAC6LHhFkutHszFRFLWavNWBlJF1DFFVAt/g9hzK8sIyfalZB2zK 24 | qBuHhMMCAwEAAQ== 25 | -----END PUBLIC KEY----- 26 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/LocatorFunction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.Header; 19 | import io.jsonwebtoken.Locator; 20 | import io.jsonwebtoken.lang.Assert; 21 | 22 | public class LocatorFunction implements Function { 23 | 24 | private final Locator locator; 25 | 26 | public LocatorFunction(Locator locator) { 27 | this.locator = Assert.notNull(locator, "Locator instance cannot be null."); 28 | } 29 | 30 | @Override 31 | public T apply(Header h) { 32 | return this.locator.locate(h); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/lang/JwtDateConverterTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertNull 21 | 22 | class JwtDateConverterTest { 23 | 24 | @Test 25 | void testApplyToNull() { 26 | assertNull JwtDateConverter.INSTANCE.applyTo(null) 27 | } 28 | 29 | @Test 30 | void testApplyFromNull() { 31 | assertNull JwtDateConverter.INSTANCE.applyFrom(null) 32 | } 33 | 34 | @Test 35 | void testToDateWithNull() { 36 | assertNull JwtDateConverter.toDate(null) 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/DecryptAeadRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import javax.crypto.SecretKey; 19 | 20 | /** 21 | * A request to an {@link AeadAlgorithm} to decrypt ciphertext and perform integrity-protection with a supplied 22 | * decryption {@link SecretKey}. Extends both {@link IvSupplier} and {@link DigestSupplier} to 23 | * ensure the respective required IV and AAD tag returned from an {@link AeadResult} are available for decryption. 24 | * 25 | * @since 0.12.0 26 | */ 27 | public interface DecryptAeadRequest extends AeadRequest, IvSupplier, DigestSupplier { 28 | } 29 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/KeyLengthSupplier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | /** 19 | * Provides access to the required length in bits (not bytes) of keys usable with the associated algorithm. 20 | * 21 | * @since 0.12.0 22 | */ 23 | public interface KeyLengthSupplier { 24 | 25 | /** 26 | * Returns the required length in bits (not bytes) of keys usable with the associated algorithm. 27 | * 28 | * @return the required length in bits (not bytes) of keys usable with the associated algorithm. 29 | */ 30 | int getKeyBitLength(); 31 | } 32 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestRSAKey.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import java.security.interfaces.RSAKey 19 | 20 | class TestRSAKey extends TestKey implements RSAKey { 21 | 22 | final def src 23 | BigInteger modulus 24 | 25 | TestRSAKey(def key) { 26 | this.src = key 27 | this.algorithm = key?.getAlgorithm() 28 | this.format = key?.getFormat() 29 | this.encoded = key?.getEncoded() 30 | this.modulus = key?.getModulus() 31 | } 32 | 33 | @Override 34 | BigInteger getModulus() { 35 | return this.modulus 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 23 | 24 | **Describe the bug** 25 | A clear and concise description of what the bug is. 26 | 27 | **To Reproduce** 28 | Steps to reproduce the behavior: 29 | 1. Go to '...' 30 | 2. Click on '....' 31 | 3. Scroll down to '....' 32 | 4. See error 33 | 34 | **Expected behavior** 35 | A clear and concise description of what you expected to happen. 36 | 37 | **Screenshots** 38 | If applicable, add screenshots to help explain your problem. 39 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Decoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | /** 19 | * A decoder converts an already-encoded data value to a desired data type. 20 | * 21 | * @param decoding input type 22 | * @param decoding output type 23 | * @since 0.10.0 24 | */ 25 | public interface Decoder { 26 | 27 | /** 28 | * Convert the specified encoded data value into the desired data type. 29 | * 30 | * @param t the encoded data 31 | * @return the resulting expected data 32 | * @throws DecodingException if there is a problem during decoding. 33 | */ 34 | R decode(T t) throws DecodingException; 35 | } 36 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestKeyAlgorithm.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import io.jsonwebtoken.security.* 19 | 20 | import javax.crypto.SecretKey 21 | 22 | class TestKeyAlgorithm implements KeyAlgorithm { 23 | 24 | String id 25 | 26 | @Override 27 | String getId() { 28 | return id 29 | } 30 | 31 | @Override 32 | KeyResult getEncryptionKey(KeyRequest request) throws SecurityException { 33 | return null 34 | } 35 | 36 | @Override 37 | SecretKey getDecryptionKey(DecryptionKeyRequest request) throws SecurityException { 38 | return null 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/ParameterBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Builder; 19 | 20 | import java.util.List; 21 | import java.util.Set; 22 | 23 | /** 24 | * @since 0.12.0 25 | */ 26 | public interface ParameterBuilder extends Builder> { 27 | 28 | ParameterBuilder setId(String id); 29 | 30 | ParameterBuilder setName(String name); 31 | 32 | ParameterBuilder setSecret(boolean secret); 33 | 34 | ParameterBuilder> list(); 35 | 36 | ParameterBuilder> set(); 37 | 38 | ParameterBuilder setConverter(Converter converter); 39 | } 40 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8-bin.zip 18 | wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.6.jar 19 | 20 | #distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.1/apache-maven-3.6.1-bin.zip 21 | #wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar 22 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/issues/Issue438Test.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.issues 17 | 18 | import io.jsonwebtoken.Jwts 19 | import io.jsonwebtoken.UnsupportedJwtException 20 | import io.jsonwebtoken.impl.security.TestKeys 21 | import org.junit.Test 22 | 23 | /** 24 | * https://github.com/jwtk/jjwt/issues/438 25 | */ 26 | class Issue438Test { 27 | 28 | @Test(expected = UnsupportedJwtException /* not IllegalArgumentException */) 29 | void testIssue438() { 30 | String jws = Jwts.builder().issuer('test').signWith(TestKeys.RS256.pair.private).compact() 31 | Jwts.parser().verifyWith(TestKeys.HS256).build().parseSignedClaims(jws) 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/X25519.crt.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN CERTIFICATE----- 17 | MIIBgzCCATUCFEcl4MgdEi4IGwRwLbdU7hvhVwH8MAUGAytlcDBjMQswCQYDVQQG 18 | EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNj 19 | bzEYMBYGA1UECgwPanNvbndlYnRva2VuLmlvMQ0wCwYDVQQLDARqand0MCAXDTIz 20 | MDgyOTAwMTMwM1oYDzMwMjMwOTA2MDAxMzAzWjBjMQswCQYDVQQGEwJVUzETMBEG 21 | A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEYMBYGA1UE 22 | CgwPanNvbndlYnRva2VuLmlvMQ0wCwYDVQQLDARqand0MCowBQYDK2VuAyEA3UpG 23 | 2jKsHGL52tU3K87tqPS3j2arQO9oGu8W3eT5BkgwBQYDK2VwA0EAh8bwXk5oV5vK 24 | pcv2WyF1jt3E7eiK+DBbOnAdbu86Je887oy8JypSfUwCartW55+MkD/+IJZTNhFa 25 | Gal7t0UqBA== 26 | -----END CERTIFICATE----- 27 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/lang/Supplier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang; 17 | 18 | /** 19 | * Represents a supplier of results. 20 | * 21 | *

There is no requirement that a new or distinct result be returned each time the supplier is invoked.

22 | * 23 | *

This interface is the equivalent of a JDK 8 {@code java.util.function.Supplier}, backported for JJWT's use in 24 | * JDK 7 environments.

25 | * 26 | * @param the type of object returned by this supplier 27 | * @since 0.12.0 28 | */ 29 | public interface Supplier { 30 | 31 | /** 32 | * Returns a result. 33 | * 34 | * @return a result. 35 | */ 36 | T get(); 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/io/Base64UrlStreamEncoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.io; 17 | 18 | import io.jsonwebtoken.io.Encoder; 19 | import io.jsonwebtoken.io.EncodingException; 20 | 21 | import java.io.OutputStream; 22 | 23 | public final class Base64UrlStreamEncoder implements Encoder { 24 | 25 | public static final Base64UrlStreamEncoder INSTANCE = new Base64UrlStreamEncoder(); 26 | 27 | private Base64UrlStreamEncoder() { 28 | } 29 | 30 | @Override 31 | public OutputStream encode(OutputStream outputStream) throws EncodingException { 32 | return new Base64OutputStream(outputStream); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/WeakKeyException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | /** 19 | * Exception thrown when encountering a key that is not strong enough (of sufficient length) to be used with 20 | * a particular algorithm or in a particular security context. 21 | * 22 | * @since 0.10.0 23 | */ 24 | public class WeakKeyException extends InvalidKeyException { 25 | 26 | /** 27 | * Creates a new instance with the specified explanation message. 28 | * 29 | * @param message the message explaining why the exception is thrown. 30 | */ 31 | public WeakKeyException(String message) { 32 | super(message); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/Base64EncoderTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import io.jsonwebtoken.lang.Strings 19 | import org.junit.Test 20 | 21 | import static org.junit.Assert.assertEquals 22 | 23 | class Base64EncoderTest { 24 | 25 | @Test(expected = IllegalArgumentException) 26 | void testEncodeWithNullArgument() { 27 | new Base64Encoder().encode(null) 28 | } 29 | 30 | @Test 31 | void encode() { 32 | String input = 'Hello 世界' 33 | byte[] bytes = input.getBytes(Strings.UTF_8) 34 | String encoded = new Base64Encoder().encode(bytes) 35 | assertEquals 'SGVsbG8g5LiW55WM', encoded 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/Base64Codec.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.io.Decoders; 19 | import io.jsonwebtoken.io.Encoders; 20 | 21 | /** 22 | * @deprecated since 0.10.0 - will be removed before 1.0.0. Use {@code io.jsonwebtoken.io.Encoders#BASE64} 23 | * or {@code io.jsonwebtoken.io.Decoders#BASE64} 24 | */ 25 | @Deprecated 26 | public class Base64Codec extends AbstractTextCodec { 27 | 28 | public String encode(byte[] data) { 29 | return Encoders.BASE64.encode(data); 30 | } 31 | 32 | @Override 33 | public byte[] decode(String encoded) { 34 | return Decoders.BASE64.decode(encoded); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/JwkDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.impl.io.JsonObjectDeserializer; 19 | import io.jsonwebtoken.io.Deserializer; 20 | import io.jsonwebtoken.security.MalformedKeyException; 21 | 22 | public class JwkDeserializer extends JsonObjectDeserializer { 23 | 24 | public JwkDeserializer(Deserializer deserializer) { 25 | super(deserializer, "JWK"); 26 | } 27 | 28 | @Override 29 | protected RuntimeException malformed(Throwable t) { 30 | String msg = "Malformed JWK JSON: " + t.getMessage(); 31 | return new MalformedKeyException(msg); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Encoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | /** 19 | * An encoder converts data of one type into another formatted data value. 20 | * 21 | * @param the type of data to convert 22 | * @param the type of the resulting formatted data 23 | * @since 0.10.0 24 | */ 25 | public interface Encoder { 26 | 27 | /** 28 | * Convert the specified data into another formatted data value. 29 | * 30 | * @param t the data to convert 31 | * @return the resulting formatted data value 32 | * @throws EncodingException if there is a problem during encoding 33 | */ 34 | R encode(T t) throws EncodingException; 35 | } 36 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/RandomSecretKeyBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import javax.crypto.SecretKey; 19 | import javax.crypto.spec.SecretKeySpec; 20 | 21 | /** 22 | * @since 0.12.0 23 | */ 24 | public class RandomSecretKeyBuilder extends DefaultSecretKeyBuilder { 25 | 26 | public RandomSecretKeyBuilder(String jcaName, int bitLength) { 27 | super(jcaName, bitLength); 28 | } 29 | 30 | @Override 31 | public SecretKey build() { 32 | byte[] bytes = new byte[this.BIT_LENGTH / Byte.SIZE]; 33 | this.random.nextBytes(bytes); 34 | return new SecretKeySpec(bytes, this.JCA_NAME); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/EncodingException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | /** 19 | * An exception thrown when encountering a problem during encoding. 20 | * 21 | * @since 0.10.0 22 | */ 23 | public class EncodingException extends CodecException { 24 | 25 | /** 26 | * Creates a new instance with the specified explanation message and underlying cause. 27 | * 28 | * @param message the message explaining why the exception is thrown. 29 | * @param cause the underlying cause that resulted in this exception being thrown. 30 | */ 31 | public EncodingException(String message, Throwable cause) { 32 | super(message, cause); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/Base64DecoderTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import io.jsonwebtoken.lang.Strings 19 | import org.junit.Test 20 | 21 | import static org.junit.Assert.assertEquals 22 | 23 | class Base64DecoderTest { 24 | 25 | @Test(expected = IllegalArgumentException) 26 | void testDecodeWithNullArgument() { 27 | new Base64Decoder().decode(null) 28 | } 29 | 30 | @Test 31 | void decode() { 32 | String encoded = 'SGVsbG8g5LiW55WM' // Hello 世界 33 | byte[] bytes = new Base64Decoder().decode(encoded) 34 | String result = new String(bytes, Strings.UTF_8) 35 | assertEquals 'Hello 世界', result 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/Base64UrlCodecTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl 17 | 18 | import io.jsonwebtoken.lang.Strings 19 | import org.junit.Test 20 | import static org.junit.Assert.* 21 | 22 | @Deprecated //remove just before 1.0.0 release 23 | class Base64UrlCodecTest { 24 | 25 | @Test 26 | void testEncodeDecode() { 27 | 28 | String s = "Hello 世界" 29 | 30 | def codec = new Base64UrlCodec() 31 | 32 | String base64url = codec.encode(s.getBytes(Strings.UTF_8)) 33 | 34 | byte[] decoded = codec.decode(base64url) 35 | 36 | String result = new String(decoded, Strings.UTF_8) 37 | 38 | assertEquals s, result 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/lang/NestedCollection.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang; 17 | 18 | /** 19 | * A {@link CollectionMutator} that can return access to its parent via the {@link Conjunctor#and() and()} method for 20 | * continued configuration. For example: 21 | * 
22 |  * builder
23 |  *     .aNestedCollection()// etc...
24 |  *     .and() // return parent
25 |  * // resume parent configuration...
26 | * 27 | * @param the type of elements in the collection 28 | * @param

the parent to return 29 | * @since 0.12.0 30 | */ 31 | public interface NestedCollection extends CollectionMutator>, Conjunctor

{ 32 | } 33 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/JwkSetDeserializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.impl.io.JsonObjectDeserializer; 19 | import io.jsonwebtoken.io.Deserializer; 20 | import io.jsonwebtoken.security.MalformedKeySetException; 21 | 22 | public class JwkSetDeserializer extends JsonObjectDeserializer { 23 | 24 | public JwkSetDeserializer(Deserializer deserializer) { 25 | super(deserializer, "JWK Set"); 26 | } 27 | 28 | @Override 29 | protected RuntimeException malformed(Throwable t) { 30 | String msg = "Malformed JWK Set JSON: " + t.getMessage(); 31 | throw new MalformedKeySetException(msg, t); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/RS384.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnn/dqKzNybwtA+i7WNac 18 | NEjfjeIOWnR99W7cUHfy8x/vRFy+1/vF99Zer6eXgdK3kfw8S/WSLZ2QSnDDJABU 19 | tUK0uaapFaRrOq3sio4lEInFoSNKFa6g0Zrzzu9P2wMVhvj+k9H8KB8gKx4VuxDv 20 | FQwQDF7noPPd1kRVgYNk5he11hsTlAHzijv8x+1AAgjj5RGOVtoRVnJQb9Y2rH/L 21 | rpgxVL1q9gthlCYe+fJV9zm10WBhPXziEItSOCygFMTQZzAmSQppBP4SXEjKuCu+ 22 | bxWd/O5JySBWNBuFW+5fPbH3Zs3bS1hRnAicAfEv2crbwivVbH/buwkEXsgPN/G4 23 | b6kJgdeEE+Is7R+pgHkZo+TxjCVcf0H4l8uzH/FUrIJtEianb9QTz+RGHjVm8mOt 24 | GyId+UVO+ZIFLfXYzgdcoHApY1y874TT3M7CXZll8Jmbmf/2s4gIRMwLQTMCL1tS 25 | keyUWLkG5MQWMdf+Gtc2vQpKtnNeoVQU0QM4iALHbyVtAgMBAAE= 26 | -----END PUBLIC KEY----- 27 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/NullSafeConverter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | public class NullSafeConverter implements Converter { 21 | 22 | private final Converter converter; 23 | 24 | public NullSafeConverter(Converter converter) { 25 | this.converter = Assert.notNull(converter, "Delegate converter cannot be null."); 26 | } 27 | 28 | @Override 29 | public B applyTo(A a) { 30 | return a == null ? null : converter.applyTo(a); 31 | } 32 | 33 | @Override 34 | public A applyFrom(B b) { 35 | return b == null ? null : converter.applyFrom(b); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/KeySupplier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.Key; 19 | 20 | /** 21 | * Provides access to a cryptographic {@link Key} necessary for signing, wrapping, encryption or decryption algorithms. 22 | * 23 | * @param the type of key provided by this supplier. 24 | * @since 0.12.0 25 | */ 26 | public interface KeySupplier { 27 | 28 | /** 29 | * Returns the key to use for signing, wrapping, encryption or decryption depending on the type of operation. 30 | * 31 | * @return the key to use for signing, wrapping, encryption or decryption depending on the type of operation. 32 | */ 33 | K getKey(); 34 | } 35 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/Converter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | public interface Converter { 19 | 20 | /** 21 | * Converts the specified (Java idiomatic type) value to the canonical RFC-required data type. 22 | * 23 | * @param a the preferred idiomatic value 24 | * @return the canonical RFC-required data type value. 25 | */ 26 | B applyTo(A a); 27 | 28 | /** 29 | * Converts the specified canonical (RFC-compliant data type) value to the preferred Java idiomatic type. 30 | * 31 | * @param b the canonical value to convert 32 | * @return the preferred Java idiomatic type value. 33 | */ 34 | A applyFrom(B b); 35 | } 36 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/AndroidBase64Codec.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.io.Decoders; 19 | import io.jsonwebtoken.io.Encoders; 20 | 21 | /** 22 | * @deprecated since 0.10.0 - will be removed before 1.0.0. Use {@code io.jsonwebtoken.io.Encoders#BASE64} 23 | * or {@code io.jsonwebtoken.io.Decoders#BASE64} instead. 24 | */ 25 | @Deprecated 26 | public class AndroidBase64Codec extends AbstractTextCodec { 27 | 28 | @Override 29 | public String encode(byte[] data) { 30 | return Encoders.BASE64.encode(data); 31 | } 32 | 33 | @Override 34 | public byte[] decode(String encoded) { 35 | return Decoders.BASE64.decode(encoded); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/Base64UrlCodec.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.io.Decoders; 19 | import io.jsonwebtoken.io.Encoders; 20 | 21 | /** 22 | * @deprecated since 0.10.0 - will be removed before 1.0.0. Use {@link Encoders#BASE64URL Encoder.BASE64URL} 23 | * or {@link Decoders#BASE64URL Decoder.BASE64URL} instead. 24 | */ 25 | @Deprecated 26 | public class Base64UrlCodec extends AbstractTextCodec { 27 | 28 | @Override 29 | public String encode(byte[] data) { 30 | return Encoders.BASE64URL.encode(data); 31 | } 32 | 33 | @Override 34 | public byte[] decode(String encoded) { 35 | return Decoders.BASE64URL.decode(encoded); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/DefaultClock.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.Clock; 19 | 20 | import java.util.Date; 21 | 22 | /** 23 | * Default {@link Clock} implementation. 24 | * 25 | * @since 0.7.0 26 | */ 27 | public class DefaultClock implements Clock { 28 | 29 | /** 30 | * Default static instance that may be shared. It is thread-safe. 31 | */ 32 | public static final Clock INSTANCE = new DefaultClock(); 33 | 34 | /** 35 | * Simply returns new {@link Date}(). 36 | * 37 | * @return a new {@link Date} instance. 38 | */ 39 | @Override 40 | public Date now() { 41 | return new Date(); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/AbstractAudienceCollection.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.ClaimsMutator; 19 | import io.jsonwebtoken.impl.lang.DefaultNestedCollection; 20 | 21 | import java.util.Collection; 22 | 23 | /** 24 | * Abstract NestedCollection that requires the AudienceCollection interface to be implemented. 25 | * 26 | * @param

type of parent to return 27 | * @since 0.12.0 28 | */ 29 | abstract class AbstractAudienceCollection

extends DefaultNestedCollection 30 | implements ClaimsMutator.AudienceCollection

{ 31 | protected AbstractAudienceCollection(P parent, Collection seed) { 32 | super(parent, seed); 33 | } 34 | } -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/FormattedStringSupplier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | import io.jsonwebtoken.lang.Supplier; 20 | 21 | public class FormattedStringSupplier implements Supplier { 22 | 23 | private final String msg; 24 | 25 | private final Object[] args; 26 | 27 | public FormattedStringSupplier(String msg, Object[] args) { 28 | this.msg = Assert.hasText(msg, "Message cannot be null or empty."); 29 | this.args = Assert.notEmpty(args, "Arguments cannot be null or empty."); 30 | } 31 | 32 | @Override 33 | public String get() { 34 | return String.format(this.msg, this.args); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/lang/InstantiationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang; 17 | 18 | /** 19 | * {@link RuntimeException} equivalent of {@link java.lang.InstantiationException}. 20 | * 21 | * @since 0.1 22 | */ 23 | public class InstantiationException extends RuntimeException { 24 | 25 | /** 26 | * Creates a new instance with the specified explanation message and underlying cause. 27 | * 28 | * @param message the message explaining why the exception is thrown. 29 | * @param cause the underlying cause that resulted in this exception being thrown. 30 | */ 31 | public InstantiationException(String message, Throwable cause) { 32 | super(message, cause); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/lang/MapsTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang 17 | 18 | import org.junit.Test 19 | 20 | import static org.hamcrest.MatcherAssert.assertThat 21 | import static org.hamcrest.CoreMatchers.is 22 | 23 | class MapsTest { 24 | 25 | @Test 26 | void testSingleMapOf() { 27 | assertThat Maps.of("aKey", "aValue").build(), is([aKey: "aValue"]) 28 | } 29 | 30 | @Test 31 | void testMapOfAnd() { 32 | assertThat Maps.of("aKey1", "aValue1") 33 | .and("aKey2", "aValue2") 34 | .and("aKey3", "aValue3") 35 | .build(), 36 | is([aKey1: "aValue1", aKey2: "aValue2", aKey3: "aValue3"]) 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultNestedCollection.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | import io.jsonwebtoken.lang.NestedCollection; 20 | 21 | import java.util.Collection; 22 | 23 | public class DefaultNestedCollection extends DefaultCollectionMutator> 24 | implements NestedCollection { 25 | 26 | private final P parent; 27 | 28 | public DefaultNestedCollection(P parent, Collection seed) { 29 | super(seed); 30 | this.parent = Assert.notNull(parent, "Parent cannot be null."); 31 | } 32 | 33 | @Override 34 | public P and() { 35 | return this.parent; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultSecretKeyBuilderTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | import static org.junit.Assert.fail 22 | 23 | class DefaultSecretKeyBuilderTest { 24 | 25 | @Test 26 | void testInvalidBitLength() { 27 | try { 28 | //noinspection GroovyResultOfObjectAllocationIgnored 29 | new DefaultSecretKeyBuilder("AES", 127) 30 | fail() 31 | } catch (IllegalArgumentException expected) { 32 | String msg = "bitLength must be an even multiple of 8" 33 | assertEquals msg, expected.getMessage() 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/SignatureExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class SignatureExceptionTest { 23 | 24 | @Test 25 | void testStringConstructor() { 26 | def exception = new SignatureException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testCauseConstructor() { 32 | def ioException = new IOException("root error") 33 | def exception = new SignatureException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/CompressionExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class CompressionExceptionTest { 23 | 24 | @Test 25 | void testDefaultConstructor() { 26 | def exception = new CompressionException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testConstructorWithCause() { 32 | def ioException = new IOException("root error") 33 | def exception = new CompressionException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/MalformedJwtExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class MalformedJwtExceptionTest { 23 | 24 | @Test 25 | void testStringConstructor() { 26 | def exception = new MalformedJwtException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testCauseConstructor() { 32 | def ioException = new IOException("root error") 33 | def exception = new MalformedJwtException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/security/SignatureExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class SignatureExceptionTest { 23 | 24 | @Test 25 | void testStringConstructor() { 26 | def exception = new SignatureException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testCauseConstructor() { 32 | def ioException = new IOException("root error") 33 | def exception = new SignatureException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } -------------------------------------------------------------------------------- /extensions/gson/src/main/java/io/jsonwebtoken/gson/io/GsonSupplierSerializer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.gson.io; 17 | 18 | import com.google.gson.JsonElement; 19 | import com.google.gson.JsonSerializationContext; 20 | import com.google.gson.JsonSerializer; 21 | import io.jsonwebtoken.lang.Supplier; 22 | 23 | import java.lang.reflect.Type; 24 | 25 | public final class GsonSupplierSerializer implements JsonSerializer> { 26 | 27 | public static final GsonSupplierSerializer INSTANCE = new GsonSupplierSerializer(); 28 | 29 | @Override 30 | public JsonElement serialize(Supplier supplier, Type type, JsonSerializationContext ctx) { 31 | Object value = supplier.get(); 32 | return ctx.serialize(value); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/io/UncloseableInputStream.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.io; 17 | 18 | import java.io.FilterInputStream; 19 | import java.io.InputStream; 20 | 21 | /** 22 | * @since 0.12.0, copied from 23 | * 24 | * commons-io 3a17f5259b105e734c8adce1d06d68f29884d1bb 25 | */ 26 | public final class UncloseableInputStream extends FilterInputStream { 27 | 28 | public UncloseableInputStream(InputStream in) { 29 | super(in); 30 | } 31 | 32 | @Override 33 | public void close() { 34 | in = ClosedInputStream.INSTANCE; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/RequiredTypeExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | import static org.junit.Assert.assertSame 22 | 23 | class RequiredTypeExceptionTest { 24 | 25 | @Test 26 | void testStringConstructor() { 27 | def msg = 'foo' 28 | def ex = new RequiredTypeException(msg) 29 | assertEquals ex.message, msg 30 | } 31 | 32 | @Test 33 | void testOverloadedConstructor() { 34 | def msg = 'foo' 35 | def cause = new NullPointerException() 36 | def ex = new RequiredTypeException(msg, cause) 37 | assertEquals ex.message, msg 38 | assertSame ex.cause, cause 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/PrivateConstructorsTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import io.jsonwebtoken.Jwts 19 | import io.jsonwebtoken.impl.lang.Functions 20 | import io.jsonwebtoken.lang.Classes 21 | import io.jsonwebtoken.security.Jwks 22 | import org.junit.Test 23 | 24 | class PrivateConstructorsTest { 25 | 26 | @Test 27 | void testPrivateCtors() { // for code coverage only 28 | new Classes() 29 | new KeysBridge() 30 | new JwksBridge() 31 | new Functions() 32 | new Jwts.SIG() 33 | new Jwts.ENC() 34 | new Jwts.KEY() 35 | new Jwts.ZIP() 36 | new Jwks.CRV() 37 | new Jwks.HASH() 38 | new Jwks.OP() 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/UnsupportedJwtExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class UnsupportedJwtExceptionTest { 23 | 24 | @Test 25 | void testStringConstructor() { 26 | def exception = new UnsupportedJwtException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testCauseConstructor() { 32 | def ioException = new IOException("root error") 33 | def exception = new UnsupportedJwtException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/X448.crt.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN CERTIFICATE----- 17 | MIIBzTCCAU0CFFayc15yJtacar3KWzbbJbmr3GueMAUGAytlcTBjMQswCQYDVQQG 18 | EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNj 19 | bzEYMBYGA1UECgwPanNvbndlYnRva2VuLmlvMQ0wCwYDVQQLDARqand0MCAXDTIz 20 | MDgyOTAwMTMwM1oYDzMwMjMwOTA2MDAxMzAzWjBjMQswCQYDVQQGEwJVUzETMBEG 21 | A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEYMBYGA1UE 22 | CgwPanNvbndlYnRva2VuLmlvMQ0wCwYDVQQLDARqand0MEIwBQYDK2VvAzkAXxQl 23 | Wa22S36qjui/M2IBT5vg0CmmLJkpBhXeiuBptUxJ/nnD0uITBH5N9PHkhOM8gfGt 24 | Nkh6JwcwBQYDK2VxA3MAkjzcFHJoPuc/cNyoNq5DT5yCMYKzu0OhnDNmMQTSbmCC 25 | qJMAobd9pBVqG2LQI7SlB8beP8/gI2wArsjJYmCttBgQR5YaxO0I8cRsX++2Asl8 26 | alIYnJFhPR1j9j37JAz/TFyGIw6kA9efOtPFIgUtCyoA 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/JwkParserBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import io.jsonwebtoken.io.Parser; 19 | import io.jsonwebtoken.io.ParserBuilder; 20 | 21 | /** 22 | * A builder to construct a {@link Parser} that can parse {@link Jwk}s. 23 | * Example usage: 24 | * 

25 |  * Jwk<?> jwk = Jwks.parser()
26 |  *         .provider(aJcaProvider)     // optional
27 |  *         .deserializer(deserializer) // optional
28 |  *         .operationPolicy(policy)    // optional
29 |  *         .build()
30 |  *         .parse(jwkString);
31 | * 32 | * @since 0.12.0 33 | */ 34 | public interface JwkParserBuilder extends ParserBuilder, JwkParserBuilder>, KeyOperationPolicied { 35 | } 36 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/KeyPairBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.KeyPair; 19 | 20 | /** 21 | * A {@code KeyPairBuilder} produces new {@link KeyPair}s suitable for use with an associated cryptographic algorithm. 22 | * A new {@link KeyPair} is created each time the builder's {@link #build()} method is called. 23 | * 24 | *

{@code KeyPairBuilder}s are provided by components that implement the {@link KeyPairBuilderSupplier} interface, 25 | * ensuring the resulting {@link KeyPair}s are compatible with their associated cryptographic algorithm.

26 | * 27 | * @see KeyPairBuilderSupplier 28 | * @since 0.12.0 29 | */ 30 | public interface KeyPairBuilder extends SecurityBuilder { 31 | } 32 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/SerializationExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class SerializationExceptionTest { 23 | 24 | @Test 25 | void testDefaultConstructor() { 26 | def exception = new SerializationException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testConstructorWithCause() { 32 | def ioException = new java.io.IOException("root error") 33 | def exception = new SerializationException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/io/ClosedInputStream.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.io; 17 | 18 | import java.io.IOException; 19 | import java.io.InputStream; 20 | 21 | /** 22 | * @since 0.12.0, copied from 23 | * 24 | * commons-io 3a17f5259b105e734c8adce1d06d68f29884d1bb 25 | */ 26 | public final class ClosedInputStream extends InputStream { 27 | 28 | public static final ClosedInputStream INSTANCE = new ClosedInputStream(); 29 | 30 | private ClosedInputStream() { 31 | } 32 | 33 | @Override 34 | public int read() throws IOException { 35 | return Streams.EOF; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/io/CodecTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.io 17 | 18 | import io.jsonwebtoken.io.DecodingException 19 | import org.junit.Test 20 | 21 | import static org.junit.Assert.* 22 | 23 | class CodecTest { 24 | 25 | @Test 26 | void testDecodingExceptionThrowsIAE() { 27 | CharSequence s = 't#t' 28 | try { 29 | Codec.BASE64URL.applyFrom(s) 30 | fail() 31 | } catch (IllegalArgumentException expected) { 32 | def cause = expected.getCause() 33 | assertTrue cause instanceof DecodingException 34 | String msg = "Cannot decode input String. Cause: ${cause.getMessage()}" 35 | assertEquals msg, expected.getMessage() 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/lang/DateFormatsTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.lang 17 | 18 | import org.junit.Test 19 | 20 | import java.text.SimpleDateFormat 21 | 22 | import static org.junit.Assert.* 23 | 24 | class DateFormatsTest { 25 | 26 | @Test //https://github.com/jwtk/jjwt/issues/291 27 | void testUtcTimezone() { 28 | 29 | def iso8601 = DateFormats.ISO_8601.get() 30 | def iso8601Millis = DateFormats.ISO_8601_MILLIS.get() 31 | 32 | assertTrue iso8601 instanceof SimpleDateFormat 33 | assertTrue iso8601Millis instanceof SimpleDateFormat 34 | 35 | def utc = TimeZone.getTimeZone("UTC") 36 | 37 | assertEquals utc, iso8601.getTimeZone() 38 | assertEquals utc, iso8601Millis.getTimeZone() 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/PS384.pub.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN PUBLIC KEY----- 17 | MIIB1jBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcN 18 | AQEIMA0GCWCGSAFlAwQCAgUAogMCATADggGPADCCAYoCggGBANlzViNqYTx70qT+ 19 | qqa90Go5ua7BVHwSlO99j13D/PIHaF2c9uVcPBXAvrG1YDnog0A91RFPX/ro7gDG 20 | +Bk4oXWnvQw4rf4XEDrh94iuiGnLq/MR/FTuqSqcDlLKBoTI9e1gxr/QOOfK01bD 21 | aUP4NhOa4VqT12djbtnTbKgTrQN8ZSuVX5gmuLJcTlmoeU17X8QMZlDl+nPWdcqu 22 | dBHwi85EBXEByGppVveFypBEtxNmrTOP3CK0dMIZb2zeCewZLdN4lltRdp5R268O 23 | 4bgl4nlhEsgNfoxceg1uHAkmpwq11JpBb0K/jD2smKnK/88/EpP+7Yo5Snzg84mg 24 | FeORquBb1RAws3W5nqhhuBl0o04xCKqEndtz24dlP6eDkIeba5ld4iiuIEdDt1AM 25 | CUeyLbtB9WRp/Ho8EtUTZ4oOHq8cHHrpZ8XuF601kvSCpnhfWsjk0CMUQweylb42 26 | Wc8pZ16YQHXxW/WNtBiF+0qVzUi9yHgaYhGVl9SJLDKKj87/0QIDAQAB 27 | -----END PUBLIC KEY----- 28 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/DeserializationExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class DeserializationExceptionTest { 23 | 24 | @Test 25 | void testDefaultConstructor() { 26 | def exception = new DeserializationException("my message") 27 | assertEquals "my message", exception.getMessage() 28 | } 29 | 30 | @Test 31 | void testConstructorWithCause() { 32 | def ioException = new java.io.IOException("root error") 33 | def exception = new DeserializationException("wrapping", ioException) 34 | assertEquals "wrapping", exception.getMessage() 35 | assertEquals ioException, exception.getCause() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/io/BytesInputStream.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.io; 17 | 18 | import io.jsonwebtoken.impl.lang.Bytes; 19 | 20 | import java.io.ByteArrayInputStream; 21 | import java.io.IOException; 22 | 23 | /** 24 | * Allows read access to the internal byte array, avoiding the need copy/extract to a 25 | * {@link java.io.ByteArrayOutputStream}. 26 | * 27 | * @since 0.12.2 28 | */ 29 | public final class BytesInputStream extends ByteArrayInputStream { 30 | 31 | BytesInputStream(byte[] buf) { 32 | super(Bytes.isEmpty(buf) ? Bytes.EMPTY : buf); 33 | } 34 | 35 | public byte[] getBytes() { 36 | return this.buf; 37 | } 38 | 39 | @Override 40 | public void close() throws IOException { 41 | reset(); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/DefaultMessage.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | import io.jsonwebtoken.security.Message; 20 | 21 | class DefaultMessage implements Message { 22 | 23 | private final T payload; 24 | 25 | DefaultMessage(T payload) { 26 | this.payload = Assert.notNull(payload, "payload cannot be null."); 27 | if (payload instanceof byte[]) { 28 | assertBytePayload((byte[])payload); 29 | } 30 | } 31 | protected void assertBytePayload(byte[] payload) { 32 | Assert.notEmpty(payload, "payload byte array cannot be null or empty."); 33 | } 34 | 35 | @Override 36 | public T getPayload() { 37 | return payload; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/ProvidedSecretKeyBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.security.Password; 19 | import io.jsonwebtoken.security.SecretKeyBuilder; 20 | 21 | import javax.crypto.SecretKey; 22 | 23 | class ProvidedSecretKeyBuilder extends ProvidedKeyBuilder implements SecretKeyBuilder { 24 | 25 | ProvidedSecretKeyBuilder(SecretKey key) { 26 | super(key); 27 | } 28 | 29 | @Override 30 | public SecretKey doBuild() { 31 | if (this.key instanceof Password) { 32 | return this.key; // provider never needed for Password instances. 33 | } 34 | return provider != null ? new ProviderSecretKey(this.provider, this.key) : this.key; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 23 | 24 | **Is your feature request related to a problem? Please describe.** 25 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 26 | 27 | **Describe the solution you'd like** 28 | A clear and concise description of what you want to happen. 29 | 30 | **Describe alternatives you've considered** 31 | A clear and concise description of any alternative solutions or features you've considered. 32 | 33 | **Additional context** 34 | Add any other context or screenshots about the feature request here. 35 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/EncodersTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertTrue 21 | 22 | class EncodersTest { 23 | 24 | @Test 25 | void testPrivateCtor() { 26 | new Encoders() //not allowed in java, including here only to pass test coverage assertions 27 | } 28 | 29 | @Test 30 | void testBase64() { 31 | assertTrue Encoders.BASE64 instanceof ExceptionPropagatingEncoder 32 | assertTrue Encoders.BASE64.encoder instanceof Base64Encoder 33 | } 34 | 35 | @Test 36 | void testBase64Url() { 37 | assertTrue Encoders.BASE64URL instanceof ExceptionPropagatingEncoder 38 | assertTrue Encoders.BASE64URL.encoder instanceof Base64UrlEncoder 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/ProvidedSecretKeyBuilderTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import io.jsonwebtoken.security.Keys 19 | import org.junit.Test 20 | 21 | import static org.junit.Assert.assertSame 22 | 23 | class ProvidedSecretKeyBuilderTest { 24 | 25 | @Test 26 | void testBuildPasswordWithoutProvider() { 27 | def password = Keys.password('foo'.toCharArray()) 28 | assertSame password, Keys.builder(password).build() // does not wrap in ProviderKey 29 | } 30 | 31 | @Test 32 | void testBuildPasswordWithProvider() { 33 | def password = Keys.password('foo'.toCharArray()) 34 | assertSame password, Keys.builder(password).provider(new TestProvider()).build() // does not wrap in ProviderKey 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/DigestSupplier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | /** 19 | * A {@code DigestSupplier} provides access to the result of a cryptographic digest algorithm, such as a 20 | * Message Digest, MAC, Signature, or Authentication Tag. 21 | * 22 | * @since 0.12.0 23 | */ 24 | public interface DigestSupplier { 25 | 26 | /** 27 | * Returns a cryptographic digest result, such as a Message Digest, MAC, Signature, or Authentication Tag 28 | * depending on the cryptographic algorithm that produced it. 29 | * 30 | * @return a cryptographic digest result, such as a Message Digest, MAC, Signature, or Authentication Tag 31 | * * depending on the cryptographic algorithm that produced it. 32 | */ 33 | byte[] getDigest(); 34 | 35 | } 36 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/OctetPrivateJwkBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.PrivateKey; 19 | import java.security.PublicKey; 20 | 21 | /** 22 | * A {@link PrivateJwkBuilder} that creates {@link OctetPrivateJwk} instances. 23 | * 24 | * @param The type of {@link PrivateKey} represented by the constructed {@link OctetPrivateJwk} instance. 25 | * @param The type of {@link PublicKey} available from the constructed {@link OctetPrivateJwk}'s associated {@link PrivateJwk#toPublicJwk() public JWK} properties. 26 | * @since 0.12.0 27 | */ 28 | public interface OctetPrivateJwkBuilder extends 29 | PrivateJwkBuilder, OctetPrivateJwk, OctetPrivateJwkBuilder> { 30 | } 31 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/io/DecodersTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertTrue 21 | 22 | class DecodersTest { 23 | 24 | @Test 25 | void testPrivateCtor() { 26 | new Decoders() //not allowed in java, including here only to pass test coverage assertions 27 | } 28 | 29 | @Test 30 | void testBase64() { 31 | assertTrue Decoders.BASE64 instanceof ExceptionPropagatingDecoder 32 | assertTrue Decoders.BASE64.decoder instanceof Base64Decoder 33 | } 34 | 35 | @Test 36 | void testBase64Url() { 37 | assertTrue Decoders.BASE64URL instanceof ExceptionPropagatingDecoder 38 | assertTrue Decoders.BASE64URL.decoder instanceof Base64UrlDecoder 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/TestAeadAlgorithm.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import io.jsonwebtoken.security.* 19 | 20 | class TestAeadAlgorithm implements AeadAlgorithm { 21 | 22 | String id 23 | int keyBitLength = 256 24 | 25 | @Override 26 | String getId() { 27 | return id 28 | } 29 | 30 | @Override 31 | void encrypt(AeadRequest request, AeadResult result) throws SecurityException { 32 | } 33 | 34 | @Override 35 | void decrypt(DecryptAeadRequest request, OutputStream out) throws SecurityException { 36 | } 37 | 38 | @Override 39 | SecretKeyBuilder key() { 40 | return null 41 | } 42 | 43 | @Override 44 | int getKeyBitLength() { 45 | return keyBitLength 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /impl/src/test/resources/io/jsonwebtoken/impl/security/Ed25519.crt.pem: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright © 2023 jsonwebtoken.io 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -----BEGIN CERTIFICATE----- 17 | MIIB3TCCAY+gAwIBAgIUTvomSDbNXFaCzfJQTH1PHWe+GlIwBQYDK2VwMGMxCzAJ 18 | BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJh 19 | bmNpc2NvMRgwFgYDVQQKDA9qc29ud2VidG9rZW4uaW8xDTALBgNVBAsMBGpqd3Qw 20 | IBcNMjMwODI5MDAxMzAzWhgPMzAyMzA5MDYwMDEzMDNaMGMxCzAJBgNVBAYTAlVT 21 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRgw 22 | FgYDVQQKDA9qc29ud2VidG9rZW4uaW8xDTALBgNVBAsMBGpqd3QwKjAFBgMrZXAD 23 | IQDDHxTyZqXnvSZdmS5a4Gu/X0EPcqMfwIP6mI3rm/ob6qNTMFEwHQYDVR0OBBYE 24 | FGTVTDvYvGLCDAqD60GqtHOwqF+SMB8GA1UdIwQYMBaAFGTVTDvYvGLCDAqD60Gq 25 | tHOwqF+SMA8GA1UdEwEB/wQFMAMBAf8wBQYDK2VwA0EA39fQxxQwcTABeUUD4jFQ 26 | 1Ypn6CACuZI7B2LZqBvylVcLCdENA1UNI1fZc+3akDluo9mM8502pJz43YPBHggP 27 | Dw== 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/DefaultSecureRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | import io.jsonwebtoken.security.SecureRequest; 20 | 21 | import java.security.Key; 22 | import java.security.Provider; 23 | import java.security.SecureRandom; 24 | 25 | public class DefaultSecureRequest extends DefaultRequest implements SecureRequest { 26 | 27 | private final K KEY; 28 | 29 | public DefaultSecureRequest(T payload, Provider provider, SecureRandom secureRandom, K key) { 30 | super(payload, provider, secureRandom); 31 | this.KEY = Assert.notNull(key, "key cannot be null."); 32 | } 33 | 34 | @Override 35 | public K getKey() { 36 | return this.KEY; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/AbstractPublicJwk.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.impl.lang.Parameter; 19 | import io.jsonwebtoken.security.Jwk; 20 | import io.jsonwebtoken.security.PublicJwk; 21 | 22 | import java.security.PublicKey; 23 | import java.util.List; 24 | 25 | abstract class AbstractPublicJwk extends AbstractAsymmetricJwk implements PublicJwk { 26 | AbstractPublicJwk(JwkContext ctx, List> thumbprintParams) { 27 | super(ctx, thumbprintParams); 28 | } 29 | 30 | @Override 31 | protected final boolean equals(Jwk jwk) { 32 | return jwk instanceof PublicJwk && equals((PublicJwk) jwk); 33 | } 34 | 35 | protected abstract boolean equals(PublicJwk jwk); 36 | } 37 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Base64Decoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | /** 21 | * Very fast Base64 decoder guaranteed to 22 | * work in all >= Java 7 JDK and Android environments. 23 | * 24 | * @since 0.10.0 25 | */ 26 | class Base64Decoder extends Base64Support implements Decoder { 27 | 28 | Base64Decoder() { 29 | super(Base64.DEFAULT); 30 | } 31 | 32 | Base64Decoder(Base64 base64) { 33 | super(base64); 34 | } 35 | 36 | @Override 37 | public byte[] decode(CharSequence s) throws DecodingException { 38 | Assert.notNull(s, "String argument cannot be null"); 39 | return this.base64.decodeFast(s); 40 | } 41 | } -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultKeyPairBuilderTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import org.junit.Test 19 | 20 | import java.security.interfaces.ECPrivateKey 21 | import java.security.interfaces.ECPublicKey 22 | 23 | import static org.junit.Assert.assertNotNull 24 | import static org.junit.Assert.assertTrue 25 | 26 | class DefaultKeyPairBuilderTest { 27 | 28 | @Test 29 | // simple test - just a JCA name, no extra config 30 | void testSimpleBuild() { 31 | def pair = new DefaultKeyPairBuilder("EC").build() 32 | assertNotNull pair 33 | assertNotNull pair.getPrivate() 34 | assertNotNull pair.getPublic() 35 | assertTrue pair.getPrivate() instanceof ECPrivateKey 36 | assertTrue pair.getPublic() instanceof ECPublicKey 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/security/InvalidKeyExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class InvalidKeyExceptionTest { 23 | 24 | @Test 25 | void testDefaultConstructor() { 26 | def msg = "my message" 27 | def exception = new InvalidKeyException(msg) 28 | assertEquals msg, exception.getMessage() 29 | } 30 | 31 | @Test 32 | void testConstructorWithCause() { 33 | def rootMsg = 'root error' 34 | def msg = 'wrapping' 35 | def ioException = new IOException(rootMsg) 36 | def exception = new InvalidKeyException(msg, ioException) 37 | assertEquals msg, exception.getMessage() 38 | assertEquals ioException, exception.getCause() 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/AbstractJwkParserBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.impl.io.AbstractParserBuilder; 19 | import io.jsonwebtoken.io.ParserBuilder; 20 | import io.jsonwebtoken.security.KeyOperationPolicied; 21 | import io.jsonwebtoken.security.KeyOperationPolicy; 22 | 23 | abstract class AbstractJwkParserBuilder & KeyOperationPolicied> 24 | extends AbstractParserBuilder implements KeyOperationPolicied { 25 | 26 | protected KeyOperationPolicy operationPolicy = AbstractJwkBuilder.DEFAULT_OPERATION_POLICY; 27 | 28 | @Override 29 | public B operationPolicy(KeyOperationPolicy policy) throws IllegalArgumentException { 30 | this.operationPolicy = policy; 31 | return self(); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/ProvidedKeyBuilder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | import io.jsonwebtoken.security.KeyBuilder; 20 | 21 | import java.security.Key; 22 | 23 | abstract class ProvidedKeyBuilder> extends AbstractSecurityBuilder 24 | implements KeyBuilder { 25 | 26 | protected final K key; 27 | 28 | ProvidedKeyBuilder(K key) { 29 | this.key = Assert.notNull(key, "Key cannot be null."); 30 | } 31 | 32 | @Override 33 | public final K build() { 34 | if (this.key instanceof ProviderKey) { // already wrapped, don't wrap again: 35 | return this.key; 36 | } 37 | return doBuild(); 38 | } 39 | 40 | abstract K doBuild(); 41 | } 42 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/io/Base64Encoder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.io; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | /** 21 | * Very fast Base64 encoder guaranteed to 22 | * work in all >= Java 7 JDK and Android environments. 23 | * 24 | * @since 0.10.0 25 | */ 26 | class Base64Encoder extends Base64Support implements Encoder { 27 | 28 | Base64Encoder() { 29 | this(Base64.DEFAULT); 30 | } 31 | 32 | Base64Encoder(Base64 base64) { 33 | super(base64); 34 | } 35 | 36 | @Override 37 | public String encode(byte[] bytes) throws EncodingException { 38 | Assert.notNull(bytes, "byte array argument cannot be null"); 39 | return this.base64.encodeToString(bytes, false); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /api/src/test/groovy/io/jsonwebtoken/security/MalformedKeyExceptionTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | 22 | class MalformedKeyExceptionTest { 23 | 24 | @Test 25 | void testDefaultConstructor() { 26 | def msg = "my message" 27 | def exception = new MalformedKeyException(msg) 28 | assertEquals msg, exception.getMessage() 29 | } 30 | 31 | @Test 32 | void testConstructorWithCause() { 33 | def rootMsg = 'root error' 34 | def msg = 'wrapping' 35 | def ioException = new IOException(rootMsg) 36 | def exception = new MalformedKeyException(msg, ioException) 37 | assertEquals msg, exception.getMessage() 38 | assertEquals ioException, exception.getCause() 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/VerifyDigestRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2022 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.io.InputStream; 19 | 20 | /** 21 | * A request to verify a previously-computed cryptographic digest (available via {@link #getDigest()}) against the 22 | * digest to be computed for the specified {@link #getPayload() payload}. 23 | * 24 | *

Secure digest algorithms that use keys to perform 25 | * digital signature or 26 | * message 27 | * authentication code verification will use {@link VerifySecureDigestRequest} instead.

28 | * 29 | * @see VerifySecureDigestRequest 30 | * @since 0.12.0 31 | */ 32 | public interface VerifyDigestRequest extends Request, DigestSupplier { 33 | } 34 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/DefaultJws.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl; 17 | 18 | import io.jsonwebtoken.Jws; 19 | import io.jsonwebtoken.JwsHeader; 20 | import io.jsonwebtoken.JwtVisitor; 21 | 22 | public class DefaultJws

extends DefaultProtectedJwt implements Jws

{ 23 | 24 | private static final String DIGEST_NAME = "signature"; 25 | 26 | private final String signature; 27 | 28 | public DefaultJws(JwsHeader header, P payload, byte[] signature, String b64UrlSig) { 29 | super(header, payload, signature, DIGEST_NAME); 30 | this.signature = b64UrlSig; 31 | } 32 | 33 | @Override 34 | public String getSignature() { 35 | return this.signature; 36 | } 37 | 38 | @Override 39 | public T accept(JwtVisitor v) { 40 | return v.visit(this); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/lang/EncodedObjectConverterTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.* 21 | 22 | class EncodedObjectConverterTest { 23 | 24 | @Test 25 | void testApplyFromWithInvalidType() { 26 | def converter = Converters.URI 27 | assertTrue converter instanceof EncodedObjectConverter 28 | int value = 42 29 | try { 30 | converter.applyFrom(value) 31 | fail("IllegalArgumentException should have been thrown.") 32 | } catch (IllegalArgumentException expected) { 33 | String msg = "Values must be either String or java.net.URI instances. " + 34 | "Value type found: java.lang.Integer." 35 | assertEquals msg, expected.getMessage() 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/lang/NullSafeConverterTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang 17 | 18 | import org.junit.Test 19 | 20 | import static org.junit.Assert.assertEquals 21 | import static org.junit.Assert.assertNull 22 | 23 | class NullSafeConverterTest { 24 | 25 | @Test 26 | void testNullArguments() { 27 | def converter = new NullSafeConverter(new UriStringConverter()) 28 | assertNull converter.applyTo(null) 29 | assertNull converter.applyFrom(null) 30 | } 31 | 32 | @Test 33 | void testNonNullArguments() { 34 | def converter = new NullSafeConverter(new UriStringConverter()) 35 | String url = 'https://github.com/jwtk/jjwt' 36 | URI uri = new URI(url) 37 | assertEquals url, converter.applyTo(uri) 38 | assertEquals uri, converter.applyFrom(url) 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/Message.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import java.security.Key; 19 | 20 | /** 21 | * A message contains a {@link #getPayload() payload} used as input to or output from a cryptographic algorithm. 22 | * 23 | * @param The type of payload in the message. 24 | * @since 0.12.0 25 | */ 26 | public interface Message { 27 | 28 | /** 29 | * Returns the message payload used as input to or output from a cryptographic algorithm. This is almost always 30 | * plaintext used for cryptographic signatures or encryption, or ciphertext for decryption, or a {@link Key} 31 | * instance for wrapping or unwrapping algorithms. 32 | * 33 | * @return the message payload used as input to or output from a cryptographic algorithm. 34 | */ 35 | T getPayload(); //plaintext, ciphertext or Key 36 | } 37 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/UriStringConverter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2020 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | import java.net.URI; 21 | 22 | public class UriStringConverter implements Converter { 23 | 24 | @Override 25 | public String applyTo(URI uri) { 26 | Assert.notNull(uri, "URI cannot be null."); 27 | return uri.toString(); 28 | } 29 | 30 | @Override 31 | public URI applyFrom(CharSequence s) { 32 | Assert.hasText(s, "URI string cannot be null or empty."); 33 | try { 34 | return URI.create(s.toString()); 35 | } catch (Exception e) { 36 | String msg = "Unable to convert String value '" + s + "' to URI instance: " + e.getMessage(); 37 | throw new IllegalArgumentException(msg, e); 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/StandardKeyOperations.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.impl.lang.IdRegistry; 19 | import io.jsonwebtoken.lang.Collections; 20 | import io.jsonwebtoken.security.KeyOperation; 21 | 22 | public final class StandardKeyOperations extends IdRegistry { 23 | 24 | public StandardKeyOperations() { 25 | super("JSON Web Key Operation", Collections.of( 26 | DefaultKeyOperation.SIGN, 27 | DefaultKeyOperation.VERIFY, 28 | DefaultKeyOperation.ENCRYPT, 29 | DefaultKeyOperation.DECRYPT, 30 | DefaultKeyOperation.WRAP, 31 | DefaultKeyOperation.UNWRAP, 32 | DefaultKeyOperation.DERIVE_KEY, 33 | DefaultKeyOperation.DERIVE_BITS 34 | )); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/security/DefaultRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security; 17 | 18 | import io.jsonwebtoken.security.Request; 19 | 20 | import java.security.Provider; 21 | import java.security.SecureRandom; 22 | 23 | public class DefaultRequest extends DefaultMessage implements Request { 24 | 25 | private final Provider provider; 26 | private final SecureRandom secureRandom; 27 | 28 | public DefaultRequest(T payload, Provider provider, SecureRandom secureRandom) { 29 | super(payload); 30 | this.provider = provider; 31 | this.secureRandom = secureRandom; 32 | } 33 | 34 | @Override 35 | public Provider getProvider() { 36 | return this.provider; 37 | } 38 | 39 | @Override 40 | public SecureRandom getSecureRandom() { 41 | return this.secureRandom; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/AndroidBase64CodecTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl 17 | 18 | import io.jsonwebtoken.lang.Strings 19 | import org.junit.Test 20 | 21 | import static org.junit.Assert.* 22 | 23 | @Deprecated //remove just before 1.0.0 release 24 | class AndroidBase64CodecTest { 25 | 26 | @Test 27 | void testEncode() { 28 | String input = 'Hello 世界' 29 | byte[] bytes = input.getBytes(Strings.UTF_8) 30 | String encoded = new AndroidBase64Codec().encode(bytes) 31 | assertEquals 'SGVsbG8g5LiW55WM', encoded 32 | } 33 | 34 | @Test 35 | void testDecode() { 36 | String encoded = 'SGVsbG8g5LiW55WM' // Hello 世界 37 | byte[] bytes = new AndroidBase64Codec().decode(encoded) 38 | String result = new String(bytes, Strings.UTF_8) 39 | assertEquals 'Hello 世界', result 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /api/src/main/java/io/jsonwebtoken/security/KeyResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.security; 17 | 18 | import javax.crypto.SecretKey; 19 | 20 | /** 21 | * The result of a {@link KeyAlgorithm} encryption key request, containing the resulting 22 | * {@code JWE encrypted key} and {@code JWE Content Encryption Key (CEK)}, concepts defined in 23 | * JWE Terminology. 24 | * 25 | *

The result {@link #getPayload() payload} is the {@code JWE encrypted key}, which will be Base64URL-encoded 26 | * and embedded in the resulting compact JWE string.

27 | * 28 | *

The result {@link #getKey() key} is the {@code JWE Content Encryption Key (CEK)} which will be used to encrypt 29 | * the JWE.

30 | * 31 | * @since 0.12.0 32 | */ 33 | public interface KeyResult extends Message, KeySupplier { 34 | } 35 | -------------------------------------------------------------------------------- /impl/src/main/java/io/jsonwebtoken/impl/lang/CompoundConverter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2021 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.lang; 17 | 18 | import io.jsonwebtoken.lang.Assert; 19 | 20 | public class CompoundConverter implements Converter { 21 | 22 | private final Converter first; 23 | private final Converter second; 24 | 25 | public CompoundConverter(Converter first, Converter second) { 26 | this.first = Assert.notNull(first, "First converter cannot be null."); 27 | this.second = Assert.notNull(second, "Second converter cannot be null."); 28 | } 29 | 30 | @Override 31 | public C applyTo(A a) { 32 | B b = first.applyTo(a); 33 | return second.applyTo(b); 34 | } 35 | 36 | @Override 37 | public A applyFrom(C c) { 38 | B b = second.applyFrom(c); 39 | return first.applyFrom(b); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /impl/src/test/groovy/io/jsonwebtoken/impl/security/KeyOperationConverterTest.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2023 jsonwebtoken.io 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package io.jsonwebtoken.impl.security 17 | 18 | import io.jsonwebtoken.security.Jwks 19 | import org.junit.Test 20 | 21 | import static org.junit.Assert.assertEquals 22 | import static org.junit.Assert.assertSame 23 | 24 | class KeyOperationConverterTest { 25 | 26 | @Test 27 | void testApplyFromStandardId() { 28 | Jwks.OP.get().values().each { 29 | def id = it.id 30 | def op = KeyOperationConverter.DEFAULT.applyFrom(id) 31 | assertSame it, op 32 | } 33 | } 34 | 35 | @Test 36 | void testApplyFromCustomId() { 37 | def id = 'custom' 38 | def op = KeyOperationConverter.DEFAULT.applyFrom(id) 39 | assertEquals id, op.id 40 | assertEquals DefaultKeyOperation.CUSTOM_DESCRIPTION, op.description 41 | } 42 | } 43 | --------------------------------------------------------------------------------