Showing preview only (3,501K chars total). Download the full file or copy to clipboard to get everything.
Repository: jwtk/jjwt
Branch: master
Commit: 299c14e3c2e3
Files: 728
Total size: 3.2 MB
Directory structure:
gitextract_n34qeobt/
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ ├── config.yml
│ │ └── feature_request.md
│ ├── stale.yml
│ └── workflows/
│ └── ci.yml
├── .gitignore
├── .mvn/
│ └── wrapper/
│ └── maven-wrapper.properties
├── CHANGELOG.md
├── LICENSE
├── NOTICE.md
├── README.adoc
├── SECURITY.md
├── api/
│ ├── pom.xml
│ └── src/
│ ├── main/
│ │ └── java/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ ├── ClaimJwtException.java
│ │ ├── Claims.java
│ │ ├── ClaimsBuilder.java
│ │ ├── ClaimsMutator.java
│ │ ├── Clock.java
│ │ ├── CompressionCodec.java
│ │ ├── CompressionCodecResolver.java
│ │ ├── CompressionCodecs.java
│ │ ├── CompressionException.java
│ │ ├── ExpiredJwtException.java
│ │ ├── Header.java
│ │ ├── HeaderMutator.java
│ │ ├── Identifiable.java
│ │ ├── IncorrectClaimException.java
│ │ ├── InvalidClaimException.java
│ │ ├── Jwe.java
│ │ ├── JweHeader.java
│ │ ├── JweHeaderMutator.java
│ │ ├── Jws.java
│ │ ├── JwsHeader.java
│ │ ├── Jwt.java
│ │ ├── JwtBuilder.java
│ │ ├── JwtException.java
│ │ ├── JwtHandler.java
│ │ ├── JwtHandlerAdapter.java
│ │ ├── JwtParser.java
│ │ ├── JwtParserBuilder.java
│ │ ├── JwtVisitor.java
│ │ ├── Jwts.java
│ │ ├── Locator.java
│ │ ├── LocatorAdapter.java
│ │ ├── MalformedJwtException.java
│ │ ├── MissingClaimException.java
│ │ ├── PrematureJwtException.java
│ │ ├── ProtectedHeader.java
│ │ ├── ProtectedHeaderMutator.java
│ │ ├── ProtectedJwt.java
│ │ ├── RequiredTypeException.java
│ │ ├── SignatureAlgorithm.java
│ │ ├── SignatureException.java
│ │ ├── SigningKeyResolver.java
│ │ ├── SigningKeyResolverAdapter.java
│ │ ├── SupportedJwtVisitor.java
│ │ ├── UnsupportedJwtException.java
│ │ ├── io/
│ │ │ ├── AbstractDeserializer.java
│ │ │ ├── AbstractSerializer.java
│ │ │ ├── Base64.java
│ │ │ ├── Base64Decoder.java
│ │ │ ├── Base64Encoder.java
│ │ │ ├── Base64Support.java
│ │ │ ├── Base64UrlDecoder.java
│ │ │ ├── Base64UrlEncoder.java
│ │ │ ├── CodecException.java
│ │ │ ├── CompressionAlgorithm.java
│ │ │ ├── Decoder.java
│ │ │ ├── Decoders.java
│ │ │ ├── DecodingException.java
│ │ │ ├── DeserializationException.java
│ │ │ ├── Deserializer.java
│ │ │ ├── Encoder.java
│ │ │ ├── Encoders.java
│ │ │ ├── EncodingException.java
│ │ │ ├── ExceptionPropagatingDecoder.java
│ │ │ ├── ExceptionPropagatingEncoder.java
│ │ │ ├── IOException.java
│ │ │ ├── Parser.java
│ │ │ ├── ParserBuilder.java
│ │ │ ├── SerialException.java
│ │ │ ├── SerializationException.java
│ │ │ └── Serializer.java
│ │ ├── lang/
│ │ │ ├── Arrays.java
│ │ │ ├── Assert.java
│ │ │ ├── Builder.java
│ │ │ ├── Classes.java
│ │ │ ├── CollectionMutator.java
│ │ │ ├── Collections.java
│ │ │ ├── Conjunctor.java
│ │ │ ├── DateFormats.java
│ │ │ ├── InstantiationException.java
│ │ │ ├── MapMutator.java
│ │ │ ├── Maps.java
│ │ │ ├── NestedCollection.java
│ │ │ ├── Objects.java
│ │ │ ├── Registry.java
│ │ │ ├── RuntimeEnvironment.java
│ │ │ ├── Strings.java
│ │ │ ├── Supplier.java
│ │ │ └── UnknownClassException.java
│ │ └── security/
│ │ ├── AeadAlgorithm.java
│ │ ├── AeadRequest.java
│ │ ├── AeadResult.java
│ │ ├── AssociatedDataSupplier.java
│ │ ├── AsymmetricJwk.java
│ │ ├── AsymmetricJwkBuilder.java
│ │ ├── Curve.java
│ │ ├── DecryptAeadRequest.java
│ │ ├── DecryptionKeyRequest.java
│ │ ├── DigestAlgorithm.java
│ │ ├── DigestSupplier.java
│ │ ├── DynamicJwkBuilder.java
│ │ ├── EcPrivateJwk.java
│ │ ├── EcPrivateJwkBuilder.java
│ │ ├── EcPublicJwk.java
│ │ ├── EcPublicJwkBuilder.java
│ │ ├── HashAlgorithm.java
│ │ ├── InvalidKeyException.java
│ │ ├── IvSupplier.java
│ │ ├── Jwk.java
│ │ ├── JwkBuilder.java
│ │ ├── JwkParserBuilder.java
│ │ ├── JwkSet.java
│ │ ├── JwkSetBuilder.java
│ │ ├── JwkSetParserBuilder.java
│ │ ├── JwkThumbprint.java
│ │ ├── Jwks.java
│ │ ├── KeyAlgorithm.java
│ │ ├── KeyBuilder.java
│ │ ├── KeyBuilderSupplier.java
│ │ ├── KeyException.java
│ │ ├── KeyLengthSupplier.java
│ │ ├── KeyOperation.java
│ │ ├── KeyOperationBuilder.java
│ │ ├── KeyOperationPolicied.java
│ │ ├── KeyOperationPolicy.java
│ │ ├── KeyOperationPolicyBuilder.java
│ │ ├── KeyPair.java
│ │ ├── KeyPairBuilder.java
│ │ ├── KeyPairBuilderSupplier.java
│ │ ├── KeyRequest.java
│ │ ├── KeyResult.java
│ │ ├── KeySupplier.java
│ │ ├── Keys.java
│ │ ├── MacAlgorithm.java
│ │ ├── MalformedKeyException.java
│ │ ├── MalformedKeySetException.java
│ │ ├── Message.java
│ │ ├── OctetPrivateJwk.java
│ │ ├── OctetPrivateJwkBuilder.java
│ │ ├── OctetPublicJwk.java
│ │ ├── OctetPublicJwkBuilder.java
│ │ ├── Password.java
│ │ ├── PrivateJwk.java
│ │ ├── PrivateJwkBuilder.java
│ │ ├── PrivateKeyBuilder.java
│ │ ├── PublicJwk.java
│ │ ├── PublicJwkBuilder.java
│ │ ├── Request.java
│ │ ├── RsaPrivateJwk.java
│ │ ├── RsaPrivateJwkBuilder.java
│ │ ├── RsaPublicJwk.java
│ │ ├── RsaPublicJwkBuilder.java
│ │ ├── SecretJwk.java
│ │ ├── SecretJwkBuilder.java
│ │ ├── SecretKeyAlgorithm.java
│ │ ├── SecretKeyBuilder.java
│ │ ├── SecureDigestAlgorithm.java
│ │ ├── SecureRequest.java
│ │ ├── SecurityBuilder.java
│ │ ├── SecurityException.java
│ │ ├── SignatureAlgorithm.java
│ │ ├── SignatureException.java
│ │ ├── UnsupportedKeyException.java
│ │ ├── VerifyDigestRequest.java
│ │ ├── VerifySecureDigestRequest.java
│ │ ├── WeakKeyException.java
│ │ ├── X509Accessor.java
│ │ ├── X509Builder.java
│ │ └── X509Mutator.java
│ └── test/
│ └── groovy/
│ └── io/
│ └── jsonwebtoken/
│ ├── CompressionExceptionTest.groovy
│ ├── ExpiredJwtExceptionTest.groovy
│ ├── IncorrectClaimExceptionTest.groovy
│ ├── InvalidClaimExceptionTest.groovy
│ ├── JwtHandlerAdapterTest.groovy
│ ├── MalformedJwtExceptionTest.groovy
│ ├── MissingClaimExceptionTest.groovy
│ ├── PrematureJwtExceptionTest.groovy
│ ├── RequiredTypeExceptionTest.groovy
│ ├── SignatureExceptionTest.groovy
│ ├── SigningKeyResolverAdapterTest.groovy
│ ├── UnsupportedJwtExceptionTest.groovy
│ ├── io/
│ │ ├── AbstractDeserializerTest.groovy
│ │ ├── AbstractSerializerTest.groovy
│ │ ├── Base64DecoderTest.groovy
│ │ ├── Base64EncoderTest.groovy
│ │ ├── Base64Test.groovy
│ │ ├── CodecExceptionTest.groovy
│ │ ├── DecodersTest.groovy
│ │ ├── DecodingExceptionTest.groovy
│ │ ├── DeserializationExceptionTest.groovy
│ │ ├── EncodersTest.groovy
│ │ ├── EncodingExceptionTest.groovy
│ │ ├── ExceptionPropagatingDecoderTest.groovy
│ │ ├── ExceptionPropagatingEncoderTest.groovy
│ │ └── SerializationExceptionTest.groovy
│ ├── lang/
│ │ ├── ArraysTest.groovy
│ │ ├── CollectionsTest.groovy
│ │ ├── DateFormatsTest.groovy
│ │ ├── MapsTest.groovy
│ │ └── StringsTest.groovy
│ └── security/
│ ├── InvalidKeyExceptionTest.groovy
│ ├── MalformedKeyExceptionTest.groovy
│ ├── SignatureExceptionTest.groovy
│ └── UnsupportedKeyExceptionTest.groovy
├── bom/
│ └── pom.xml
├── extensions/
│ ├── gson/
│ │ ├── bnd.bnd
│ │ ├── pom.xml
│ │ └── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── io/
│ │ │ │ └── jsonwebtoken/
│ │ │ │ └── gson/
│ │ │ │ └── io/
│ │ │ │ ├── GsonDeserializer.java
│ │ │ │ ├── GsonSerializer.java
│ │ │ │ └── GsonSupplierSerializer.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── services/
│ │ │ ├── io.jsonwebtoken.io.Deserializer
│ │ │ └── io.jsonwebtoken.io.Serializer
│ │ └── test/
│ │ └── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ └── gson/
│ │ └── io/
│ │ ├── GsonDeserializerTest.groovy
│ │ └── GsonSerializerTest.groovy
│ ├── jackson/
│ │ ├── bnd.bnd
│ │ ├── pom.xml
│ │ └── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── io/
│ │ │ │ └── jsonwebtoken/
│ │ │ │ └── jackson/
│ │ │ │ └── io/
│ │ │ │ ├── JacksonDeserializer.java
│ │ │ │ ├── JacksonSerializer.java
│ │ │ │ └── JacksonSupplierSerializer.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── services/
│ │ │ ├── io.jsonwebtoken.io.Deserializer
│ │ │ └── io.jsonwebtoken.io.Serializer
│ │ └── test/
│ │ └── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ └── jackson/
│ │ └── io/
│ │ ├── JacksonDeserializerTest.groovy
│ │ ├── JacksonSerializerTest.groovy
│ │ ├── JacksonSupplierSerializerTest.groovy
│ │ ├── TestSupplier.groovy
│ │ └── stubs/
│ │ └── CustomBean.groovy
│ ├── orgjson/
│ │ ├── bnd.bnd
│ │ ├── pom.xml
│ │ └── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── io/
│ │ │ │ └── jsonwebtoken/
│ │ │ │ └── orgjson/
│ │ │ │ └── io/
│ │ │ │ ├── OrgJsonDeserializer.java
│ │ │ │ └── OrgJsonSerializer.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── services/
│ │ │ ├── io.jsonwebtoken.io.Deserializer
│ │ │ └── io.jsonwebtoken.io.Serializer
│ │ └── test/
│ │ └── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ └── orgjson/
│ │ └── io/
│ │ ├── AndroidOrgJsonSerializerTest.groovy
│ │ ├── OrgJsonDeserializerTest.groovy
│ │ └── OrgJsonSerializerTest.groovy
│ └── pom.xml
├── impl/
│ ├── bnd.bnd
│ ├── pom.xml
│ └── src/
│ ├── main/
│ │ ├── java/
│ │ │ └── io/
│ │ │ └── jsonwebtoken/
│ │ │ └── impl/
│ │ │ ├── AbstractAudienceCollection.java
│ │ │ ├── AbstractTextCodec.java
│ │ │ ├── AbstractX509Context.java
│ │ │ ├── AndroidBase64Codec.java
│ │ │ ├── Base64Codec.java
│ │ │ ├── Base64UrlCodec.java
│ │ │ ├── CompressionCodecLocator.java
│ │ │ ├── DefaultClaims.java
│ │ │ ├── DefaultClaimsBuilder.java
│ │ │ ├── DefaultClock.java
│ │ │ ├── DefaultHeader.java
│ │ │ ├── DefaultJwe.java
│ │ │ ├── DefaultJweHeader.java
│ │ │ ├── DefaultJweHeaderBuilder.java
│ │ │ ├── DefaultJweHeaderMutator.java
│ │ │ ├── DefaultJws.java
│ │ │ ├── DefaultJwsHeader.java
│ │ │ ├── DefaultJwt.java
│ │ │ ├── DefaultJwtBuilder.java
│ │ │ ├── DefaultJwtHeaderBuilder.java
│ │ │ ├── DefaultJwtParser.java
│ │ │ ├── DefaultJwtParserBuilder.java
│ │ │ ├── DefaultMutableJweHeader.java
│ │ │ ├── DefaultProtectedHeader.java
│ │ │ ├── DefaultProtectedJwt.java
│ │ │ ├── DefaultTokenizedJwe.java
│ │ │ ├── DefaultTokenizedJwt.java
│ │ │ ├── DelegateAudienceCollection.java
│ │ │ ├── DelegatingClaimsMutator.java
│ │ │ ├── FixedClock.java
│ │ │ ├── IdLocator.java
│ │ │ ├── JwtTokenizer.java
│ │ │ ├── ParameterMap.java
│ │ │ ├── Payload.java
│ │ │ ├── TextCodec.java
│ │ │ ├── TokenizedJwe.java
│ │ │ ├── TokenizedJwt.java
│ │ │ ├── X509Context.java
│ │ │ ├── compression/
│ │ │ │ ├── AbstractCompressionAlgorithm.java
│ │ │ │ ├── DeflateCompressionAlgorithm.java
│ │ │ │ └── GzipCompressionAlgorithm.java
│ │ │ ├── io/
│ │ │ │ ├── AbstractParser.java
│ │ │ │ ├── AbstractParserBuilder.java
│ │ │ │ ├── Base64Codec.java
│ │ │ │ ├── Base64InputStream.java
│ │ │ │ ├── Base64OutputStream.java
│ │ │ │ ├── Base64UrlStreamEncoder.java
│ │ │ │ ├── BaseNCodec.java
│ │ │ │ ├── BaseNCodecInputStream.java
│ │ │ │ ├── BaseNCodecOutputStream.java
│ │ │ │ ├── ByteBase64UrlStreamEncoder.java
│ │ │ │ ├── BytesInputStream.java
│ │ │ │ ├── CharSequenceReader.java
│ │ │ │ ├── ClosedInputStream.java
│ │ │ │ ├── Codec.java
│ │ │ │ ├── CodecPolicy.java
│ │ │ │ ├── ConvertingParser.java
│ │ │ │ ├── CountingInputStream.java
│ │ │ │ ├── DecodingInputStream.java
│ │ │ │ ├── DelegateStringDecoder.java
│ │ │ │ ├── EncodingOutputStream.java
│ │ │ │ ├── FilteredInputStream.java
│ │ │ │ ├── FilteredOutputStream.java
│ │ │ │ ├── JsonObjectDeserializer.java
│ │ │ │ ├── NamedSerializer.java
│ │ │ │ ├── StandardCompressionAlgorithms.java
│ │ │ │ ├── Streams.java
│ │ │ │ ├── TeeOutputStream.java
│ │ │ │ └── UncloseableInputStream.java
│ │ │ ├── lang/
│ │ │ │ ├── BiConsumer.java
│ │ │ │ ├── BigIntegerUBytesConverter.java
│ │ │ │ ├── Bytes.java
│ │ │ │ ├── CheckedFunction.java
│ │ │ │ ├── CheckedSupplier.java
│ │ │ │ ├── CollectionConverter.java
│ │ │ │ ├── CompactMediaTypeIdConverter.java
│ │ │ │ ├── CompoundConverter.java
│ │ │ │ ├── ConstantFunction.java
│ │ │ │ ├── Converter.java
│ │ │ │ ├── Converters.java
│ │ │ │ ├── DefaultCollectionMutator.java
│ │ │ │ ├── DefaultNestedCollection.java
│ │ │ │ ├── DefaultParameter.java
│ │ │ │ ├── DefaultParameterBuilder.java
│ │ │ │ ├── DefaultRegistry.java
│ │ │ │ ├── DelegatingCheckedFunction.java
│ │ │ │ ├── DelegatingMap.java
│ │ │ │ ├── DelegatingMapMutator.java
│ │ │ │ ├── EncodedObjectConverter.java
│ │ │ │ ├── FormattedStringFunction.java
│ │ │ │ ├── FormattedStringSupplier.java
│ │ │ │ ├── Function.java
│ │ │ │ ├── Functions.java
│ │ │ │ ├── IdRegistry.java
│ │ │ │ ├── JwtDateConverter.java
│ │ │ │ ├── LocatorFunction.java
│ │ │ │ ├── Nameable.java
│ │ │ │ ├── NestedIdentifiableCollection.java
│ │ │ │ ├── NullSafeConverter.java
│ │ │ │ ├── OptionalMethodInvoker.java
│ │ │ │ ├── Parameter.java
│ │ │ │ ├── ParameterBuilder.java
│ │ │ │ ├── ParameterReadable.java
│ │ │ │ ├── Parameters.java
│ │ │ │ ├── PositiveIntegerConverter.java
│ │ │ │ ├── PropagatingExceptionFunction.java
│ │ │ │ ├── RedactedSupplier.java
│ │ │ │ ├── RedactedValueConverter.java
│ │ │ │ ├── ReflectionFunction.java
│ │ │ │ ├── RequiredBitLengthConverter.java
│ │ │ │ ├── RequiredParameterReader.java
│ │ │ │ ├── RequiredTypeConverter.java
│ │ │ │ ├── Services.java
│ │ │ │ ├── StringRegistry.java
│ │ │ │ ├── UnavailableImplementationException.java
│ │ │ │ └── UriStringConverter.java
│ │ │ └── security/
│ │ │ ├── AbstractAsymmetricJwk.java
│ │ │ ├── AbstractAsymmetricJwkBuilder.java
│ │ │ ├── AbstractCurve.java
│ │ │ ├── AbstractEcJwkFactory.java
│ │ │ ├── AbstractFamilyJwkFactory.java
│ │ │ ├── AbstractJwk.java
│ │ │ ├── AbstractJwkBuilder.java
│ │ │ ├── AbstractJwkParserBuilder.java
│ │ │ ├── AbstractPrivateJwk.java
│ │ │ ├── AbstractPublicJwk.java
│ │ │ ├── AbstractSecureDigestAlgorithm.java
│ │ │ ├── AbstractSecurityBuilder.java
│ │ │ ├── AbstractSignatureAlgorithm.java
│ │ │ ├── AesAlgorithm.java
│ │ │ ├── AesGcmKeyAlgorithm.java
│ │ │ ├── AesWrapKeyAlgorithm.java
│ │ │ ├── AsymmetricJwkFactory.java
│ │ │ ├── ConcatKDF.java
│ │ │ ├── ConstantKeyLocator.java
│ │ │ ├── CryptoAlgorithm.java
│ │ │ ├── DefaultAeadRequest.java
│ │ │ ├── DefaultAeadResult.java
│ │ │ ├── DefaultDecryptAeadRequest.java
│ │ │ ├── DefaultDecryptionKeyRequest.java
│ │ │ ├── DefaultDynamicJwkBuilder.java
│ │ │ ├── DefaultEcPrivateJwk.java
│ │ │ ├── DefaultEcPublicJwk.java
│ │ │ ├── DefaultHashAlgorithm.java
│ │ │ ├── DefaultJwkContext.java
│ │ │ ├── DefaultJwkParserBuilder.java
│ │ │ ├── DefaultJwkSet.java
│ │ │ ├── DefaultJwkSetBuilder.java
│ │ │ ├── DefaultJwkSetParserBuilder.java
│ │ │ ├── DefaultJwkThumbprint.java
│ │ │ ├── DefaultKeyOperation.java
│ │ │ ├── DefaultKeyOperationBuilder.java
│ │ │ ├── DefaultKeyOperationPolicy.java
│ │ │ ├── DefaultKeyOperationPolicyBuilder.java
│ │ │ ├── DefaultKeyPair.java
│ │ │ ├── DefaultKeyPairBuilder.java
│ │ │ ├── DefaultKeyRequest.java
│ │ │ ├── DefaultKeyResult.java
│ │ │ ├── DefaultKeyUseStrategy.java
│ │ │ ├── DefaultMacAlgorithm.java
│ │ │ ├── DefaultMessage.java
│ │ │ ├── DefaultOctetPrivateJwk.java
│ │ │ ├── DefaultOctetPublicJwk.java
│ │ │ ├── DefaultRequest.java
│ │ │ ├── DefaultRsaKeyAlgorithm.java
│ │ │ ├── DefaultRsaPrivateJwk.java
│ │ │ ├── DefaultRsaPublicJwk.java
│ │ │ ├── DefaultSecretJwk.java
│ │ │ ├── DefaultSecretKeyBuilder.java
│ │ │ ├── DefaultSecureRequest.java
│ │ │ ├── DefaultVerifyDigestRequest.java
│ │ │ ├── DefaultVerifySecureDigestRequest.java
│ │ │ ├── DirectKeyAlgorithm.java
│ │ │ ├── DispatchingJwkFactory.java
│ │ │ ├── ECCurve.java
│ │ │ ├── EcPrivateJwkFactory.java
│ │ │ ├── EcPublicJwkFactory.java
│ │ │ ├── EcSignatureAlgorithm.java
│ │ │ ├── EcdhKeyAlgorithm.java
│ │ │ ├── EdSignatureAlgorithm.java
│ │ │ ├── EdwardsCurve.java
│ │ │ ├── EdwardsPublicKeyDeriver.java
│ │ │ ├── FamilyJwkFactory.java
│ │ │ ├── FieldElementConverter.java
│ │ │ ├── GcmAesAeadAlgorithm.java
│ │ │ ├── HmacAesAeadAlgorithm.java
│ │ │ ├── JcaTemplate.java
│ │ │ ├── JwkBuilderSupplier.java
│ │ │ ├── JwkContext.java
│ │ │ ├── JwkConverter.java
│ │ │ ├── JwkDeserializer.java
│ │ │ ├── JwkFactory.java
│ │ │ ├── JwkSetConverter.java
│ │ │ ├── JwkSetDeserializer.java
│ │ │ ├── JwksBridge.java
│ │ │ ├── JwtX509StringConverter.java
│ │ │ ├── KeyOperationConverter.java
│ │ │ ├── KeyPairs.java
│ │ │ ├── KeyUsage.java
│ │ │ ├── KeyUseStrategy.java
│ │ │ ├── KeysBridge.java
│ │ │ ├── LocatingKeyResolver.java
│ │ │ ├── NamedParameterSpecValueFinder.java
│ │ │ ├── NoneSignatureAlgorithm.java
│ │ │ ├── OctetJwkFactory.java
│ │ │ ├── OctetPrivateJwkFactory.java
│ │ │ ├── OctetPublicJwkFactory.java
│ │ │ ├── PasswordSpec.java
│ │ │ ├── Pbes2HsAkwAlgorithm.java
│ │ │ ├── PrivateECKey.java
│ │ │ ├── ProvidedKeyBuilder.java
│ │ │ ├── ProvidedPrivateKeyBuilder.java
│ │ │ ├── ProvidedSecretKeyBuilder.java
│ │ │ ├── ProviderKey.java
│ │ │ ├── ProviderPrivateKey.java
│ │ │ ├── ProviderSecretKey.java
│ │ │ ├── Providers.java
│ │ │ ├── RSAOtherPrimeInfoConverter.java
│ │ │ ├── RandomSecretKeyBuilder.java
│ │ │ ├── Randoms.java
│ │ │ ├── RsaPrivateJwkFactory.java
│ │ │ ├── RsaPublicJwkFactory.java
│ │ │ ├── RsaSignatureAlgorithm.java
│ │ │ ├── SecretJwkFactory.java
│ │ │ ├── StandardCurves.java
│ │ │ ├── StandardEncryptionAlgorithms.java
│ │ │ ├── StandardHashAlgorithms.java
│ │ │ ├── StandardKeyAlgorithms.java
│ │ │ ├── StandardKeyOperations.java
│ │ │ ├── StandardSecureDigestAlgorithms.java
│ │ │ └── X509BuilderSupport.java
│ │ └── resources/
│ │ └── META-INF/
│ │ └── services/
│ │ └── io.jsonwebtoken.CompressionCodec
│ └── test/
│ ├── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ ├── CompressionCodecsTest.groovy
│ │ ├── CustomObjectDeserializationTest.groovy
│ │ ├── DateTestUtils.groovy
│ │ ├── JwtParserTest.groovy
│ │ ├── JwtsTest.groovy
│ │ ├── LocatorAdapterTest.groovy
│ │ ├── RFC7515AppendixETest.groovy
│ │ ├── RFC7797Test.groovy
│ │ ├── RsaSigningKeyResolverAdapterTest.groovy
│ │ ├── SignatureAlgorithmTest.groovy
│ │ ├── StubService.groovy
│ │ ├── impl/
│ │ │ ├── AbstractProtectedHeaderTest.groovy
│ │ │ ├── AndroidBase64CodecTest.groovy
│ │ │ ├── Base64CodecTest.groovy
│ │ │ ├── Base64UrlCodecTest.groovy
│ │ │ ├── DefaultClaimsBuilderTest.groovy
│ │ │ ├── DefaultClaimsTest.groovy
│ │ │ ├── DefaultHeaderTest.groovy
│ │ │ ├── DefaultJweHeaderTest.groovy
│ │ │ ├── DefaultJweTest.groovy
│ │ │ ├── DefaultJwsHeaderTest.groovy
│ │ │ ├── DefaultJwsTest.groovy
│ │ │ ├── DefaultJwtBuilderTest.groovy
│ │ │ ├── DefaultJwtHeaderBuilderTest.groovy
│ │ │ ├── DefaultJwtParserBuilderTest.groovy
│ │ │ ├── DefaultJwtParserTest.groovy
│ │ │ ├── DefaultJwtTest.groovy
│ │ │ ├── DefaultMutableJweHeaderTest.groovy
│ │ │ ├── DefaultStubService.groovy
│ │ │ ├── DelegateAudienceCollectionTest.groovy
│ │ │ ├── FixedClockTest.groovy
│ │ │ ├── IdLocatorTest.groovy
│ │ │ ├── JwtTokenizerTest.groovy
│ │ │ ├── ParameterMapTest.groovy
│ │ │ ├── RfcTests.groovy
│ │ │ ├── compression/
│ │ │ │ ├── AbstractCompressionAlgorithmTest.groovy
│ │ │ │ ├── DeflateCompressionCodecTest.groovy
│ │ │ │ └── YagCompressionCodec.groovy
│ │ │ ├── io/
│ │ │ │ ├── ClosedInputStreamTest.groovy
│ │ │ │ ├── CodecTest.groovy
│ │ │ │ ├── CountingInputStreamTest.groovy
│ │ │ │ ├── DecodingInputStreamTest.groovy
│ │ │ │ ├── DelegateStringDecoderTest.groovy
│ │ │ │ ├── EncodingOutputStreamTest.groovy
│ │ │ │ ├── JsonObjectDeserializerTest.groovy
│ │ │ │ ├── StreamsTest.groovy
│ │ │ │ ├── TeeOutputStreamTest.groovy
│ │ │ │ └── TestSerializer.groovy
│ │ │ ├── lang/
│ │ │ │ ├── BigIntegerUBytesConverterTest.groovy
│ │ │ │ ├── BytesTest.groovy
│ │ │ │ ├── CollectionConverterTest.groovy
│ │ │ │ ├── CompactMediaTypeIdConverterTest.groovy
│ │ │ │ ├── ConvertersTest.groovy
│ │ │ │ ├── DefaultCollectionMutatorTest.groovy
│ │ │ │ ├── DefaultRegistryTest.groovy
│ │ │ │ ├── DelegatingMapTest.groovy
│ │ │ │ ├── EncodedObjectConverterTest.groovy
│ │ │ │ ├── FunctionsTest.groovy
│ │ │ │ ├── JwtDateConverterTest.groovy
│ │ │ │ ├── LocatorFunctionTest.groovy
│ │ │ │ ├── NestedIdentifiableCollectionTest.groovy
│ │ │ │ ├── NullSafeConverterTest.groovy
│ │ │ │ ├── OptionalMethodInvokerTest.groovy
│ │ │ │ ├── ParametersTest.groovy
│ │ │ │ ├── PropagatingExceptionFunctionTest.groovy
│ │ │ │ ├── RedactedSupplierTest.groovy
│ │ │ │ ├── RedactedValueConverterTest.groovy
│ │ │ │ ├── RequiredTypeConverterTest.groovy
│ │ │ │ ├── ServicesTest.groovy
│ │ │ │ ├── StringRegistryTest.groovy
│ │ │ │ ├── TestParameterReadable.groovy
│ │ │ │ └── UriStringConverterTest.groovy
│ │ │ └── security/
│ │ │ ├── AbstractAsymmetricJwkBuilderTest.groovy
│ │ │ ├── AbstractCurveTest.groovy
│ │ │ ├── AbstractEcJwkFactoryTest.groovy
│ │ │ ├── AbstractFamilyJwkFactoryTest.groovy
│ │ │ ├── AbstractJwkBuilderTest.groovy
│ │ │ ├── AbstractJwkTest.groovy
│ │ │ ├── AbstractSecureDigestAlgorithmTest.groovy
│ │ │ ├── AesAlgorithmTest.groovy
│ │ │ ├── AesGcmKeyAlgorithmTest.groovy
│ │ │ ├── ConcatKDFTest.groovy
│ │ │ ├── ConstantKeyLocatorTest.groovy
│ │ │ ├── CryptoAlgorithmTest.groovy
│ │ │ ├── DefaultHashAlgorithmTest.groovy
│ │ │ ├── DefaultJwkContextTest.groovy
│ │ │ ├── DefaultJwkParserBuilderTest.groovy
│ │ │ ├── DefaultJwkSetBuilderTest.groovy
│ │ │ ├── DefaultJwkSetParserBuilderTest.groovy
│ │ │ ├── DefaultJwkSetTest.groovy
│ │ │ ├── DefaultJwkThumbprintTest.groovy
│ │ │ ├── DefaultKeyOperationBuilderTest.groovy
│ │ │ ├── DefaultKeyOperationPolicyBuilderTest.groovy
│ │ │ ├── DefaultKeyOperationTest.groovy
│ │ │ ├── DefaultKeyPairBuilderTest.groovy
│ │ │ ├── DefaultKeyUseStrategyTest.groovy
│ │ │ ├── DefaultMacAlgorithmTest.groovy
│ │ │ ├── DefaultMessageTest.groovy
│ │ │ ├── DefaultRsaKeyAlgorithmTest.groovy
│ │ │ ├── DefaultRsaPrivateJwkTest.groovy
│ │ │ ├── DefaultSecretKeyBuilderTest.groovy
│ │ │ ├── DirectKeyAlgorithmTest.groovy
│ │ │ ├── DispatchingJwkFactoryTest.groovy
│ │ │ ├── ECCurveTest.groovy
│ │ │ ├── EcPrivateJwkFactoryTest.groovy
│ │ │ ├── EcPublicJwkFactoryTest.groovy
│ │ │ ├── EcSignatureAlgorithmTest.groovy
│ │ │ ├── EcdhKeyAlgorithmTest.groovy
│ │ │ ├── EdSignatureAlgorithmTest.groovy
│ │ │ ├── EdwardsCurveTest.groovy
│ │ │ ├── EdwardsPublicKeyDeriverTest.groovy
│ │ │ ├── FieldElementConverterTest.groovy
│ │ │ ├── GcmAesAeadAlgorithmTest.groovy
│ │ │ ├── HashAlgorithmsTest.groovy
│ │ │ ├── HmacAesAeadAlgorithmTest.groovy
│ │ │ ├── JcaTemplateTest.groovy
│ │ │ ├── JwkConverterTest.groovy
│ │ │ ├── JwkSerializationTest.groovy
│ │ │ ├── JwkSetConverterTest.groovy
│ │ │ ├── JwkThumbprintsTest.groovy
│ │ │ ├── JwksTest.groovy
│ │ │ ├── JwtX509StringConverterTest.groovy
│ │ │ ├── KeyOperationConverterTest.groovy
│ │ │ ├── KeyPairsTest.groovy
│ │ │ ├── KeyUsageTest.groovy
│ │ │ ├── KeysBridgeTest.groovy
│ │ │ ├── LocatingKeyResolverTest.groovy
│ │ │ ├── NoneSignatureAlgorithmTest.groovy
│ │ │ ├── OctetJwksTest.groovy
│ │ │ ├── PasswordSpecTest.groovy
│ │ │ ├── Pbes2HsAkwAlgorithmTest.groovy
│ │ │ ├── Pkcs11Test.groovy
│ │ │ ├── PrivateConstructorsTest.groovy
│ │ │ ├── PrivateECKeyTest.groovy
│ │ │ ├── ProvidedKeyBuilderTest.groovy
│ │ │ ├── ProvidedSecretKeyBuilderTest.groovy
│ │ │ ├── ProviderKeyTest.groovy
│ │ │ ├── ProvidersTest.groovy
│ │ │ ├── ProvidersWithoutBCTest.groovy
│ │ │ ├── RFC7516AppendixA1Test.groovy
│ │ │ ├── RFC7516AppendixA2Test.groovy
│ │ │ ├── RFC7516AppendixA3Test.groovy
│ │ │ ├── RFC7517AppendixA1Test.groovy
│ │ │ ├── RFC7517AppendixA2Test.groovy
│ │ │ ├── RFC7517AppendixA3Test.groovy
│ │ │ ├── RFC7517AppendixBTest.groovy
│ │ │ ├── RFC7517AppendixCTest.groovy
│ │ │ ├── RFC7518AppendixB1Test.groovy
│ │ │ ├── RFC7518AppendixB2Test.groovy
│ │ │ ├── RFC7518AppendixB3Test.groovy
│ │ │ ├── RFC7518AppendixCTest.groovy
│ │ │ ├── RFC7520Section3Test.groovy
│ │ │ ├── RFC7520Section4Test.groovy
│ │ │ ├── RFC7520Section5Test.groovy
│ │ │ ├── RFC7638Section3Dot1Test.groovy
│ │ │ ├── RFC8037AppendixATest.groovy
│ │ │ ├── RSAOtherPrimeInfoConverterTest.groovy
│ │ │ ├── RandomsTest.groovy
│ │ │ ├── RsaPrivateJwkFactoryTest.groovy
│ │ │ ├── RsaSignatureAlgorithmTest.groovy
│ │ │ ├── SecretJwkFactoryTest.groovy
│ │ │ ├── StandardCurvesTest.groovy
│ │ │ ├── StandardSecureDigestAlgorithmsTest.groovy
│ │ │ ├── TestAeadAlgorithm.groovy
│ │ │ ├── TestCertificates.groovy
│ │ │ ├── TestECField.groovy
│ │ │ ├── TestECKey.groovy
│ │ │ ├── TestECPrivateKey.groovy
│ │ │ ├── TestECPublicKey.groovy
│ │ │ ├── TestKey.groovy
│ │ │ ├── TestKeyAlgorithm.groovy
│ │ │ ├── TestKeys.groovy
│ │ │ ├── TestMacAlgorithm.groovy
│ │ │ ├── TestPrivateKey.groovy
│ │ │ ├── TestProvider.groovy
│ │ │ ├── TestPublicKey.groovy
│ │ │ ├── TestRSAKey.groovy
│ │ │ ├── TestRSAMultiPrimePrivateCrtKey.groovy
│ │ │ ├── TestRSAPrivateKey.groovy
│ │ │ ├── TestSecretKey.groovy
│ │ │ └── TestX509Certificate.groovy
│ │ ├── issues/
│ │ │ ├── Issue365Test.groovy
│ │ │ ├── Issue438Test.groovy
│ │ │ └── Issue858Test.groovy
│ │ └── security/
│ │ ├── EncryptionAlgorithmsTest.groovy
│ │ ├── JwksCRVTest.groovy
│ │ ├── JwksOPTest.groovy
│ │ ├── KeyAlgorithmsTest.groovy
│ │ ├── KeysImplTest.groovy
│ │ ├── KeysTest.groovy
│ │ └── StandardAlgorithmsTest.groovy
│ ├── resources/
│ │ ├── META-INF/
│ │ │ └── services/
│ │ │ └── io.jsonwebtoken.StubService
│ │ ├── io/
│ │ │ └── jsonwebtoken/
│ │ │ └── impl/
│ │ │ └── security/
│ │ │ ├── ES256.crt.pem
│ │ │ ├── ES256.pkcs8.pem
│ │ │ ├── ES256.pub.pem
│ │ │ ├── ES384.crt.pem
│ │ │ ├── ES384.pkcs8.pem
│ │ │ ├── ES384.pub.pem
│ │ │ ├── ES512.crt.pem
│ │ │ ├── ES512.pkcs8.pem
│ │ │ ├── ES512.pub.pem
│ │ │ ├── Ed25519.crt.pem
│ │ │ ├── Ed25519.pkcs8.pem
│ │ │ ├── Ed25519.pub.pem
│ │ │ ├── Ed448.crt.pem
│ │ │ ├── Ed448.pkcs8.pem
│ │ │ ├── Ed448.pub.pem
│ │ │ ├── PS256.crt.pem
│ │ │ ├── PS256.pkcs8.pem
│ │ │ ├── PS256.pub.pem
│ │ │ ├── PS384.crt.pem
│ │ │ ├── PS384.pkcs8.pem
│ │ │ ├── PS384.pub.pem
│ │ │ ├── PS512.crt.pem
│ │ │ ├── PS512.pkcs8.pem
│ │ │ ├── PS512.pub.pem
│ │ │ ├── README.md
│ │ │ ├── RS256.crt.pem
│ │ │ ├── RS256.pkcs8.pem
│ │ │ ├── RS256.pub.pem
│ │ │ ├── RS384.crt.pem
│ │ │ ├── RS384.pkcs8.pem
│ │ │ ├── RS384.pub.pem
│ │ │ ├── RS512.crt.pem
│ │ │ ├── RS512.pkcs8.pem
│ │ │ ├── RS512.pub.pem
│ │ │ ├── X25519.crt.pem
│ │ │ ├── X25519.pkcs8.pem
│ │ │ ├── X25519.pub.pem
│ │ │ ├── X448.crt.pem
│ │ │ ├── X448.pkcs8.pem
│ │ │ ├── X448.pub.pem
│ │ │ └── genkeys
│ │ ├── io.jsonwebtoken.io.Deserializer.test.gson
│ │ ├── io.jsonwebtoken.io.Deserializer.test.orgjson
│ │ ├── io.jsonwebtoken.io.Serializer.test.gson
│ │ ├── io.jsonwebtoken.io.Serializer.test.orgjson
│ │ └── io.jsonwebtoken.io.compression.CompressionCodec.test.override
│ └── scripts/
│ └── softhsm
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src/
│ └── license/
│ └── header.txt
└── tdjar/
├── pom.xml
└── src/
└── test/
├── groovy/
│ └── io/
│ └── jsonwebtoken/
│ └── all/
│ └── BasicTest.groovy
└── java/
└── io/
└── jsonwebtoken/
└── all/
└── JavaReadmeTest.java
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
<!--
PLEASE DO NOT USE GITHUB ISSUES TO ASK QUESTIONS!
The JJWT team uses GitHub Issues only to track actionable work that requires changes to the JJWT codebase.
If you have a usability or general question about JJWT, please instead post your question to StackOverflow using the following JJWT-specific link:
https://stackoverflow.com/questions/ask?tags=jjwt&guided=false
To help ensure you receive a timely response, please follow the StackOverflow guidelines on how to ask a good question: https://stackoverflow.com/help/how-to-ask
Ok, now that that's out of the way - if you're still sure you need to report a bug, please fill in the sections below...
-->
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: false
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.md
================================================
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
<!--
PLEASE DO NOT USE GITHUB ISSUES TO ASK QUESTIONS!
The JJWT team uses GitHub Issues only to track actionable work that requires changes to the JJWT codebase.
If you have a usability or general question about JJWT, please instead post your question to StackOverflow using the following JJWT-specific link:
https://stackoverflow.com/questions/ask?tags=jjwt&guided=false
To help ensure you receive a timely response, please follow the StackOverflow guidelines on how to ask a good question: https://stackoverflow.com/help/how-to-ask
Ok, now that that's out of the way - if you're still sure you want to create a feature request or enhancement, please fill in the sections below...
-->
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
================================================
FILE: .github/stale.yml
================================================
#
# Copyright (C) 2014 jsonwebtoken.io
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 60
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 7
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- help-wanted
- bug
- rfc-compliance
- "[Status] Maybe Later"
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: true
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Comment to post when marking as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale due to inactivity for 60 or more days.
It will be closed in 7 days if no further activity occurs.
# Comment to post when removing the stale label.
# unmarkComment: >
# Your comment here.
# Comment to post when closing a stale Issue or Pull Request.
closeComment: >
Closed due to inactivity.
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
# Limit to only `issues` or `pulls`
only: issues
# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
# pulls:
# daysUntilStale: 30
# markComment: >
# This pull request has been automatically marked as stale because it has not had
# recent activity. It will be closed if no further activity occurs. Thank you
# for your contributions.
# issues:
# exemptLabels:
# - confirmed
================================================
FILE: .github/workflows/ci.yml
================================================
name: CI
on:
workflow_dispatch:
pull_request: # all pull requests
push:
branches:
- master
env:
MVN_CMD: ./mvnw --no-transfer-progress -B
jobs:
oracle:
strategy:
matrix:
java: [ '17' ]
runs-on: 'ubuntu-latest'
name: jdk-${{ matrix.java }}-oracle
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4.7.0
with:
distribution: oracle
java-version: ${{ matrix.java }}
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
temurin:
strategy:
matrix:
java: [ '8', '11', '17', '18' ]
runs-on: 'ubuntu-latest'
name: jdk-${{ matrix.java }}-temurin
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'temurin'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
zulu:
strategy:
matrix:
java: [ '7', '8', '9', '11', '12', '13', '14', '15', '16', '17', '18', '21' ]
runs-on: 'ubuntu-latest'
env:
JDK_MAJOR_VERSION: ${{ matrix.java }}
name: jdk-${{ matrix.java }}-zulu
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: |
if [ "$JDK_MAJOR_VERSION" == "7" ]; then export MAVEN_OPTS="-Xmx512m -XX:MaxPermSize=128m"; fi
${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
# ensure all of our files have the correct/updated license header
license-check:
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid license plugin history warnings (plus it needs full history)
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '8'
cache: 'maven'
check-latest: true
- name: License Check
# This adds about 1 minute to any build, which is why we don't want to do it on every other build:
run: |
${{env.MVN_CMD}} license:check
code-coverage:
# (commented out for now - see the comments in 'Wait to start' below for why. Keeping this here as a placeholder
# as it may be better to use instead of an artificial delay once we no longer need to build on JDK 7):
#needs: zulu # wait until others finish so a coverage failure doesn't cancel others accidentally
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '8'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Wait to start
# wait a little to start: code coverage usually only takes about 1 1/2 minutes. If coverage fails, it will
# cancel the other running builds, and we don't want that (because we want to see if jobs fail due to
# build issues, not due to the code-coverage job causing the others to cancel). We could have used the
# 'need' property (commented out above), and that would wait until all the other jobs have finished before
# starting this one, but that introduces unnecessary (sometimes 2 1/2 minute) delay, whereas delaying the
# start of the code coverage checks a bit should allow everything to finish around the same time without having
# much of an adverse effect on the other jobs above.
run: sleep 90s
shell: bash
- name: Code Coverage
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: |
${{env.MVN_CMD}} clover:setup test && \
${{env.MVN_CMD}} -pl . clover:clover clover:check coveralls:report \
-DrepoToken="${{ secrets.GITHUB_TOKEN }}" \
-DserviceName=github \
-DserviceBuildNumber="${{ env.GITHUB_RUN_ID }}"
================================================
FILE: .gitignore
================================================
.DS_Store
# Mobile Tools for Java (J2ME)
.mtj.tmp/
# Package Files #
*.jar
*.war
*.ear
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*
target/
.idea
*.iml
*.iws
.classpath
.project
.settings
================================================
FILE: .mvn/wrapper/maven-wrapper.properties
================================================
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8-bin.zip
wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.6.jar
#distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.1/apache-maven-3.6.1-bin.zip
#wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar
================================================
FILE: CHANGELOG.md
================================================
## Release Notes
### 0.13.0
This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent `0.13.x` patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (`0.14.0`) release.
**All future JJWT major and minor versions ( `0.14.0` and later) will require Java 8 or later.**
This `0.13.0` minor release has only one change:
- The previously private `JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap)` constructor is now `public` for those that want register a claims
type converter on their own specified `ObjectMapper` instance. See [Issue 914](https://github.com/jwtk/jjwt/issues/914).
### 0.12.7
This patch release:
* Adds a new Maven BOM, useful for multi-module projects. See [Issue 967](https://github.com/jwtk/jjwt/issues/967).
* Allows the `JwtParserBuilder` to have empty nested algorithm collections, effectively disabling the parser's associated feature:
- Emptying the `zip()` nested collection disables JWT decompression.
- Emptying the `sig()` nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
- Emptying either the `enc()` or `key()` nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)
See [Issue 996](https://github.com/jwtk/jjwt/issues/996).
* Fixes [bug 961](https://github.com/jwtk/jjwt/issues/961) where `JwtParserBuilder` nested collection builders were not correctly replacing algorithms with the same id.
* Ensures a `JwkSet`'s `keys` collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the `keys` collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See [Issue 976](https://github.com/jwtk/jjwt/issues/976).
* Improves performance slightly by ensuring all `jjwt-api` utility methods that create `*Builder` instances (`Jwts.builder()`, `Jwts.parserBuilder()`, `Jwks.builder()`, etc) no longer use reflection.
Instead,`static` factories are created via reflection only once during initial `jjwt-api` classloading, and then `*Builder`s are created via standard instantiation using the `new` operator thereafter. This also benefits certain environments that may not have ideal `ClassLoader` implementations (e.g. Tomcat in some cases).
**NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names**.
See [Issue 988](https://github.com/jwtk/jjwt/issues/988).
* Upgrades the Gson dependency to `2.11.0`
* Upgrades the BouncyCastle dependency to `1.78.1`
### 0.12.6
This patch release:
* Ensures that after successful JWS signature verification, an application-configured Base64Url `Decoder` output is
used to construct a `Jws` instance (instead of JJWT's default decoder). See
[Issue 947](https://github.com/jwtk/jjwt/issues/947).
* Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a `zip` header of `GZIP`. See [Issue 949](https://github.com/jwtk/jjwt/issues/949).
* Upgrades BouncyCastle to 1.78 via [PR 941](https://github.com/jwtk/jjwt/pull/941).
* Ensures that a `JwkSet`'s `keys` list member is no longer considered secret and is not redacted by default. However, each individual JWK element within the `keys` list may still have [redacted private or secret members](https://github.com/jwtk/jjwt?tab=readme-ov-file#jwk-tostring-safety) as expected. See [Issue 976](https://github.com/jwtk/jjwt/issues/976).
### 0.12.5
This patch release:
* Ensures that builders' `NestedCollection` changes are applied to the collection immediately as mutation methods are called, no longer
requiring application developers to call `.and()` to 'commit' or apply a change. For example, prior to this release,
the following code did not apply changes:
```java
JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'
```
Now this code works as expected and all other `NestedCollection` instances like it apply changes immediately (e.g. when calling
`.add(value)`).
However, standard fluent builder chains are still recommended for readability when feasible, e.g.
```java
Jwts.builder()
.audience().add("an-audience").and() // allows fluent chaining
.subject("Joe")
// etc...
.compact()
```
See [Issue 916](https://github.com/jwtk/jjwt/issues/916).
### 0.12.4
This patch release includes various changes listed below.
#### Jackson Default Parsing Behavior
This release makes two behavioral changes to JJWT's default Jackson `ObjectMapper` parsing settings:
1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could
have undesirable effects on an application, JJWT's default `ObjectMapper `is now configured to explicitly reject/fail
parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.
For example, now the following JSON, if parsed, would fail (be rejected) by default:
```json
{
"hello": "world",
"thisWillFail": 42,
"thisWillFail": "test"
}
```
Technically, the JWT RFCs _do allow_ duplicate named fields as long as the last parsed member is the one used
(see [JWS RFC 7515, Section 4](https://datatracker.ietf.org/doc/html/rfc7515#section-4)), so this is allowed.
However, because JWTs often reflect security concepts, it's usually better to be defensive and reject these
unexpected scenarios by default. The RFC later supports this position/preference in
[Section 10.12](https://datatracker.ietf.org/doc/html/rfc7515#section-10.12):
Ambiguous and potentially exploitable situations
could arise if the JSON parser used does not enforce the uniqueness
of member names or returns an unpredictable value for duplicate
member names.
Finally, this is just a default, and the RFC does indeed allow duplicate member names if the last value is used,
so applications that require duplicates to be allowed can simply configure their own `ObjectMapper` and use
that with JJWT instead of assuming this (new) JJWT default. See
[Issue #877](https://github.com/jwtk/jjwt/issues/877) for more.
2. If using JJWT's support to use Jackson to parse
[Custom Claim Types](https://github.com/jwtk/jjwt#json-jackson-custom-types) (for example, a Claim that should be
unmarshalled into a POJO), and the JSON for that POJO contained a member that is not represented in the specified
class, Jackson would fail parsing by default. Because POJOs and JSON data models can sometimes be out of sync
due to different class versions, the default behavior has been changed to ignore these unknown JSON members instead
of failing (i.e. the `ObjectMapper`'s `DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES` is now set to `false`)
by default.
Again, if you prefer the stricter behavior of rejecting JSON with extra or unknown properties, you can configure
`true` on your own `ObjectMapper` instance and use that instance with the `Jwts.parser()` builder.
#### Additional Changes
This release also:
* Fixes a thread-safety issue when using `java.util.ServiceLoader` to dynamically lookup/instantiate pluggable
implementations of JJWT interfaces (e.g. JSON parsers, etc). See
[Issue #873](https://github.com/jwtk/jjwt/issues/873) and its documented fix in
[PR #893](https://github.com/jwtk/jjwt/pull/892).
* Ensures Android environments and older `org.json` library usages can parse JSON from a `JwtBuilder`-provided
`java.io.Reader` instance. [Issue 882](https://github.com/jwtk/jjwt/issues/882).
* Ensures a single string `aud` (Audience) claim is retained (without converting it to a `Set`) when copying/applying a
source Claims instance to a destination Claims builder. [Issue 890](https://github.com/jwtk/jjwt/issues/890).
* Ensures P-256, P-384 and P-521 Elliptic Curve JWKs zero-pad their field element (`x`, `y`, and `d`) byte array values
if necessary before Base64Url-encoding per [RFC 7518](https://datatracker.ietf.org/doc/html/rfc7518), Sections
[6.2.1.2](https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.2),
[6.2.1.3](https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.3), and
[6.2.2.1](https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2.1), respectively.
[Issue 901](https://github.com/jwtk/jjwt/issues/901).
* Ensures that Secret JWKs for HMAC-SHA algorithms with `k` sizes larger than the algorithm minimum can
be parsed/used as expected. See [Issue #905](https://github.com/jwtk/jjwt/issues/905)
* Ensures there is an upper bound (maximum) iterations enforced for PBES2 decryption to help mitigate potential DoS
attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their
work on this. See [PR 911](https://github.com/jwtk/jjwt/pull/911).
* Fixes various typos in documentation and JavaDoc. Thanks to those contributing pull requests for these!
### 0.12.3
This patch release:
* Upgrades the `org.json` dependency to `20231013` to address that library's
[CVE-2023-5072](https://nvd.nist.gov/vuln/detail/CVE-2023-5072) vulnerability.
* (Re-)enables empty values for custom claims, which was the behavior in <= 0.11.5.
[Issue 858](https://github.com/jwtk/jjwt/issues/858).
### 0.12.2
This is a follow-up release to finalize the work in 0.12.1 that tried to fix a reflection scope problem
on >= JDK 17. The 0.12.1 fix worked, but only if the importing project or application did _not_ have its own
`module-info.java` file.
This release removes that reflection code entirely in favor of a JJWT-native implementation, eliminating JPMS
module (scope) problems on >= JDK 17. As such, `--add-opens` flags are no longer required to use JJWT.
The fix has been tested up through JDK 21 in a separate application environment (out of JJWT's codebase) to assert
expected functionality in a 'clean room' environment in a project both with and without `module-info.java` usage.
### 0.12.1
Enabled reflective access on JDK 17+ to `java.io.ByteArrayInputStream` and `sun.security.util.KeyUtil` for
`jjwt-impl.jar`
### 0.12.0
This is a big release! JJWT now fully supports Encrypted JSON Web Tokens (JWE), JSON Web Keys (JWK) and more! See the
sections below enumerating all new features as well as important notes on breaking changes or backwards-incompatible
changes made in preparation for the upcoming 1.0 release.
**Because breaking changes are being introduced, it is strongly recommended to wait until the upcoming 1.0 release
where you can address breaking changes one time only**.
Those that need immediate JWE encryption and JWK key support
however will likely want to upgrade now and deal with the smaller subset of breaking changes in the 1.0 release.
#### Simplified Starter Jar
Those upgrading to new modular JJWT versions from old single-jar versions will transparently obtain everything
they need in their Maven, Gradle or Android projects.
JJWT's early releases had one and only one .jar: `jjwt.jar`. Later releases moved to a modular design with 'api' and
'impl' jars including 'plugin' jars for Jackson, GSON, org.json, etc. Some users upgrading from the earlier single
jar to JJWT's later versions have been frustrated by being forced to learn how to configure the more modular .jars.
This release re-introduces the `jjwt.jar` artifact again, but this time it is simply an empty .jar with Maven
metadata that will automatically transitively download the following into a project, retaining the old single-jar
behavior:
* `jjwt-api.jar`
* `jjwt-impl.jar`
* `jjwt-jackson.jar`
Naturally, developers are still encouraged to configure the modular .jars as described in JJWT's documentation for
greater control and to enable their preferred JSON parser, but this stop-gap should help those unaware when upgrading.
#### JSON Web Encryption (JWE) Support!
This has been a long-awaited feature for JJWT, years in the making, and it is quite extensive - so many encryption
algorithms and key management algorithms are defined by the JWA specification, and new API concepts had to be
introduced for all of them, as well as extensive testing with RFC-defined test vectors. The wait is over!
All JWA-defined encryption algorithms and key management algorithms are fully implemented and supported and
available immediately. For example:
```java
AeadAlgorithm enc = Jwts.ENC.A256GCM;
SecretKey key = enc.key().build();
String compact = Jwts.builder().setSubject("Joe").encryptWith(key, enc).compact();
Jwe<Claims> jwe = Jwts.parser().decryptWith(key).build().parseEncryptedClaims(compact);
```
Many other RSA and Elliptic Curve examples are in the full README documentation.
#### JSON Web Key (JWK) Support!
Representing cryptographic keys - SecretKeys, RSA Public and Private Keys, Elliptic Curve Public and
Private keys - as fully encoded JSON objects according to the JWK specification - is now fully implemented and
supported. The new `Jwks` utility class exists to create JWK builders and parsers as desired. For example:
```java
SecretKey key = Jwts.SIG.HS256.key().build();
SecretJwk jwk = Jwks.builder().forKey(key).build();
assert key.equals(jwk.toKey());
// or if receiving a JWK string:
Jwk<?> parsedJwk = Jwks.parser().build().parse(jwkString);
assert jwk.equals(parsedJwk);
assert key.equals(parsedJwk.toKey());
```
Many JJWT users won't need to use JWKs explicitly, but some JWA Key Management Algorithms (and lots of RFC test
vectors) utilize JWKs when transmitting JWEs. As this was required by JWE, it is now implemented in full for
JWE use as well as general-purpose JWK support.
#### JWK Thumbprint and JWK Thumbprint URI support
The [JWK Thumbprint](https://www.rfc-editor.org/rfc/rfc7638.html) and
[JWK Thumbprint URI](https://www.rfc-editor.org/rfc/rfc9278.html) RFC specifications are now fully supported. Please
see the README.md file's corresponding named sections for both for full documentation and usage examples.
#### JWS Unencoded Payload Option (`b64`) support
The [JSON Web Signature (JWS) Unencoded Payload Option](https://www.rfc-editor.org/rfc/rfc7797.html) RFC specification
is now fully supported. Please see the README.md corresponding named section for documentation and usage examples.
#### Better PKCS11 and Hardware Security Module (HSM) support
Previous versions of JJWT enforced that Private Keys implemented the `RSAKey` and `ECKey` interfaces to enforce key
length requirements. With this release, JJWT will still perform those checks when those data types are available,
but if not, as is common with keys from PKCS11 and HSM KeyStores, JJWT will still allow those Keys to be used,
expecting the underlying Security Provider to enforce any key requirements. This should reduce or eliminate any
custom code previously written to extend JJWT to use keys from those KeyStores or Providers.
Additionally, PKCS11/HSM tests using [SoftHSMv2](https://www.opendnssec.org/softhsm/) are run on every build with
every JWS MAC and Signature algorithm and every JWE Key algorithm to ensure continued stable support with
Android and Sun PKCS11 implementations and spec-compliant Hardware Security Modules that use the PKCS11 interface
(such as YubiKey, etc.)
#### Custom Signature Algorithms
The `io.jsonwebtoken.SignatureAlgorithm` enum has been deprecated in favor of new
`io.jsonwebtoken.security.SecureDigestAlgorithm`, `io.jsonwebtoken.security.MacAlgorithm`, and
`io.jsonwebtoken.security.SignatureAlgorithm` interfaces to allow custom algorithm implementations. The new nested
`Jwts.SIG` static inner class is a registry of all standard JWS algorithms as expected, exactly like the
old enum. This change was made because enums are a static concept by design and cannot
support custom values: those who wanted to use custom signature algorithms could not do so until now. The new
interfaces now allow anyone to plug in and support custom algorithms with JJWT as desired.
#### KeyBuilder and KeyPairBuilder
Because the `io.jsonwebtoken.security.Keys#secretKeyFor` and `io.jsonwebtoken.security.Keys#keyPairFor` methods
accepted the now-deprecated `io.jsonwebtoken.SignatureAlgorithm` enum, they have also been deprecated in favor of
calling new `key()` or `keyPair()` builder methods on `MacAlgorithm` and `SignatureAlgorithm` instances directly.
For example:
```java
SecretKey key = Jwts.SIG.HS256.key().build();
KeyPair pair = Jwts.SIG.RS256.keyPair().build();
```
The builders allow for customization of the JCA `Provider` and `SecureRandom` during Key or KeyPair generation if desired, whereas
the old enum-based static utility methods did not.
#### Preparation for 1.0
Now that the JWE and JWK specifications are implemented, only a few things remain for JJWT to be considered at
version 1.0. We have been waiting to apply the 1.0 release version number until the entire set of JWT specifications
are fully supported **and** we drop JDK 7 support (to allow users to use JDK 8 APIs). To that end, we have had to
deprecate some concepts, or in some cases, completely break backwards compatibility to ensure the transition to
1.0 (and JDK 8 APIs) are possible. Most backwards-incompatible changes are listed in the next section below.
#### Backwards Compatibility Breaking Changes, Warnings and Deprecations
* `io.jsonwebtoken.Jwt`'s `getBody()` method has been deprecated in favor of a new `getPayload()` method to
reflect correct JWT specification nomenclature/taxonomy.
* `io.jsonwebtoken.Jws`'s `getSignature()` method has been deprecated in favor of a new `getDigest()` method to
support expected congruent behavior with `Jwe` instances (both have digests).
* `io.jsonwebtoken.JwtParser`'s `parseContentJwt`, `parseClaimsJwt`, `parseContentJws`, and `parseClaimsJws` methods
have been deprecated in favor of more intuitive respective `parseUnsecuredContent`, `parseUnsecuredClaims`,
`parseSignedContent` and `parseSignedClaims` methods.
* `io.jsonwebtoken.CompressionCodec` is now deprecated in favor of the new `io.jsonwebtoken.io.CompressionAlgorithm`
interface. This is to guarantee API congruence with all other JWT-identifiable algorithm IDs that can be set as a
header value.
* `io.jsonwebtoken.CompressionCodecResolver` has been deprecated in favor of the new
`JwtParserBuilder#addCompressionAlgorithms` method.
#### Breaking Changes
* **`io.jsonwebtoken.Claims` and `io.jsonwebtoken.Header` instances are now immutable** to enhance security and thread
safety. Creation and mutation are supported with newly introduced `ClaimsBuilder` and `HeaderBuilder` concepts.
Even though mutation methods have migrated, there are a couple that have been removed entirely:
* `io.jsonwebtoken.JwsHeader#setAlgorithm` has been removed - the `JwtBuilder` will always set the appropriate
`alg` header automatically based on builder state.
* `io.jsonwebtoken.Header#setCompressionAlgorithm` has been removed - the `JwtBuilder` will always set the appropriate
`zip` header automatically based on builder state.
* `io.jsonwebtoken.Jwts`'s `header(Map)`, `jwsHeader()` and `jwsHeader(Map)` methods have been removed in favor
of the new `header()` method that returns a `HeaderBuilder` to support method chaining and dynamic `Header` type
creation. The `HeaderBuilder` will dynamically create a `Header`, `JwsHeader` or `JweHeader` automatically based on
builder state.
* Similarly, `io.jsonwebtoken.Jwts`'s `claims()` static method has been changed to return a `ClaimsBuilder` instead
of a `Claims` instance.
* **JWTs that do not contain JSON Claims now have a payload type of `byte[]` instead of `String`** (that is,
`Jwt<byte[]>` instead of `Jwt<String>`). This is because JWTs, especially when used with the
`cty` (Content Type) header, are capable of handling _any_ type of payload, not just Strings. The previous JJWT
releases didn't account for this, and now the API accurately reflects the JWT RFC specification payload
capabilities. Additionally, the name of `plaintext` has been changed to `content` in method names and JavaDoc to
reflect this taxonomy. This change has impacted the following JJWT APIs:
* The `JwtBuilder`'s `setPayload(String)` method has been deprecated in favor of two new methods:
* `setContent(byte[])`, and
* `setContent(byte[], String contentType)`
These new methods allow any kind of content
within a JWT, not just Strings. The existing `setPayload(String)` method implementation has been changed to
delegate to this new `setContent(byte[])` method with the argument's UTF-8 bytes, for example
`setContent(payloadString.getBytes(StandardCharsets.UTF_8))`.
* The `JwtParser`'s `Jwt<Header, String> parsePlaintextJwt(String plaintextJwt)` and
`Jws<String> parsePlaintextJws(String plaintextJws)` methods have been changed to
`Jwt<Header, byte[]> parseContentJwt(String plaintextJwt)` and
`Jws<byte[]> parseContentJws(String plaintextJws)` respectively.
* `JwtHandler`'s `onPlaintextJwt(String)` and `onPlaintextJws(String)` methods have been changed to
`onContentJwt(byte[])` and `onContentJws(byte[])` respectively.
* `io.jsonwebtoken.JwtHandlerAdapter` has been changed to reflect the above-mentioned name and `String`-to-`byte[]`
argument changes, as well adding the `abstract` modifier. This class was never intended
to be instantiated directly, and is provided for subclassing only. The missing modifier has been added to ensure
the class is used as it had always been intended.
* `io.jsonwebtoken.SigningKeyResolver`'s `resolveSigningKey(JwsHeader, String)` method has been changed to
`resolveSigningKey(JwsHeader, byte[])`.
* `io.jsonwebtoken.JwtParser` is now immutable. All mutation/modification methods (setters, etc) deprecated 4 years
ago have been removed. All parser configuration requires using the `JwtParserBuilder`.
* Similarly, `io.jsonwebtoken.Jwts`'s `parser()` method deprecated 4 years ago has been changed to now return a
`JwtParserBuilder` instead of a direct `JwtParser` instance. The previous `Jwts.parserBuilder()` method has been
removed as it is now redundant.
* The `JwtParserBuilder` no longer supports `PrivateKey`s for signature verification. This was an old
legacy behavior scheduled for removal years ago, and that change is now complete. For various cryptographic/security
reasons, asymmetric public/private key signatures should always be created with `PrivateKey`s and verified with
`PublicKey`s.
* `io.jsonwebtoken.CompressionCodec` implementations are no longer discoverable via `java.util.ServiceLoader` due to
runtime performance problems with the JDK's `ServiceLoader` implementation per
https://github.com/jwtk/jjwt/issues/648. Custom implementations should be made available to the `JwtParser` via
the new `JwtParserBuilder#addCompressionAlgorithms` method.
* Prior to this release, if there was a serialization problem when serializing the JWT Header, an `IllegalStateException`
was thrown. If there was a problem when serializing the JWT claims, an `IllegalArgumentException` was
thrown. This has been changed up to ensure consistency: any serialization error with either headers or claims
will now throw a `io.jsonwebtoken.io.SerializationException`.
* Parsing of unsecured JWTs (`alg` header of `none`) are now disabled by default as mandated by
[RFC 7518, Section 3.6](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.6). If you require parsing of
unsecured JWTs, you must call the `JwtParserBuilder#enableUnsecured()` method, but note the security
implications mentioned in that method's JavaDoc before doing so.
* `io.jsonwebtoken.gson.io.GsonSerializer` now requires `Gson` instances that have a registered
`GsonSupplierSerializer` type adapter, for example:
```java
new GsonBuilder()
.registerTypeHierarchyAdapter(io.jsonwebtoken.lang.Supplier.class, GsonSupplierSerializer.INSTANCE)
.disableHtmlEscaping().create();
```
This is to ensure JWKs have `toString()` and application log safety (do not print secure material), but still
serialize to JSON correctly.
* `io.jsonwebtoken.InvalidClaimException` and its two subclasses (`IncorrectClaimException` and `MissingClaimException`)
were previously mutable, allowing the corresponding claim name and claim value to be set on the exception after
creation. These should have always been immutable without those setters (just getters), and this was a previous
implementation oversight. This release has ensured they are immutable without the setters.
### 0.11.5
This patch release adds additional security guards against an ECDSA bug in Java SE versions 15-15.0.6, 17-17.0.2, and 18
([CVE-2022-21449](https://nvd.nist.gov/vuln/detail/CVE-2022-21449)) in addition to the guards added in the JJWT 0.11.3
release. This patch allows JJWT users using those JVM versions to upgrade to JJWT 0.11.5, even if they are unable to
upgrade their JVM to patched/fixed JVM version in a timely manner. Note: if your application does not use these JVM
versions, you are not exposed to the JVM vulnerability.
Note that the CVE is not a bug within JJWT itself - it is a bug within the above listed JVM versions, and the
JJWT 0.11.5 release adds additional precautions within JJWT in case an application team is not able to upgrade
their JVM in a timely manner.
However, even with these additional JJWT security guards, the root cause of the issue is the JVM, so it **strongly
recommended** to upgrade your JVM to version
15.0.7, 17.0.3, or 18.0.1 or later to ensure the bug does not surface elsewhere in your application code or any other
third party library in your application that may not contain similar security guards.
Issues included in this patch are listed in the [JJWT 0.11.5 milestone](https://github.com/jwtk/jjwt/milestone/26?closed=1).
#### Credits
Thank you to [Neil Madden](https://neilmadden.blog), the security researcher that first discovered the JVM
vulnerability as covered in his [Psychic Signatures in Java](https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/)
blog post. Neil worked directly with the JJWT team to provide these additional guards, beyond what was in the JJWT 0.11.3
release, and we're grateful for his help and collaboration in reviewing our fixes and for the additional tests he
provided the JJWT team.
### 0.11.4
This patch release:
* Adds additional handling for rare JSON parsing exceptions and wraps them in a `JwtException` to allow the application to handle these conditions as JWT concerns.
* Upgrades the `jjwt-jackson` module's Jackson dependency to `2.12.6.1`.
* Upgrades the `jjwt-orgjson` module's org.json:json dependency to `20220320`.
* Upgrades the `jjwt-gson` module's gson dependency to `2.9.0`.
* Upgrades the internal testing BouncyCastle version and any references in README documentation examples to `1.70`.
* Contains various documentation and typo fixes.
The patch also makes various internal project POM and build enhancements to reduce repetition and the chance for
stale references, and overall create a cleaner build with less warnings. It also ensures that CI testing builds
and executes on all latest OpenJDK versions from Java 7 to Java 18 (inclusive).
Issues included in this patch are listed in the [JJWT 0.11.4 milestone](https://github.com/jwtk/jjwt/milestone/25?closed=1).
### 0.11.3
This patch release adds security guards against an ECDSA bug in Java SE versions 15-15.0.6, 17-17.0.2, and 18
([CVE-2022-21449](https://nvd.nist.gov/vuln/detail/CVE-2022-21449)). Note: if your application does not use these
JVM versions, you are not exposed to the JVM vulnerability.
Note that the CVE is not a bug within JJWT itself - it is a bug within the above listed JVM versions. However, even
with these additional JJWT security guards, the root cause of the issue is the JVM, so it **strongly
recommended** to upgrade your JVM to version 15.0.7, 17.0.3, or 18.0.1 or later to ensure the bug does not surface
elsewhere in your application code or any other third party library in your application that may not contain similar
security guards.
Issues included in this patch are listed in the [JJWT 0.11.3 milestone](https://github.com/jwtk/jjwt/milestone/24).
#### Backwards Compatibility Warning
In addition to additional protections against
[r or s values of zero in ECDSA signatures](https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/), this
release also disables by default legacy DER-encoded signatures that might be included in an ECDSA-signed JWT.
(DER-encoded signatures are not supported by the JWT RFC specifications, so they are not frequently encountered.)
However, if you are using an application that needs to consume such legacy JWTs (either produced by a very
early version of JJWT, or a different JWT library), you may re-enable DER-encoded ECDSA signatures by setting the
`io.jsonwebtoken.impl.crypto.EllipticCurveSignatureValidator.derEncodingSupported` System property to the _exact_
`String` value `true`. For example:
```java
System.setProperty("io.jsonwebtoken.impl.crypto.EllipticCurveSignatureValidator.derEncodingSupported", "true");
```
*BUT BE CAREFUL*: **DO NOT** set this System property if your application may run on one of the vulnerable JVMs
noted above (Java SE versions 15-15.0.6, 17-17.0.2, and 18).
You may safely set this property to a `String` value of `true` on all other versions of the JVM if you need to
support these legacy JWTs, *otherwise it is best to ignore (not set) the property entirely*.
#### Credits
Thank you to [Neil Madden](https://neilmadden.blog), the security researcher that first discovered the JVM
vulnerability as covered in his [Psychic Signatures in Java](https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/) blog post.
We'd also like to thank Toshiki Sasazaki, a member of [LINE Corporation](https://linecorp.com)'s Application Security
Team as the first person to report the concern directly to the JJWT team, as well as for working with us during testing
leading to our conclusions and subsequent 0.11.3 patch release.
### 0.11.2
This patch release:
* Allows empty JWS bodies to support [RFC 8555](https://tools.ietf.org/html/rfc8555) and similar initiatives. [Pull Request 540](https://github.com/jwtk/jjwt/pull/540)
* Ensures OSGi environments can access JJWT implementation bundles (`jjwt-jackson`, `jjwt-gson`, etc) as fragments to `jjwt-api` bundle. [Pull Request 580](https://github.com/jwtk/jjwt/pull/580)
* Rejects `allowedClockSkewSeconds` values that would cause numeric overflow. [Issue 583](https://github.com/jwtk/jjwt/issues/583)
* Upgrades Jackson dependency to version `2.9.10.4` to address all known Jackson CVE vulnerabilities. [Issue 585](https://github.com/jwtk/jjwt/issues/585)
* Updates `SecretKey` algorithm name validation to allow PKCS12 KeyStore OIDs in addition to JCA Names. [Issue 588](https://github.com/jwtk/jjwt/issues/588)
* Enabled CI builds on JDK 14. [Pull Request 590](https://github.com/jwtk/jjwt/pull/590)
* Adds missing parameters type to `Maps.add()`, which removes an unchecked type warning. [Issue 591](https://github.com/jwtk/jjwt/issues/591)
* Ensures `GsonDeserializer` always uses `UTF-8` for encoding bytes to Strings. [Pull Request 592](https://github.com/jwtk/jjwt/pull/592)
All issues and PRs are listed in the Github [JJWT 0.11.2 milestone](https://github.com/jwtk/jjwt/milestone/23?closed=1).
### 0.11.1
This patch release:
* Upgrades the `jjwt-jackson` module's Jackson dependency to `2.9.10.3`.
* Fixes an issue when using Java 9+ `Map.of` with `JacksonDeserializer` that resulted in an `NullPointerException`.
* Fixes an issue that prevented the `jjwt-gson` .jar's seralizer/deserializer implementation from being detected automatically.
* Ensures service implementations are now loaded from the context class loader, Services.class.classLoader, and the system classloader, the first classloader with a service wins, and the others are ignored. This mimics how `Classes.forName()` works, and how JJWT attempted to auto-discover various implementations in previous versions.
* Fixes a minor error in the `Claims#getIssuedAt` JavaDoc.
### 0.11.0
This minor release:
* Adds [Google's Gson](https://github.com/google/gson) as a natively supported JSON parser. Installation instructions
have been updated and new [JJWT Gson usage guidelines](https://github.com/jwtk/jjwt#json-gson) have been added.
* Updates the Jackson dependency version to [2.9.10](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
to address three security vulnerabilities in Jackson.
* A new `JwtParserBuilder` interface has been added and is the recommended way of creating an immutable and thread-safe JwtParser instance. Mutable methods in `JwtParser` will be removed before v1.0.
Migration to the new signatures is straightforward, for example:
Previous Version:
```java
Jwts.parser()
.requireAudience("string")
.parse(jwtString)
```
Current Version:
```java
Jwts.parserBuilder()
.requireAudience("string")
.build()
.parse(jwtString)
```
* Adds `io.jsonwebtoken.lang.Maps` utility class to make creation of maps fluent, as demonstrated next.
* Adds support for custom types when deserializing with Jackson. To use configure your parser:
```java
Jwts.parserBuilder().deserializeJsonWith(
new JacksonDeserializer(
Maps.of("claimName", YourType.class).build() // <--
)
).build()
```
* Moves JSON Serializer/Deserializer implementations to a different package name.
- `io.jsonwebtoken.io.JacksonSerializer` -> `io.jsonwebtoken.jackson.io.JacksonSerializer`
- `io.jsonwebtoken.io.JacksonDeserializer` -> `io.jsonwebtoken.jackson.io.JacksonDeserializer`
- `io.jsonwebtoken.io.OrgJsonSerializer` -> `io.jsonwebtoken.orgjson.io.OrgJsonSerializer`
- `io.jsonwebtoken.io.OrgJsonDeserializer` -> `io.jsonwebtoken.orgjson.io.OrgJsonDeserializer`
A backward compatibility modules has been created using the `deprecated` classifier (`io.jsonwebtoken:jjwt-jackson:0.11.0:deprecated` and `io.jsonwebtoken:jjwt-orjson:0.11.0:deprecated`), if you are compiling against these classes directly, otherwise you will be unaffected.
#### Backwards Compatibility Warning
Due to this package move, if you are currently using one of the above four existing (pre 0.11.0) classes with `compile` scope, you must either:
1. change your code to use the newer package classes (recommended), or
1. change your build/dependency configuration to use the `deprecated` dependency classifier to use the existing classes, as follows:
**Maven**
```xml
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.0</version>
<classifier>deprecated</classifier>
<scope>compile</scope>
</dependency>
```
**Gradle**
```groovy
compile 'io.jsonwebtoken:jjwt-jackson:0.11.0:deprecated'
```
**Note:** that the first option is recommended since the second option will not be available starting with the 1.0 release.
### 0.10.8
This patch release:
* Ensures that SignatureAlgorithms `PS256`, `PS384`, and `PS512` work properly on JDK 11 and later without the need
for BouncyCastle. Previous releases referenced a BouncyCastle-specific
algorithm name instead of the Java Security Standard Algorithm Name of
[`RSASSA-PSS`](https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#signature-algorithms).
This release ensures the standard name is used moving forward.
* Fixes a backwards-compatibility [bug](https://github.com/jwtk/jjwt/issues/536) when parsing compressed JWTs
created from 0.10.6 or earlier using the `DEFLATE` compression algorithm.
### 0.10.7
This patch release:
* Adds a new [Community section](https://github.com/jwtk/jjwt#community) in the documentation discussing asking
questions, using Slack and Gittr, and opening new issues and pull requests.
* Fixes a [memory leak](https://github.com/jwtk/jjwt/issues/392) found in the DEFLATE compression
codec implementation.
* Updates the Jackson dependency version to [2.9.9.1](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
to address three security vulnerabilities in Jackson:
[CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086),
[CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384), and
[CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814).
* Fixes a [bug](https://github.com/jwtk/jjwt/issues/397) when Jackson is in the classpath but the `jjwt-jackson` .jar is not.
* Fixes various documentation and typo fixes.
### 0.10.6
This patch release updates the jackson-databind version to 2.9.8 to address a critical security vulnerability in that
library.
### 0.10.5
This patch release fixed an Android `org.json` library compatibility [issue](https://github.com/jwtk/jjwt/issues/388).
### 0.10.4
This patch release fixed an [outstanding issue](https://github.com/jwtk/jjwt/issues/381) with JCA name
case-sensitivity that impacted Android that was not caught in the 0.10.3 release.
### 0.10.3
This is a minor patch release that fixed a key length assertion for `SignatureAlgorithm.forSigningKey` that was
failing in Android environments. The Android dependencies and ProGuard exclusions documentation was updated as
well to reflect Android Studio 3.0 conventions.
### 0.10.2
This is a minor patch release that ensures the `OrgJsonSerializer` and `OrgJsonDeserializer` implementations are
compatible with Android's older `org.json` API. Previously JJWT used newer `org.json` APIs that are not
available on Android.
### 0.10.1
This is a minor point release that ensures the BouncyCastle dependency is optional and not pulled in as a transitive
dependency into projects.
Internal implementation code (not impacting the JJWT API) and documentation was also updated to reflect that all
Elliptic Curve algorithms are standard on the JDK and do not require Bouncy Castle.
Bouncy Castle is only needed when using PS256, PS384, and PS512 signature algorithms on < JDK 11.
[JDK 11 and later](https://bugs.openjdk.java.net/browse/JDK-8146293) supports these algorithms natively.
### 0.10.0
This is a fairly large feature enhancement release that enables the following:
* Modular project structure resulting in pluggable JJWT dependencies ([Issue 348](https://github.com/jwtk/jjwt/issues/348))
* Auto-configuration for Jackson or JSON-Java [JSON processors](https://github.com/jwtk/jjwt#json).
* [Automatic SignatureAlgorithm selection](https://github.com/jwtk/jjwt#jws-create-key) based on specified signing Key.
* Algorithm and Key [Strength Assertions](https://github.com/jwtk/jjwt#jws-key)
* [Simplified Key generation](https://github.com/jwtk/jjwt#jws-key-create)
* Deterministic [Base64(URL) support](https://github.com/jwtk/jjwt#base64) on all JDK and Android platforms
* [Custom JSON processing](https://github.com/jwtk/jjwt#json-custom)
* Complete [documentation](https://github.com/jwtk/jjwt)
* and a bunch of other [minor fixes and enhancements](https://github.com/jwtk/jjwt/milestone/11).
**BACKWARDS-COMPATIBILITY NOTICE:**
JJWT's new modular design utilizes distinctions between compile and runtime dependencies to ensure you only depend
on the public APIs that are safe to use in your application. All internal/private implementation classes have
been moved to a new `jjwt-impl` runtime dependency.
If you depended on any internal implementation classes in the past, you have two choices:
1. Refactor your code to use the public-only API classes and interfaces in the `jjwt-api` .jar. Any functionality
you might have used in the internal implementation should be available via newer cleaner interfaces and helper
classes in that .jar.
2. Specify the new `jjwt-impl` .jar not as a runtime dependency but as a compile dependency. This would make your
upgrade to JJWT 0.10.0 fully backwards compatible, but you do so _at your own risk_. JJWT will make **NO**
semantic version compatibility guarantees in the `jjwt-impl` .jar moving forward. Semantic versioning will be
very carefully adhered to in all other JJWT dependencies however.
### 0.9.1
This is a minor patch release that updates the Jackson dependency to 2.9.6 to address Jackson CVE-2017-17485.
### 0.9.0
This is a minor release that includes changes to dependencies and plugins to allow for building jjwt with Java 9.
Javadocs in a few classes were updated as well to support proper linting in both Java 8 and Java 9.
### 0.8.0
This is a minor feature enhancement, dependency version update and build update release. We switched from Jacoco to
OpenClover as OpenClover delivers a higher quality of test metrics. As an interim measure, we introduced a new
repository that has an updated version of the coveralls-maven-plugin which includes support for Clover reporting to
Coveralls. Once this change has been merged and released to the official coveralls-maven-plugin on maven central,
this repository will be removed. The following dependencies were updated to the latest release version: maven
compiler, maven enforcer, maven failsafe, maven release, maven scm provider, maven bundle, maven gpg, maven source,
maven javadoc, jackson, bouncy castle, groovy, logback and powermock. Of significance, is the upgrade for jackson as
a security issue was addressed in its latest release.
An `addClaims` method is added to the `JwtBuilder` interface in this release. It adds all given name/value pairs to
the JSON Claims in the payload.
Additional tests were added to improve overall test coverage.
### 0.7.0
This is a minor feature enhancement and bugfix release. One of the bug fixes is particularly important if using
elliptic curve signatures, please see below.
#### Elliptic Curve Signature Length Bug Fix
Previous versions of JJWT safely calculated and verified Elliptic Curve signatures (no security risks), however, the
signatures were encoded using the JVM's default ASN.1/DER format. The JWS specification however
requires EC signatures to be in a R + S format. JJWT >= 0.7.0 now correctly represents newly computed EC signatures in
this spec-compliant format.
What does this mean for you?
Signatures created from previous JJWT versions can still be verified, so your existing tokens will still be parsed
correctly. HOWEVER, new JWTs with EC signatures created by JJWT >= 0.7.0 are now spec compliant and therefore can only
be verified by JJWT >= 0.7.0 (or any other spec compliant library).
**This means that if you generate JWTs using Elliptic Curve Signatures after upgrading to JJWT >= 0.7.0, you _must_
also upgrade any applications that parse these JWTs to upgrade to JJWT >= 0.7.0 as well.**
#### Clock Skew Support
When parsing a JWT, you might find that `exp` or `nbf` claims fail because the clock on the parsing machine is not
perfectly in sync with the clock on the machine that created the JWT. You can now account for these differences
(usually no more than a few minutes) when parsing using the new `setAllowedClockSkewSeconds` method on the parser.
For example:
```java
long seconds = 3 * 60; //3 minutes
Jwts.parser().setAllowedClockSkewSeconds(seconds).setSigningKey(key).parseClaimsJws(jwt);
```
This ensures that clock differences between machines can be ignored. Two or three minutes should be more than enough; it
would be very strange if a machine's clock was more than 5 minutes difference from most atomic clocks around the world.
#### Custom Clock Support
Timestamps created during parsing can now be obtained via a custom time source via an implementation of
the new `io.jsonwebtoken.Clock` interface. The default implementation simply returns `new Date()` to reflect the time
when parsing occurs, as most would expect. However, supplying your own clock could be useful, especially during test
cases to guarantee deterministic behavior.
#### Android RSA Private Key Support
Previous versions of JJWT required RSA private keys to implement `java.security.interfaces.RSAPrivateKey`, but Android
6 RSA private keys do not implement this interface. JJWT now asserts that RSA keys are instances of both
`java.security.interfaces.RSAKey` and `java.security.PrivateKey` which should work fine on both Android and all other
'standard' JVMs as well.
#### Library version updates
The few dependencies JWWT has (e.g. Jackson) have been updated to their latest stable versions at the time of release.
#### Issue List
For all completed issues, please see the [0.7.0 Milestone List](https://github.com/jwtk/jjwt/milestone/7?closed=1)
### 0.6.0
#### Enforce JWT Claims when Parsing
You can now enforce that JWT claims have expected values when parsing a compact JWT string.
For example, let's say that you require that the JWT you are parsing has a specific `sub` (subject) value,
otherwise you may not trust the token. You can do that by using one of the `require` methods on the parser builder:
```java
try {
Jwts.parser().requireSubject("jsmith").setSigningKey(key).parseClaimsJws(s);
} catch(InvalidClaimException ice) {
// the sub claim was missing or did not have a 'jsmith' value
}
```
If it is important to react to a missing vs an incorrect value, instead of catching `InvalidClaimException`, you can catch either `MissingClaimException` or `IncorrectClaimException`:
```java
try {
Jwts.parser().requireSubject("jsmith").setSigningKey(key).parseClaimsJws(s);
} catch(MissingClaimException mce) {
// the parsed JWT did not have the sub claim
} catch(IncorrectClaimException ice) {
// the parsed JWT had a sub claim, but its value was not equal to 'jsmith'
}
```
You can also require custom claims by using the `require(claimName, requiredValue)` method - for example:
```java
try {
Jwts.parser().require("myClaim", "myRequiredValue").setSigningKey(key).parseClaimsJws(s);
} catch(InvalidClaimException ice) {
// the 'myClaim' claim was missing or did not have a 'myRequiredValue' value
}
```
(or, again, you could catch either MissingClaimException or IncorrectClaimException instead)
#### Body Compression
**This feature is NOT JWT specification compliant**, *but it can be very useful when you parse your own tokens*.
If your JWT body is large and you have size restrictions (for example, if embedding a JWT in a URL and the URL must be under a certain length for legacy browsers or mail user agents), you may now compress the JWT body using a `CompressionCodec`:
```java
Jwts.builder().claim("foo", "someReallyLongDataString...")
.compressWith(CompressionCodecs.DEFLATE) // or CompressionCodecs.GZIP
.signWith(SignatureAlgorithm.HS256, key)
.compact();
```
This will set a new `zip` header with the name of the compression algorithm used so that parsers can see that value and decompress accordingly.
The default parser implementation will automatically decompress DEFLATE or GZIP compressed bodies, so you don't need to set anything on the parser - it looks like normal:
```java
Jwts.parser().setSigningKey(key).parseClaimsJws(compact);
```
##### Custom Compression Algorithms
If the DEFLATE or GZIP algorithms are not sufficient for your needs, you can specify your own Compression algorithms by implementing the `CompressionCodec` interface and setting it on the parser:
```java
Jwts.builder().claim("foo", "someReallyLongDataString...")
.compressWith(new MyCompressionCodec())
.signWith(SignatureAlgorithm.HS256, key)
.compact();
```
You will then need to specify a `CompressionCodecResolver` on the parser, so you can inspect the `zip` header and return your custom codec when discovered:
```java
Jwts.parser().setSigningKey(key)
.setCompressionCodecResolver(new MyCustomCompressionCodecResolver())
.parseClaimsJws(compact);
```
*NOTE*: Because body compression is not JWT specification compliant, you should only enable compression if both your JWT builder and parser are JJWT versions >= 0.6.0, or if you're using another library that implements the exact same functionality. This feature is best reserved for your own use cases - where you both create and later parse the tokens. It will likely cause problems if you compressed a token and expected a 3rd party (who doesn't use JJWT) to parse the token.
### 0.5.1
- Minor [bug](https://github.com/jwtk/jjwt/issues/31) fix [release](https://github.com/jwtk/jjwt/issues?q=milestone%3A0.5.1+is%3Aclosed) that ensures correct Base64 padding in Android runtimes.
### 0.5
- Android support! Android's built-in Base64 codec will be used if JJWT detects it is running in an Android environment. Other than Base64, all other parts of JJWT were already Android-compliant. Now it is fully compliant.
- Elliptic Curve signature algorithms! `SignatureAlgorithm.ES256`, `ES384` and `ES512` are now supported.
- Super convenient key generation methods, so you don't have to worry how to do this safely:
- `MacProvider.generateKey(); //or generateKey(SignatureAlgorithm)`
- `RsaProvider.generateKeyPair(); //or generateKeyPair(sizeInBits)`
- `EllipticCurveProvider.generateKeyPair(); //or generateKeyPair(SignatureAlgorithm)`
The `generate`* methods that accept an `SignatureAlgorithm` argument know to generate a key of sufficient strength that reflects the specified algorithm strength.
Please see the full [0.5 closed issues list](https://github.com/jwtk/jjwt/issues?q=milestone%3A0.5+is%3Aclosed) for more information.
### 0.4
- [Issue 8](https://github.com/jwtk/jjwt/issues/8): Add ability to find signing key by inspecting the JWS values before verifying the signature.
This is a handy little feature. If you need to parse a signed JWT (a JWS) and you don't know which signing key was used to sign it, you can now use the new `SigningKeyResolver` concept.
A `SigningKeyresolver` can inspect the JWS header and body (Claims or String) _before_ the JWS signature is verified. By inspecting the data, you can find the key and return it, and the parser will use the returned key to validate the signature. For example:
```java
SigningKeyResolver resolver = new MySigningKeyResolver();
Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(resolver).parseClaimsJws(compact);
```
The signature is still validated, and the JWT instance will still not be returned if the jwt string is invalid, as
expected. You just get to 'see' the JWT data for key discovery before the parser validates. Nice.
This of course requires that you put some sort of information in the JWS when you create it so that your
`SigningKeyResolver` implementation can look at it later and look up the key. The *standard* way to do this is to
use the JWS `kid` ('key id') header parameter, for example:
```java
Jwts.builder().setHeaderParam("kid", your_signing_key_id_NOT_THE_SECRET).build();
```
You could of course set any other header parameter or claims instead of setting `kid` if you want -
that's just the default parameter reserved for signing key identification. If you can locate the signing key based
on other information in the header or claims, you don't need to set the `kid` parameter - just make sure your
resolver implementation knows how to look up the key.
Finally, a nice `SigningKeyResolverAdapter` is provided to allow you to write quick and simple subclasses or
anonymous classes instead of having to implement the `SigningKeyResolver` interface directly. For example:
```java
Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
//inspect the header or claims, lookup and return the signing key
String keyId = header.getKeyId(); //or any other parameter that you need to inspect
return getSigningKey(keyId); //implement me
}})
.parseClaimsJws(compact);
```
### 0.3
- [Issue 6](https://github.com/jwtk/jjwt/issues/6): Parsing an expired Claims JWT or JWS (as determined by the `exp`
claim) will now throw an `ExpiredJwtException`.
- [Issue 7](https://github.com/jwtk/jjwt/issues/7): Parsing a premature Claims JWT or JWS (as determined by the `nbf`
claim) will now throw a `PrematureJwtException`.
### 0.2
#### More convenient Claims building
This release adds convenience methods to the `JwtBuilder` interface so you can set claims directly on the builder without having to create a separate Claims instance/builder, reducing the amount of code you have to write. For example, this:
```java
Claims claims = Jwts.claims().setSubject("Joe");
String compactJwt = Jwts.builder().setClaims(claims).signWith(HS256, key).compact();
```
can now be written as:
```java
String compactJwt = Jwts.builder().setSubject("Joe").signWith(HS256, key).compact();
```
A Claims instance based on the specified claims will be created and set as the JWT's payload automatically.
#### Type-safe handling for JWT and JWS with generics
The following < 0.2 code produced a JWT as expected:
```java
Jwt jwt = Jwts.parser().setSigningKey(key).parse(compact);
```
But you couldn't easily determine if the `jwt` was a `JWT` or `JWS` instance or if the body was a `Claims` instance or a plaintext `String` without resorting to a bunch of yucky `instanceof` checks. In 0.2, we introduce the `JwtHandler` when you don't know the exact format of the compact JWT string ahead of time, and parsing convenience methods when you do.
##### JwtHandler
If you do not know the format of the compact JWT string at the time you try to parse it, you can determine what type it is after parsing by providing a `JwtHandler` instance to the `JwtParser` with the new `parse(String compactJwt, JwtHandler handler)` method. For example:
```java
T returnVal = Jwts.parser().setSigningKey(key).parse(compact, new JwtHandler<T>() {
@Override
public T onPlaintextJwt(Jwt<Header, String> jwt) {
//the JWT parsed was an unsigned plaintext JWT
//inspect it, then return an instance of T (see returnVal above)
}
@Override
public T onClaimsJwt(Jwt<Header, Claims> jwt) {
//the JWT parsed was an unsigned Claims JWT
//inspect it, then return an instance of T (see returnVal above)
}
@Override
public T onPlaintextJws(Jws<String> jws) {
//the JWT parsed was a signed plaintext JWS
//inspect it, then return an instance of T (see returnVal above)
}
@Override
public T onClaimsJws(Jws<Claims> jws) {
//the JWT parsed was a signed Claims JWS
//inspect it, then return an instance of T (see returnVal above)
}
});
```
Of course, if you know you'll only have to parse a subset of the above, you can use the `JwtHandlerAdapter` and implement only the methods you need. For example:
```java
T returnVal = Jwts.parser().setSigningKey(key).parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, T>>() {
@Override
public T onPlaintextJws(Jws<String> jws) {
//the JWT parsed was a signed plaintext JWS
//inspect it, then return an instance of T (see returnVal above)
}
@Override
public T onClaimsJws(Jws<Claims> jws) {
//the JWT parsed was a signed Claims JWS
//inspect it, then return an instance of T (see returnVal above)
}
});
```
##### Known Type convenience parse methods
If, unlike above, you are confident of the compact string format and know which type of JWT or JWS it will produce, you can just use one of the 4 new convenience parsing methods to get exactly the type of JWT or JWS you know exists. For example:
```java
//for a known plaintext jwt string:
Jwt<Header,String> jwt = Jwts.parser().parsePlaintextJwt(compact);
//for a known Claims JWT string:
Jwt<Header,Claims> jwt = Jwts.parser().parseClaimsJwt(compact);
//for a known signed plaintext JWT (aka a plaintext JWS):
Jws<String> jws = Jwts.parser().setSigningKey(key).parsePlaintextJws(compact);
//for a known signed Claims JWT (aka a Claims JWS):
Jws<Claims> jws = Jwts.parser().setSigningKey(key).parseClaimsJws(compact);
```
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: NOTICE.md
================================================
## Base64 implementation
JJWT's `io.jsonwebtoken.io.Base64` implementation is based on [MigBase64](https://github.com/brsanthu/migbase64) with
continued modifications for Base64 URL support and additional test cases. The MigBase64 copyright and license notice
have been retained and are repeated here per that code's requirements:
```
Licence (BSD):
==============
Copyright (c) 2004, Mikael Grev, MiG InfoCom AB. (base64 @ miginfocom . com)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list
of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
Neither the name of the MiG InfoCom AB nor the names of its contributors may be
used to endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
```
Additionally, the following classes were copied from the Apache Commons-Codec project, with further JJWT-specific
modifications:
* io.jsonwebtoken.impl.io.Base64Codec
* io.jsonwebtoken.impl.io.Base64InputStream
* io.jsonwebtoken.impl.io.Base64OutputStream
* io.jsonwebtoken.impl.io.BaseNCodec
* io.jsonwebtoken.impl.io.BaseNCodecInputStream
* io.jsonwebtoken.impl.io.BaseNCodecOutputStream
* io.jsonwebtoken.impl.io.CodecPolicy
Its attribution:
```
Apache Commons Codec
Copyright 2002-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
```
Also, the following classes were copied from the Apache Commons-IO project, with further JJWT-specific modifications:
* io.jsonwebtoken.impl.io.CharSequenceReader
* io.jsonwebtoken.impl.io.FilteredInputStream
* io.jsonwebtoken.impl.io.FilteredOutputStream
* io.jsonwebtoken.impl.io.ClosedInputStream
* io.jsonwebtoken.impl.io.UncloseableInputStream
It's attribution:
```
Apache Commons IO
Copyright 2002-2023 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
```
================================================
FILE: README.adoc
================================================
:doctype: book
= Java JWT: JSON Web Token for Java and Android
:project-version: 0.13.0
:toc:
:toc-title:
:toc-placement!:
:toclevels: 4
ifdef::env-github[]
:tip-caption: ✏️TIP
:note-caption: ℹ️ NOTE
:important-caption: ‼️IMPORTANT
:caution-caption: ⛔️CAUTION
:warning-caption: ⚠️WARNING
endif::[]
// Macros
:fn-require-java8-plus: Requires Java 8 or a compatible JCA Provider (like BouncyCastle) in the runtime classpath.
:fn-require-java11-plus: Requires Java 11 or a compatible JCA Provider (like BouncyCastle) in the runtime classpath.
:fn-require-java15-plus: Requires Java 15 or a compatible JCA Provider (like BouncyCastle) in the runtime classpath.
image:https://github.com/jwtk/jjwt/actions/workflows/ci.yml/badge.svg?branch=master[Build Status,link=https://github.com/jwtk/jjwt/actions/workflows/ci.yml?query=branch%3Amaster]
image:https://coveralls.io/repos/github/jwtk/jjwt/badge.svg?branch=master[Coverage Status,link=https://coveralls.io/github/jwtk/jjwt?branch=master]
image:https://snyk-widget.herokuapp.com/badge/mvn/io.jsonwebtoken/jjwt-root/badge.svg[Vuln score,link=https://snyk-widget.herokuapp.com/badge/mvn/io.jsonwebtoken/jjwt-root/badge.svg]
image:https://snyk.io/test/github/jwtk/jjwt/badge.svg[Known Vulns,link=https://snyk.io/test/github/jwtk/jjwt/badge.svg]
JJWT aims to be the easiest to use and understand library for creating and verifying JSON Web Tokens (JWTs) and
JSON Web Keys (JWKs) on the JVM and Android.
JJWT is a pure Java implementation based exclusively on the
https://datatracker.ietf.org/wg/jose/documents/[JOSE Working Group] RFC specifications:
* https://tools.ietf.org/html/rfc7519[RFC 7519: JSON Web Token (JWT)]
* https://tools.ietf.org/html/rfc7515[RFC 7515: JSON Web Signature (JWS)]
* https://tools.ietf.org/html/rfc7516[RFC 7516: JSON Web Encryption (JWE)]
* https://tools.ietf.org/html/rfc7517[RFC 7517: JSON Web Key (JWK)]
* https://tools.ietf.org/html/rfc7518[RFC 7518: JSON Web Algorithms (JWA)]
* https://www.rfc-editor.org/rfc/rfc7638.html[RFC 7638: JSON Web Key Thumbprint]
* https://www.rfc-editor.org/rfc/rfc9278.html[RFC 9278: JSON Web Key Thumbprint URI]
* https://www.rfc-editor.org/rfc/rfc7797.html[RFC 7797: JWS Unencoded Payload Option]
* https://www.rfc-editor.org/rfc/rfc8037[RFC 8037: Edwards Curve algorithms and JWKs]
It was created by https://github.com/lhazlewood[Les Hazlewood]
and is supported and maintained by a https://github.com/jwtk/jjwt/graphs/contributors[community] of contributors.
JJWT is open source under the terms of the http://www.apache.org/licenses/LICENSE-2.0[Apache 2.0 License].
====
[discrete]
== Table of Contents
---
toc::[]
====
+++<a name="features">++++++</a>+++
== Features
* Fully functional on all Java 7+ JDKs and Android
* Automatic security best practices and assertions
* Easy to learn and read API
* Convenient and readable http://en.wikipedia.org/wiki/Fluent_interface[fluent] interfaces, great for IDE
auto-completion to write code quickly
* Fully RFC specification compliant on all implemented functionality, tested against RFC-specified test vectors
* Stable implementation with almost 1,700 tests and enforced 100% test code coverage. Every single method, statement
and conditional branch variant in the entire codebase is tested and required to pass on every build.
* Creating, parsing and verifying digitally signed compact JWTs (aka JWSs) with all standard JWS algorithms:
+
|===
| Identifier | Signature Algorithm
| `HS256`
| HMAC using SHA-256
| `HS384`
| HMAC using SHA-384
| `HS512`
| HMAC using SHA-512
| `ES256`
| ECDSA using P-256 and SHA-256
| `ES384`
| ECDSA using P-384 and SHA-384
| `ES512`
| ECDSA using P-521 and SHA-512
| `RS256`
| RSASSA-PKCS-v1_5 using SHA-256
| `RS384`
| RSASSA-PKCS-v1_5 using SHA-384
| `RS512`
| RSASSA-PKCS-v1_5 using SHA-512
| `PS256`
| RSASSA-PSS using SHA-256 and MGF1 with SHA-256^*1*^
| `PS384`
| RSASSA-PSS using SHA-384 and MGF1 with SHA-384^*1*^
| `PS512`
| RSASSA-PSS using SHA-512 and MGF1 with SHA-512^*1*^
| `EdDSA`
| Edwards-curve Digital Signature Algorithm^*2*^
|===
+
^*1.*{sp}{fn-require-java11-plus}^
+
^*2*.{sp}{fn-require-java15-plus}^
* Creating, parsing and decrypting encrypted compact JWTs (aka JWEs) with all standard JWE encryption algorithms:
+
|===
| Identifier | Encryption Algorithm
| `A128CBC‑HS256`
| https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.3[AES_128_CBC_HMAC_SHA_256] authenticated encryption algorithm
| `A192CBC-HS384`
| https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.4[AES_192_CBC_HMAC_SHA_384] authenticated encryption algorithm
| `A256CBC-HS512`
| https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.5[AES_256_CBC_HMAC_SHA_512] authenticated encryption algorithm
| `A128GCM`
| AES GCM using 128-bit key^*1*^
| `A192GCM`
| AES GCM using 192-bit key^*1*^
| `A256GCM`
| AES GCM using 256-bit key^*1*^
|===
+
^*1*.{sp}{fn-require-java8-plus}^
* All Key Management Algorithms for obtaining JWE encryption and decryption keys:
+
|===
| Identifier | Key Management Algorithm
| `RSA1_5`
| RSAES-PKCS1-v1_5
| `RSA-OAEP`
| RSAES OAEP using default parameters
| `RSA-OAEP-256`
| RSAES OAEP using SHA-256 and MGF1 with SHA-256
| `A128KW`
| AES Key Wrap with default initial value using 128-bit key
| `A192KW`
| AES Key Wrap with default initial value using 192-bit key
| `A256KW`
| AES Key Wrap with default initial value using 256-bit key
| `dir`
| Direct use of a shared symmetric key as the CEK
| `ECDH-ES`
| Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF
| `ECDH-ES+A128KW`
| ECDH-ES using Concat KDF and CEK wrapped with "A128KW"
| `ECDH-ES+A192KW`
| ECDH-ES using Concat KDF and CEK wrapped with "A192KW"
| `ECDH-ES+A256KW`
| ECDH-ES using Concat KDF and CEK wrapped with "A256KW"
| `A128GCMKW`
| Key wrapping with AES GCM using 128-bit key^*1*^
| `A192GCMKW`
| Key wrapping with AES GCM using 192-bit key^*1*^
| `A256GCMKW`
| Key wrapping with AES GCM using 256-bit key^*1*^
| `PBES2-HS256+A128KW`
| PBES2 with HMAC SHA-256 and "A128KW" wrapping^*1*^
| `PBES2-HS384+A192KW`
| PBES2 with HMAC SHA-384 and "A192KW" wrapping^*1*^
| `PBES2‑HS512+A256KW`
| PBES2 with HMAC SHA-512 and "A256KW" wrapping^*1*^
|===
+
^*1*.{sp}{fn-require-java8-plus}^
* Creating, parsing and verifying JSON Web Keys (JWKs) in all standard JWA key formats using native Java `Key` types:
+
|===
| JWK Key Format | Java `Key` Type | JJWT `Jwk` Type
| Symmetric Key
| `SecretKey`
| `SecretJwk`
| Elliptic Curve Public Key
| `ECPublicKey`
| `EcPublicJwk`
| Elliptic Curve Private Key
| `ECPrivateKey`
| `EcPrivateJwk`
| RSA Public Key
| `RSAPublicKey`
| `RsaPublicJwk`
| RSA Private Key
| `RSAPrivateKey`
| `RsaPrivateJwk`
| XDH Private Key
| `XECPublicKey`^*1*^
| `OctetPublicJwk`
| XDH Private Key
| `XECPrivateKey`^*1*^
| `OctetPrivateJwk`
| EdDSA Public Key
| `EdECPublicKey`^*2*^
| `OctetPublicJwk`
| EdDSA Private Key
| `EdECPublicKey`^*2*^
| `OctetPrivateJwk`
|===
+
^*1*.{sp}{fn-require-java15-plus}^
+
^*2*.{sp}{fn-require-java15-plus}^
* Convenience enhancements beyond the specification such as
** Payload compression for any large JWT, not just JWEs
** Claims assertions (requiring specific values)
** Claim POJO marshaling and unmarshalling when using a compatible JSON parser (e.g. Jackson)
** Secure Key generation based on desired JWA algorithms
** and more...
+++<a name="features-unsupported">++++++</a>+++
=== Currently Unsupported Features
* https://tools.ietf.org/html/rfc7515#section-7.2[Non-compact] serialization and parsing.
This feature may be implemented in a future release. Community contributions are welcome!
+++<a name="community">++++++</a>+++
== Community
+++<a name="help">++++++</a>+++
=== Getting Help
If you have trouble using JJWT, please first read the documentation on this page before asking questions. We try
very hard to ensure JJWT's documentation is robust, categorized with a table of contents, and up to date for each
release.
+++<a name="help-questions">++++++</a>+++
==== Questions
If the documentation or the API JavaDoc isn't sufficient, and you either have usability questions or are confused
about something, please https://github.com/jwtk/jjwt/discussions/new?category=q-a[ask your question here]. However:
*Please do not create a GitHub issue to ask a question.*
We use GitHub Issues to track actionable work that requires changes to JJWT's design and/or codebase. If you have a
usability question, instead please
https://github.com/jwtk/jjwt/discussions/new?category=q-a[ask your question here], and we can convert that to an
issue if necessary.
*If a GitHub Issue is created that does not represent actionable work for JJWT's codebase, it will be promptly
closed.*
+++<a name="help-issues">++++++</a>+++
==== Bugs, Feature Requests, Ideas and General Discussions
If you do not have a usability question and believe you have a legitimate bug or feature request,
please https://github.com/jwtk/jjwt/discussions[discuss it here] *_FIRST_*. Please do a quick search first to
see if an existing discussion related to yours exist already and join that existing discussion if necesary.
If you feel like you'd like to help fix a bug or implement the new feature yourself, please read the Contributing
section next before starting any work.
+++<a name="contributing">++++++</a>+++
=== Contributing
+++<a name="contributing-pull-requests">++++++</a>+++
==== Pull Requests
Simple Pull Requests that fix anything other than JJWT core code (documentation, JavaDoc, typos, test cases, etc) are
always appreciated and have a high likelihood of being merged quickly. Please send them!
However, if you want or feel the need to change JJWT's functionality or core code, please do not issue a pull request
without https://github.com/jwtk/jjwt/discussions[starting a new JJWT discussion] and discussing your desired
changes *first*, _before you start working on it_.
It would be a shame to reject your earnest and genuinely-appreciated pull request if it might not align with the
project's goals, design expectations or planned functionality. We've sadly had to reject large PRs in the past because
they were out of sync with project or design expectations - all because the PR author didn't first check in with
the team first before working on a solution.
So, please https://github.com/jwtk/jjwt/discussions[create a new JJWT discussion] first to discuss, and then we
can see easily convert the discussion to an issue and then see if (or how) a PR is warranted. Thank you!
+++<a name="contributing-help-wanted">++++++</a>+++
==== Help Wanted
If you would like to help, but don't know where to start, please visit the
https://github.com/jwtk/jjwt/labels/help%20wanted[Help Wanted Issues] page and pick any of the
ones there, and we'll be happy to discuss and answer questions in the issue comments.
If any of those don't appeal to you, no worries! Any help you would like to offer would be
appreciated based on the above caveats concerning <<contributing-pull-requests,contributing pull requests>>. Feel free
to https://github.com/jwtk/jjwt/discussions[discuss or ask questions first] if you're not sure. :)
+++<a name="overview">++++++</a>+++
== What is a JSON Web Token?
JSON Web Token (JWT) is a _general-purpose_ text-based messaging format for transmitting information in a
compact and secure way. Contrary to popular belief, JWT is not just useful for sending and receiving identity tokens
on the web - even if that is the most common use case. JWTs can be used as messages for _any_ type of data.
A JWT in its simplest form contains two parts:
. The primary data within the JWT, called the `payload`, and
. A JSON `Object` with name/value pairs that represent metadata about the `payload` and the
message itself, called the `header`.
A JWT `payload` can be absolutely anything at all - anything that can be represented as a byte array, such as Strings,
images, documents, etc.
But because a JWT `header` is a JSON `Object`, it would make sense that a JWT `payload` could also be a JSON
`Object` as well. In many cases, developers like the `payload` to be JSON that
represents data about a user or computer or similar identity concept. When used this way, the `payload` is called a
JSON `Claims` object, and each name/value pair within that object is called a `claim` - each piece of information
within 'claims' something about an identity.
And while it is useful to 'claim' something about an identity, really anyone can do that. What's important is that you
_trust_ the claims by verifying they come from a person or computer you trust.
A nice feature of JWTs is that they can be secured in various ways. A JWT can be cryptographically signed (making it
what we call a https://tools.ietf.org/html/rfc7515[JWS]) or encrypted (making it a
https://tools.ietf.org/html/rfc7516[JWE]). This adds a powerful layer of verifiability to the JWT - a
JWS or JWE recipient can have a high degree of confidence it comes from someone they trust
by verifying a signature or decrypting it. It is this feature of verifiability that makes JWT a good choice
for sending and receiving secure information, like identity claims.
Finally, JSON with whitespace for human readability is nice, but it doesn't make for a very efficient message
format. Therefore, JWTs can be _compacted_ (and even compressed) to a minimal representation - basically
Base64URL-encoded strings - so they can be transmitted around the web more efficiently, such as in HTTP headers or URLs.
+++<a name="overview-example-jwt">++++++</a>+++
=== JWT Example
Once you have a `payload` and `header`, how are they compacted for web transmission, and what does the final JWT
actually look like? Let's walk through a simplified version of the process with some pseudocode:
. Assume we have a JWT with a JSON `header` and a simple text message payload:
+
*header*
+
----
{
"alg": "none"
}
----
+
*payload*
+
----
The true sign of intelligence is not knowledge but imagination.
----
. Remove all unnecessary whitespace in the JSON:
+
[,groovy]
----
String header = '{"alg":"none"}'
String payload = 'The true sign of intelligence is not knowledge but imagination.'
----
. Get the UTF-8 bytes and Base64URL-encode each:
+
[,groovy]
----
String encodedHeader = base64URLEncode( header.getBytes("UTF-8") )
String encodedPayload = base64URLEncode( payload.getBytes("UTF-8") )
----
. Join the encoded header and claims with period ('.') characters:
+
[,groovy]
----
String compact = encodedHeader + '.' + encodedPayload + '.'
----
The final concatenated `compact` JWT String looks like this:
----
eyJhbGciOiJub25lIn0.VGhlIHRydWUgc2lnbiBvZiBpbnRlbGxpZ2VuY2UgaXMgbm90IGtub3dsZWRnZSBidXQgaW1hZ2luYXRpb24u.
----
This is called an 'unprotected' JWT because no security was involved - no digital signatures or encryption to
'protect' the JWT to ensure it cannot be changed by 3rd parties.
If we wanted to digitally sign the compact form so that we could at least guarantee that no-one changes the data
without us detecting it, we'd have to perform a few more steps, shown next.
+++<a name="overview-example-jws">++++++</a>+++
=== JWS Example
Instead of a plain text payload, the next example will use probably the most common type of payload - a JSON claims
`Object` containing information about a particular identity. We'll also digitally sign the JWT to ensure it
cannot be changed by a 3rd party without us knowing.
. Assume we have a JSON `header` and a claims `payload`:
+
*header*
+
[,json]
----
{
"alg": "HS256"
}
----
+
*payload*
+
[,json]
----
{
"sub": "Joe"
}
----
+
In this case, the `header` indicates that the `HS256` (HMAC using SHA-256) algorithm will be used to cryptographically sign
the JWT. Also, the `payload` JSON object has a single claim, `sub` with value `Joe`.
+
There are a number of standard claims, called https://tools.ietf.org/html/rfc7519#section-4.1[Registered Claims],
in the specification and `sub` (for 'Subject') is one of them.
. Remove all unnecessary whitespace in both JSON objects:
+
[,groovy]
----
String header = '{"alg":"HS256"}'
String claims = '{"sub":"Joe"}'
----
. Get their UTF-8 bytes and Base64URL-encode each:
+
[,groovy]
----
String encodedHeader = base64URLEncode( header.getBytes("UTF-8") )
String encodedClaims = base64URLEncode( claims.getBytes("UTF-8") )
----
. Concatenate the encoded header and claims with a period character '.' delimiter:
+
[,groovy]
----
String concatenated = encodedHeader + '.' + encodedClaims
----
. Use a sufficiently-strong cryptographic secret or private key, along with a signing algorithm of your choice
(we'll use HMAC-SHA-256 here), and sign the concatenated string:
+
[,groovy]
----
SecretKey key = getMySecretKey()
byte[] signature = hmacSha256( concatenated, key )
----
. Because signatures are always byte arrays, Base64URL-encode the signature and join it to the `concatenated` string
with a period character '.' delimiter:
+
[,groovy]
----
String compact = concatenated + '.' + base64URLEncode( signature )
----
And there you have it, the final `compact` String looks like this:
----
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJKb2UifQ.1KP0SsvENi7Uz1oQc07aXTL7kpQG5jBNIybqr60AlD4
----
This is called a 'JWS' - short for _signed_ JWT.
Of course, no one would want to do this manually in code, and worse, if you get anything wrong, you could introduce
serious security problems and weaknesses. As a result, JJWT was created to handle all of this for you: JJWT completely
automates both the creation of JWSs and the parsing and verification of JWSs for you.
+++<a name="overview-example-jwe">++++++</a>+++
=== JWE Example
So far we have seen an unprotected JWT and a cryptographically signed JWT (called a 'JWS'). One of the things
that is inherent to both of these two is that all the information within them can be seen by anyone - all the data in
both the header and the payload is publicly visible. JWS just ensures the data hasn't been changed by anyone -
it doesn't prevent anyone from seeing it. Many times, this is just fine because the data within them is not
sensitive information.
But what if you needed to represent information in a JWT that _is_ considered sensitive information - maybe someone's
postal address or social security number or bank account number?
In these cases, we'd want a fully-encrypted JWT, called a 'JWE' for short. A JWE uses cryptography to ensure that the
payload remains fully encrypted _and_ authenticated so unauthorized parties cannot see data within, nor change the data
without being detected. Specifically, the JWE specification requires that
https://en.wikipedia.org/wiki/Authenticated_encryption#Authenticated_encryption_with_associated_data_(AEAD)[Authenticated Encryption with Associated Data]
algorithms are used to fully encrypt and protect data.
A full overview of AEAD algorithms are out of scope for this documentation, but here's an example of a final compact
JWE that utilizes these algorithms (line breaks are for readability only):
----
eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.
6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.
AxY8DCtDaGlsbGljb3RoZQ.
KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.
U0m_YmjN04DJvceFICbCVQ
----
Next we'll cover how to install JJWT in your project, and then we'll see how to use JJWT's nice fluent API instead
of risky string manipulation to quickly and safely build JWTs, JWSs, and JWEs.
+++<a name="install">++++++</a>+++
== Installation
Use your favorite Maven-compatible build tool to pull the dependencies from Maven Central.
The dependencies could differ slightly if you are working with a <<install-jdk,JDK project>> or an
<<install-android,Android project>>.
+++<a name="install-jdk">++++++</a>+++
=== JDK Projects
If you're building a (non-Android) JDK project, you will want to define the following dependencies:
+++<a name="install-jdk-maven">++++++</a>+++
==== Maven
[,xml,subs="+attributes"]
----
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>{project-version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>{project-version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId> <!-- or jjwt-gson if Gson is preferred -->
<version>{project-version}</version>
<scope>runtime</scope>
</dependency>
<!-- Uncomment this next dependency if you are using:
- JDK 10 or earlier, and you want to use RSASSA-PSS (PS256, PS384, PS512) signature algorithms.
- JDK 10 or earlier, and you want to use EdECDH (X25519 or X448) Elliptic Curve Diffie-Hellman encryption.
- JDK 14 or earlier, and you want to use EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
It is unnecessary for these algorithms on JDK 15 or later.
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId> or bcprov-jdk15to18 on JDK 7
<version>1.76</version>
<scope>runtime</scope>
</dependency>
-->
----
+++<a name="install-jdk-gradle">++++++</a>+++
==== Gradle
[,groovy,subs="+attributes"]
----
dependencies {
implementation 'io.jsonwebtoken:jjwt-api:{project-version}'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:{project-version}'
runtimeOnly 'io.jsonwebtoken:jjwt-jackson:{project-version}' // or 'io.jsonwebtoken:jjwt-gson:{project-version}' for gson
/*
Uncomment this next dependency if you are using:
- JDK 10 or earlier, and you want to use RSASSA-PSS (PS256, PS384, PS512) signature algorithms.
- JDK 10 or earlier, and you want to use EdECDH (X25519 or X448) Elliptic Curve Diffie-Hellman encryption.
- JDK 14 or earlier, and you want to use EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
It is unnecessary for these algorithms on JDK 15 or later.
*/
// runtimeOnly 'org.bouncycastle:bcprov-jdk18on:1.76' // or bcprov-jdk15to18 on JDK 7
}
----
+++<a name="install-android">++++++</a>+++
=== Android Projects
Android projects will want to define the following dependencies and Proguard exclusions, and optional
BouncyCastle `Provider`:
+++<a name="install-android-dependencies">++++++</a>+++
==== Dependencies
Add the dependencies to your project:
[,groovy,subs="+attributes"]
----
dependencies {
api('io.jsonwebtoken:jjwt-api:{project-version}')
runtimeOnly('io.jsonwebtoken:jjwt-impl:{project-version}')
runtimeOnly('io.jsonwebtoken:jjwt-orgjson:{project-version}') {
exclude(group: 'org.json', module: 'json') //provided by Android natively
}
/*
Uncomment this next dependency if you want to use:
- RSASSA-PSS (PS256, PS384, PS512) signature algorithms.
- EdECDH (X25519 or X448) Elliptic Curve Diffie-Hellman encryption.
- EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
** AND ALSO ensure you enable the BouncyCastle provider as shown below **
*/
//implementation('org.bouncycastle:bcprov-jdk18on:1.76') // or bcprov-jdk15to18 for JDK 7
}
----
+++<a name="install-android-proguard">++++++</a>+++
==== Proguard
You can use the following https://developer.android.com/studio/build/shrink-code[Android Proguard] exclusion rules:
----
-keepattributes InnerClasses
-keep class io.jsonwebtoken.** { *; }
-keepnames class io.jsonwebtoken.* { *; }
-keepnames interface io.jsonwebtoken.* { *; }
-keep class org.bouncycastle.** { *; }
-keepnames class org.bouncycastle.** { *; }
-dontwarn org.bouncycastle.**
----
+++<a name="install-android-bc">++++++</a>+++
==== Bouncy Castle
If you want to use JWT RSASSA-PSS algorithms (i.e. `PS256`, `PS384`, and `PS512`), EdECDH (`X25512` or `X448`)
Elliptic Curve Diffie-Hellman encryption, EdDSA (`Ed25519` or `Ed448`) signature algorithms, or you just want to
ensure your Android application is running an updated version of BouncyCastle, you will need to:
. Uncomment the BouncyCastle dependency as commented above in the <<install-android-dependencies,dependencies>> section.
. Replace the legacy Android custom `BC` provider with the updated one.
Provider registration needs to be done _early_ in the application's lifecycle, preferably in your application's
main `Activity` class as a static initialization block. For example:
[,kotlin]
----
class MainActivity : AppCompatActivity() {
companion object {
init {
Security.removeProvider("BC") //remove old/legacy Android-provided BC provider
Security.addProvider(BouncyCastleProvider()) // add 'real'/correct BC provider
}
}
// ... etc ...
}
----
+++<a name="install-understandingdependencies">++++++</a>+++
=== Understanding JJWT Dependencies
Notice the above JJWT dependency declarations all have only one compile-time dependency and the rest are declared as
_runtime_ dependencies.
This is because JJWT is designed so you only depend on the APIs that are explicitly designed for you to use in
your applications and all other internal implementation details - that can change without warning - are relegated to
runtime-only dependencies. This is an extremely important point if you want to ensure stable JJWT usage and
upgrades over time:
[WARNING]
====
JJWT guarantees semantic versioning compatibility for all of its artifacts _except_ the `jjwt-impl` .jar. No such
guarantee is made for the `jjwt-impl` .jar and internal changes in that .jar can happen at any time. Never add the
`jjwt-impl` .jar to your project with `compile` scope - always declare it with `runtime` scope.
====
This is done to benefit you: great care goes into curating the `jjwt-api` .jar and ensuring it contains what you need
and remains backwards compatible as much as is possible so you can depend on that safely with compile scope. The
runtime `jjwt-impl` .jar strategy affords the JJWT developers the flexibility to change the internal packages and
implementations whenever and however necessary. This helps us implement features, fix bugs, and ship new releases to
you more quickly and efficiently.
+++<a name="quickstart">++++++</a>+++
== Quickstart
Most complexity is hidden behind a convenient and readable builder-based
http://en.wikipedia.org/wiki/Fluent_interface[fluent interface], great for relying on IDE auto-completion to write
code quickly. Here's an example:
[,java]
----
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
// We need a signing key, so we'll create one just for this example. Usually
// the key would be read from your application configuration instead.
SecretKey key = Jwts.SIG.HS256.key().build();
String jws = Jwts.builder().subject("Joe").signWith(key).compact();
----
How easy was that!?
In this case, we are:
. _building_ a JWT that will have the
https://tools.ietf.org/html/rfc7519#section-4.1[registered claim] `sub` (Subject) set to `Joe`. We are then
. _signing_ the JWT using a key suitable for the HMAC-SHA-256 algorithm. Finally, we are
. _compacting_ it into its final `String` form. A signed JWT is called a 'JWS'.
The resultant `jws` String looks like this:
----
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJKb2UifQ.1KP0SsvENi7Uz1oQc07aXTL7kpQG5jBNIybqr60AlD4
----
Now let's verify the JWT (you should always discard JWTs that don't match an expected signature):
[,java]
----
assert Jwts.parser().verifyWith(key).build().parseSignedClaims(jws).getPayload().getSubject().equals("Joe");
----
There are two things going on here. The `key` from before is being used to verify the signature of the JWT. If it
fails to verify the JWT, a `SignatureException` (which extends `JwtException`) is thrown. Assuming the JWT is
verified, we parse the claims and assert that that subject is set to `Joe`. You have to love code one-liners
that pack a punch!
[NOTE]
====
*Type-safe JWTs:* To get a type-safe `Claims` JWT result, call the `parseSignedClaims` method (since there are many
similar methods available). You will get an `UnsupportedJwtException` if you parse your JWT with wrong method.
====
But what if parsing or signature validation failed? You can catch `JwtException` and react accordingly:
[,java]
----
try {
Jwts.parser().verifyWith(key).build().parseSignedClaims(compactJws);
//OK, we can trust this JWT
} catch (JwtException e) {
//don't trust the JWT!
}
----
Now that we've had a quickstart 'taste' of how to create and parse JWTs, let's cover JJWT's API in-depth.
+++<a name="jwt-create">++++++</a>+++
== Creating a JWT
You create a JWT as follows:
. Use the `Jwts.builder()` method to create a `JwtBuilder` instance.
. Optionally set any <<jwt-header,`header` parameters>> as desired.
. Call builder methods to set the payload <<jwt-content,content>> or <<jwt-claims,claims>>.
. Optionally call `signWith` or `encryptWith` methods if you want to digitally sign or encrypt the JWT.
. Call the `compact()` method to produce the resulting compact JWT string.
For example:
[,java]
----
String jwt = Jwts.builder() // (1)
.header() // (2) optional
.keyId("aKeyId")
.and()
.subject("Bob") // (3) JSON Claims, or
//.content(aByteArray, "text/plain") // any byte[] content, with media type
.signWith(signingKey) // (4) if signing, or
//.encryptWith(key, keyAlg, encryptionAlg) // if encrypting
.compact(); // (5)
----
* The JWT `payload` may be either `byte[]` content (via `content`) _or_ JSON Claims
(such as `subject`, `claims`, etc), but not both.
* Either digital signatures (`signWith`) or encryption (`encryptWith`) may be used, but not both.
[WARNING]
====
*Unprotected JWTs*: If you do not use the `signWith` or `encryptWith` builder methods, *an Unprotected JWT will be
created, which offers no security protection at all*. If you need security protection, consider either
<<jws,digitally signing>> or <<jwe,encrypting>> the JWT before calling the `compact()` builder method.
====
+++<a name="jwt-header">++++++</a>++++++<a name="jws-create-header">++++++</a>+++
// legacy anchors for old links
=== JWT Header
A JWT header is a JSON `Object` that provides metadata about the contents, format, and any cryptographic operations
relevant to the JWT `payload`. JJWT provides a number of ways of setting the entire header and/or multiple individual
header parameters (name/value pairs).
+++<a name="jwt-header-builder">++++++</a>++++++<a name="jws-create-header-instance">++++++</a>+++
// legacy anchors for old links
==== JwtBuilder Header
The easiest and recommended way to set one or more JWT header parameters (name/value pairs) is to use the
``JwtBuilder``'s `header()` builder as desired, and then call its `and()` method to return back
to the `JwtBuilder` for further configuration. For example:
[,java]
----
String jwt = Jwts.builder()
.header() // <----
.keyId("aKeyId")
.x509Url(aUri)
.add("someName", anyValue)
.add(mapValues)
// ... etc ...
.and() // go back to the JwtBuilder
.subject("Joe") // resume JwtBuilder calls...
// ... etc ...
.compact();
----
The `JwtBuilder` `header()` builder also supports automatically calculating X.509 thumbprints and other builder-style benefits that
a simple property getter/setter object would not do.
[NOTE]
====
*Automatic Headers*: You do not need to set the `alg`, `enc` or `zip` headers - JJWT will always set them
automatically as needed.
====
+++<a name="jwt-header-params">++++++</a>+++
===== Custom Header Parameters
In addition to type-safe builder methods for standard header parameters, `JwtBuilder.header()` can also support
arbitrary name/value pairs via the `add` method:
[,java]
----
Jwts.builder()
.header()
.add("aHeaderName", aValue)
// ... etc ...
.and() // return to the JwtBuilder
// ... etc ...
----
+++<a name="jwt-header-map">++++++</a>++++++<a name="jws-create-header-map">++++++</a>+++
// legacy anchors for old links
===== Header Parameter Map
The `add` method is also overloaded to support multiple parameters in a `Map`:
[,java]
----
Jwts.builder()
.header()
.add(multipleHeaderParamsMap)
// ... etc ...
.and() // return to the JwtBuilder
// ... etc ...
----
==== Jwts HeaderBuilder
Using `Jwts.builder().header()` shown above is the preferred way to modify a header when using the `JwtBuilder`.
However, if you would like to create a 'standalone' `Header` outside of the context of using the `JwtBuilder`, you
can use `Jwts.header()` instead to return an independent `Header` builder. For example:
[,java]
----
Header header = Jwts.header()
.keyId("aKeyId")
.x509Url(aUri)
.add("someName", anyValue)
.add(mapValues)
// ... etc ...
.build() // <---- not 'and()'
----
There are only two differences between `Jwts.header()` and `Jwts.builder().header()`:
. `Jwts.header()` builds a 'detached' `Header` that is not associated with any particular JWT, whereas
`Jwts.builder().header()` always modifies the header of the immediate JWT being constructed by its parent
`JwtBuilder`.
. `Jwts.header()` has a `build()` method to produce an explicit `Header` instance and
`Jwts.builder().header()` does not (it has an `and()` method instead) because its parent `JwtBuilder` will implicitly
create the header instance when necessary.
A standalone header might be useful if you want to aggregate common header parameters in a single 'template'
instance so you don't have to repeat them for each `JwtBuilder` usage. Then this 'template' `Header` can be used to
populate `JwtBuilder` usages by just appending it to the `JwtBuilder` header, for example:
[,java]
----
// perhaps somewhere in application configuration:
Header commonHeaders = Jwts.header()
.issuer("My Company")
// ... etc ...
.build();
// --------------------------------
// somewhere else during actual Jwt construction:
String jwt = Jwts.builder()
.header()
.add(commonHeaders) // <----
.add("specificHeader", specificValue) // jwt-specific headers...
.and()
.subject("whatever")
// ... etc ...
.compact();
----
+++<a name="jwt-payload">++++++</a>+++
=== JWT Payload
A JWT `payload` can be anything at all - anything that can be represented as a byte array, such as text, images,
documents, and more. But since a JWT `header` is always JSON, it makes sense that the `payload` could also be JSON,
especially for representing identity claims.
As a result, the `JwtBuilder` supports two distinct payload options:
* `content` if you would like the payload to be arbitrary byte array content, or
* `claims` (and supporting helper methods) if you would like the payload to be a JSON Claims `Object`.
Either option may be used, but not both. Using both will cause `compact()` to throw an exception.
+++<a name="jwt-content">++++++</a>+++
==== Arbitrary Content
You can set the JWT payload to be any arbitrary byte array content by using the `JwtBuilder` `content` method.
For example:
[,java]
----
byte[] content = "Hello World".getBytes(StandardCharsets.UTF_8);
String jwt = Jwts.builder()
.content(content, "text/plain") // <---
// ... etc ...
.build();
----
Notice this particular example of `content` uses the two-argument convenience variant:
. The first argument is the actual byte content to set as the JWT payload
. The second argument is a String identifier of an IANA Media Type.
The second argument will cause the `JwtBuilder` to automatically set the `cty` (Content Type) header according to the
JWT specification's https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10[recommended compact format].
This two-argument variant is typically recommended over the single-argument `content(byte[])` method because it
guarantees the JWT recipient can inspect the `cty` header to determine how to convert the `payload` byte array into
a final form that the application can use.
Without setting the `cty` header, the JWT recipient _must_ know via out-of-band (external) information how to process
the byte array, which is usually less convenient and always requires code changes if the content format ever changes.
For these reasons, it is strongly recommended to use the two-argument `content` method variant.
+++<a name="jwt-claims">++++++</a>++++++<a name="jws-create-claims">++++++</a>+++
// legacy anchors for old links
==== JWT Claims
Instead of a content byte array, a JWT payload may contain assertions or claims for a JWT recipient. In
this case, the payload is a `Claims` JSON `Object`, and JJWT supports claims creation with type-safe
builder methods.
+++<a name="jwt-claims-standard">++++++</a>++++++<a name="jws-create-claims-standard">++++++</a>+++
// legacy anchors for old links
===== Standard Claims
The `JwtBuilder` provides convenient builder methods for standard registered Claim names defined in the JWT
specification. They are:
* `issuer`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.1[`iss` (Issuer) Claim]
* `subject`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.2[`sub` (Subject) Claim]
* `audience`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.3[`aud` (Audience) Claim]
* `expiration`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.4[`exp` (Expiration Time) Claim]
* `notBefore`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.5[`nbf` (Not Before) Claim]
* `issuedAt`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.6[`iat` (Issued At) Claim]
* `id`: sets the https://tools.ietf.org/html/rfc7519#section-4.1.7[`jti` (JWT ID) Claim]
For example:
[,java]
----
String jws = Jwts.builder()
.issuer("me")
.subject("Bob")
.audience().add("you").and()
.expiration(expiration) //a java.util.Date
.notBefore(notBefore) //a java.util.Date
.issuedAt(new Date()) // for example, now
.id(UUID.randomUUID().toString()) //just an example id
/// ... etc ...
----
+++<a name="jwt-claims-custom">++++++</a>++++++<a name="jws-create-claims-custom">++++++</a>+++
// legacy anchors for old links
===== Custom Claims
If you need to set one or more custom claims that don't match the standard setter method claims shown above, you
can simply call the `JwtBuilder` `claim` method one or more times as needed:
[,java]
----
String jws = Jwts.builder()
.claim("hello", "world")
// ... etc ...
----
Each time `claim` is called, it simply appends the key-value pair to an internal `Claims` builder, potentially
overwriting any existing identically-named key/value pair.
Obviously, you do not need to call `claim` for any <<jws-create-claims-standard,standard claim name>>, and it is
recommended instead to call the standard respective type-safe named builder method as this enhances readability.
+++<a name="jws-create-claims-instance">++++++</a>+++
// legacy anchors for old links
+++<a name="jwt-claims-instance">++++++</a>+++
+++<a name="jwt-claims-map">++++++</a>++++++<a name="jws-create-claims-map">++++++</a>+++
// legacy anchors for old links
===== Claims Map
If you want to add multiple claims at once, you can use `JwtBuilder` `claims(Map)` method:
[,java]
----
Map<String,?> claims = getMyClaimsMap(); //implement me
String jws = Jwts.builder()
.claims(claims)
// ... etc ...
----
+++<a name="jwt-compression">++++++</a>++++++<a name="jws-create-compression">++++++</a>+++
// legacy anchors for old links
=== JWT Compression
If your JWT payload is large (contains a lot of data), you might want to compress the JWT to reduce its size. Note
that this is _not_ a standard feature for all JWTs - only JWEs - and is not likely to be supported by other JWT
libraries for non-JWE tokens. JJWT supports compression for both JWSs and JWEs, however.
Please see the main <<compression,Compression>> section to see how to compress and decompress JWTs.
+++<a name="jwt-read">++++++</a>+++
== Reading a JWT
You read (parse) a JWT as follows:
. Use the `Jwts.parser()` method to create a `JwtParserBuilder` instance.
. Optionally call `keyLocator`, `verifyWith` or `decryptWith` methods if you expect to parse <<jws,signed>> or <<jwe,encrypted>> JWTs.
. Call the `build()` method on the `JwtParserBuilder` to create and return a thread-safe `JwtParser`.
. Call one of the various `parse*` methods with your compact JWT string, depending on the type of JWT you expect.
. Wrap the `parse*` call in a try/catch block in case parsing, signature verification, or decryption fails.
For example:
[,java]
----
Jwt<?,?> jwt;
try {
jwt = Jwts.parser() // (1)
.keyLocator(keyLocator) // (2) dynamically locate signing or encryption keys
//.verifyWith(key) // or a constant key used to verify all signed JWTs
//.decryptWith(key) // or a constant key used to decrypt all encrypted JWTs
.build() // (3)
.parse(compact); // (4) or parseSignedClaims, parseEncryptedClaims, parseSignedContent, etc
// we can safely trust the JWT
catch (JwtException ex) { // (5)
// we *cannot* use the JWT as intended by its creator
}
----
[NOTE]
====
*Type-safe JWTs:* If you are certain your parser will only ever encounter a specific kind of JWT (for example, you only
ever use signed JWTs with `Claims` payloads, or encrypted JWTs with `byte[]` content payloads, etc), you can call the
associated type-safe `parseSignedClaims`, `parseEncryptedClaims`, (etc) method variant instead of the generic `parse` method.
These `parse*` methods will return the type-safe JWT you are expecting, for example, a `Jws<Claims>` or `Jwe<byte[]>`
instead of a generic `Jwt<?,?>` instance.
====
+++<a name="jwt-read-key">++++++</a>+++
=== Constant Parsing Key
If the JWT parsed is a JWS or JWE, a key will be necessary to verify the signature or decrypt it. If a JWS and
signature verification fails, or if a JWE and decryption fails, the JWT cannot be safely trusted and should be
discarded.
So which key do we use?
* If parsing a JWS and the JWS was signed with a `SecretKey`, the same `SecretKey` should be specified on the
`JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.verifyWith(secretKey) // <----
.build()
.parseSignedClaims(jwsString);
----
* If parsing a JWS and the JWS was signed with a `PrivateKey`, that key's corresponding `PublicKey` (not the
`PrivateKey`) should be specified on the `JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.verifyWith(publicKey) // <---- publicKey, not privateKey
.build()
.parseSignedClaims(jwsString);
----
* If parsing a JWE and the JWE was encrypted with direct encryption using a `SecretKey`, the same `SecretKey` should be
specified on the `JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.decryptWith(secretKey) // <---- or a Password from Keys.password(charArray)
.build()
.parseEncryptedClaims(jweString);
----
* If parsing a JWE and the JWE was encrypted with a key algorithm using with a `PublicKey`, that key's corresponding
`PrivateKey` (not the `PublicKey`) should be specified on the `JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.decryptWith(privateKey) // <---- privateKey, not publicKey
.build()
.parseEncryptedClaims(jweString);
----
==== Multiple Keys?
But you might have noticed something - what if your application doesn't use just a single `SecretKey` or `KeyPair`? What
if JWSs and JWEs can be created with different ``SecretKey``s or public/private keys, or a combination of both? How do
you know which key to specify if you don't inspect the JWT first?
In these cases, you can't call the ``JwtParserBuilder``'s `verifyWith` or `decryptWith` methods with a single key -
instead, you'll need to configure a parsing Key Locator, discussed next.
+++<a name="key-locator">++++++</a>+++
=== Dynamic Key Lookup
It is common in many applications to receive JWTs that can be encrypted or signed by different cryptographic keys. For
example, maybe a JWT created to assert a specific user identity uses a Key specific to that exact user. Or perhaps JWTs
specific to a particular customer all use that customer's Key. Or maybe your application creates JWTs that are
encrypted with a key specific to your application for your own use (e.g. a user session token).
In all of these and similar scenarios, you won't know which key was used to sign or encrypt a JWT until the JWT is
received, at parse time, so you can't 'hard code' any verification or decryption key using the ``JwtParserBuilder``'s
`verifyWith` or `decryptWith` methods. Those are only to be used when the same key is used to verify or decrypt
_all_ JWSs or JWEs, which won't work for dynamically signed or encrypted JWTs.
+++<a name="key-locator-custom">++++++</a>+++
==== Key Locator
If you need to support dynamic key lookup when encountering JWTs, you'll need to implement
the `Locator<Key>` interface and specify an instance on the `JwtParserBuilder` via the `keyLocator` method. For
example:
[,java]
----
Locator<Key> keyLocator = getMyKeyLocator();
Jwts.parser()
.keyLocator(keyLocator) // <----
.build()
// ... etc ...
----
A `Locator<Key>` is used to lookup _both_ JWS signature verification keys _and_ JWE decryption keys. You need to
determine which key to return based on information in the JWT `header`, for example:
[,java]
----
public class MyKeyLocator extends LocatorAdapter<Key> {
@Override
public Key locate(ProtectedHeader<?> header) { // a JwsHeader or JweHeader
// implement me
}
}
----
The `JwtParser` will invoke the `locate` method after parsing the JWT `header`, but _before parsing the `payload`,
or verifying any JWS signature or decrypting any JWE ciphertext_. This allows you to inspect the `header` argument
for any information that can help you look up the `Key` to use for verifying _that specific jwt_. This is very
powerful for applications with more complex security models that might use different keys at different times or for
different users or customers.
+++<a name="key-locator-strategy">++++++</a>+++
==== Key Locator Strategy
What data might you inspect to determine how to lookup a signature verification or decryption key?
The JWT specifications' preferred approach is to set a `kid` (Key ID) header value when the JWT is being created,
for example:
[,java]
----
Key key = getSigningKey(); // or getEncryptionKey() for JWE
String keyId = getKeyId(key); //any mechanism you have to associate a key with an ID is fine
String jws = Jwts.builder()
.header().keyId(keyId).and() // <--- add `kid` header
.signWith(key) // for JWS
//.encryptWith(key, keyAlg, encryptionAlg) // for JWE
.compact();
----
Then during parsing, your `Locator<Key>` implementation can inspect the `header` to get the `kid` value and then use it
to look up the verification or decryption key from somewhere, like a database, keystore or Hardware Security Module
(HSM). For example:
[,java]
----
public class MyKeyLocator extends LocatorAdapter<Key> {
@Override
public Key locate(ProtectedHeader<?> header) { // both JwsHeader and JweHeader extend ProtectedHeader
//inspect the header, lookup and return the verification key
String keyId = header.getKeyId(); //or any other parameter that you need to inspect
Key key = lookupKey(keyId); //implement me
return key;
}
}
----
Note that inspecting the `header.getKeyId()` is just the most common approach to look up a key - you could inspect any
number of header parameters to determine how to lookup the verification or decryption key. It is all based on how
the JWT was created.
If you extend `LocatorAdapter<Key>` as shown above, but for some reason have different lookup strategies for
signature verification keys versus decryption keys, you can forego overriding the `locate(ProtectedHeader<?>)` method
in favor of two respective `locate(JwsHeader)` and `locate(JweHeader)` methods:
[,java]
----
public class MyKeyLocator extends LocatorAdapter<Key> {
@Override
public Key locate(JwsHeader header) {
String keyId = header.getKeyId(); //or any other parameter that you need to inspect
return lookupSignatureVerificationKey(keyId); //implement me
}
@Override
public Key locate(JweHeader header) {
String keyId = header.getKeyId(); //or any other parameter// that you need to inspect
return lookupDecryptionKey(keyId); //implement me
}
}
----
[NOTE]
====
*Simpler Lookup*: If possible, try to keep the key lookup strategy the same between JWSs and JWEs (i.e. using
only `locate(ProtectedHeader<?>)`), preferably using only
the `kid` (Key ID) header value or perhaps a public key thumbprint. You will find the implementation is much
simpler and easier to maintain over time, and also creates smaller headers for compact transmission.
====
+++<a name="key-locator-retvals">++++++</a>+++
==== Key Locator Return Values
Regardless of which implementation strategy you choose, remember to return the appropriate type of key depending
on the type of JWS or JWE algorithm used. That is:
* For JWS:
** For HMAC-based signature algorithms, the returned verification key should be a `SecretKey`, and,
** For asymmetric signature algorithms, the returned verification key should be a `PublicKey` (not a `PrivateKey`).
* For JWE:
** For JWE direct encryption, the returned decryption key should be a `SecretKey`.
** For password-based key derivation algorithms, the returned decryption key should be a
`io.jsonwebtoken.security.Password`. You can create a `Password` instance by calling
`Keys.password(char[] passwordCharacters)`.
** For asymmetric key management algorithms, the returned decryption key should be a `PrivateKey` (not a `PublicKey`).
+++<a name="key-locator-provider">++++++</a>+++
==== Provider-constrained Keys
If any verification or decryption key returned from a Key `Locator` must be used with a specific security `Provider`
(such as for PKCS11 or Hardware Security Module (HSM) keys), you must make that `Provider` available for JWT parsing
in one of 3 ways, listed in order of recommendation and simplicity:
. https://docs.oracle.com/en/java/javase/17/security/howtoimplaprovider.html#GUID-831AA25F-F702-442D-A2E4-8DA6DEA16F33[Configure the Provider in the JVM],
either by modifying the `java.security` file or by registering the `Provider` dynamically via
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/Security.html#addProvider(java.security.Provider)[Security.addProvider(Provider)].
This is the recommended approach so you do not need to modify code anywhere that may need to parse JWTs.
. Set the `Provider` as the parser default by calling `JwtParserBuilder#provider(Provider)`. This will
ensure the provider is used by default with _all_ located keys unless overridden by a key-specific Provider. This
is only recommended when you are confident that all JWTs encountered by the parser instance will use keys
attributed to the same `Provider`, unless overridden by a specific key.
. Associate the `Provider` with a specific key using `Keys.builder` so it is used for that key only. This option is
useful if some located keys require a specific provider, while other located keys can assume a default provider. For
example:
+
[,java]
----
public Key locate(Header<?> header) {
PrivateKey /* or SecretKey */ key = findKey(header); // implement me
Provider keySpecificProvider = findKeyProvider(key); // implement me
if (keySpecificProvider != null) {
// Ensure the key-specific provider (e.g. for PKCS11 or HSM) will be used
// during decryption with the KeyAlgorithm in the JWE 'alg' header
return Keys.builder(key).provider(keySpecificProvider).build();
}
// otherwise default provider is fine:
return key;
}
----
+++<a name="jwt-read-claims">++++++</a>++++++<a name="jws-read-claims">++++++</a>+++
// legacy anchor for old links
=== Claim Assertions
You can enforce that the JWT you are parsing conforms to expectations that you require and are important for your
application.
For example, let's say that you require that the JWT you are parsing has a specific `sub` (subject) value,
otherwise you may not trust the token. You can do that by using one of the various `require`* methods on the
`JwtParserBuilder`:
[,java]
----
try {
Jwts.parser().requireSubject("jsmith")/* etc... */.build().parse(s);
} catch (InvalidClaimException ice) {
// the sub claim was missing or did not have a 'jsmith' value
}
----
If it is important to react to a missing vs an incorrect value, instead of catching `InvalidClaimException`,
you can catch either `MissingClaimException` or `IncorrectClaimException`:
[,java]
----
try {
Jwts.parser().requireSubject("jsmith")/* etc... */.build().parse(s);
} catch(MissingClaimException mce) {
// the parsed JWT did not have the sub claim
} catch(IncorrectClaimException ice) {
// the parsed JWT had a sub claim, but its value was not equal to 'jsmith'
}
----
You can also require custom claims by using the `require(claimName, requiredValue)` method - for example:
[,java]
----
try {
Jwts.parser().require("myClaim", "myRequiredValue")/* etc... */.build().parse(s);
} catch(InvalidClaimException ice) {
// the 'myClaim' claim was missing or did not have a 'myRequiredValue' value
}
----
(or, again, you could catch either `MissingClaimException` or `IncorrectClaimException` instead).
Please see the `JwtParserBuilder` class and/or JavaDoc for a full list of the various `require`* methods you may use
for claims assertions.
+++<a name="jwt-read-clock">++++++</a>++++++<a name="jws-read-clock">++++++</a>+++
// legacy anchor for old links
=== Accounting for Clock Skew
When parsing a JWT, you might find that `exp` or `nbf` claim assertions fail (throw exceptions) because the clock on
the parsing machine is not perfectly in sync with the clock on the machine that created the JWT. This can cause
obvious problems since `exp` and `nbf` are time-based assertions, and clock times need to be reliably in sync for shared
assertions.
You can account for these differences (usually no more than a few minutes) when parsing using the ``JwtParserBuilder``'s
`clockSkewSeconds`. For example:
[,java]
----
long seconds = 3 * 60; //3 minutes
Jwts.parser()
.clockSkewSeconds(seconds) // <----
// ... etc ...
.build()
.parse(jwt);
----
This ensures that minor clock differences between the machines can be ignored. Two or three minutes should be more than
enough; it would be fairly strange if a production machine's clock was more than 5 minutes difference from most
atomic clocks around the world.
+++<a name="jwt-read-clock-custom">++++++</a>++++++<a name="jws-read-clock-custom">++++++</a>+++
// legacy anchor for old links
==== Custom Clock Support
If the above `clockSkewSeconds` isn't sufficient for your needs, the timestamps created
during parsing for timestamp comparisons can be obtained via a custom time source. Call the ``JwtParserBuilder``'s
`clock` method with an implementation of the `io.jsonwebtoken.Clock` interface. For example:
[,java]
----
Clock clock = new MyClock();
Jwts.parser().clock(myClock) //... etc ...
----
The ``JwtParser``'s default `Clock` implementation simply returns `new Date()` to reflect the time when parsing occurs,
as most would expect. However, supplying your own clock could be useful, especially when writing test cases to
guarantee deterministic behavior.
+++<a name="jwt-read-decompression">++++++</a>+++
=== JWT Decompression
If you used JJWT to compress a JWT and you used a custom compression algorithm, you will need to tell the
`JwtParserBuilder` how to resolve your `CompressionAlgorithm` to decompress the JWT.
Please see the <<compression,Compression>> section below to see how to decompress JWTs during parsing.
+++<a name="jws">++++++</a>+++
== Signed JWTs
The JWT specification provides for the ability to
https://en.wikipedia.org/wiki/Digital_signature[cryptographically _sign_] a JWT. Signing a JWT:
. guarantees the JWT was created by someone we know (it is authentic) as well as
. guarantees that no-one has manipulated or changed the JWT after it was created (its integrity is maintained).
These two properties - authenticity and integrity - assure us that a JWT contains information we can trust. If a
JWT fails authenticity or integrity checks, we should always reject that JWT because we can't trust it.
But before we dig in to showing you how to create a JWS using JJWT, let's briefly discuss Signature Algorithms and
Keys, specifically as they relate to the JWT specifications. Understanding them is critical to being able to create a
JWS properly.
+++<a name="jws-alg">++++++</a>+++
=== Standard Signature Algorithms
The JWT specifications identify 13 standard signature algorithms - 3 secret key algorithms and 10 asymmetric
key algorithms:
|===
| Identifier | Signature Algorithm
| `HS256`
| HMAC using SHA-256
| `HS384`
| HMAC using SHA-384
| `HS512`
| HMAC using SHA-512
| `ES256`
| ECDSA using P-256 and SHA-256
| `ES384`
| ECDSA using P-384 and SHA-384
| `ES512`
| ECDSA using P-521 and SHA-512
| `RS256`
| RSASSA-PKCS-v1_5 using SHA-256
| `RS384`
| RSASSA-PKCS-v1_5 using SHA-384
| `RS512`
| RSASSA-PKCS-v1_5 using SHA-512
| `PS256`
| RSASSA-PSS using SHA-256 and MGF1 with SHA-256^*1*^
| `PS384`
| RSASSA-PSS using SHA-384 and MGF1 with SHA-384^*1*^
| `PS512`
| RSASSA-PSS using SHA-512 and MGF1 with SHA-512^*1*^
| `EdDSA`
| Edwards-Curve Digital Signature Algorithm (EdDSA)^*2*^
|===
^*1*.{sp}{fn-require-java15-plus}^
^*2*.{sp}{fn-require-java15-plus}^
These are all represented as constants in the `io.jsonwebtoken.Jwts.SIG` registry class.
+++<a name="jws-key">++++++</a>+++
=== Signature Algorithms Keys
What's really important about the above standard signature algorithms - other than their security properties - is that
the JWT specification https://tools.ietf.org/html/rfc7518#section-3[RFC 7518, Sections 3.2 through 3.5]
_requires_ (mandates) that you MUST use keys that are sufficiently strong for a chosen algorithm.
This means that JJWT - a specification-compliant library - will also enforce that you use sufficiently strong keys
for the algorithms you choose. If you provide a weak key for a given algorithm, JJWT will reject it and throw an
exception.
This is not because we want to make your life difficult, we promise! The reason why the JWT specification, and
consequently JJWT, mandates key lengths is that the security model of a particular algorithm can completely break
down if you don't adhere to the mandatory key properties of the algorithm, effectively having no security at all. No
one wants completely insecure JWTs, right? Right!
So what are the key strength requirements?
+++<a name="jws-key-hmacsha">++++++</a>+++
==== HMAC-SHA
JWT HMAC-SHA signature algorithms `HS256`, `HS384`, and `HS512` require a secret key that is _at least_ as many bits as
the algorithm's signature (digest) length per https://tools.ietf.org/html/rfc7518#section-3.2[RFC 7512 Section 3.2].
This means:
* `HS256` is HMAC-SHA-256, and that produces digests that are 256 bits (32 bytes) long, so `HS256` _requires_ that you
use a secret key that is at least 32 bytes long.
* `HS384` is HMAC-SHA-384, and that produces digests that are 384 bits (48 bytes) long, so `HS384` _requires_ that you
use a secret key that is at least 48 bytes long.
* `HS512` is HMAC-SHA-512, and that produces digests that are 512 bits (64 bytes) long, so `HS512` _requires_ that you
use a secret key that is at least 64 bytes long.
+++<a name="jws-key-rsa">++++++</a>+++
==== RSA
JWT RSA signature algorithms `RS256`, `RS384`, `RS512`, `PS256`, `PS384` and `PS512` all require a minimum key length
(aka an RSA modulus bit length) of `2048` bits per RFC 7512 Sections
https://tools.ietf.org/html/rfc7518#section-3.3[3.3] and https://tools.ietf.org/html/rfc7518#section-3.5[3.5].
Anything smaller than this (such as 1024 bits) will be rejected with an `WeakKeyException`.
That said, in keeping with best practices and increasing key lengths for security longevity, JJWT
recommends that you use:
* at least 2048 bit keys with `RS256` and `PS256`
* at least 3072 bit keys with `RS384` and `PS384`
* at least 4096 bit keys with `RS512` and `PS512`
These are only JJWT suggestions and not requirements. JJWT only enforces JWT specification requirements and
for any RSA key, the requirement is the RSA key (modulus) length in bits MUST be >= 2048 bits.
+++<a name="jws-key-ecdsa">++++++</a>+++
==== Elliptic Curve
JWT Elliptic Curve signature algorithms `ES256`, `ES384`, and `ES512` all require a key length
(aka an Elliptic Curve order bit length) equal to the algorithm signature's individual
`R` and `S` components per https://tools.ietf.org/html/rfc7518#section-3.4[RFC 7512 Section 3.4]. This means:
* `ES256` requires that you use a private key that is exactly 256 bits (32 bytes) long.
* `ES384` requires that you use a private key that is exactly 384 bits (48 bytes) long.
* `ES512` requires that you use a private key that is exactly 521 bits (65 or 66 bytes) long (depending on format).
+++<a name="jws-key-eddsa">++++++</a>+++
==== Edwards Curve
The JWT Edwards Curve signature algorithm `EdDSA` supports two sizes of private and public ``EdECKey``s (these types
were introduced in Java 15):
* `Ed25519` algorithm keys must be 256 bits (32 bytes) long and produce signatures 512 bits (64 bytes) long.
* `Ed448` algorithm keys must be 456 bits (57 bytes) long and produce signatures 912 bits (114 bytes) long.
+++<a name="jws-key-create">++++++</a>+++
==== Creating Safe Keys
If you don't want to think about bit length requirements or just want to make your life easier, JJWT has
provided convenient builder classes that can generate sufficiently secure keys for any given
JWT signature algorithm you might want to use.
+++<a name="jws-key-create-secret">++++++</a>+++
===== Secret Keys
If you want to generate a sufficiently strong `SecretKey` for use with the JWT HMAC-SHA algorithms, use the respective
algorithm's `key()` builder method:
[,java]
----
SecretKey key = Jwts.SIG.HS256.key().build(); //or HS384.key() or HS512.key()
----
Under the hood, JJWT uses the JCA default provider's `KeyGenerator` to create a secure-random key with the correct
minimum length for the given algorithm.
If you want to specify a specific JCA `Provider` or `SecureRandom` to use during key generation, you may specify those
as builder arguments. For example:
[,java]
----
SecretKey key = Jwts.SIG.HS256.key().provider(aProvider).random(aSecureRandom).build();
----
If you need to save this new `SecretKey`, you can Base64 (or Base64URL) encode it:
[,java]
----
String secretString = Encoders.BASE64.encode(key.getEncoded());
----
Ensure you save the resulting `secretString` somewhere safe -
<<base64-not-encryption,Base64-encoding is not encryption>>, so it's still considered sensitive information. You can
further encrypt it, etc, before saving to disk (for example).
+++<a name="jws-key-create-asym">++++++</a>+++
===== Asymmetric Keys
If you want to generate sufficiently strong Elliptic Curve or RSA asymmetric key pairs for use with JWT ECDSA or RSA
algorithms, use an algorithm's respective `keyPair()` builder method:
[,java]
----
KeyPair keyPair = Jwts.SIG.RS256.keyPair().build(); //or RS384, RS512, PS256, etc...
----
Once you've generated a `KeyPair`, you can use the private key (`keyPair.getPrivate()`) to create a JWS and the
public key (`keyPair.getPublic()`) to parse/verify a JWS.
[NOTE]
====
* *The `PS256`, `PS384`, and `PS512` algorithms require JDK 11 or a compatible JCA Provider
(like BouncyCastle) in the runtime classpath.*
* *The `EdDSA` algorithms requires JDK 15 or a compatible JCA Provider (like BouncyCastle) in the runtime classpath.*
If you want to use either set of algorithms, and you are on an earlier JDK that does not support them,
see the <<Installation,Installation>> section to see how to enable BouncyCastle. All other algorithms are
natively supported by the JDK.
====
+++<a name="jws-create">++++++</a>+++
=== Creating a JWS
You create a JWS as follows:
. Use the `Jwts.builder()` method to create a `JwtBuilder` instance.
. Call `JwtBuilder` methods to set the `payload` content or claims and any header parameters as desired.
. Specify the `SecretKey` or asymmetric `PrivateKey` you want to use to sign the JWT.
. Finally, call the `compact()` method to compact and sign, producing the final jws.
For example:
[,java]
----
String jws = Jwts.builder() // (1)
.subject("Bob") // (2)
.signWith(key) // (3) <---
.compact(); // (4)
----
+++<a name="jws-create-key">++++++</a>+++
==== Signing Key
It is usually recommended to specify the signing key by calling the ``JwtBuilder``'s `signWith` method and let JJWT
determine the most secure algorithm allowed for the specified key.:
[,java]
----
String jws = Jwts.builder()
// ... etc ...
.signWith(key) // <---
.compact();
----
For example, if you call `signWith` with a `SecretKey` that is 256 bits (32 bytes) long, it is not strong enough for
`HS384` or `HS512`, so JJWT will automatically sign the JWT using `HS256`.
When using `signWith` JJWT will also automatically set the required `alg` header with the associated algorithm
identifier.
Similarly, if you called `signWith` with an RSA `PrivateKey` that was 4096 bits long, JJWT will use the `RS512`
algorithm and automatically set the `alg` header to `RS512`.
The same selection logic applies for Elliptic Curve ``PrivateKey``s.
[NOTE]
====
*You cannot sign JWTs with ``PublicKey``s as this is always insecure.* JJWT will reject any specified
`PublicKey` for signing with an `InvalidKeyException`.
====
+++<a name="jws-create-key-secret">++++++</a>+++
===== SecretKey Formats
If you want to sign a JWS using HMAC-SHA algorithms, and you have a secret key `String` or
https://docs.oracle.com/javase/8/docs/api/java/security/Key.html#getEncoded--[encoded byte array], you will need
to convert it into a `SecretKey` instance to use as the `signWith` method argument.
If your secret key is:
* An https://docs.oracle.com/javase/8/docs/api/java/security/Key.html#getEncoded--[encoded byte array]:
+
[,java]
----
SecretKey key = Keys.hmacShaKeyFor(encodedKeyBytes);
----
* A Base64-encoded string:
+
[,java]
----
SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secretString));
----
* A Base64URL-encoded string:
+
[,java]
----
SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64URL.decode(secretString));
----
* A raw (non-encoded) string (e.g. a password String):
+
[,java]
----
Password key = Keys.password(secretString.toCharArray());
----
[WARNING]
====
It is almost always incorrect to call any variant of `secretString.getBytes` in any cryptographic context. +
Safe cryptographic keys are never represented as direct (unencoded) strings. If you have a password that should
be represented as a `Key` for `HMAC-SHA` algorithms, it is _strongly_ recommended to use a key derivation
algorithm to derive a cryptographically-strong `Key` from the password, and never use the password directly.
====
+++<a name="jws-create-key-algoverride">++++++</a>+++
===== SignatureAlgorithm Override
In some specific cases, you might want to override JJWT's default selected signature algorithm for a given key.
For example, if you have an RSA `PrivateKey` that is 2048 bits, JJWT would automatically choose the `RS256` algorithm.
If you wanted to use `RS384` or `RS512` instead, you could manually specify it with the overloaded `signWith` method
that accepts the `SignatureAlgorithm` as an additional argument:
[,java]
----
.signWith(privateKey, Jwts.SIG.RS512) // <---
.compact();
----
This is allowed because the JWT specification allows any RSA algorithm strength for any RSA key >= 2048 bits. JJWT just
prefers `RS512` for keys >= 4096 bits, followed by `RS384` for keys >= 3072 bits and finally `RS256` for keys >= 2048
bits.
*In all cases however, regardless of your chosen algorithms, JJWT will assert that the specified key is allowed to be
used for that algorithm when possible according to the JWT specification requirements.*
+++<a name="jws-create-compression">++++++</a>+++
==== JWS Compression
If your JWT payload is large (contains a lot of data), and you are certain that JJWT will also be the same library
that reads/parses your JWS, you might want to compress the JWS to reduce its size.
[WARNING]
====
*Not Standard for JWS*: JJWT supports compression for JWS, but it is not a standard feature for JWS. The
JWT RFC specifications standardize this _only_ for JWEs, and it is not likely to be supported by other JWT libraries
for JWS. Use JWS compression only if you are certain that JJWT (or another library that supports JWS compression)
will be parsing the JWS.
====
Please see the main <<compression,Compression>> section to see how to compress and decompress JWTs.
+++<a name="jws-read">++++++</a>+++
=== Reading a JWS
You read (parse) a JWS as follows:
. Use the `Jwts.parser()` method to create a `JwtParserBuilder` instance.
. Call either <<key-locator,keyLocator>> or `verifyWith` methods to determine the key used to verify the JWS signature.
. Call the `build()` method on the `JwtParserBuilder` to return a thread-safe `JwtParser`.
. Finally, call the `parseSignedClaims(String)` method with your jws `String`, producing the original JWS.
. The entire call is wrapped in a try/catch block in case parsing or signature validation fails. We'll cover
exceptions and causes for failure later.
For example:
[,java]
----
Jws<Claims> jws;
try {
jws = Jwts.parser() // (1)
.keyLocator(keyLocator) // (2) dynamically lookup verification keys based on each JWS
//.verifyWith(key) // or a static key used to verify all encountered JWSs
.build() // (3)
.parseSignedClaims(jwsString); // (4) or parseSignedContent(jwsString)
// we can safely trust the JWT
catch (JwtException ex) { // (5)
// we *cannot* use the JWT as intended by its creator
}
----
[NOTE]
====
.Type-safe JWSs
* If you are expecting a JWS with a Claims `payload`, call the ``JwtParser``'s `parseSignedClaims` method.
* If you are expecting a JWS with a content `payload`, call the ``JwtParser``'s `parseSignedContent` method.
====
+++<a name="jws-read-key">++++++</a>+++
==== Verification Key
The most important thing to do when reading a JWS is to specify the key used to verify the JWS's
cryptographic signature. If signature verification fails, the JWT cannot be safely trusted and should be
discarded.
So which key do we use for verification?
* If the jws was signed with a `SecretKey`, the same `SecretKey` should be specified on the `JwtParserBuilder`. +
For example:
+
[,java]
----
Jwts.parser()
.verifyWith(secretKey) // <----
.build()
.parseSignedClaims(jwsString);
----
* If the jws was signed with a `PrivateKey`, that key's corresponding `PublicKey` (not the `PrivateKey`) should be
specified on the `JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.verifyWith(publicKey) // <---- publicKey, not privateKey
.build()
.parseSignedClaims(jwsString);
----
+++<a name="jws-read-key-locator">++++++</a>++++++<a name="jws-read-key-resolver">++++++</a>+++
// legacy anchors for old links
==== Verification Key Locator
But you might have noticed something - what if your application doesn't use just a single `SecretKey` or `KeyPair`? What
if JWSs can be created with different ``SecretKey``s or public/private keys, or a combination of both? How do you
know which key to specify if you can't inspect the JWT first?
In these cases, you can't call the ``JwtParserBuilder``'s `verifyWith` method with a single key - instead, you'll need a
Key Locator. Please see the <<key-locator,Key Lookup>> section to see how to dynamically obtain different keys when
parsing JWSs or JWEs.
+++<a name="jws-read-decompression">++++++</a>+++
==== JWS Decompression
If you used JJWT to compress a JWS and you used a custom compression algorithm, you will need to tell the
`JwtParserBuilder` how to resolve your `CompressionAlgorithm` to decompress the JWT.
Please see the <<compression,Compression>> section below to see how to decompress JWTs during parsing.
+++<a name="jws-unencoded">++++++</a>+++
=== Unencoded Payload Option
In some cases, especially if a JWS payload is large, it could be desirable to _not_ Base64URL-encode the JWS payload,
or even exclude the payload from the compact JWS string entirely. The JWT RFC specifications provide support
for these use cases via the
https://www.rfc-editor.org/rfc/rfc7797.html[JSON Web Signature (JWS) Unencoded Payload Option] specification,
which JJWT supports.
This option comes with both benefits and disadvantages:
==== Benefits
A JWS producer can still create a JWS string to use for payload integrity verification without having to either:
. Base64URL-encode the (potentially very large) payload, saving the time that could take.
. Include the payload in the compact JWS string at all. Omitting the payload from the JWS compact string
entirely produces smaller JWSs that can be more efficient to transfer.
==== Disadvantages
. Your application, and not JJWT, incurs the responsibility to ensure the payload is not modified during transmission
so the recipient can verify the JWS signature. For example, by using a sufficiently strong TLS (https) cipher
suite as well as any additional care before and after transmission, since
https://tozny.com/blog/end-to-end-encryption-vs-https/[TLS does not guarantee end-to-end security].
. If you choose to include the unencoded payload in the JWS compact string, your application
https://www.rfc-editor.org/rfc/rfc7797.html#section-5.2[MUST] ensure that the payload does not contain a
period (`.`) character anywhere in the payload. The JWS recipient will experience parsing errors otherwise.
Before attempting to use this option, one should be aware of the RFC's
https://www.rfc-editor.org/rfc/rfc7797.html#section-8[security considerations] first.
[NOTE]
====
.Protected JWS Only
The RFC specification defines the Unencoded Payload option for use only with JWSs. It may not be used with
with unprotected JWTs or encrypted JWEs.
====
+++<a name="jws-unencoded-detached">++++++</a>+++
==== Detached Payload Example
This example shows creating and parsing a compact JWS using an unencoded payload that is detached, i.e. where the
payload is not embedded in the compact JWS string at all.
We need to do three things during creation:
. Specify the JWS signing key; it's a JWS and still needs to be signed.
. Specify the raw payload bytes via the ``JwtBuilder``'s `content` method.
. Indicate that the payload should _not_ be Base64Url-encoded using the ``JwtBuilder``'s `encodePayload(false)` method.
[,java]
----
// create a test key for this example:
SecretKey testKey = Jwts.SIG.HS512.key().build();
String message = "Hello World. It's a Beautiful Day!";
byte[] content = message.getBytes(StandardCharsets.UTF_8);
String jws = Jwts.builder().signWith(testKey) // #1
.content(content) // #2
.encodePayload(false) // #3
.compact();
----
To parse the resulting `jws` string, we need to do two things when creating the `JwtParser`:
. Specify the signature verification key.
. Specify the externally-transmitted unencoded payload bytes, required for signature verification.
[,java]
----
Jws<byte[]> parsed = Jwts.parser().verifyWith(testKey) // 1
.build()
.parseSignedContent(jws, content); // 2
assertArrayEquals(content, parsed.getPayload());
----
+++<a name="jws-unencoded-nondetached">++++++</a>+++
==== Non-Detached Payload Example
This example shows creating and parsing a compact JWS with what the RFC calls a 'non-detached' unencoded payload, i.e.
a raw string directly embedded as the payload in the compact JWS string.
We need to do three things during creation:
. Specify the JWS signing key; it's a JWS and still needs to be signed.
. Specify the raw payload string via the ``JwtBuilder``'s `content` method. Per
https://www.rfc-editor.org/rfc/rfc7797.html#section-5.2[the RFC], the payload string *_MUST NOT contain any
period (`.`) characters_*.
. Indicate that the payload should _not_ be Base64Url-encoded using the ``JwtBuilder``'s `encodePayload(false)` method.
[,java]
----
// create a test key for this example:
SecretKey testKey = Jwts.SIG.HS512.key().build();
String claimsString = "{\"sub\":\"joe\",\"iss\":\"me\"}";
String jws = Jwts.builder().signWith(testKey) // #1
.content(claimsString) // #2
.encodePayload(false) // #3
.compact();
----
If you were to print the `jws` string, you'd see something like this:
----
eyJhbGciOiJIUzUxMiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19.{"sub":"joe","iss":"me"}.wkoxYEd//...etc...
----
See how the `claimsString` is embedded directly as the center `payload` token instead of a standard Base64URL value?
This is why no period (`.`) characters can exist in the payload. If they did, any standard JWT parser would see more
than two periods total, which is required for parsing standard JWSs.
To parse the resulting `jws` string, we need to do two things when creating the `JwtParser`:
. Specify the signature verification key.
. Indicate that we want to support Unencoded Payload Option JWSs by enabling the `b64` `crit` header parameter.
[,java]
----
Jws<Claims> parsed = Jwts.parser().verifyWith(testKey) // 1
.critical().add("b64").and() // 2
.build()
.parseSignedClaims(jws);
assert "joe".equals(parsed.getPayload().getSubject());
assert "me".equals(parsed.getPayload().getIssuer());
----
Did you notice we used the `.parseSignedClaims(String)` method instead of `.parseSignedClaims(String, byte[])`? This is
because the non-detached payload is already present and JJWT has what it needs for signature verification.
Additionally, we needed to specify the `b64` critical value: because we're not using the two-argument
`parseSignedClaims(jws, content)` method, the parser has no way of knowing if you wish to allow or support unencoded
payloads. Unencoded payloads have additional security considerations as described above, so they are disabled by
the parser by default unless you indicate you want to support them by using `critical().add("b64")`.
Finally, even if the payload contains a non-detached String, you could still use the two-argument method using the
payload String's UTF-8 bytes instead:
[,java]
----
parsed = Jwts.parser().verifyWith(testKey)
.build()
.parseSignedClaims(jws, claimsString.getBytes(StandardCharsets.UTF_8)); // <---
----
+++<a name="jwe">++++++</a>+++
== Encrypted JWTs
The JWT specification also provides for the ability to encrypt and decrypt a JWT. Encrypting a JWT:
. guarantees that no-one other than the intended JWT recipient can see the JWT `payload` (it is confidential), and
. guarantees that no-one has manipulated or changed the JWT after it was created (its integrity is maintained).
These two properties - confidentiality and integrity - assure us that an encrypted JWT contains a `payload` that
no-one else can see, _nor_ has anyone changed or altered the data in transit.
Encryption and confidentiality seem somewhat obvious: if you encrypt a message, it is confidential by the notion that
random 3rd parties cannot make sense of the encrypted message. But some might be surprised to know that *_general
encryption does _not_ guarantee that someone hasn't tampered/altered an encrypted message in transit_*. Most of us
assume that if a message can be decrypted, then the message would be authentic and unchanged - after all, if you can
decrypt it, it must not have been tampered with, right? Because if it was changed, decryption would surely fail, right?
Unfortunately, this is not actually guaranteed in all cryptographic ciphers. There are certain attack vectors where
it is possible to change an encrypted payload (called 'ciphertext'), and the message recipient is still able to
successfully decrypt the (modified) payload. In these cases, the ciphertext integrity was not maintained - a
malicious 3rd party could intercept a message and change the payload content, even if they don't understand what is
inside the payload, and the message recipient could never know.
To combat this, there is a category of encryption algorithms that ensures both confidentiality _and_ integrity of the
ciphertext data. These types of algorithms are called
https://en.wikipedia.org/wiki/Authenticated_encryption[Authenticated Encryption] algorithms.
As a result, to ensure JWTs do not suffer from this problem, the JWE RFC specifications require that any encryption
algorithm used to encrypt a JWT _MUST_ be an Authenticated Encryption algorithm. JWT users can be sufficiently
confident their encrypted JWTs maintain the properties of both confidentiality and integrity.
+++<a name="jwe-enc">++++++</a>+++
=== JWE Encryption Algorithms
The JWT specification defines 6 standard Authenticated Encryption algorithms used to encrypt a JWT `payload`:
|===
| Identifier | Required Key Bit Length | Encryption Algorithm
| `A128CBC‑HS256`
| 256
| https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.3[AES_128_CBC_HMAC_SHA_256] authenticated encryption algorithm
| `A192CBC-HS384`
| 384
| https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.4[AES_192_CBC_HMAC_SHA_384] authenticated encryption algorithm
| `A256CBC-HS512`
| 512
| https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.5[AES_256_CBC_HMAC_SHA_512] authenticated encryption algorithm
| `A128GCM`
| 128
| AES GCM using 128-bit key^*1*^
| `A192GCM`
| 192
| AES GCM using 192-bit key^*1*^
| `A256GCM`
| 256
| AES GCM using 256-bit key^*1*^
|===
^*1*.{sp}{fn-require-java8-plus}^
These are all represented as constants in the `io.jsonwebtoken.Jwts.ENC` registry singleton as
implementations of the `io.jsonwebtoken.security.AeadAlgorithm` interface.
As shown in the table above, each algorithm requires a key of sufficient length. The JWT specification
https://www.rfc-editor.org/rfc/rfc7518.html#section-5.2.3[RFC 7518, Sections 5.2.3 through 5.3]
_requires_ (mandates) that you MUST use keys that are sufficiently strong for a chosen algorithm. This means that
JJWT - a specification-compliant library - will also enforce that you use sufficiently strong keys
for the algorithms you choose. If you provide a weak key for a given algorithm, JJWT will reject it and throw an
exception.
The reason why the JWT specification, and consequently JJWT, mandates key lengths is that the security model of a
particular algorithm can completely break down if you don't adhere to the mandatory key properties of the algorithm,
effectively having no security at all.
+++<a name="jwe-enc-symmetric">++++++</a>+++
==== Symmetric Ciphers
You might have noticed something about the above Authenticated Encryption algorithms: they're all variants of the
AES algorithm, and AES always uses a symmetric (secret) key to perform encryption and decryption. That's kind of
strange, isn't it?
What about RSA and Elliptic Curve asymmetric key cryptography? And Diffie-Hellman key exchange? What about
password-based key derivation algorithms? Surely any of those could be desirable depending on the use case, no?
Yes, they definitely can, and the JWT specifications do support them, albeit indirectly: those other
algorithms _are_ indeed supported and used, but they aren't used to encrypt the JWT `payload` directly. They are
used to _produce_ the actual key used to encrypt the `JWT` payload.
This is all done via the JWT specification's concept of a Key Management Algorithm, covered next. After we cover that,
we'll show you how to encrypt and parse your own JWTs with the `JwtBuilder` and `JwtParserBuilder`.
+++<a name="jwe-alg">++++++</a>+++
=== JWE Key Management Algorithms
As stated above, all standard JWA Encryption Algorithms are AES-based authenticated encryption algorithms. So what
about RSA and Elliptic Curve cryptography? And password-based key derivation, or Diffie-Hellman exchange?
All of those are supported as well, but they are not used directly for encryption. They are used to _produce_ the
key that will be used to directly encrypt the JWT `payload`.
That is, JWT encryption can be thought of as a two-step process, shown in the following pseudocode:
[,groovy]
----
Key algorithmKey = getKeyManagementAlgorithmKey(); // PublicKey, SecretKey, or Password
SecretKey contentEncryptionKey = keyManagementAlgorithm.produceEncryptionKey(algorithmKey); // 1
byte[] ciphertext = encryptionAlgorithm.encrypt(payload, contentEncryptionKey); // 2
----
Steps:
. Use the `algorithmKey` to produce the actual key that will be used to encrypt the payload. The JWT specifications
call this result the 'Content Encryption Key'.
. Take the resulting Content Encryption Key and use it directly with the Authenticated Encryption algorithm to
actually encrypt the JWT `payload`.
So why the indirection? Why not just use any `PublicKey`, `SecretKey` or `Password` to encrypt the `payload`
_directly_ ?
There are quite a few reasons for this.
. Asymmetric key encryption (like RSA and Elliptic Curve) tends to be slow. Like _really_ slow. Symmetric key
cipher algorithms in contrast are _really fast_. This matters a lot in production applications that could be
handling a JWT on every HTTP request, which could be thousands per second.
. RSA encryption (for example) can only encrypt a relatively small amount of data. A 2048-bit RSA key can only
encrypt up to a maximum of 245 bytes. A 4096-bit RSA key can only encrypt up to a maximum of 501 bytes. There are
plenty of JWTs that can exceed 245 bytes, and that would make RSA unusable.
. Passwords usually make for very poor encryption keys - they often have poor entropy, or they themselves are
often too short to be used directly with algorithms that mandate minimum key lengths to help ensure safety.
For these reasons and more, using one secure algorithm to generate or encrypt a key used for another (very fast) secure
algorithm has been proven to be a great way to increase security through many more secure algorithms while
also still resulting in very fast and secure output. This is after all how TLS (for https encryption) works -
two parties can use more complex cryptography (like RSA or Elliptic Curve) to negotiate a small, fast encryption key.
This fast encryption key is produced during the 'TLS handshake' and is called the TLS 'session key'.
So the JWT specifications work much in the same way: one key from any number of various algorithm types can be used
to produce a final symmetric key, and that symmetric key is used to encrypt the JWT `payload`.
+++<a name="jwe-alg-standard">++++++</a>+++
==== JWE Standard Key Management Algorithms
The JWT specification defines 17 standard Key Management Algorithms used to produce the JWE
Content Encryption Key (CEK):
|===
| Identifier | Key Management Algorithm
| `RSA1_5`
| RSAES-PKCS1-v1_5
| `RSA-OAEP`
| RSAES OAEP using default parameters
| `RSA-OAEP-256`
| RSAES OAEP using SHA-256 and MGF1 with SHA-256
| `A128KW`
| AES Key Wrap with default initial value using 128-bit key
| `A192KW`
| AES Key Wrap with default initial value using 192-bit key
| `A256KW`
| AES Key Wrap with default initial value using 256-bit key
| `dir`
| Direct use of a shared symmetric key as the Content Encryption Key
| `ECDH-ES`
| Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF
| `ECDH-ES+A128KW`
| ECDH-ES using Concat KDF and CEK wrapped with "A128KW"
| `ECDH-ES+A192KW`
| ECDH-ES using Concat KDF and CEK wrapped with "A192KW"
| `ECDH-ES+A256KW`
| ECDH-ES using Concat KDF and CEK wrapped with "A256KW"
| `A128GCMKW`
| Key wrapping with AES GCM using 128-bit key^*1*^
| `A192GCMKW`
| Key wrapping with AES GCM using 192-bit key^*1*^
| `A256GCMKW`
| Key wrapping with AES GCM using 256-bit key^*1*^
| `PBES2-HS256+A128KW`
| PBES2 with HMAC SHA-256 and "A128KW" wrapping^*1*^
| `PBES2-HS384+A192KW`
| PBES2 with HMAC SHA-384 and "A192KW" wrapping^*1*^
| `PBES2‑HS512+A256KW`
| PBES2 with HMAC SHA-512 and "A256KW" wrapping^*1*^
|===
^*1*.{sp}{fn-require-java8-plus}^
These are all represented as constants in the `io.jsonwebtoken.Jwts.KEY` registry singleton as
implementations of the `io.jsonwebtoken.security.KeyAlgorithm` interface.
But 17 algorithms are a lot to choose from. When would you use them? The sections below describe when you might
choose each category of algorithms and how they behave.
+++<a name="jwe-alg-rsa">++++++</a>+++
===== RSA Key Encryption
The JWT RSA key management algorithms `RSA1_5`, `RSA-OAEP`, and `RSA-OAEP-256` are used when you want to use the
JWE recipient's RSA _public_ key during encryption. This ensures that only the JWE recipient can decrypt
and read the JWE (using their RSA `private` key).
During JWE creation, these algorithms:
* Generate a new secure-random Content Encryption Key (CEK) suitable for the desired <<jwe-enc,encryption algorithm>>.
* Encrypt the JWE payload with the desired encryption algorithm using the new CEK, producing the JWE payload ciphertext.
* Encrypt the CEK itself with the specified RSA key wrap algorithm using the JWE recipient's RSA public key.
* Embed the payload ciphertext and encrypted CEK in the resulting JWE.
During JWE decryption, these algorithms:
* Retrieve the encrypted Content Encryption Key (CEK) embedded in the JWE.
* Decrypt the encrypted CEK with the discovered RSA key unwrap algorithm using the JWE recipient's RSA private key,
producing the decrypted Content Encryption Key (CEK).
* Decrypt the JWE ciphertext payload with the JWE's identified <<jwe-enc,encryption algorithm>> using the decrypted CEK.
[WARNING]
====
RFC 7518 Sections https://www.rfc-editor.org/rfc/rfc7518.html#section-4.2[4.2] and
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.3[4.3] _require_ (mandate) that RSA keys >= 2048 bits
MUST be used with these algorithms. JJWT will throw an exception if it detects weaker keys being used.
====
+++<a name="jwe-alg-aes">++++++</a>+++
===== AES Key Encryption
The JWT AES key management algorithms `A128KW`, `A192KW`, `A256KW`, `A128GCMKW`, `A192GCMKW`, and `A256GCMKW` are
used when you have a symmetric secret key, but you don't want to use that secret key to directly
encrypt/decrypt the JWT.
Instead, a new secure-random key is generated each time a JWE is created, and that new/random key is used to directly
encrypt/decrypt the JWT payload. The secure-random key is itself encrypted with your symmetric secret key
using the AES Wrap algorithm, and the encrypted key is embedded in the resulting JWE.
This allows the JWE to be encrypted with a random short-lived key, reducing material exposure of the potentially
longer-lived symmetric secret key.
Because these particular algorithms use a symmetric secret key, they are best suited when the JWE creator and
receiver are the same, ensuring the secret key does not need to be shared with multiple parties.
During JWE creation, these algorithms:
* Generate a new secure-random Content Encryption Key (CEK) suitable for the desired <<jwe-enc,encryption algorithm>>.
* Encrypt the JWE payload with the desired encryption algorithm using the new CEK, producing the JWE payload ciphertext.
* Encrypt the CEK itself with the specified AES key algorithm (either AES Key Wrap or AES with GCM encryption),
producing the encrypted CEK.
* Embed the payload ciphertext and encrypted CEK in the resulting JWE.
During JWE decryption, these algorithms:
* Retrieve the encrypted Content Encryption Key (CEK) embedded in the JWE.
* Decrypt the encrypted CEK with the discovered AES key algorithm using the symmetric secret key.
* Decrypt the JWE ciphertext payload with the JWE's identified <<jwe-enc,encryption algorithm>> using the decrypted CEK.
[WARNING]
====
The symmetric key used for the AES key algorithms MUST be 128, 192 or 256 bits as required by the specific AES
key algorithm. JJWT will throw an exception if it detects weaker keys than what is required.
====
+++<a name="jwe-alg-dir">++++++</a>+++
===== Direct Key Encryption
The JWT `dir` (direct) key management algorithm is used when you have a symmetric secret key, and you want to use it
to directly encrypt the JWT payload.
Because this algorithm uses a symmetric secret key, it is best suited when the JWE creator and receiver are the
same, ensuring the secret key does not need to be shared with multiple parties.
This is the simplest key algorithm for direct encryption that does not perform any key encryption. It is essentially
a 'no op' key algorithm, allowing the shared key to be used to directly encrypt the JWT payload.
During JWE creation, this algorithm:
* Encrypts the JWE payload with the desired encryption algorithm directly using the symmetric secret key,
producing the JWE payload ciphertext.
* Embeds the payload ciphertext in the resulting JWE.
Note that because this algorithm does not produce an encrypted key value, an encrypted CEK is _not_ embedded in the
resulting JWE.
During JWE decryption, this algorithm decrypts the JWE ciphertext payload with the JWE's
identified <<jwe-enc,encryption algorithm>> directly using the symmetric secret key. No encrypted CEK is used.
[WARNING]
====
The symmetric secret key MUST be 128, 192 or 256 bits as required by the associated
<<jwe-enc,AEAD encryption algorithm>> used to encrypt the payload. JJWT will throw an exception if it detects
weaker keys than what is required.
====
+++<a name="jwe-alg-pbes2">++++++</a>+++
===== Password-Based Key Encryption
The JWT password-based key encryption algorithms `PBES2-HS256+A128KW`, `PBES2-HS384+A192KW`, and `PBES2-HS512+A256KW`
are used when you want to use a password (character array) to encrypt and decrypt a JWT.
However, because passwords are usually too weak or problematic to use directly in cryptographic contexts, these
algorithms utilize key derivation techniques with work factors (e.g. computation iterations) and secure-random salts
to produce stronger cryptographic keys suitable for cryptographic operations.
This allows the payload to be encrypted with a random short-lived cryptographically-stronger key, reducing the need to
expose the longer-lived (and potentially weaker) password.
Because these algorithms use a secret password, they are best suited when the JWE creator and receiver are the
same, ensuring the secret password does not need to be shared with multiple parties.
During JWE creation, these algorithms:
* Generate a new secure-random Content Encryption Key (CEK) suitable for the desired <<jwe-enc,encryption algorithm>>.
* Encrypt the JWE payload with the desired encryption algorithm using the new CEK, producing the JWE payload ciphertext.
* Derive a 'key encryption key' (KEK) with the desired "PBES2 with HMAC SHA" algorithm using the password, a suitable
number of computational iterations, and a secure-random salt value.
* Encrypt the generated CEK with the corresponding AES Key Wrap algorithm using the password-derived KEK.
* Embed the payload ciphertext and encrypted CEK in the resulting JWE.
[NOTE]
====
.Secure defaults
When using these algorithms, if you do not specify a work factor (i.e. number of computational
iterations), JJWT will automatically use an
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2[OWASP PBKDF2 recommended]
default appropriate for the specified `PBES2` algorithm.
====
During JWE decryption, these algorithms:
* Retrieve the encrypted Content Encryption Key (CEK) embedded in the JWE.
* Derive the 'key encryption key' (KEK) with the discovered "PBES2 with HMAC SHA" algorithm using the password and the
number of computational iterations and secure-random salt value discovered in the JWE header.
* Decrypt the encrypted CEK with the corresponding AES Key Unwrap algorithm using the password-derived KEK.
* Decrypt the JWE ciphertext payload with the JWE's identified <<jwe-enc,encryption algorithm>> using the decrypted CEK.
+++<a name="jwe-alg-ecdhes">++++++</a>+++
===== Elliptic Curve Diffie-Hellman Ephemeral Static Key Agreement (ECDH-ES)
The JWT Elliptic Curve Diffie-Hellman Ephemeral Static key agreement algorithms `ECDH-ES`, `ECDH-ES+A128KW`,
`ECDH-ES+A192KW`, and `ECDH-ES+A256KW` are used when you want to use the JWE recipient's Elliptic Curve _public_ key
during encryption. This ensures that only the JWE recipient can decrypt and read the JWE (using their Elliptic Curve
_private_ key).
During JWE creation, these algorithms:
* Obtain the Content Encryption Key (CEK) used to encrypt the JWE payload as follows:
** Inspect the JWE recipient's Elliptic Curve public key and determine its Curve.
** Generate a new secure-random ephemeral Elliptic Curve public/private key pair on this same Curve.
** Add the ephemeral EC public key to the JWE
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.6.1.1[epk header] for inclusion in the final JWE.
** Produce an ECDH shared secret with the ECDH Key Agreement algorithm using the JWE recipient's EC public key
and the ephemeral EC private key.
** Derive a symmetric secret key with the Concat Key Derivation Function
(https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf[NIST.800-56A], Section 5.8.1) using
this ECDH shared secret and any provided
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.6.1.2[PartyUInfo] and/or
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.6.1.3[PartyVInfo].
** If the key algorithm is `ECDH-ES`:
*** Use the Concat KDF-derived symmetric secret key directly as the Content Encryption Key (CEK). No encrypted key
is created, nor embedded in the resulting JWE.
** Otherwise, if the key algorithm is `ECDH-ES+A128KW`, `ECDH-ES+A192KW`, or `ECDH-ES+A256KW`:
*** Generate a new secure-random Content Encryption Key (CEK) suitable for the desired <<jwe-enc,encryption algorithm>>.
*** Encrypt this new CEK with the corresponding AES Key Wrap algorithm using the Concat KDF-derived secret key,
producing the encrypted CEK.
*** Embed the encrypted CEK in the resulting JWE.
* Encrypt the JWE payload with the desired encryption algorithm using the obtained CEK, producing the JWE payload
ciphertext.
* Embed the payload ciphertext in the resulting JWE.
During JWE decryption, these algorithms:
* Obtain the Content Encryption Key (CEK) used to decrypt the JWE payload as follows:
** Retrieve the required ephemeral Elliptic Curve public key from the JWE's
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.6.1.1[epk header].
** Ensure the ephemeral EC public key exists on the same curve as the JWE recipient's EC private key.
** Produce the ECDH shared secret with the ECDH Key Agreement algorithm using the JWE recipient's EC private key
and the ephemeral EC public key.
** Derive a symmetric secret key with the Concat Key Derivation Function
(https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf[NIST.800-56A], Section 5.8.1) using
this ECDH shared secret and any
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.6.1.2[PartyUInfo] and/or
https://www.rfc-editor.org/rfc/rfc7518.html#section-4.6.1.3[PartyVInfo] found in the JWE header.
** If the key algorithm is `ECDH-ES`:
*** Use the Concat KDF-derived secret key directly as the Content Encryption Key (CEK). No encrypted key is used.
** Otherwise, if the key algorithm is `ECDH-ES+A128KW`, `ECDH-ES+A192KW`, or `ECDH-ES+A256KW`:
*** Obtain the encrypted key ciphertext embedded in the JWE.
*** Decrypt the encrypted key ciphertext with the associated AES Key Unwrap algorithm using the Concat KDF-derived
secret key, producing the unencrypted Content Encryption Key (CEK).
* Decrypt the JWE payload ciphertext with the JWE's discovered encryption algorithm using the obtained CEK.
+++<a name="jwe-create">++++++</a>+++
=== Creating a JWE
Now that we know the difference between a JWE Encryption Algorithm and a JWE Key Management Algorithm, how do we use
them to encrypt a JWT?
You create an encrypted JWT (called a 'JWE') as follows:
. Use the `Jwts.builder()` method to create a `JwtBuilder` instance.
. Call `JwtBuilder` methods to set the `payload` content or claims and any <<jws-create-header,header>> parameters as desired.
. Call the `encryptWith` method, specifying the Key, Key Algorithm, and Encryption Algorithm you want to use.
. Finally, call the `compact()` method to compact and encrypt, producing the final jwe.
For example:
[,java]
----
String jwe = Jwts.builder() // (1)
.subject("Bob") // (2)
.encryptWith(key, keyAlgorithm, encryptionAlgorithm) // (3)
.compact(); // (4)
----
Before calling `compact()`, you may set any <<jws-create-header,header>> parameters and <<jws-create-claims,claims>>
exactly the same way as described for JWS.
+++<a name="jwe-compression">++++++</a>+++
==== JWE Compression
If your JWT payload or Claims set is large (contains a lot of data), you might want to compress the JWE to reduce
its size. Please see the main <<compression,Compression>> section to see how to compress and decompress JWTs.
+++<a name="jwe-read">++++++</a>+++
=== Reading a JWE
You read (parse) a JWE as follows:
. Use the `Jwts.parser()` method to create a `JwtParserBuilder` instance.
. Call either <<key-locator,keyLocator>> or `decryptWith` methods to determine the key used to decrypt the JWE.
. Call the ``JwtParserBuilder``'s `build()` method to create a thread-safe `JwtParser`.
. Parse the jwe string with the ``JwtParser``'s `parseEncryptedClaims` or `parseEncryptedContent` method.
. Wrap the entire call is in a try/catch block in case decryption or integrity verification fails.
For example:
[,java]
----
Jwe<Claims> jwe;
try {
jwe = Jwts.parser() // (1)
.keyLocator(keyLocator) // (2) dynamically lookup decryption keys based on each JWE
//.decryptWith(key) // or a static key used to decrypt all encountered JWEs
.build() // (3)
.parseEncryptedClaims(jweString); // (4) or parseEncryptedContent(jweString);
// we can safely trust the JWT
catch (JwtException ex) { // (5)
// we *cannot* use the JWT as intended by its creator
}
----
[NOTE]
====
.Type-safe JWEs
* If you are expecting a JWE with a Claims `payload`, call the ``JwtParser``'s `parseEncryptedClaims` method.
* If you are expecting a JWE with a content `payload`, call the ``JwtParser``'s `parseEncryptedContent` method.
====
+++<a name="jwe-read-key">++++++</a>+++
==== Decryption Key
The most important thing to do when reading a JWE is to specify the key used during decryption. If decryption or
integrity protection checks fail, the JWT cannot be safely trusted and should be discarded.
So which key do we use for decryption?
* If the jwe was encrypted _directly_ with a `SecretKey`, the same `SecretKey` must be specified on the
`JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.decryptWith(secretKey) // <----
.build()
.parseEncryptedClaims(jweString);
----
* If the jwe was encrypted using a key produced by a Password-based key derivation `KeyAlgorithm`, the same
`Password` must be specified on the `JwtParserBuilder`. For example:
+
[,java]
----
Password password = Keys.password(passwordChars);
Jwts.parser()
.decryptWith(password) // <---- an `io.jsonwebtoken.security.Password` instance
.build()
.parseEncryptedClaims(jweString);
----
* If the jwe was encrypted with a key produced by an asymmetric `KeyAlgorithm`, the corresponding `PrivateKey` (not
the `PublicKey`) must be specified on the `JwtParserBuilder`. For example:
+
[,java]
----
Jwts.parser()
.decryptWith(privateKey) // <---- a `PrivateKey`, not a `PublicKey`
.build()
.parseSignedClaims(jweString);
----
+++<a name="jwe-key-locator">++++++</a>+++
==== Decryption Key Locator
What if your application doesn't use just a single `SecretKey` or `KeyPair`? What
if JWEs can be created with different ``SecretKey``s, ``Password``s or public/private keys, or a combination of all of
them? How do you know which key to specify if you can't inspect the JWT first?
In these cases, you can't call the ``JwtParserBuilder``'s `decryptWith` method with a single key - instead, you'll need
to use a Key `Locator`. Please see the <<key-locator,Key Lookup>> section to see how to dynamically obtain different
keys when parsing JWSs or JWEs.
+++<a name="jwe-key-pkcs11">++++++</a>+++
==== ECDH-ES Decryption with PKCS11 PrivateKeys
The JWT `ECDH-ES`, `ECDH-ES+A128KW`, `ECDH-ES+A192KW`, and `ECDH-ES+A256KW` key algorithms validate JWE input using
public key information, even when using ``PrivateKey``s to decrypt. Ordinarily this is automatically performed
by JJWT when your `PrivateKey` instances implement the
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/interfaces/ECKey.html[ECKey] or
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/interfaces/EdECKey.html[EdECKey]
(or BouncyCastle equivalent) interfaces, which is the case for most JCA `Provider` implementations.
However, if your decryption ``PrivateKey``s are stored in a Hardware Security Module (HSM) and/or you use the
https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-6DA72F34-6C6A-4F7D-ADBA-5811576A9331[SunPKCS11 Provider],
it is likely that your `PrivateKey` instances _do not_ implement `ECKey`.
In these cases, you need to provide both the PKCS11 `PrivateKey` and it's companion `PublicKey` during decryption
by using the `Keys.builder` method. For example:
[,java]
----
KeyPair pair = getMyPkcs11KeyPair();
PrivateKey jwtParserDecryptionKey = Keys.builder(pair.getPrivate())
.publicKey(pair.getPublic()) // PublicKey must implement ECKey or EdECKey or BouncyCastle equivalent
.build();
----
You then use the resulting `jwtParserDecryptionKey` (not `pair.getPrivate()`) with the `JwtParserBuilder` or as
the return value from a custom <<key-locator,Key Locator>> implementation. For example:
[,java]
----
PrivateKey decryptionKey = Keys.builder(pkcs11PrivateKey).publicKey(pkcs11PublicKey).build();
Jwts.parser()
.decryptWith(decryptionKey) // <----
.build()
.parseEncryptedClaims(jweString);
----
Or as the return value from your key locator:
[,java]
----
Jwts.parser()
.keyLocator(keyLocator) // your keyLocator.locate(header) would return Keys.builder...
.build()
.parseEncryptedClaims(jweString);
----
Please see the <<key-locator-provider,Provider-constrained Keys>> section for more information, as well as
code examples of how to implement a Key `Locator` using the `Keys.builder` technique.
+++<a name="jwe-read-decompression">++++++</a>+++
==== JWE Decompression
If a JWE is compressed using the `DEF` (https://www.rfc-editor.org/rfc/rfc1951[DEFLATE]) or `GZIP`
(https://www.rfc-editor.org/rfc/rfc1952.html[GZIP]) compression algorithms, it will automatically be decompressed
after decryption, and there is nothing you need to configure.
If, however, a custom compression algorithm was used to compress the JWE, you will need to tell the
`JwtParserBuilder` how to resolve your `CompressionAlgorithm` to decompress the JWT.
Please see the <<compression,Compression>> section below to see how to decompress JWTs during parsing.
+++<a name="jwk">++++++</a>+++
== JSON Web Keys (JWKs)
https://www.rfc-editor.org/rfc/rfc7517.html[JSON Web Keys] (JWKs) are JSON serializations of cryptographic keys,
allowing key material to be embedded in JWTs or transmitted between parties in a standard JSON-based text format. They
are essentially a JSON-based alternative to other text-based key formats, such as the
https://serverfault.com/a/9717[DER, PEM and PKCS12] text strings or files commonly used when configuring TLS on web
servers, for example.
For example, an identity web service may expose its RSA or Elliptic Curve Public Keys to 3rd parties in the JWK format.
A client may then parse the public key JWKs to verify the service's <<jws,JWS>> tokens, as well as send encrypted
information to the service using <<jwe,JWE>>s.
JWKs can be converted to and from standard Java `Key` types as expected using the same builder/parser patterns we've
seen for JWTs.
+++<a name="jwk-create">++++++</a>+++
=== Create a JWK
You create a JWK as follows:
. Use the `Jwks.builder()` method to create a `JwkBuilder` instance.
. Call the `key` method with the Java key you wish to represent as a JWK.
. Call builder methods to set any additional key parameters or metadata, such as a `kid` (Key ID), X509 Certificates,
etc as desired.
. Call the `build()` method to produce the resulting JWK.
For example:
[,java]
----
SecretKey key = getSecretKey(); // or RSA or EC PublicKey or PrivateKey
SecretJwk = Jwks.builder().key(key) // (1) and (2)
.id("mySecretKeyId") // (3)
// ... etc ...
.build(); // (4)
----
==== JWK from a Map
If you have a `Map<String,?>` of name/value pairs that reflect an existing JWK, you add them and build a type-safe
`Jwk` instance:
[,java]
----
Map<String,?> jwkValues = getMyJwkMap();
Jwk<?> jwk = Jwks.builder().add(jwkValues).build();
----
+++<a name="jwk-read">++++++</a>+++
=== Read a JWK
You can read/parse a JWK by building a `JwkParser` and parsing the JWK JSON string with its `parse` method:
[,java]
----
String json = getJwkJsonString();
Jwk<?> jwk = Jwks.parser()
//.provider(aJcaProvider) // optional
//.deserializer(deserializer) // optional
.build() // create the parser
.parse(json); // actually parse the JSON
Key key = jwk.toKey(); // convert to a Java Key instance
----
As shown above you can specify a custom JCA Provider or <<json,JSON deserializer>> in the same way as the `JwtBuilder`.
+++<a name="jwk-private">++++++</a>+++
=== PrivateKey JWKs
Unlike Java, the JWA specification requires a private JWKs to contain _both_ public key _and_ private key material
(see https://www.rfc-editor.org/rfc/rfc7518.html#section-6.2.2[RFC 7518, Section 6.1.1] and
https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2[RFC 7518, Section 6.3.2]).
In this sense, a private JWK (represented as a `PrivateJwk` or a subtype, such as `RsaPrivateJwk`, `EcPrivateJwk`, etc)
can be thought of more like a Java `KeyPair` instance. Consequently, when creating a `PrivateJwk` instance,
the ``PrivateKey``'s corresponding `PublicKey` is required.
+++<a name="jwk-private-public">++++++</a>+++
==== Private JWK `PublicKey`
If you do not provide a `PublicKey` when creating a `PrivateJwk`, JJWT will automatically derive the `PublicKey` from
the `PrivateKey` instance if possible. However, because this can add
some computing time, it is typically recommended to provide the `PublicKey` when possible to avoid this extra work.
For example:
[,java]
----
RSAPrivateKey rsaPrivateKey = getRSAPrivateKey(); // or ECPrivateKey
RsaPrivateJwk jwk = Jwks.builder().key(rsaPrivateKey)
//.publicKey(rsaPublicKey) // optional, but recommended to avoid extra computation work
.build();
----
+++<a name="jwk-private-keypair">++++++</a>+++
==== Private JWK from KeyPair
If you have a Java `KeyPair` instance, then you have both the public and private key material necessary to create a
`PrivateJwk`. For example:
[,java]
----
KeyPair rsaKeyPair = getRSAKeyPair();
RsaPrivateJwk rsaPrivJwk = Jwks.builder().rsaKeyPair(rsaKeyPair).build();
KeyPair ecKeyPair = getECKeyPair();
EcPrivateJwk ecPrivJwk = Jwks.builder().ecKeyPair(ecKeyPair).build();
KeyPair edEcKeyPair = getEdECKeyPair();
OctetPrivateJwk edEcPrivJwk = Jwks.builder().octetKeyPair(edEcKeyPair).build();
----
Note that:
* An exception will be thrown when calling `rsaKeyPair` if the specified `KeyPair` instance does not contain
`RSAPublicKey` and `RSAPrivateKey` instances.
* Similarly, an exception will be thrown when calling `ecKeyPair` if
the `KeyPair` instance does not contain `ECPublicKey` and `ECPrivateKey` instances.
* Finally, an exception will be
thrown when calling `octetKeyPair` if the `KeyPair` instance does not contain X25519, X448, Ed25519, or Ed448 keys
(introduced in JDK 11 and 15 or when using BouncyCastle).
+++<a name="jwk-private-topub">++++++</a>+++
==== Private JWK Public Conversion
Because private JWKs contain public key material, you can always obtain the private JWK's corresponding public JWK and
Java `PublicKey` or `KeyPair`. For example:
[,java]
----
RsaPrivateJwk privateJwk = Jwks.builder().key(rsaPrivateKey).build(); // or ecPrivateKey or edEcPrivateKey
// Get the matching public JWK and/or PublicKey:
RsaPublicJwk pubJwk = privateJwk.toPublicJwk(); // JWK instance
RSAPublicKey pubKey = pubJwk.toKey(); // Java PublicKey instance
KeyPair pair = privateJwk.toKeyPair(); // io.jsonwebtoken.security.KeyPair retains key types
java.security.KeyPair jdkPair = pair.toJavaKeyPair(); // does not retain pub/private key types
----
+++<a name="jwk-thumbprint">++++++</a>+++
=== JWK Thumbprints
A https://www.rfc-editor.org/rfc/rfc7638.html[JWK Thumbprint] is a digest (aka hash) of a canonical JSON
representation of a JWK's public properties. 'Canonical' in this case means that only RFC-specified values in any JWK
are used in an exact order thumbprint calculation. This ensures that anyone can calculate a JWK's same exact
thumbprint, regardless of c
gitextract_n34qeobt/
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ ├── config.yml
│ │ └── feature_request.md
│ ├── stale.yml
│ └── workflows/
│ └── ci.yml
├── .gitignore
├── .mvn/
│ └── wrapper/
│ └── maven-wrapper.properties
├── CHANGELOG.md
├── LICENSE
├── NOTICE.md
├── README.adoc
├── SECURITY.md
├── api/
│ ├── pom.xml
│ └── src/
│ ├── main/
│ │ └── java/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ ├── ClaimJwtException.java
│ │ ├── Claims.java
│ │ ├── ClaimsBuilder.java
│ │ ├── ClaimsMutator.java
│ │ ├── Clock.java
│ │ ├── CompressionCodec.java
│ │ ├── CompressionCodecResolver.java
│ │ ├── CompressionCodecs.java
│ │ ├── CompressionException.java
│ │ ├── ExpiredJwtException.java
│ │ ├── Header.java
│ │ ├── HeaderMutator.java
│ │ ├── Identifiable.java
│ │ ├── IncorrectClaimException.java
│ │ ├── InvalidClaimException.java
│ │ ├── Jwe.java
│ │ ├── JweHeader.java
│ │ ├── JweHeaderMutator.java
│ │ ├── Jws.java
│ │ ├── JwsHeader.java
│ │ ├── Jwt.java
│ │ ├── JwtBuilder.java
│ │ ├── JwtException.java
│ │ ├── JwtHandler.java
│ │ ├── JwtHandlerAdapter.java
│ │ ├── JwtParser.java
│ │ ├── JwtParserBuilder.java
│ │ ├── JwtVisitor.java
│ │ ├── Jwts.java
│ │ ├── Locator.java
│ │ ├── LocatorAdapter.java
│ │ ├── MalformedJwtException.java
│ │ ├── MissingClaimException.java
│ │ ├── PrematureJwtException.java
│ │ ├── ProtectedHeader.java
│ │ ├── ProtectedHeaderMutator.java
│ │ ├── ProtectedJwt.java
│ │ ├── RequiredTypeException.java
│ │ ├── SignatureAlgorithm.java
│ │ ├── SignatureException.java
│ │ ├── SigningKeyResolver.java
│ │ ├── SigningKeyResolverAdapter.java
│ │ ├── SupportedJwtVisitor.java
│ │ ├── UnsupportedJwtException.java
│ │ ├── io/
│ │ │ ├── AbstractDeserializer.java
│ │ │ ├── AbstractSerializer.java
│ │ │ ├── Base64.java
│ │ │ ├── Base64Decoder.java
│ │ │ ├── Base64Encoder.java
│ │ │ ├── Base64Support.java
│ │ │ ├── Base64UrlDecoder.java
│ │ │ ├── Base64UrlEncoder.java
│ │ │ ├── CodecException.java
│ │ │ ├── CompressionAlgorithm.java
│ │ │ ├── Decoder.java
│ │ │ ├── Decoders.java
│ │ │ ├── DecodingException.java
│ │ │ ├── DeserializationException.java
│ │ │ ├── Deserializer.java
│ │ │ ├── Encoder.java
│ │ │ ├── Encoders.java
│ │ │ ├── EncodingException.java
│ │ │ ├── ExceptionPropagatingDecoder.java
│ │ │ ├── ExceptionPropagatingEncoder.java
│ │ │ ├── IOException.java
│ │ │ ├── Parser.java
│ │ │ ├── ParserBuilder.java
│ │ │ ├── SerialException.java
│ │ │ ├── SerializationException.java
│ │ │ └── Serializer.java
│ │ ├── lang/
│ │ │ ├── Arrays.java
│ │ │ ├── Assert.java
│ │ │ ├── Builder.java
│ │ │ ├── Classes.java
│ │ │ ├── CollectionMutator.java
│ │ │ ├── Collections.java
│ │ │ ├── Conjunctor.java
│ │ │ ├── DateFormats.java
│ │ │ ├── InstantiationException.java
│ │ │ ├── MapMutator.java
│ │ │ ├── Maps.java
│ │ │ ├── NestedCollection.java
│ │ │ ├── Objects.java
│ │ │ ├── Registry.java
│ │ │ ├── RuntimeEnvironment.java
│ │ │ ├── Strings.java
│ │ │ ├── Supplier.java
│ │ │ └── UnknownClassException.java
│ │ └── security/
│ │ ├── AeadAlgorithm.java
│ │ ├── AeadRequest.java
│ │ ├── AeadResult.java
│ │ ├── AssociatedDataSupplier.java
│ │ ├── AsymmetricJwk.java
│ │ ├── AsymmetricJwkBuilder.java
│ │ ├── Curve.java
│ │ ├── DecryptAeadRequest.java
│ │ ├── DecryptionKeyRequest.java
│ │ ├── DigestAlgorithm.java
│ │ ├── DigestSupplier.java
│ │ ├── DynamicJwkBuilder.java
│ │ ├── EcPrivateJwk.java
│ │ ├── EcPrivateJwkBuilder.java
│ │ ├── EcPublicJwk.java
│ │ ├── EcPublicJwkBuilder.java
│ │ ├── HashAlgorithm.java
│ │ ├── InvalidKeyException.java
│ │ ├── IvSupplier.java
│ │ ├── Jwk.java
│ │ ├── JwkBuilder.java
│ │ ├── JwkParserBuilder.java
│ │ ├── JwkSet.java
│ │ ├── JwkSetBuilder.java
│ │ ├── JwkSetParserBuilder.java
│ │ ├── JwkThumbprint.java
│ │ ├── Jwks.java
│ │ ├── KeyAlgorithm.java
│ │ ├── KeyBuilder.java
│ │ ├── KeyBuilderSupplier.java
│ │ ├── KeyException.java
│ │ ├── KeyLengthSupplier.java
│ │ ├── KeyOperation.java
│ │ ├── KeyOperationBuilder.java
│ │ ├── KeyOperationPolicied.java
│ │ ├── KeyOperationPolicy.java
│ │ ├── KeyOperationPolicyBuilder.java
│ │ ├── KeyPair.java
│ │ ├── KeyPairBuilder.java
│ │ ├── KeyPairBuilderSupplier.java
│ │ ├── KeyRequest.java
│ │ ├── KeyResult.java
│ │ ├── KeySupplier.java
│ │ ├── Keys.java
│ │ ├── MacAlgorithm.java
│ │ ├── MalformedKeyException.java
│ │ ├── MalformedKeySetException.java
│ │ ├── Message.java
│ │ ├── OctetPrivateJwk.java
│ │ ├── OctetPrivateJwkBuilder.java
│ │ ├── OctetPublicJwk.java
│ │ ├── OctetPublicJwkBuilder.java
│ │ ├── Password.java
│ │ ├── PrivateJwk.java
│ │ ├── PrivateJwkBuilder.java
│ │ ├── PrivateKeyBuilder.java
│ │ ├── PublicJwk.java
│ │ ├── PublicJwkBuilder.java
│ │ ├── Request.java
│ │ ├── RsaPrivateJwk.java
│ │ ├── RsaPrivateJwkBuilder.java
│ │ ├── RsaPublicJwk.java
│ │ ├── RsaPublicJwkBuilder.java
│ │ ├── SecretJwk.java
│ │ ├── SecretJwkBuilder.java
│ │ ├── SecretKeyAlgorithm.java
│ │ ├── SecretKeyBuilder.java
│ │ ├── SecureDigestAlgorithm.java
│ │ ├── SecureRequest.java
│ │ ├── SecurityBuilder.java
│ │ ├── SecurityException.java
│ │ ├── SignatureAlgorithm.java
│ │ ├── SignatureException.java
│ │ ├── UnsupportedKeyException.java
│ │ ├── VerifyDigestRequest.java
│ │ ├── VerifySecureDigestRequest.java
│ │ ├── WeakKeyException.java
│ │ ├── X509Accessor.java
│ │ ├── X509Builder.java
│ │ └── X509Mutator.java
│ └── test/
│ └── groovy/
│ └── io/
│ └── jsonwebtoken/
│ ├── CompressionExceptionTest.groovy
│ ├── ExpiredJwtExceptionTest.groovy
│ ├── IncorrectClaimExceptionTest.groovy
│ ├── InvalidClaimExceptionTest.groovy
│ ├── JwtHandlerAdapterTest.groovy
│ ├── MalformedJwtExceptionTest.groovy
│ ├── MissingClaimExceptionTest.groovy
│ ├── PrematureJwtExceptionTest.groovy
│ ├── RequiredTypeExceptionTest.groovy
│ ├── SignatureExceptionTest.groovy
│ ├── SigningKeyResolverAdapterTest.groovy
│ ├── UnsupportedJwtExceptionTest.groovy
│ ├── io/
│ │ ├── AbstractDeserializerTest.groovy
│ │ ├── AbstractSerializerTest.groovy
│ │ ├── Base64DecoderTest.groovy
│ │ ├── Base64EncoderTest.groovy
│ │ ├── Base64Test.groovy
│ │ ├── CodecExceptionTest.groovy
│ │ ├── DecodersTest.groovy
│ │ ├── DecodingExceptionTest.groovy
│ │ ├── DeserializationExceptionTest.groovy
│ │ ├── EncodersTest.groovy
│ │ ├── EncodingExceptionTest.groovy
│ │ ├── ExceptionPropagatingDecoderTest.groovy
│ │ ├── ExceptionPropagatingEncoderTest.groovy
│ │ └── SerializationExceptionTest.groovy
│ ├── lang/
│ │ ├── ArraysTest.groovy
│ │ ├── CollectionsTest.groovy
│ │ ├── DateFormatsTest.groovy
│ │ ├── MapsTest.groovy
│ │ └── StringsTest.groovy
│ └── security/
│ ├── InvalidKeyExceptionTest.groovy
│ ├── MalformedKeyExceptionTest.groovy
│ ├── SignatureExceptionTest.groovy
│ └── UnsupportedKeyExceptionTest.groovy
├── bom/
│ └── pom.xml
├── extensions/
│ ├── gson/
│ │ ├── bnd.bnd
│ │ ├── pom.xml
│ │ └── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── io/
│ │ │ │ └── jsonwebtoken/
│ │ │ │ └── gson/
│ │ │ │ └── io/
│ │ │ │ ├── GsonDeserializer.java
│ │ │ │ ├── GsonSerializer.java
│ │ │ │ └── GsonSupplierSerializer.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── services/
│ │ │ ├── io.jsonwebtoken.io.Deserializer
│ │ │ └── io.jsonwebtoken.io.Serializer
│ │ └── test/
│ │ └── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ └── gson/
│ │ └── io/
│ │ ├── GsonDeserializerTest.groovy
│ │ └── GsonSerializerTest.groovy
│ ├── jackson/
│ │ ├── bnd.bnd
│ │ ├── pom.xml
│ │ └── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── io/
│ │ │ │ └── jsonwebtoken/
│ │ │ │ └── jackson/
│ │ │ │ └── io/
│ │ │ │ ├── JacksonDeserializer.java
│ │ │ │ ├── JacksonSerializer.java
│ │ │ │ └── JacksonSupplierSerializer.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── services/
│ │ │ ├── io.jsonwebtoken.io.Deserializer
│ │ │ └── io.jsonwebtoken.io.Serializer
│ │ └── test/
│ │ └── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ └── jackson/
│ │ └── io/
│ │ ├── JacksonDeserializerTest.groovy
│ │ ├── JacksonSerializerTest.groovy
│ │ ├── JacksonSupplierSerializerTest.groovy
│ │ ├── TestSupplier.groovy
│ │ └── stubs/
│ │ └── CustomBean.groovy
│ ├── orgjson/
│ │ ├── bnd.bnd
│ │ ├── pom.xml
│ │ └── src/
│ │ ├── main/
│ │ │ ├── java/
│ │ │ │ └── io/
│ │ │ │ └── jsonwebtoken/
│ │ │ │ └── orgjson/
│ │ │ │ └── io/
│ │ │ │ ├── OrgJsonDeserializer.java
│ │ │ │ └── OrgJsonSerializer.java
│ │ │ └── resources/
│ │ │ └── META-INF/
│ │ │ └── services/
│ │ │ ├── io.jsonwebtoken.io.Deserializer
│ │ │ └── io.jsonwebtoken.io.Serializer
│ │ └── test/
│ │ └── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ └── orgjson/
│ │ └── io/
│ │ ├── AndroidOrgJsonSerializerTest.groovy
│ │ ├── OrgJsonDeserializerTest.groovy
│ │ └── OrgJsonSerializerTest.groovy
│ └── pom.xml
├── impl/
│ ├── bnd.bnd
│ ├── pom.xml
│ └── src/
│ ├── main/
│ │ ├── java/
│ │ │ └── io/
│ │ │ └── jsonwebtoken/
│ │ │ └── impl/
│ │ │ ├── AbstractAudienceCollection.java
│ │ │ ├── AbstractTextCodec.java
│ │ │ ├── AbstractX509Context.java
│ │ │ ├── AndroidBase64Codec.java
│ │ │ ├── Base64Codec.java
│ │ │ ├── Base64UrlCodec.java
│ │ │ ├── CompressionCodecLocator.java
│ │ │ ├── DefaultClaims.java
│ │ │ ├── DefaultClaimsBuilder.java
│ │ │ ├── DefaultClock.java
│ │ │ ├── DefaultHeader.java
│ │ │ ├── DefaultJwe.java
│ │ │ ├── DefaultJweHeader.java
│ │ │ ├── DefaultJweHeaderBuilder.java
│ │ │ ├── DefaultJweHeaderMutator.java
│ │ │ ├── DefaultJws.java
│ │ │ ├── DefaultJwsHeader.java
│ │ │ ├── DefaultJwt.java
│ │ │ ├── DefaultJwtBuilder.java
│ │ │ ├── DefaultJwtHeaderBuilder.java
│ │ │ ├── DefaultJwtParser.java
│ │ │ ├── DefaultJwtParserBuilder.java
│ │ │ ├── DefaultMutableJweHeader.java
│ │ │ ├── DefaultProtectedHeader.java
│ │ │ ├── DefaultProtectedJwt.java
│ │ │ ├── DefaultTokenizedJwe.java
│ │ │ ├── DefaultTokenizedJwt.java
│ │ │ ├── DelegateAudienceCollection.java
│ │ │ ├── DelegatingClaimsMutator.java
│ │ │ ├── FixedClock.java
│ │ │ ├── IdLocator.java
│ │ │ ├── JwtTokenizer.java
│ │ │ ├── ParameterMap.java
│ │ │ ├── Payload.java
│ │ │ ├── TextCodec.java
│ │ │ ├── TokenizedJwe.java
│ │ │ ├── TokenizedJwt.java
│ │ │ ├── X509Context.java
│ │ │ ├── compression/
│ │ │ │ ├── AbstractCompressionAlgorithm.java
│ │ │ │ ├── DeflateCompressionAlgorithm.java
│ │ │ │ └── GzipCompressionAlgorithm.java
│ │ │ ├── io/
│ │ │ │ ├── AbstractParser.java
│ │ │ │ ├── AbstractParserBuilder.java
│ │ │ │ ├── Base64Codec.java
│ │ │ │ ├── Base64InputStream.java
│ │ │ │ ├── Base64OutputStream.java
│ │ │ │ ├── Base64UrlStreamEncoder.java
│ │ │ │ ├── BaseNCodec.java
│ │ │ │ ├── BaseNCodecInputStream.java
│ │ │ │ ├── BaseNCodecOutputStream.java
│ │ │ │ ├── ByteBase64UrlStreamEncoder.java
│ │ │ │ ├── BytesInputStream.java
│ │ │ │ ├── CharSequenceReader.java
│ │ │ │ ├── ClosedInputStream.java
│ │ │ │ ├── Codec.java
│ │ │ │ ├── CodecPolicy.java
│ │ │ │ ├── ConvertingParser.java
│ │ │ │ ├── CountingInputStream.java
│ │ │ │ ├── DecodingInputStream.java
│ │ │ │ ├── DelegateStringDecoder.java
│ │ │ │ ├── EncodingOutputStream.java
│ │ │ │ ├── FilteredInputStream.java
│ │ │ │ ├── FilteredOutputStream.java
│ │ │ │ ├── JsonObjectDeserializer.java
│ │ │ │ ├── NamedSerializer.java
│ │ │ │ ├── StandardCompressionAlgorithms.java
│ │ │ │ ├── Streams.java
│ │ │ │ ├── TeeOutputStream.java
│ │ │ │ └── UncloseableInputStream.java
│ │ │ ├── lang/
│ │ │ │ ├── BiConsumer.java
│ │ │ │ ├── BigIntegerUBytesConverter.java
│ │ │ │ ├── Bytes.java
│ │ │ │ ├── CheckedFunction.java
│ │ │ │ ├── CheckedSupplier.java
│ │ │ │ ├── CollectionConverter.java
│ │ │ │ ├── CompactMediaTypeIdConverter.java
│ │ │ │ ├── CompoundConverter.java
│ │ │ │ ├── ConstantFunction.java
│ │ │ │ ├── Converter.java
│ │ │ │ ├── Converters.java
│ │ │ │ ├── DefaultCollectionMutator.java
│ │ │ │ ├── DefaultNestedCollection.java
│ │ │ │ ├── DefaultParameter.java
│ │ │ │ ├── DefaultParameterBuilder.java
│ │ │ │ ├── DefaultRegistry.java
│ │ │ │ ├── DelegatingCheckedFunction.java
│ │ │ │ ├── DelegatingMap.java
│ │ │ │ ├── DelegatingMapMutator.java
│ │ │ │ ├── EncodedObjectConverter.java
│ │ │ │ ├── FormattedStringFunction.java
│ │ │ │ ├── FormattedStringSupplier.java
│ │ │ │ ├── Function.java
│ │ │ │ ├── Functions.java
│ │ │ │ ├── IdRegistry.java
│ │ │ │ ├── JwtDateConverter.java
│ │ │ │ ├── LocatorFunction.java
│ │ │ │ ├── Nameable.java
│ │ │ │ ├── NestedIdentifiableCollection.java
│ │ │ │ ├── NullSafeConverter.java
│ │ │ │ ├── OptionalMethodInvoker.java
│ │ │ │ ├── Parameter.java
│ │ │ │ ├── ParameterBuilder.java
│ │ │ │ ├── ParameterReadable.java
│ │ │ │ ├── Parameters.java
│ │ │ │ ├── PositiveIntegerConverter.java
│ │ │ │ ├── PropagatingExceptionFunction.java
│ │ │ │ ├── RedactedSupplier.java
│ │ │ │ ├── RedactedValueConverter.java
│ │ │ │ ├── ReflectionFunction.java
│ │ │ │ ├── RequiredBitLengthConverter.java
│ │ │ │ ├── RequiredParameterReader.java
│ │ │ │ ├── RequiredTypeConverter.java
│ │ │ │ ├── Services.java
│ │ │ │ ├── StringRegistry.java
│ │ │ │ ├── UnavailableImplementationException.java
│ │ │ │ └── UriStringConverter.java
│ │ │ └── security/
│ │ │ ├── AbstractAsymmetricJwk.java
│ │ │ ├── AbstractAsymmetricJwkBuilder.java
│ │ │ ├── AbstractCurve.java
│ │ │ ├── AbstractEcJwkFactory.java
│ │ │ ├── AbstractFamilyJwkFactory.java
│ │ │ ├── AbstractJwk.java
│ │ │ ├── AbstractJwkBuilder.java
│ │ │ ├── AbstractJwkParserBuilder.java
│ │ │ ├── AbstractPrivateJwk.java
│ │ │ ├── AbstractPublicJwk.java
│ │ │ ├── AbstractSecureDigestAlgorithm.java
│ │ │ ├── AbstractSecurityBuilder.java
│ │ │ ├── AbstractSignatureAlgorithm.java
│ │ │ ├── AesAlgorithm.java
│ │ │ ├── AesGcmKeyAlgorithm.java
│ │ │ ├── AesWrapKeyAlgorithm.java
│ │ │ ├── AsymmetricJwkFactory.java
│ │ │ ├── ConcatKDF.java
│ │ │ ├── ConstantKeyLocator.java
│ │ │ ├── CryptoAlgorithm.java
│ │ │ ├── DefaultAeadRequest.java
│ │ │ ├── DefaultAeadResult.java
│ │ │ ├── DefaultDecryptAeadRequest.java
│ │ │ ├── DefaultDecryptionKeyRequest.java
│ │ │ ├── DefaultDynamicJwkBuilder.java
│ │ │ ├── DefaultEcPrivateJwk.java
│ │ │ ├── DefaultEcPublicJwk.java
│ │ │ ├── DefaultHashAlgorithm.java
│ │ │ ├── DefaultJwkContext.java
│ │ │ ├── DefaultJwkParserBuilder.java
│ │ │ ├── DefaultJwkSet.java
│ │ │ ├── DefaultJwkSetBuilder.java
│ │ │ ├── DefaultJwkSetParserBuilder.java
│ │ │ ├── DefaultJwkThumbprint.java
│ │ │ ├── DefaultKeyOperation.java
│ │ │ ├── DefaultKeyOperationBuilder.java
│ │ │ ├── DefaultKeyOperationPolicy.java
│ │ │ ├── DefaultKeyOperationPolicyBuilder.java
│ │ │ ├── DefaultKeyPair.java
│ │ │ ├── DefaultKeyPairBuilder.java
│ │ │ ├── DefaultKeyRequest.java
│ │ │ ├── DefaultKeyResult.java
│ │ │ ├── DefaultKeyUseStrategy.java
│ │ │ ├── DefaultMacAlgorithm.java
│ │ │ ├── DefaultMessage.java
│ │ │ ├── DefaultOctetPrivateJwk.java
│ │ │ ├── DefaultOctetPublicJwk.java
│ │ │ ├── DefaultRequest.java
│ │ │ ├── DefaultRsaKeyAlgorithm.java
│ │ │ ├── DefaultRsaPrivateJwk.java
│ │ │ ├── DefaultRsaPublicJwk.java
│ │ │ ├── DefaultSecretJwk.java
│ │ │ ├── DefaultSecretKeyBuilder.java
│ │ │ ├── DefaultSecureRequest.java
│ │ │ ├── DefaultVerifyDigestRequest.java
│ │ │ ├── DefaultVerifySecureDigestRequest.java
│ │ │ ├── DirectKeyAlgorithm.java
│ │ │ ├── DispatchingJwkFactory.java
│ │ │ ├── ECCurve.java
│ │ │ ├── EcPrivateJwkFactory.java
│ │ │ ├── EcPublicJwkFactory.java
│ │ │ ├── EcSignatureAlgorithm.java
│ │ │ ├── EcdhKeyAlgorithm.java
│ │ │ ├── EdSignatureAlgorithm.java
│ │ │ ├── EdwardsCurve.java
│ │ │ ├── EdwardsPublicKeyDeriver.java
│ │ │ ├── FamilyJwkFactory.java
│ │ │ ├── FieldElementConverter.java
│ │ │ ├── GcmAesAeadAlgorithm.java
│ │ │ ├── HmacAesAeadAlgorithm.java
│ │ │ ├── JcaTemplate.java
│ │ │ ├── JwkBuilderSupplier.java
│ │ │ ├── JwkContext.java
│ │ │ ├── JwkConverter.java
│ │ │ ├── JwkDeserializer.java
│ │ │ ├── JwkFactory.java
│ │ │ ├── JwkSetConverter.java
│ │ │ ├── JwkSetDeserializer.java
│ │ │ ├── JwksBridge.java
│ │ │ ├── JwtX509StringConverter.java
│ │ │ ├── KeyOperationConverter.java
│ │ │ ├── KeyPairs.java
│ │ │ ├── KeyUsage.java
│ │ │ ├── KeyUseStrategy.java
│ │ │ ├── KeysBridge.java
│ │ │ ├── LocatingKeyResolver.java
│ │ │ ├── NamedParameterSpecValueFinder.java
│ │ │ ├── NoneSignatureAlgorithm.java
│ │ │ ├── OctetJwkFactory.java
│ │ │ ├── OctetPrivateJwkFactory.java
│ │ │ ├── OctetPublicJwkFactory.java
│ │ │ ├── PasswordSpec.java
│ │ │ ├── Pbes2HsAkwAlgorithm.java
│ │ │ ├── PrivateECKey.java
│ │ │ ├── ProvidedKeyBuilder.java
│ │ │ ├── ProvidedPrivateKeyBuilder.java
│ │ │ ├── ProvidedSecretKeyBuilder.java
│ │ │ ├── ProviderKey.java
│ │ │ ├── ProviderPrivateKey.java
│ │ │ ├── ProviderSecretKey.java
│ │ │ ├── Providers.java
│ │ │ ├── RSAOtherPrimeInfoConverter.java
│ │ │ ├── RandomSecretKeyBuilder.java
│ │ │ ├── Randoms.java
│ │ │ ├── RsaPrivateJwkFactory.java
│ │ │ ├── RsaPublicJwkFactory.java
│ │ │ ├── RsaSignatureAlgorithm.java
│ │ │ ├── SecretJwkFactory.java
│ │ │ ├── StandardCurves.java
│ │ │ ├── StandardEncryptionAlgorithms.java
│ │ │ ├── StandardHashAlgorithms.java
│ │ │ ├── StandardKeyAlgorithms.java
│ │ │ ├── StandardKeyOperations.java
│ │ │ ├── StandardSecureDigestAlgorithms.java
│ │ │ └── X509BuilderSupport.java
│ │ └── resources/
│ │ └── META-INF/
│ │ └── services/
│ │ └── io.jsonwebtoken.CompressionCodec
│ └── test/
│ ├── groovy/
│ │ └── io/
│ │ └── jsonwebtoken/
│ │ ├── CompressionCodecsTest.groovy
│ │ ├── CustomObjectDeserializationTest.groovy
│ │ ├── DateTestUtils.groovy
│ │ ├── JwtParserTest.groovy
│ │ ├── JwtsTest.groovy
│ │ ├── LocatorAdapterTest.groovy
│ │ ├── RFC7515AppendixETest.groovy
│ │ ├── RFC7797Test.groovy
│ │ ├── RsaSigningKeyResolverAdapterTest.groovy
│ │ ├── SignatureAlgorithmTest.groovy
│ │ ├── StubService.groovy
│ │ ├── impl/
│ │ │ ├── AbstractProtectedHeaderTest.groovy
│ │ │ ├── AndroidBase64CodecTest.groovy
│ │ │ ├── Base64CodecTest.groovy
│ │ │ ├── Base64UrlCodecTest.groovy
│ │ │ ├── DefaultClaimsBuilderTest.groovy
│ │ │ ├── DefaultClaimsTest.groovy
│ │ │ ├── DefaultHeaderTest.groovy
│ │ │ ├── DefaultJweHeaderTest.groovy
│ │ │ ├── DefaultJweTest.groovy
│ │ │ ├── DefaultJwsHeaderTest.groovy
│ │ │ ├── DefaultJwsTest.groovy
│ │ │ ├── DefaultJwtBuilderTest.groovy
│ │ │ ├── DefaultJwtHeaderBuilderTest.groovy
│ │ │ ├── DefaultJwtParserBuilderTest.groovy
│ │ │ ├── DefaultJwtParserTest.groovy
│ │ │ ├── DefaultJwtTest.groovy
│ │ │ ├── DefaultMutableJweHeaderTest.groovy
│ │ │ ├── DefaultStubService.groovy
│ │ │ ├── DelegateAudienceCollectionTest.groovy
│ │ │ ├── FixedClockTest.groovy
│ │ │ ├── IdLocatorTest.groovy
│ │ │ ├── JwtTokenizerTest.groovy
│ │ │ ├── ParameterMapTest.groovy
│ │ │ ├── RfcTests.groovy
│ │ │ ├── compression/
│ │ │ │ ├── AbstractCompressionAlgorithmTest.groovy
│ │ │ │ ├── DeflateCompressionCodecTest.groovy
│ │ │ │ └── YagCompressionCodec.groovy
│ │ │ ├── io/
│ │ │ │ ├── ClosedInputStreamTest.groovy
│ │ │ │ ├── CodecTest.groovy
│ │ │ │ ├── CountingInputStreamTest.groovy
│ │ │ │ ├── DecodingInputStreamTest.groovy
│ │ │ │ ├── DelegateStringDecoderTest.groovy
│ │ │ │ ├── EncodingOutputStreamTest.groovy
│ │ │ │ ├── JsonObjectDeserializerTest.groovy
│ │ │ │ ├── StreamsTest.groovy
│ │ │ │ ├── TeeOutputStreamTest.groovy
│ │ │ │ └── TestSerializer.groovy
│ │ │ ├── lang/
│ │ │ │ ├── BigIntegerUBytesConverterTest.groovy
│ │ │ │ ├── BytesTest.groovy
│ │ │ │ ├── CollectionConverterTest.groovy
│ │ │ │ ├── CompactMediaTypeIdConverterTest.groovy
│ │ │ │ ├── ConvertersTest.groovy
│ │ │ │ ├── DefaultCollectionMutatorTest.groovy
│ │ │ │ ├── DefaultRegistryTest.groovy
│ │ │ │ ├── DelegatingMapTest.groovy
│ │ │ │ ├── EncodedObjectConverterTest.groovy
│ │ │ │ ├── FunctionsTest.groovy
│ │ │ │ ├── JwtDateConverterTest.groovy
│ │ │ │ ├── LocatorFunctionTest.groovy
│ │ │ │ ├── NestedIdentifiableCollectionTest.groovy
│ │ │ │ ├── NullSafeConverterTest.groovy
│ │ │ │ ├── OptionalMethodInvokerTest.groovy
│ │ │ │ ├── ParametersTest.groovy
│ │ │ │ ├── PropagatingExceptionFunctionTest.groovy
│ │ │ │ ├── RedactedSupplierTest.groovy
│ │ │ │ ├── RedactedValueConverterTest.groovy
│ │ │ │ ├── RequiredTypeConverterTest.groovy
│ │ │ │ ├── ServicesTest.groovy
│ │ │ │ ├── StringRegistryTest.groovy
│ │ │ │ ├── TestParameterReadable.groovy
│ │ │ │ └── UriStringConverterTest.groovy
│ │ │ └── security/
│ │ │ ├── AbstractAsymmetricJwkBuilderTest.groovy
│ │ │ ├── AbstractCurveTest.groovy
│ │ │ ├── AbstractEcJwkFactoryTest.groovy
│ │ │ ├── AbstractFamilyJwkFactoryTest.groovy
│ │ │ ├── AbstractJwkBuilderTest.groovy
│ │ │ ├── AbstractJwkTest.groovy
│ │ │ ├── AbstractSecureDigestAlgorithmTest.groovy
│ │ │ ├── AesAlgorithmTest.groovy
│ │ │ ├── AesGcmKeyAlgorithmTest.groovy
│ │ │ ├── ConcatKDFTest.groovy
│ │ │ ├── ConstantKeyLocatorTest.groovy
│ │ │ ├── CryptoAlgorithmTest.groovy
│ │ │ ├── DefaultHashAlgorithmTest.groovy
│ │ │ ├── DefaultJwkContextTest.groovy
│ │ │ ├── DefaultJwkParserBuilderTest.groovy
│ │ │ ├── DefaultJwkSetBuilderTest.groovy
│ │ │ ├── DefaultJwkSetParserBuilderTest.groovy
│ │ │ ├── DefaultJwkSetTest.groovy
│ │ │ ├── DefaultJwkThumbprintTest.groovy
│ │ │ ├── DefaultKeyOperationBuilderTest.groovy
│ │ │ ├── DefaultKeyOperationPolicyBuilderTest.groovy
│ │ │ ├── DefaultKeyOperationTest.groovy
│ │ │ ├── DefaultKeyPairBuilderTest.groovy
│ │ │ ├── DefaultKeyUseStrategyTest.groovy
│ │ │ ├── DefaultMacAlgorithmTest.groovy
│ │ │ ├── DefaultMessageTest.groovy
│ │ │ ├── DefaultRsaKeyAlgorithmTest.groovy
│ │ │ ├── DefaultRsaPrivateJwkTest.groovy
│ │ │ ├── DefaultSecretKeyBuilderTest.groovy
│ │ │ ├── DirectKeyAlgorithmTest.groovy
│ │ │ ├── DispatchingJwkFactoryTest.groovy
│ │ │ ├── ECCurveTest.groovy
│ │ │ ├── EcPrivateJwkFactoryTest.groovy
│ │ │ ├── EcPublicJwkFactoryTest.groovy
│ │ │ ├── EcSignatureAlgorithmTest.groovy
│ │ │ ├── EcdhKeyAlgorithmTest.groovy
│ │ │ ├── EdSignatureAlgorithmTest.groovy
│ │ │ ├── EdwardsCurveTest.groovy
│ │ │ ├── EdwardsPublicKeyDeriverTest.groovy
│ │ │ ├── FieldElementConverterTest.groovy
│ │ │ ├── GcmAesAeadAlgorithmTest.groovy
│ │ │ ├── HashAlgorithmsTest.groovy
│ │ │ ├── HmacAesAeadAlgorithmTest.groovy
│ │ │ ├── JcaTemplateTest.groovy
│ │ │ ├── JwkConverterTest.groovy
│ │ │ ├── JwkSerializationTest.groovy
│ │ │ ├── JwkSetConverterTest.groovy
│ │ │ ├── JwkThumbprintsTest.groovy
│ │ │ ├── JwksTest.groovy
│ │ │ ├── JwtX509StringConverterTest.groovy
│ │ │ ├── KeyOperationConverterTest.groovy
│ │ │ ├── KeyPairsTest.groovy
│ │ │ ├── KeyUsageTest.groovy
│ │ │ ├── KeysBridgeTest.groovy
│ │ │ ├── LocatingKeyResolverTest.groovy
│ │ │ ├── NoneSignatureAlgorithmTest.groovy
│ │ │ ├── OctetJwksTest.groovy
│ │ │ ├── PasswordSpecTest.groovy
│ │ │ ├── Pbes2HsAkwAlgorithmTest.groovy
│ │ │ ├── Pkcs11Test.groovy
│ │ │ ├── PrivateConstructorsTest.groovy
│ │ │ ├── PrivateECKeyTest.groovy
│ │ │ ├── ProvidedKeyBuilderTest.groovy
│ │ │ ├── ProvidedSecretKeyBuilderTest.groovy
│ │ │ ├── ProviderKeyTest.groovy
│ │ │ ├── ProvidersTest.groovy
│ │ │ ├── ProvidersWithoutBCTest.groovy
│ │ │ ├── RFC7516AppendixA1Test.groovy
│ │ │ ├── RFC7516AppendixA2Test.groovy
│ │ │ ├── RFC7516AppendixA3Test.groovy
│ │ │ ├── RFC7517AppendixA1Test.groovy
│ │ │ ├── RFC7517AppendixA2Test.groovy
│ │ │ ├── RFC7517AppendixA3Test.groovy
│ │ │ ├── RFC7517AppendixBTest.groovy
│ │ │ ├── RFC7517AppendixCTest.groovy
│ │ │ ├── RFC7518AppendixB1Test.groovy
│ │ │ ├── RFC7518AppendixB2Test.groovy
│ │ │ ├── RFC7518AppendixB3Test.groovy
│ │ │ ├── RFC7518AppendixCTest.groovy
│ │ │ ├── RFC7520Section3Test.groovy
│ │ │ ├── RFC7520Section4Test.groovy
│ │ │ ├── RFC7520Section5Test.groovy
│ │ │ ├── RFC7638Section3Dot1Test.groovy
│ │ │ ├── RFC8037AppendixATest.groovy
│ │ │ ├── RSAOtherPrimeInfoConverterTest.groovy
│ │ │ ├── RandomsTest.groovy
│ │ │ ├── RsaPrivateJwkFactoryTest.groovy
│ │ │ ├── RsaSignatureAlgorithmTest.groovy
│ │ │ ├── SecretJwkFactoryTest.groovy
│ │ │ ├── StandardCurvesTest.groovy
│ │ │ ├── StandardSecureDigestAlgorithmsTest.groovy
│ │ │ ├── TestAeadAlgorithm.groovy
│ │ │ ├── TestCertificates.groovy
│ │ │ ├── TestECField.groovy
│ │ │ ├── TestECKey.groovy
│ │ │ ├── TestECPrivateKey.groovy
│ │ │ ├── TestECPublicKey.groovy
│ │ │ ├── TestKey.groovy
│ │ │ ├── TestKeyAlgorithm.groovy
│ │ │ ├── TestKeys.groovy
│ │ │ ├── TestMacAlgorithm.groovy
│ │ │ ├── TestPrivateKey.groovy
│ │ │ ├── TestProvider.groovy
│ │ │ ├── TestPublicKey.groovy
│ │ │ ├── TestRSAKey.groovy
│ │ │ ├── TestRSAMultiPrimePrivateCrtKey.groovy
│ │ │ ├── TestRSAPrivateKey.groovy
│ │ │ ├── TestSecretKey.groovy
│ │ │ └── TestX509Certificate.groovy
│ │ ├── issues/
│ │ │ ├── Issue365Test.groovy
│ │ │ ├── Issue438Test.groovy
│ │ │ └── Issue858Test.groovy
│ │ └── security/
│ │ ├── EncryptionAlgorithmsTest.groovy
│ │ ├── JwksCRVTest.groovy
│ │ ├── JwksOPTest.groovy
│ │ ├── KeyAlgorithmsTest.groovy
│ │ ├── KeysImplTest.groovy
│ │ ├── KeysTest.groovy
│ │ └── StandardAlgorithmsTest.groovy
│ ├── resources/
│ │ ├── META-INF/
│ │ │ └── services/
│ │ │ └── io.jsonwebtoken.StubService
│ │ ├── io/
│ │ │ └── jsonwebtoken/
│ │ │ └── impl/
│ │ │ └── security/
│ │ │ ├── ES256.crt.pem
│ │ │ ├── ES256.pkcs8.pem
│ │ │ ├── ES256.pub.pem
│ │ │ ├── ES384.crt.pem
│ │ │ ├── ES384.pkcs8.pem
│ │ │ ├── ES384.pub.pem
│ │ │ ├── ES512.crt.pem
│ │ │ ├── ES512.pkcs8.pem
│ │ │ ├── ES512.pub.pem
│ │ │ ├── Ed25519.crt.pem
│ │ │ ├── Ed25519.pkcs8.pem
│ │ │ ├── Ed25519.pub.pem
│ │ │ ├── Ed448.crt.pem
│ │ │ ├── Ed448.pkcs8.pem
│ │ │ ├── Ed448.pub.pem
│ │ │ ├── PS256.crt.pem
│ │ │ ├── PS256.pkcs8.pem
│ │ │ ├── PS256.pub.pem
│ │ │ ├── PS384.crt.pem
│ │ │ ├── PS384.pkcs8.pem
│ │ │ ├── PS384.pub.pem
│ │ │ ├── PS512.crt.pem
│ │ │ ├── PS512.pkcs8.pem
│ │ │ ├── PS512.pub.pem
│ │ │ ├── README.md
│ │ │ ├── RS256.crt.pem
│ │ │ ├── RS256.pkcs8.pem
│ │ │ ├── RS256.pub.pem
│ │ │ ├── RS384.crt.pem
│ │ │ ├── RS384.pkcs8.pem
│ │ │ ├── RS384.pub.pem
│ │ │ ├── RS512.crt.pem
│ │ │ ├── RS512.pkcs8.pem
│ │ │ ├── RS512.pub.pem
│ │ │ ├── X25519.crt.pem
│ │ │ ├── X25519.pkcs8.pem
│ │ │ ├── X25519.pub.pem
│ │ │ ├── X448.crt.pem
│ │ │ ├── X448.pkcs8.pem
│ │ │ ├── X448.pub.pem
│ │ │ └── genkeys
│ │ ├── io.jsonwebtoken.io.Deserializer.test.gson
│ │ ├── io.jsonwebtoken.io.Deserializer.test.orgjson
│ │ ├── io.jsonwebtoken.io.Serializer.test.gson
│ │ ├── io.jsonwebtoken.io.Serializer.test.orgjson
│ │ └── io.jsonwebtoken.io.compression.CompressionCodec.test.override
│ └── scripts/
│ └── softhsm
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src/
│ └── license/
│ └── header.txt
└── tdjar/
├── pom.xml
└── src/
└── test/
├── groovy/
│ └── io/
│ └── jsonwebtoken/
│ └── all/
│ └── BasicTest.groovy
└── java/
└── io/
└── jsonwebtoken/
└── all/
└── JavaReadmeTest.java
Showing preview only (243K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (2804 symbols across 408 files)
FILE: api/src/main/java/io/jsonwebtoken/ClaimJwtException.java
class ClaimJwtException (line 23) | public abstract class ClaimJwtException extends JwtException {
method ClaimJwtException (line 60) | protected ClaimJwtException(Header header, Claims claims, String messa...
method ClaimJwtException (line 75) | protected ClaimJwtException(Header header, Claims claims, String messa...
method getClaims (line 86) | public Claims getClaims() {
method getHeader (line 95) | public Header getHeader() {
FILE: api/src/main/java/io/jsonwebtoken/Claims.java
type Claims (line 40) | public interface Claims extends Map<String, Object>, Identifiable {
method getIssuer (line 83) | String getIssuer();
method getSubject (line 91) | String getSubject();
method getAudience (line 99) | Set<String> getAudience();
method getExpiration (line 109) | Date getExpiration();
method getNotBefore (line 119) | Date getNotBefore();
method getIssuedAt (line 129) | Date getIssuedAt();
method getId (line 142) | @Override
method get (line 165) | <T> T get(String claimName, Class<T> requiredType);
FILE: api/src/main/java/io/jsonwebtoken/ClaimsBuilder.java
type ClaimsBuilder (line 28) | public interface ClaimsBuilder extends MapMutator<String, Object, Claims...
FILE: api/src/main/java/io/jsonwebtoken/ClaimsMutator.java
type ClaimsMutator (line 31) | public interface ClaimsMutator<T extends ClaimsMutator<T>> {
method setIssuer (line 42) | @Deprecated
method issuer (line 53) | T issuer(String iss);
method setSubject (line 64) | @Deprecated
method subject (line 75) | T subject(String sub);
method setAudience (line 91) | @Deprecated
method audience (line 115) | AudienceCollection<T> audience();
method setExpiration (line 129) | @Deprecated
method expiration (line 143) | T expiration(Date exp);
method setNotBefore (line 157) | @Deprecated
method notBefore (line 171) | T notBefore(Date nbf);
method setIssuedAt (line 185) | @Deprecated
method issuedAt (line 199) | T issuedAt(Date iat);
method setId (line 214) | @Deprecated
method id (line 229) | T id(String jti);
type AudienceCollection (line 249) | interface AudienceCollection<P> extends NestedCollection<String, P> {
method single (line 267) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/Clock.java
type Clock (line 25) | public interface Clock {
method now (line 32) | Date now();
FILE: api/src/main/java/io/jsonwebtoken/CompressionCodec.java
type CompressionCodec (line 34) | @Deprecated
method getAlgorithmName (line 46) | @SuppressWarnings("DeprecatedIsStillUsed")
method compress (line 57) | @Deprecated
method decompress (line 68) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/CompressionCodecResolver.java
type CompressionCodecResolver (line 36) | @SuppressWarnings("DeprecatedIsStillUsed")
method resolveCompressionCodec (line 48) | CompressionCodec resolveCompressionCodec(Header header) throws Compres...
FILE: api/src/main/java/io/jsonwebtoken/CompressionCodecs.java
class CompressionCodecs (line 26) | @Deprecated //TODO: delete for 1.0
method CompressionCodecs (line 29) | private CompressionCodecs() {
FILE: api/src/main/java/io/jsonwebtoken/CompressionException.java
class CompressionException (line 25) | public class CompressionException extends IOException {
method CompressionException (line 32) | public CompressionException(String message) {
method CompressionException (line 42) | public CompressionException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/ExpiredJwtException.java
class ExpiredJwtException (line 23) | public class ExpiredJwtException extends ClaimJwtException {
method ExpiredJwtException (line 32) | public ExpiredJwtException(Header header, Claims claims, String messag...
method ExpiredJwtException (line 45) | public ExpiredJwtException(Header header, Claims claims, String messag...
FILE: api/src/main/java/io/jsonwebtoken/Header.java
type Header (line 45) | public interface Header extends Map<String, Object> {
method getType (line 100) | String getType();
method getContentType (line 125) | String getContentType();
method getAlgorithm (line 148) | String getAlgorithm();
method getCompressionAlgorithm (line 165) | String getCompressionAlgorithm();
FILE: api/src/main/java/io/jsonwebtoken/HeaderMutator.java
type HeaderMutator (line 26) | public interface HeaderMutator<T extends HeaderMutator<T>> extends MapMu...
method type (line 62) | T type(String typ);
method contentType (line 95) | T contentType(String cty);
method setType (line 106) | @Deprecated
method setContentType (line 117) | @Deprecated
method setCompressionAlgorithm (line 129) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/Identifiable.java
type Identifiable (line 84) | public interface Identifiable {
method getId (line 91) | String getId();
FILE: api/src/main/java/io/jsonwebtoken/IncorrectClaimException.java
class IncorrectClaimException (line 24) | public class IncorrectClaimException extends InvalidClaimException {
method IncorrectClaimException (line 35) | public IncorrectClaimException(Header header, Claims claims, String cl...
method IncorrectClaimException (line 49) | public IncorrectClaimException(Header header, Claims claims, String cl...
FILE: api/src/main/java/io/jsonwebtoken/InvalidClaimException.java
class InvalidClaimException (line 26) | public class InvalidClaimException extends ClaimJwtException {
method InvalidClaimException (line 47) | protected InvalidClaimException(Header header, Claims claims, String c...
method InvalidClaimException (line 63) | protected InvalidClaimException(Header header, Claims claims, String c...
method getClaimName (line 74) | public String getClaimName() {
method getClaimValue (line 83) | public Object getClaimValue() {
FILE: api/src/main/java/io/jsonwebtoken/Jwe.java
type Jwe (line 25) | public interface Jwe<B> extends ProtectedJwt<JweHeader, B> {
method onDecryptedContent (line 37) | @Override
method onDecryptedClaims (line 53) | @Override
method getInitializationVector (line 64) | byte[] getInitializationVector();
FILE: api/src/main/java/io/jsonwebtoken/JweHeader.java
type JweHeader (line 30) | public interface JweHeader extends ProtectedHeader {
method getEncryptionAlgorithm (line 52) | String getEncryptionAlgorithm();
method getEphemeralPublicKey (line 74) | PublicJwk<?> getEphemeralPublicKey();
method getAgreementPartyUInfo (line 88) | byte[] getAgreementPartyUInfo();
method getAgreementPartyVInfo (line 102) | byte[] getAgreementPartyVInfo();
method getInitializationVector (line 120) | byte[] getInitializationVector();
method getAuthenticationTag (line 137) | byte[] getAuthenticationTag();
method getPbes2Count (line 150) | Integer getPbes2Count();
method getPbes2Salt (line 169) | byte[] getPbes2Salt();
FILE: api/src/main/java/io/jsonwebtoken/JweHeaderMutator.java
type JweHeaderMutator (line 26) | public interface JweHeaderMutator<T extends JweHeaderMutator<T>> extends...
method agreementPartyUInfo (line 40) | T agreementPartyUInfo(byte[] info);
method agreementPartyUInfo (line 58) | T agreementPartyUInfo(String info);
method agreementPartyVInfo (line 72) | T agreementPartyVInfo(byte[] info);
method agreementPartyVInfo (line 90) | T agreementPartyVInfo(String info);
method pbes2Count (line 115) | T pbes2Count(int count);
FILE: api/src/main/java/io/jsonwebtoken/Jws.java
type Jws (line 24) | public interface Jws<P> extends ProtectedJwt<JwsHeader, P> {
method onVerifiedContent (line 36) | @Override
method onVerifiedClaims (line 52) | @Override
method getSignature (line 64) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/JwsHeader.java
type JwsHeader (line 23) | public interface JwsHeader extends ProtectedHeader {
method isPayloadEncoded (line 106) | boolean isPayloadEncoded();
FILE: api/src/main/java/io/jsonwebtoken/Jwt.java
type Jwt (line 25) | public interface Jwt<H extends Header, P> {
method onUnsecuredContent (line 36) | @Override
method onUnsecuredClaims (line 51) | @Override
method getHeader (line 62) | H getHeader();
method getBody (line 73) | @SuppressWarnings("DeprecatedIsStillUsed")
method getPayload (line 86) | P getPayload();
method accept (line 95) | <T> T accept(JwtVisitor<T> visitor);
FILE: api/src/main/java/io/jsonwebtoken/JwtBuilder.java
type JwtBuilder (line 51) | public interface JwtBuilder extends ClaimsMutator<JwtBuilder> {
method provider (line 62) | JwtBuilder provider(Provider provider);
method random (line 73) | JwtBuilder random(SecureRandom secureRandom);
method header (line 97) | BuilderHeader header();
method setHeader (line 117) | @SuppressWarnings("DeprecatedIsStillUsed")
method setHeaderParams (line 133) | @SuppressWarnings("DeprecatedIsStillUsed")
method setHeaderParam (line 150) | @SuppressWarnings("DeprecatedIsStillUsed")
method setPayload (line 165) | @SuppressWarnings("DeprecatedIsStillUsed")
method content (line 196) | JwtBuilder content(String content);
method content (line 227) | JwtBuilder content(byte[] content);
method content (line 255) | JwtBuilder content(InputStream in);
method content (line 302) | JwtBuilder content(String content, String cty) throws IllegalArgumentE...
method content (line 348) | JwtBuilder content(byte[] content, String cty) throws IllegalArgumentE...
method content (line 395) | JwtBuilder content(InputStream content, String cty) throws IllegalArgu...
method claims (line 421) | BuilderClaims claims();
method setClaims (line 439) | @SuppressWarnings("DeprecatedIsStillUsed")
method addClaims (line 458) | @SuppressWarnings("DeprecatedIsStillUsed")
method claim (line 473) | JwtBuilder claim(String name, Object value);
method claims (line 488) | JwtBuilder claims(Map<String, ?> claims);
method issuer (line 500) | @Override
method subject (line 514) | @Override
method expiration (line 531) | @Override
method notBefore (line 548) | @Override
method issuedAt (line 565) | @Override
method id (line 584) | @Override
method signWith (line 723) | JwtBuilder signWith(Key key) throws InvalidKeyException;
method signWith (line 746) | @Deprecated
method signWith (line 793) | @Deprecated
method signWith (line 812) | @Deprecated
method signWith (line 838) | @Deprecated
method signWith (line 861) | <K extends Key> JwtBuilder signWith(K key, SecureDigestAlgorithm<? sup...
method encryptWith (line 892) | JwtBuilder encryptWith(SecretKey key, AeadAlgorithm enc);
method encryptWith (line 923) | <K extends Key> JwtBuilder encryptWith(K key, KeyAlgorithm<? super K, ...
method compressWith (line 948) | JwtBuilder compressWith(CompressionAlgorithm alg);
method base64UrlEncodeWith (line 962) | @SuppressWarnings("DeprecatedIsStillUsed")
method b64Url (line 979) | JwtBuilder b64Url(Encoder<OutputStream, OutputStream> encoder);
method encodePayload (line 993) | JwtBuilder encodePayload(boolean b64);
method serializeToJsonWith (line 1008) | @SuppressWarnings("DeprecatedIsStillUsed")
method json (line 1024) | JwtBuilder json(Serializer<Map<String, ?>> serializer);
method compact (line 1033) | String compact();
type BuilderClaims (line 1042) | interface BuilderClaims extends MapMutator<String, Object, BuilderClai...
type BuilderHeader (line 1053) | interface BuilderHeader extends JweHeaderMutator<BuilderHeader>, X509B...
FILE: api/src/main/java/io/jsonwebtoken/JwtException.java
class JwtException (line 23) | public class JwtException extends RuntimeException {
method JwtException (line 30) | public JwtException(String message) {
method JwtException (line 40) | public JwtException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/JwtHandler.java
type JwtHandler (line 26) | @SuppressWarnings("DeprecatedIsStillUsed")
method onContentJwt (line 40) | T onContentJwt(Jwt<Header, byte[]> jwt);
method onClaimsJwt (line 49) | T onClaimsJwt(Jwt<Header, Claims> jwt);
method onContentJws (line 63) | T onContentJws(Jws<byte[]> jws);
method onClaimsJws (line 74) | T onClaimsJws(Jws<Claims> jws);
method onContentJwe (line 88) | T onContentJwe(Jwe<byte[]> jwe);
method onClaimsJwe (line 100) | T onClaimsJwe(Jwe<Claims> jwe);
FILE: api/src/main/java/io/jsonwebtoken/JwtHandlerAdapter.java
class JwtHandlerAdapter (line 31) | public abstract class JwtHandlerAdapter<T> extends SupportedJwtVisitor<T...
method JwtHandlerAdapter (line 36) | public JwtHandlerAdapter() {
method onUnsecuredContent (line 39) | @Override
method onUnsecuredClaims (line 44) | @Override
method onVerifiedContent (line 49) | @Override
method onVerifiedClaims (line 54) | @Override
method onDecryptedContent (line 59) | @Override
method onDecryptedClaims (line 64) | @Override
method onContentJwt (line 69) | @Override
method onClaimsJwt (line 74) | @Override
method onContentJws (line 79) | @Override
method onClaimsJws (line 84) | @Override
method onContentJwe (line 89) | @Override
method onClaimsJwe (line 94) | @Override
FILE: api/src/main/java/io/jsonwebtoken/JwtParser.java
type JwtParser (line 30) | public interface JwtParser extends Parser<Jwt<?, ?>> {
method isSigned (line 43) | boolean isSigned(CharSequence compact);
method parse (line 82) | Jwt<?, ?> parse(CharSequence jwt) throws ExpiredJwtException, Malforme...
method parse (line 113) | @Deprecated
method parseContentJwt (line 134) | @SuppressWarnings("DeprecatedIsStillUsed")
method parseClaimsJwt (line 156) | @SuppressWarnings("DeprecatedIsStillUsed")
method parseContentJws (line 179) | @SuppressWarnings("DeprecatedIsStillUsed")
method parseClaimsJws (line 202) | @SuppressWarnings("DeprecatedIsStillUsed")
method parseUnsecuredContent (line 227) | Jwt<Header, byte[]> parseUnsecuredContent(CharSequence jwt) throws Jwt...
method parseUnsecuredClaims (line 246) | Jwt<Header, Claims> parseUnsecuredClaims(CharSequence jwt) throws JwtE...
method parseSignedContent (line 268) | Jws<byte[]> parseSignedContent(CharSequence jws) throws JwtException, ...
method parseSignedContent (line 287) | Jws<byte[]> parseSignedContent(CharSequence jws, byte[] unencodedPaylo...
method parseSignedContent (line 312) | Jws<byte[]> parseSignedContent(CharSequence jws, InputStream unencoded...
method parseSignedClaims (line 331) | Jws<Claims> parseSignedClaims(CharSequence jws) throws JwtException, I...
method parseSignedClaims (line 352) | Jws<Claims> parseSignedClaims(CharSequence jws, byte[] unencodedPayloa...
method parseSignedClaims (line 380) | Jws<Claims> parseSignedClaims(CharSequence jws, InputStream unencodedP...
method parseEncryptedContent (line 402) | Jwe<byte[]> parseEncryptedContent(CharSequence jwe) throws JwtExceptio...
method parseEncryptedClaims (line 421) | Jwe<Claims> parseEncryptedClaims(CharSequence jwe) throws JwtException...
FILE: api/src/main/java/io/jsonwebtoken/JwtParserBuilder.java
type JwtParserBuilder (line 49) | @SuppressWarnings("JavadocLinkAsPlainText")
method unsecured (line 68) | JwtParserBuilder unsecured();
method unsecuredDecompression (line 97) | JwtParserBuilder unsecuredDecompression();
method critical (line 127) | NestedCollection<String, JwtParserBuilder> critical();
method provider (line 138) | JwtParserBuilder provider(Provider provider);
method requireId (line 150) | JwtParserBuilder requireId(String id);
method requireSubject (line 162) | JwtParserBuilder requireSubject(String subject);
method requireAudience (line 174) | JwtParserBuilder requireAudience(String audience);
method requireIssuer (line 186) | JwtParserBuilder requireIssuer(String issuer);
method requireIssuedAt (line 198) | JwtParserBuilder requireIssuedAt(Date issuedAt);
method requireExpiration (line 210) | JwtParserBuilder requireExpiration(Date expiration);
method requireNotBefore (line 222) | JwtParserBuilder requireNotBefore(Date notBefore);
method require (line 235) | JwtParserBuilder require(String claimName, Object value);
method setClock (line 246) | @Deprecated
method clock (line 256) | JwtParserBuilder clock(Clock clock);
method setAllowedClockSkewSeconds (line 270) | @Deprecated
method clockSkewSeconds (line 283) | JwtParserBuilder clockSkewSeconds(long seconds) throws IllegalArgument...
method setSigningKey (line 309) | @Deprecated
method setSigningKey (line 351) | @Deprecated
method setSigningKey (line 371) | @Deprecated
method verifyWith (line 393) | JwtParserBuilder verifyWith(SecretKey key);
method verifyWith (line 414) | JwtParserBuilder verifyWith(PublicKey key);
method decryptWith (line 436) | JwtParserBuilder decryptWith(SecretKey key);
method decryptWith (line 457) | JwtParserBuilder decryptWith(PrivateKey key);
method keyLocator (line 524) | JwtParserBuilder keyLocator(Locator<Key> keyLocator);
method setSigningKeyResolver (line 560) | @SuppressWarnings("DeprecatedIsStillUsed")
method enc (line 603) | NestedCollection<AeadAlgorithm, JwtParserBuilder> enc();
method key (line 643) | NestedCollection<KeyAlgorithm<?, ?>, JwtParserBuilder> key();
method sig (line 685) | NestedCollection<SecureDigestAlgorithm<?, ?>, JwtParserBuilder> sig();
method zip (line 725) | NestedCollection<CompressionAlgorithm, JwtParserBuilder> zip();
method setCompressionCodecResolver (line 755) | @Deprecated
method base64UrlDecodeWith (line 769) | @Deprecated
method b64Url (line 784) | JwtParserBuilder b64Url(Decoder<InputStream, InputStream> base64UrlDec...
method deserializeJsonWith (line 801) | @Deprecated
method json (line 818) | JwtParserBuilder json(Deserializer<Map<String, ?>> deserializer);
method build (line 825) | JwtParser build();
FILE: api/src/main/java/io/jsonwebtoken/JwtVisitor.java
type JwtVisitor (line 26) | public interface JwtVisitor<T> {
method visit (line 39) | T visit(Jwt<?, ?> jwt);
method visit (line 53) | T visit(Jws<?> jws);
method visit (line 67) | T visit(Jwe<?> jwe);
FILE: api/src/main/java/io/jsonwebtoken/Jwts.java
class Jwts (line 55) | public final class Jwts {
method get (line 59) | @SuppressWarnings("unchecked")
class ENC (line 80) | public static final class ENC {
method get (line 93) | public static Registry<String, AeadAlgorithm> get() {
method ENC (line 98) | private ENC() {
class SIG (line 172) | public static final class SIG {
method SIG (line 178) | private SIG() {
method get (line 189) | public static Registry<String, SecureDigestAlgorithm<?, ?>> get() {
class KEY (line 333) | public static final class KEY {
method get (line 344) | public static Registry<String, KeyAlgorithm<?, ?>> get() {
method KEY (line 942) | private KEY() {
class ZIP (line 961) | public static final class ZIP {
method get (line 972) | public static Registry<String, CompressionAlgorithm> get() {
method ZIP (line 1001) | private ZIP() {
type HeaderBuilder (line 1026) | public interface HeaderBuilder extends JweHeaderMutator<HeaderBuilder>...
method header (line 1037) | public static HeaderBuilder header() {
method claims (line 1048) | public static ClaimsBuilder claims() {
method claims (line 1064) | @Deprecated
method builder (line 1076) | public static JwtBuilder builder() {
method parser (line 1085) | public static JwtParserBuilder parser() {
method Jwts (line 1092) | private Jwts() {
FILE: api/src/main/java/io/jsonwebtoken/Locator.java
type Locator (line 31) | public interface Locator<T> {
method locate (line 40) | T locate(Header header);
FILE: api/src/main/java/io/jsonwebtoken/LocatorAdapter.java
class LocatorAdapter (line 29) | public abstract class LocatorAdapter<T> implements Locator<T> {
method LocatorAdapter (line 34) | public LocatorAdapter() {
method locate (line 47) | @Override
method locate (line 67) | protected T locate(ProtectedHeader header) {
method locate (line 84) | protected T locate(JweHeader header) {
method locate (line 96) | protected T locate(JwsHeader header) {
method doLocate (line 108) | @SuppressWarnings("unused")
FILE: api/src/main/java/io/jsonwebtoken/MalformedJwtException.java
class MalformedJwtException (line 23) | public class MalformedJwtException extends JwtException {
method MalformedJwtException (line 30) | public MalformedJwtException(String message) {
method MalformedJwtException (line 40) | public MalformedJwtException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/MissingClaimException.java
class MissingClaimException (line 24) | public class MissingClaimException extends InvalidClaimException {
method MissingClaimException (line 35) | public MissingClaimException(Header header, Claims claims, String clai...
method MissingClaimException (line 51) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/PrematureJwtException.java
class PrematureJwtException (line 23) | public class PrematureJwtException extends ClaimJwtException {
method PrematureJwtException (line 32) | public PrematureJwtException(Header header, Claims claims, String mess...
method PrematureJwtException (line 46) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/ProtectedHeader.java
type ProtectedHeader (line 31) | public interface ProtectedHeader extends Header, X509Accessor {
method getJwkSetUrl (line 46) | URI getJwkSetUrl();
method getJwk (line 58) | PublicJwk<?> getJwk();
method getKeyId (line 73) | String getKeyId();
method getCritical (line 84) | Set<String> getCritical();
FILE: api/src/main/java/io/jsonwebtoken/ProtectedHeaderMutator.java
type ProtectedHeaderMutator (line 31) | public interface ProtectedHeaderMutator<T extends ProtectedHeaderMutator...
method critical (line 46) | NestedCollection<String, T> critical();
method jwk (line 59) | T jwk(PublicJwk<?> jwk);
method jwkSetUrl (line 75) | T jwkSetUrl(URI uri);
method keyId (line 92) | T keyId(String kid);
method setKeyId (line 103) | @Deprecated
method setAlgorithm (line 115) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/ProtectedJwt.java
type ProtectedJwt (line 36) | public interface ProtectedJwt<H extends ProtectedHeader, P> extends Jwt<...
FILE: api/src/main/java/io/jsonwebtoken/RequiredTypeException.java
class RequiredTypeException (line 24) | public class RequiredTypeException extends JwtException {
method RequiredTypeException (line 31) | public RequiredTypeException(String message) {
method RequiredTypeException (line 41) | public RequiredTypeException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java
type SignatureAlgorithm (line 39) | @Deprecated
method SignatureAlgorithm (line 135) | SignatureAlgorithm(String value, String description, String familyName...
method SignatureAlgorithm (line 140) | SignatureAlgorithm(String value, String description, String familyName...
method getValue (line 157) | public String getValue() {
method getDescription (line 166) | public String getDescription() {
method getFamilyName (line 238) | public String getFamilyName() {
method getJcaName (line 247) | public String getJcaName() {
method isJdkStandard (line 260) | public boolean isJdkStandard() {
method isHmac (line 269) | public boolean isHmac() {
method isRsa (line 280) | public boolean isRsa() {
method isEllipticCurve (line 291) | public boolean isEllipticCurve() {
method getMinKeyLength (line 303) | public int getMinKeyLength() {
method assertValidSigningKey (line 316) | public void assertValidSigningKey(Key key) throws InvalidKeyException {
method assertValidVerificationKey (line 329) | public void assertValidVerificationKey(Key key) throws InvalidKeyExcep...
method keyType (line 336) | private static String keyType(boolean signing) {
method assertValid (line 343) | private void assertValid(Key key, boolean signing) throws InvalidKeyEx...
method forSigningKey (line 561) | public static SignatureAlgorithm forSigningKey(Key key) throws Invalid...
method forName (line 647) | public static SignatureAlgorithm forName(String value) throws Signatur...
FILE: api/src/main/java/io/jsonwebtoken/SignatureException.java
class SignatureException (line 26) | @Deprecated
method SignatureException (line 34) | public SignatureException(String message) {
method SignatureException (line 44) | public SignatureException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/SigningKeyResolver.java
type SigningKeyResolver (line 51) | @Deprecated
method resolveSigningKey (line 63) | Key resolveSigningKey(JwsHeader header, Claims claims);
method resolveSigningKey (line 74) | Key resolveSigningKey(JwsHeader header, byte[] content);
FILE: api/src/main/java/io/jsonwebtoken/SigningKeyResolverAdapter.java
class SigningKeyResolverAdapter (line 55) | @SuppressWarnings("DeprecatedIsStillUsed")
method SigningKeyResolverAdapter (line 62) | public SigningKeyResolverAdapter() {
method resolveSigningKey (line 66) | @Override
method resolveSigningKey (line 77) | @Override
method resolveSigningKeyBytes (line 100) | public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
method resolveSigningKeyBytes (line 116) | @SuppressWarnings("unused")
FILE: api/src/main/java/io/jsonwebtoken/SupportedJwtVisitor.java
class SupportedJwtVisitor (line 28) | public class SupportedJwtVisitor<T> implements JwtVisitor<T> {
method SupportedJwtVisitor (line 33) | public SupportedJwtVisitor() {
method visit (line 46) | @SuppressWarnings("unchecked")
method onUnsecuredContent (line 73) | public T onUnsecuredContent(Jwt<Header, byte[]> jwt) throws Unsupporte...
method onUnsecuredClaims (line 88) | public T onUnsecuredClaims(Jwt<Header, Claims> jwt) {
method visit (line 103) | @SuppressWarnings("unchecked")
method onVerifiedContent (line 128) | public T onVerifiedContent(Jws<byte[]> jws) {
method onVerifiedClaims (line 143) | public T onVerifiedClaims(Jws<Claims> jws) {
method visit (line 158) | @SuppressWarnings("unchecked")
method onDecryptedContent (line 183) | public T onDecryptedContent(Jwe<byte[]> jwe) {
method onDecryptedClaims (line 197) | public T onDecryptedClaims(Jwe<Claims> jwe) {
FILE: api/src/main/java/io/jsonwebtoken/UnsupportedJwtException.java
class UnsupportedJwtException (line 27) | public class UnsupportedJwtException extends JwtException {
method UnsupportedJwtException (line 34) | public UnsupportedJwtException(String message) {
method UnsupportedJwtException (line 44) | public UnsupportedJwtException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/AbstractDeserializer.java
class AbstractDeserializer (line 33) | public abstract class AbstractDeserializer<T> implements Deserializer<T> {
method AbstractDeserializer (line 45) | protected AbstractDeserializer() {
method deserialize (line 51) | @Override
method deserialize (line 62) | @Override
method doDeserialize (line 83) | protected abstract T doDeserialize(Reader reader) throws Exception;
FILE: api/src/main/java/io/jsonwebtoken/io/AbstractSerializer.java
class AbstractSerializer (line 30) | public abstract class AbstractSerializer<T> implements Serializer<T> {
method AbstractSerializer (line 35) | protected AbstractSerializer() {
method serialize (line 41) | @Override
method serialize (line 51) | @Override
method doSerialize (line 74) | protected abstract void doSerialize(T t, OutputStream out) throws Exce...
FILE: api/src/main/java/io/jsonwebtoken/io/Base64.java
class Base64 (line 38) | @SuppressWarnings("Duplicates")
method Base64 (line 65) | private Base64(boolean urlsafe) {
method getName (line 75) | private String getName() {
method encodeToChar (line 88) | private char[] encodeToChar(byte[] sArr, boolean lineSep) {
method ctoi (line 217) | private int ctoi(char c) {
method decodeFast (line 238) | byte[] decodeFast(CharSequence seq) throws DecodingException {
method encodeToString (line 537) | String encodeToString(byte[] sArr, boolean lineSep) {
FILE: api/src/main/java/io/jsonwebtoken/io/Base64Decoder.java
class Base64Decoder (line 26) | class Base64Decoder extends Base64Support implements Decoder<CharSequenc...
method Base64Decoder (line 28) | Base64Decoder() {
method Base64Decoder (line 32) | Base64Decoder(Base64 base64) {
method decode (line 36) | @Override
FILE: api/src/main/java/io/jsonwebtoken/io/Base64Encoder.java
class Base64Encoder (line 26) | class Base64Encoder extends Base64Support implements Encoder<byte[], Str...
method Base64Encoder (line 28) | Base64Encoder() {
method Base64Encoder (line 32) | Base64Encoder(Base64 base64) {
method encode (line 36) | @Override
FILE: api/src/main/java/io/jsonwebtoken/io/Base64Support.java
class Base64Support (line 25) | class Base64Support {
method Base64Support (line 29) | Base64Support(Base64 base64) {
FILE: api/src/main/java/io/jsonwebtoken/io/Base64UrlDecoder.java
class Base64UrlDecoder (line 24) | class Base64UrlDecoder extends Base64Decoder {
method Base64UrlDecoder (line 26) | Base64UrlDecoder() {
FILE: api/src/main/java/io/jsonwebtoken/io/Base64UrlEncoder.java
class Base64UrlEncoder (line 24) | class Base64UrlEncoder extends Base64Encoder {
method Base64UrlEncoder (line 26) | Base64UrlEncoder() {
FILE: api/src/main/java/io/jsonwebtoken/io/CodecException.java
class CodecException (line 23) | public class CodecException extends IOException {
method CodecException (line 30) | public CodecException(String message) {
method CodecException (line 40) | public CodecException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/CompressionAlgorithm.java
type CompressionAlgorithm (line 48) | public interface CompressionAlgorithm extends Identifiable {
method compress (line 56) | OutputStream compress(OutputStream out);
method decompress (line 64) | InputStream decompress(InputStream in);
FILE: api/src/main/java/io/jsonwebtoken/io/Decoder.java
type Decoder (line 25) | public interface Decoder<T, R> {
method decode (line 34) | R decode(T t) throws DecodingException;
FILE: api/src/main/java/io/jsonwebtoken/io/Decoders.java
class Decoders (line 25) | public final class Decoders {
method Decoders (line 39) | private Decoders() { //prevent instantiation
FILE: api/src/main/java/io/jsonwebtoken/io/DecodingException.java
class DecodingException (line 23) | public class DecodingException extends CodecException {
method DecodingException (line 30) | public DecodingException(String message) {
method DecodingException (line 40) | public DecodingException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/DeserializationException.java
class DeserializationException (line 23) | public class DeserializationException extends SerialException {
method DeserializationException (line 30) | public DeserializationException(String msg) {
method DeserializationException (line 40) | public DeserializationException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/Deserializer.java
type Deserializer (line 26) | public interface Deserializer<T> {
method deserialize (line 36) | @Deprecated
method deserialize (line 47) | T deserialize(Reader reader) throws DeserializationException;
FILE: api/src/main/java/io/jsonwebtoken/io/Encoder.java
type Encoder (line 25) | public interface Encoder<T, R> {
method encode (line 34) | R encode(T t) throws EncodingException;
FILE: api/src/main/java/io/jsonwebtoken/io/Encoders.java
class Encoders (line 25) | public final class Encoders {
method Encoders (line 39) | private Encoders() { //prevent instantiation
FILE: api/src/main/java/io/jsonwebtoken/io/EncodingException.java
class EncodingException (line 23) | public class EncodingException extends CodecException {
method EncodingException (line 31) | public EncodingException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/ExceptionPropagatingDecoder.java
class ExceptionPropagatingDecoder (line 26) | class ExceptionPropagatingDecoder<T, R> implements Decoder<T, R> {
method ExceptionPropagatingDecoder (line 35) | ExceptionPropagatingDecoder(Decoder<T, R> decoder) {
method decode (line 48) | @Override
FILE: api/src/main/java/io/jsonwebtoken/io/ExceptionPropagatingEncoder.java
class ExceptionPropagatingEncoder (line 26) | class ExceptionPropagatingEncoder<T, R> implements Encoder<T, R> {
method ExceptionPropagatingEncoder (line 35) | ExceptionPropagatingEncoder(Encoder<T, R> encoder) {
method encode (line 48) | @Override
FILE: api/src/main/java/io/jsonwebtoken/io/IOException.java
class IOException (line 26) | public class IOException extends JwtException {
method IOException (line 33) | public IOException(String msg) {
method IOException (line 43) | public IOException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/Parser.java
type Parser (line 27) | public interface Parser<T> {
method parse (line 35) | T parse(CharSequence input);
method parse (line 46) | T parse(CharSequence input, int start, int end);
method parse (line 54) | T parse(Reader reader);
method parse (line 67) | T parse(InputStream in);
FILE: api/src/main/java/io/jsonwebtoken/io/ParserBuilder.java
type ParserBuilder (line 30) | public interface ParserBuilder<T, B extends ParserBuilder<T, B>> extends...
method provider (line 40) | B provider(Provider provider);
method json (line 53) | B json(Deserializer<Map<String, ?>> deserializer);
FILE: api/src/main/java/io/jsonwebtoken/io/SerialException.java
class SerialException (line 23) | public class SerialException extends IOException {
method SerialException (line 30) | public SerialException(String msg) {
method SerialException (line 40) | public SerialException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/SerializationException.java
class SerializationException (line 23) | public class SerializationException extends SerialException {
method SerializationException (line 30) | public SerializationException(String msg) {
method SerializationException (line 40) | public SerializationException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/io/Serializer.java
type Serializer (line 27) | public interface Serializer<T> {
method serialize (line 37) | @Deprecated
method serialize (line 50) | void serialize(T t, OutputStream out) throws SerializationException;
FILE: api/src/main/java/io/jsonwebtoken/lang/Arrays.java
class Arrays (line 26) | public final class Arrays {
method Arrays (line 28) | private Arrays() {
method length (line 38) | public static <T> int length(T[] a) {
method asList (line 49) | public static <T> List<T> asList(T[] a) {
method length (line 59) | public static int length(byte[] bytes) {
method clean (line 69) | public static byte[] clean(byte[] bytes) {
method copy (line 79) | public static Object copy(Object obj) {
FILE: api/src/main/java/io/jsonwebtoken/lang/Assert.java
class Assert (line 25) | public final class Assert {
method Assert (line 27) | private Assert() {
method isTrue (line 39) | public static void isTrue(boolean expression, String message) {
method isTrue (line 53) | public static void isTrue(boolean expression) {
method isNull (line 65) | public static void isNull(Object object, String message) {
method isNull (line 78) | public static void isNull(Object object) {
method notNull (line 92) | public static <T> T notNull(T object, String message) {
method notNull (line 106) | public static void notNull(Object object) {
method hasLength (line 119) | public static void hasLength(String text, String message) {
method hasLength (line 133) | public static void hasLength(String text) {
method hasText (line 149) | public static <T extends CharSequence> T hasText(T text, String messag...
method hasText (line 164) | public static void hasText(String text) {
method doesNotContain (line 177) | public static void doesNotContain(String textToSearch, String substrin...
method doesNotContain (line 191) | public static void doesNotContain(String textToSearch, String substrin...
method notEmpty (line 207) | public static Object[] notEmpty(Object[] array, String message) {
method notEmpty (line 222) | public static void notEmpty(Object[] array) {
method notEmpty (line 235) | public static byte[] notEmpty(byte[] array, String msg) {
method notEmpty (line 251) | public static char[] notEmpty(char[] chars, String msg) {
method noNullElements (line 267) | public static void noNullElements(Object[] array, String message) {
method noNullElements (line 285) | public static void noNullElements(Object[] array) {
method notEmpty (line 300) | public static <T extends Collection<?>> T notEmpty(T collection, Strin...
method notEmpty (line 315) | public static void notEmpty(Collection<?> collection) {
method notEmpty (line 331) | public static <T extends Map<?, ?>> T notEmpty(T map, String message) {
method notEmpty (line 346) | public static void notEmpty(Map map) {
method isInstanceOf (line 362) | public static <T> T isInstanceOf(Class<T> clazz, Object obj) {
method isInstanceOf (line 381) | public static <T> T isInstanceOf(Class<T> type, Object obj, String mes...
method stateIsInstance (line 407) | public static <T> T stateIsInstance(Class<T> type, Object obj, String ...
method isAssignable (line 425) | public static void isAssignable(Class superType, Class subType) {
method isAssignable (line 441) | public static void isAssignable(Class superType, Class subType, String...
method eq (line 459) | public static <T extends Comparable<T>> T eq(T value, T requirement, S...
method compareTo (line 466) | private static <T extends Comparable<T>> int compareTo(T value, T requ...
method gt (line 483) | public static <T extends Comparable<T>> T gt(T value, T requirement, S...
method lte (line 501) | public static <T extends Comparable<T>> T lte(T value, T requirement, ...
method state (line 519) | public static void state(boolean expression, String message) {
method state (line 535) | public static void state(boolean expression) {
method stateNotNull (line 551) | public static <T> T stateNotNull(T value, String msg) throws IllegalSt...
FILE: api/src/main/java/io/jsonwebtoken/lang/Builder.java
type Builder (line 24) | public interface Builder<T> {
method build (line 31) | T build();
FILE: api/src/main/java/io/jsonwebtoken/lang/Classes.java
class Classes (line 30) | public final class Classes {
method Classes (line 32) | private Classes() {
method doGetClassLoader (line 36) | @Override
method doGetClassLoader (line 43) | @Override
method doGetClassLoader (line 50) | @Override
method forName (line 69) | @SuppressWarnings("unchecked")
method getResourceAsStream (line 108) | public static InputStream getResourceAsStream(String name) {
method getResource (line 135) | private static URL getResource(String name) {
method isAvailable (line 154) | public static boolean isAvailable(String fullyQualifiedClassName) {
method newInstance (line 171) | @SuppressWarnings("unchecked")
method newInstance (line 186) | public static <T> T newInstance(String fqcn, Class<?>[] ctorArgTypes, ...
method newInstance (line 201) | @SuppressWarnings("unchecked")
method newInstance (line 213) | public static <T> T newInstance(Class<T> clazz) {
method newInstance (line 234) | public static <T> T newInstance(Class<T> clazz, Object... args) {
method getConstructor (line 253) | public static <T> Constructor<T> getConstructor(Class<T> clazz, Class<...
method instantiate (line 272) | public static <T> T instantiate(Constructor<T> ctor, Object... args) {
method invokeStatic (line 293) | public static <T> T invokeStatic(String fqcn, String methodName, Class...
method invokeStatic (line 316) | @SuppressWarnings("unchecked")
method getFieldValue (line 342) | public static <T> T getFieldValue(Object instance, String fieldName, C...
type ClassLoaderAccessor (line 359) | private interface ClassLoaderAccessor {
method loadClass (line 360) | Class<?> loadClass(String fqcn);
method getResource (line 362) | URL getResource(String name);
method getResourceStream (line 364) | InputStream getResourceStream(String name);
class ExceptionIgnoringAccessor (line 370) | private static abstract class ExceptionIgnoringAccessor implements Cla...
method loadClass (line 372) | public Class<?> loadClass(String fqcn) {
method getResource (line 385) | @Override
method getResourceStream (line 395) | public InputStream getResourceStream(String name) {
method getClassLoader (line 404) | protected final ClassLoader getClassLoader() {
method doGetClassLoader (line 413) | protected abstract ClassLoader doGetClassLoader() throws Throwable;
FILE: api/src/main/java/io/jsonwebtoken/lang/CollectionMutator.java
type CollectionMutator (line 29) | public interface CollectionMutator<E, M extends CollectionMutator<E, M>> {
method add (line 37) | M add(E e);
method add (line 45) | M add(Collection<? extends E> c);
method clear (line 52) | M clear();
method remove (line 60) | M remove(E e);
FILE: api/src/main/java/io/jsonwebtoken/lang/Collections.java
class Collections (line 32) | @SuppressWarnings({"unused", "rawtypes"})
method Collections (line 35) | private Collections() {
method emptyList (line 44) | public static <T> List<T> emptyList() {
method emptySet (line 54) | @SuppressWarnings("unused")
method emptyMap (line 66) | @SuppressWarnings("unused")
method of (line 78) | @SafeVarargs
method asSet (line 94) | public static <T> Set<T> asSet(Collection<T> c) {
method setOf (line 108) | @SafeVarargs
method immutable (line 127) | public static <K, V> Map<K, V> immutable(Map<K, V> m) {
method immutable (line 139) | public static <T> Set<T> immutable(Set<T> set) {
method immutable (line 151) | public static <T> List<T> immutable(List<T> list) {
method immutable (line 165) | @SuppressWarnings("unchecked")
method nullSafe (line 186) | public static <T> Set<T> nullSafe(Set<T> s) {
method nullSafe (line 198) | public static <T> Collection<T> nullSafe(Collection<T> c) {
method isEmpty (line 209) | public static boolean isEmpty(Collection<?> collection) {
method size (line 220) | public static int size(Collection<?> collection) {
method size (line 231) | public static int size(Map<?, ?> map) {
method isEmpty (line 242) | public static boolean isEmpty(Map<?, ?> map) {
method arrayToList (line 256) | public static List arrayToList(Object source) {
method concat (line 269) | @SafeVarargs
method mergeArrayIntoCollection (line 284) | @SuppressWarnings("unchecked")
method mergePropertiesIntoMap (line 302) | @SuppressWarnings("unchecked")
method contains (line 328) | public static boolean contains(Iterator iterator, Object element) {
method contains (line 347) | public static boolean contains(Enumeration enumeration, Object element) {
method containsInstance (line 368) | public static boolean containsInstance(Collection collection, Object e...
method containsAny (line 387) | public static boolean containsAny(Collection source, Collection candid...
method findFirstMatch (line 409) | public static Object findFirstMatch(Collection source, Collection cand...
method findValueOfType (line 430) | @SuppressWarnings("unchecked")
method findValueOfType (line 458) | public static Object findValueOfType(Collection<?> collection, Class<?...
method hasUniqueObject (line 478) | public static boolean hasUniqueObject(Collection collection) {
method findCommonElementType (line 502) | public static Class<?> findCommonElementType(Collection collection) {
method toArray (line 530) | public static <A, E extends A> A[] toArray(Enumeration<E> enumeration,...
method toIterator (line 545) | public static <E> Iterator<E> toIterator(Enumeration<E> enumeration) {
class EnumerationIterator (line 552) | private static class EnumerationIterator<E> implements Iterator<E> {
method EnumerationIterator (line 556) | public EnumerationIterator(Enumeration<E> enumeration) {
method hasNext (line 560) | public boolean hasNext() {
method next (line 564) | public E next() {
method remove (line 568) | public void remove() throws UnsupportedOperationException {
FILE: api/src/main/java/io/jsonwebtoken/lang/Conjunctor.java
type Conjunctor (line 25) | public interface Conjunctor<T> {
method and (line 32) | T and();
FILE: api/src/main/java/io/jsonwebtoken/lang/DateFormats.java
class DateFormats (line 29) | public final class DateFormats {
method DateFormats (line 31) | private DateFormats() {
method initialValue (line 39) | @Override
method initialValue (line 48) | @Override
method formatIso8601 (line 63) | public static String formatIso8601(Date date) {
method formatIso8601 (line 75) | public static String formatIso8601(Date date, boolean includeMillis) {
method parseIso8601Date (line 90) | public static Date parseIso8601Date(String s) throws ParseException {
FILE: api/src/main/java/io/jsonwebtoken/lang/InstantiationException.java
class InstantiationException (line 23) | public class InstantiationException extends RuntimeException {
method InstantiationException (line 31) | public InstantiationException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/lang/MapMutator.java
type MapMutator (line 30) | public interface MapMutator<K, V, T extends MapMutator<K, V, T>> {
method delete (line 40) | T delete(K key);
method empty (line 49) | T empty();
method add (line 62) | T add(K key, V value);
method add (line 74) | T add(Map<? extends K, ? extends V> m);
FILE: api/src/main/java/io/jsonwebtoken/lang/Maps.java
class Maps (line 27) | public final class Maps {
method Maps (line 29) | private Maps() {
method of (line 47) | public static <K, V> MapBuilder<K, V> of(K key, V value) {
type MapBuilder (line 63) | public interface MapBuilder<K, V> extends Builder<Map<K, V>> {
method and (line 71) | MapBuilder<K, V> and(K key, V value);
method build (line 78) | Map<K, V> build();
class HashMapBuilder (line 81) | private static class HashMapBuilder<K, V> implements MapBuilder<K, V> {
method and (line 85) | public MapBuilder<K, V> and(K key, V value) {
method build (line 90) | public Map<K, V> build() {
FILE: api/src/main/java/io/jsonwebtoken/lang/NestedCollection.java
type NestedCollection (line 31) | public interface NestedCollection<E, P> extends CollectionMutator<E, Nes...
FILE: api/src/main/java/io/jsonwebtoken/lang/Objects.java
class Objects (line 30) | public final class Objects {
method Objects (line 32) | private Objects() {
method isCheckedException (line 55) | public static boolean isCheckedException(Throwable ex) {
method isCompatibleWithThrowsClause (line 67) | public static boolean isCompatibleWithThrowsClause(Throwable ex, Class...
method isArray (line 89) | public static boolean isArray(Object obj) {
method isEmpty (line 107) | public static boolean isEmpty(Object v) {
method isEmpty (line 121) | public static boolean isEmpty(Object[] array) {
method isEmpty (line 131) | public static boolean isEmpty(byte[] array) {
method isEmpty (line 141) | public static boolean isEmpty(char[] chars) {
method containsElement (line 153) | public static boolean containsElement(Object[] array, Object element) {
method containsConstant (line 173) | public static boolean containsConstant(Enum<?>[] enumValues, String co...
method containsConstant (line 185) | public static boolean containsConstant(Enum<?>[] enumValues, String co...
method caseInsensitiveValueOf (line 207) | public static <E extends Enum<?>> E caseInsensitiveValueOf(E[] enumVal...
method addObjectToArray (line 228) | public static <A, O extends A> A[] addObjectToArray(A[] array, O obj) {
method toObjectArray (line 255) | public static Object[] toObjectArray(Object source) {
method nullSafeEquals (line 294) | public static boolean nullSafeEquals(Object o1, Object o2) {
method nullSafeHashCode (line 355) | public static int nullSafeHashCode(Object obj) {
method nullSafeHashCode (line 398) | public static int nullSafeHashCode(Object... array) {
method nullSafeHashCode (line 417) | public static int nullSafeHashCode(boolean[] array) {
method nullSafeHashCode (line 436) | public static int nullSafeHashCode(byte[] array) {
method nullSafeHashCode (line 455) | public static int nullSafeHashCode(char[] array) {
method nullSafeHashCode (line 474) | public static int nullSafeHashCode(double[] array) {
method nullSafeHashCode (line 493) | public static int nullSafeHashCode(float[] array) {
method nullSafeHashCode (line 512) | public static int nullSafeHashCode(int[] array) {
method nullSafeHashCode (line 531) | public static int nullSafeHashCode(long[] array) {
method nullSafeHashCode (line 550) | public static int nullSafeHashCode(short[] array) {
method hashCode (line 569) | public static int hashCode(boolean bool) {
method hashCode (line 580) | public static int hashCode(double dbl) {
method hashCode (line 592) | public static int hashCode(float flt) {
method hashCode (line 603) | public static int hashCode(long lng) {
method identityToString (line 618) | public static String identityToString(Object obj) {
method getIdentityHexString (line 631) | public static String getIdentityHexString(Object obj) {
method getDisplayString (line 645) | public static String getDisplayString(Object obj) {
method nullSafeClassName (line 659) | public static String nullSafeClassName(Object obj) {
method nullSafeToString (line 671) | public static String nullSafeToString(Object obj) {
method nullSafeToString (line 719) | public static String nullSafeToString(Object[] array) {
method nullSafeToString (line 750) | public static String nullSafeToString(boolean[] array) {
method nullSafeToString (line 782) | public static String nullSafeToString(byte[] array) {
method nullSafeToString (line 813) | public static String nullSafeToString(char[] array) {
method nullSafeToString (line 844) | public static String nullSafeToString(double[] array) {
method nullSafeToString (line 876) | public static String nullSafeToString(float[] array) {
method nullSafeToString (line 908) | public static String nullSafeToString(int[] array) {
method nullSafeToString (line 939) | public static String nullSafeToString(long[] array) {
method nullSafeToString (line 970) | public static String nullSafeToString(short[] array) {
method nullSafeClose (line 997) | public static void nullSafeClose(Closeable... closeables) {
method nullSafeFlush (line 1020) | public static void nullSafeFlush(Flushable... flushables) {
FILE: api/src/main/java/io/jsonwebtoken/lang/Registry.java
type Registry (line 38) | public interface Registry<K, V> extends Map<K, V> {
method forKey (line 49) | V forKey(K key) throws IllegalArgumentException;
FILE: api/src/main/java/io/jsonwebtoken/lang/RuntimeEnvironment.java
class RuntimeEnvironment (line 27) | @Deprecated
method RuntimeEnvironment (line 30) | private RuntimeEnvironment() {
method enableBouncyCastleIfPossible (line 51) | @Deprecated
FILE: api/src/main/java/io/jsonwebtoken/lang/Strings.java
class Strings (line 39) | public final class Strings {
method Strings (line 63) | private Strings() {
method hasLength (line 84) | public static boolean hasLength(CharSequence str) {
method hasLength (line 96) | public static boolean hasLength(String str) {
method hasText (line 117) | public static boolean hasText(CharSequence str) {
method hasText (line 140) | public static boolean hasText(String str) {
method containsWhitespace (line 152) | public static boolean containsWhitespace(CharSequence str) {
method containsWhitespace (line 173) | public static boolean containsWhitespace(String str) {
method trimWhitespace (line 184) | public static String trimWhitespace(String str) {
method trimWhitespace (line 189) | private static CharSequence trimWhitespace(CharSequence str) {
method clean (line 216) | public static String clean(String str) {
method clean (line 230) | public static CharSequence clean(CharSequence str) {
method utf8 (line 245) | public static byte[] utf8(CharSequence s) {
method utf8 (line 263) | public static String utf8(byte[] utf8Bytes) {
method ascii (line 274) | public static String ascii(byte[] asciiBytes) {
method ascii (line 284) | public static byte[] ascii(CharSequence s) {
method wrap (line 302) | public static CharBuffer wrap(CharSequence seq) {
method toBinary (line 314) | public static String toBinary(byte b) {
method toBinary (line 325) | public static String toBinary(byte[] bytes) {
method toHex (line 343) | public static String toHex(byte[] bytes) {
method trimAllWhitespace (line 362) | public static String trimAllWhitespace(String str) {
method trimLeadingWhitespace (line 385) | public static String trimLeadingWhitespace(String str) {
method trimTrailingWhitespace (line 403) | public static String trimTrailingWhitespace(String str) {
method trimLeadingCharacter (line 421) | public static String trimLeadingCharacter(String str, char leadingChar...
method trimTrailingCharacter (line 439) | public static String trimTrailingCharacter(String str, char trailingCh...
method startsWithIgnoreCase (line 459) | public static boolean startsWithIgnoreCase(String str, String prefix) {
method endsWithIgnoreCase (line 482) | public static boolean endsWithIgnoreCase(String str, String suffix) {
method substringMatch (line 506) | public static boolean substringMatch(CharSequence str, int index, Char...
method countOccurrencesOf (line 523) | public static int countOccurrencesOf(String str, String sub) {
method replace (line 546) | public static String replace(String inString, String oldPattern, Strin...
method delete (line 573) | public static String delete(String inString, String pattern) {
method deleteAny (line 585) | public static String deleteAny(String inString, String charsToDelete) {
method quote (line 611) | public static String quote(String str) {
method quoteIfString (line 623) | public static Object quoteIfString(Object obj) {
method unqualify (line 634) | public static String unqualify(String qualifiedName) {
method unqualify (line 646) | public static String unqualify(String qualifiedName, char separator) {
method capitalize (line 658) | public static String capitalize(String str) {
method uncapitalize (line 670) | public static String uncapitalize(String str) {
method changeFirstCharacterCase (line 674) | private static String changeFirstCharacterCase(String str, boolean cap...
method getFilename (line 695) | public static String getFilename(String path) {
method getFilenameExtension (line 710) | public static String getFilenameExtension(String path) {
method stripFilenameExtension (line 733) | public static String stripFilenameExtension(String path) {
method applyRelativePath (line 757) | public static String applyRelativePath(String path, String relativePat...
method cleanPath (line 779) | public static String cleanPath(String path) {
method pathEquals (line 837) | public static boolean pathEquals(String path1, String path2) {
method parseLocaleString (line 850) | public static Locale parseLocaleString(String localeString) {
method validateLocalePart (line 870) | private static void validateLocalePart(String localePart) {
method toLanguageTag (line 886) | public static String toLanguageTag(Locale locale) {
method addStringToArray (line 903) | public static String[] addStringToArray(String[] array, String str) {
method concatenateStringArrays (line 922) | public static String[] concatenateStringArrays(String[] array1, String...
method mergeStringArrays (line 946) | public static String[] mergeStringArrays(String[] array1, String[] arr...
method sortStringArray (line 969) | public static String[] sortStringArray(String[] array) {
method toStringArray (line 985) | public static String[] toStringArray(Collection<String> collection) {
method toStringArray (line 1000) | public static String[] toStringArray(Enumeration<String> enumeration) {
method trimArrayElements (line 1015) | public static String[] trimArrayElements(String[] array) {
method removeDuplicateStrings (line 1034) | public static String[] removeDuplicateStrings(String[] array) {
method split (line 1055) | public static String[] split(String toSplit, String delimiter) {
method splitArrayElementsIntoProperties (line 1080) | public static Properties splitArrayElementsIntoProperties(String[] arr...
method splitArrayElementsIntoProperties (line 1099) | public static Properties splitArrayElementsIntoProperties(String[] arr...
method tokenizeToStringArray (line 1134) | public static String[] tokenizeToStringArray(String str, String delimi...
method tokenizeToStringArray (line 1158) | public static String[] tokenizeToStringArray(String str, String delimi...
method delimitedListToStringArray (line 1189) | public static String[] delimitedListToStringArray(String str, String d...
method delimitedListToStringArray (line 1207) | public static String[] delimitedListToStringArray(String str, String d...
method commaDelimitedListToStringArray (line 1240) | public static String[] commaDelimitedListToStringArray(String str) {
method commaDelimitedListToSet (line 1251) | public static Set<String> commaDelimitedListToSet(String str) {
method collectionToDelimitedString (line 1270) | public static String collectionToDelimitedString(Collection<?> coll, S...
method collectionToDelimitedString (line 1293) | public static String collectionToDelimitedString(Collection<?> coll, S...
method collectionToCommaDelimitedString (line 1304) | public static String collectionToCommaDelimitedString(Collection<?> co...
method arrayToDelimitedString (line 1316) | public static String arrayToDelimitedString(Object[] arr, String delim) {
method arrayToCommaDelimitedString (line 1340) | public static String arrayToCommaDelimitedString(Object[] arr) {
method nespace (line 1360) | public static StringBuilder nespace(StringBuilder sb) {
FILE: api/src/main/java/io/jsonwebtoken/lang/Supplier.java
type Supplier (line 29) | public interface Supplier<T> {
method get (line 36) | T get();
FILE: api/src/main/java/io/jsonwebtoken/lang/UnknownClassException.java
class UnknownClassException (line 24) | public class UnknownClassException extends RuntimeException {
method UnknownClassException (line 39) | public UnknownClassException(String message) {
method UnknownClassException (line 59) | public UnknownClassException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/AeadAlgorithm.java
type AeadAlgorithm (line 68) | public interface AeadAlgorithm extends Identifiable, KeyLengthSupplier, ...
method encrypt (line 79) | void encrypt(AeadRequest req, AeadResult res) throws SecurityException;
method decrypt (line 90) | void decrypt(DecryptAeadRequest request, OutputStream out) throws Secu...
FILE: api/src/main/java/io/jsonwebtoken/security/AeadRequest.java
type AeadRequest (line 29) | public interface AeadRequest extends SecureRequest<InputStream, SecretKe...
FILE: api/src/main/java/io/jsonwebtoken/security/AeadResult.java
type AeadResult (line 27) | public interface AeadResult {
method getOutputStream (line 36) | OutputStream getOutputStream();
method setTag (line 44) | AeadResult setTag(byte[] tag);
method setIv (line 52) | AeadResult setIv(byte[] iv);
FILE: api/src/main/java/io/jsonwebtoken/security/AssociatedDataSupplier.java
type AssociatedDataSupplier (line 27) | public interface AssociatedDataSupplier {
method getAssociatedData (line 38) | InputStream getAssociatedData();
FILE: api/src/main/java/io/jsonwebtoken/security/AsymmetricJwk.java
type AsymmetricJwk (line 26) | public interface AsymmetricJwk<K extends Key> extends Jwk<K>, X509Access...
method getPublicKeyUse (line 74) | String getPublicKeyUse();
FILE: api/src/main/java/io/jsonwebtoken/security/AsymmetricJwkBuilder.java
type AsymmetricJwkBuilder (line 28) | public interface AsymmetricJwkBuilder<K extends Key, J extends Asymmetri...
method publicKeyUse (line 80) | T publicKeyUse(String use) throws IllegalArgumentException;
FILE: api/src/main/java/io/jsonwebtoken/security/Curve.java
type Curve (line 40) | public interface Curve extends Identifiable, KeyPairBuilderSupplier {
FILE: api/src/main/java/io/jsonwebtoken/security/DecryptAeadRequest.java
type DecryptAeadRequest (line 27) | public interface DecryptAeadRequest extends AeadRequest, IvSupplier, Dig...
FILE: api/src/main/java/io/jsonwebtoken/security/DecryptionKeyRequest.java
type DecryptionKeyRequest (line 41) | public interface DecryptionKeyRequest<K extends Key> extends SecureReque...
FILE: api/src/main/java/io/jsonwebtoken/security/DigestAlgorithm.java
type DigestAlgorithm (line 79) | public interface DigestAlgorithm<R extends Request<InputStream>, V exten...
method digest (line 88) | byte[] digest(R request) throws SecurityException;
method verify (line 100) | boolean verify(V request) throws SecurityException;
FILE: api/src/main/java/io/jsonwebtoken/security/DigestSupplier.java
type DigestSupplier (line 24) | public interface DigestSupplier {
method getDigest (line 33) | byte[] getDigest();
FILE: api/src/main/java/io/jsonwebtoken/security/DynamicJwkBuilder.java
type DynamicJwkBuilder (line 38) | public interface DynamicJwkBuilder<K extends Key, J extends Jwk<K>> exte...
method chain (line 79) | <A extends PublicKey, B extends PrivateKey> PublicJwkBuilder<A, B, ?, ...
method key (line 88) | SecretJwkBuilder key(SecretKey key);
method key (line 96) | RsaPublicJwkBuilder key(RSAPublicKey key);
method key (line 109) | RsaPrivateJwkBuilder key(RSAPrivateKey key);
method key (line 117) | EcPublicJwkBuilder key(ECPublicKey key);
method key (line 130) | EcPrivateJwkBuilder key(ECPrivateKey key);
method key (line 167) | <A extends PublicKey, B extends PrivateKey> PublicJwkBuilder<A, B, ?, ...
method key (line 203) | <A extends PublicKey, B extends PrivateKey> PrivateJwkBuilder<B, A, ?,...
method keyPair (line 241) | <A extends PublicKey, B extends PrivateKey> PrivateJwkBuilder<B, A, ?,...
method octetKey (line 274) | <A extends PublicKey, B extends PrivateKey> OctetPublicJwkBuilder<A, B...
method octetKey (line 308) | <A extends PrivateKey, B extends PublicKey> OctetPrivateJwkBuilder<A, ...
method octetChain (line 323) | <A extends PublicKey, B extends PrivateKey> OctetPublicJwkBuilder<A, B...
method octetKeyPair (line 339) | <A extends PrivateKey, B extends PublicKey> OctetPrivateJwkBuilder<A, ...
method ecChain (line 350) | EcPublicJwkBuilder ecChain(List<X509Certificate> chain);
method ecKeyPair (line 363) | EcPrivateJwkBuilder ecKeyPair(KeyPair keyPair) throws IllegalArgumentE...
method rsaChain (line 374) | RsaPublicJwkBuilder rsaChain(List<X509Certificate> chain);
method rsaKeyPair (line 387) | RsaPrivateJwkBuilder rsaKeyPair(KeyPair keyPair) throws IllegalArgumen...
FILE: api/src/main/java/io/jsonwebtoken/security/EcPrivateJwk.java
type EcPrivateJwk (line 42) | public interface EcPrivateJwk extends PrivateJwk<ECPrivateKey, ECPublicK...
FILE: api/src/main/java/io/jsonwebtoken/security/EcPrivateJwkBuilder.java
type EcPrivateJwkBuilder (line 26) | public interface EcPrivateJwkBuilder extends PrivateJwkBuilder<ECPrivate...
FILE: api/src/main/java/io/jsonwebtoken/security/EcPublicJwk.java
type EcPublicJwk (line 41) | public interface EcPublicJwk extends PublicJwk<ECPublicKey> {
FILE: api/src/main/java/io/jsonwebtoken/security/EcPublicJwkBuilder.java
type EcPublicJwkBuilder (line 26) | public interface EcPublicJwkBuilder extends PublicJwkBuilder<ECPublicKey...
FILE: api/src/main/java/io/jsonwebtoken/security/HashAlgorithm.java
type HashAlgorithm (line 44) | public interface HashAlgorithm extends DigestAlgorithm<Request<InputStre...
FILE: api/src/main/java/io/jsonwebtoken/security/InvalidKeyException.java
class InvalidKeyException (line 24) | public class InvalidKeyException extends KeyException {
method InvalidKeyException (line 31) | public InvalidKeyException(String message) {
method InvalidKeyException (line 42) | public InvalidKeyException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/IvSupplier.java
type IvSupplier (line 26) | public interface IvSupplier {
method getIv (line 35) | byte[] getIv();
FILE: api/src/main/java/io/jsonwebtoken/security/Jwk.java
type Jwk (line 86) | public interface Jwk<K extends Key> extends Identifiable, Map<String, Ob...
method getAlgorithm (line 95) | String getAlgorithm();
method getOperations (line 106) | Set<KeyOperation> getOperations();
method getType (line 147) | String getType();
method thumbprint (line 158) | JwkThumbprint thumbprint();
method thumbprint (line 168) | JwkThumbprint thumbprint(HashAlgorithm alg);
method toKey (line 176) | K toKey();
FILE: api/src/main/java/io/jsonwebtoken/security/JwkBuilder.java
type JwkBuilder (line 44) | public interface JwkBuilder<K extends Key, J extends Jwk<K>, T extends J...
method algorithm (line 61) | T algorithm(String alg) throws IllegalArgumentException;
method id (line 81) | T id(String kid) throws IllegalArgumentException;
method idFromThumbprint (line 93) | T idFromThumbprint();
method idFromThumbprint (line 105) | T idFromThumbprint(HashAlgorithm alg);
method operations (line 137) | NestedCollection<KeyOperation, T> operations();
FILE: api/src/main/java/io/jsonwebtoken/security/JwkParserBuilder.java
type JwkParserBuilder (line 34) | public interface JwkParserBuilder extends ParserBuilder<Jwk<?>, JwkParse...
FILE: api/src/main/java/io/jsonwebtoken/security/JwkSet.java
type JwkSet (line 38) | public interface JwkSet extends Map<String, Object>, Iterable<Jwk<?>> {
method getKeys (line 45) | Set<Jwk<?>> getKeys();
FILE: api/src/main/java/io/jsonwebtoken/security/JwkSetBuilder.java
type JwkSetBuilder (line 32) | public interface JwkSetBuilder extends MapMutator<String, Object, JwkSet...
method add (line 43) | JwkSetBuilder add(Jwk<?> jwk);
method add (line 53) | JwkSetBuilder add(Collection<Jwk<?>> c);
method keys (line 64) | JwkSetBuilder keys(Collection<Jwk<?>> c);
FILE: api/src/main/java/io/jsonwebtoken/security/JwkSetParserBuilder.java
type JwkSetParserBuilder (line 35) | public interface JwkSetParserBuilder extends ParserBuilder<JwkSet, JwkSe...
method ignoreUnsupported (line 56) | JwkSetParserBuilder ignoreUnsupported(boolean ignore);
FILE: api/src/main/java/io/jsonwebtoken/security/JwkThumbprint.java
type JwkThumbprint (line 26) | public interface JwkThumbprint {
method getHashAlgorithm (line 33) | HashAlgorithm getHashAlgorithm();
method toByteArray (line 40) | byte[] toByteArray();
method toURI (line 48) | URI toURI();
method toString (line 53) | String toString();
FILE: api/src/main/java/io/jsonwebtoken/security/Jwks.java
class Jwks (line 40) | public final class Jwks {
method Jwks (line 42) | private Jwks() {
method builder (line 68) | public static DynamicJwkBuilder<?, ?> builder() {
method parser (line 84) | public static JwkParserBuilder parser() {
method set (line 102) | public static JwkSetBuilder set() {
method setParser (line 118) | public static JwkSetParserBuilder setParser() {
method json (line 129) | public static String json(PublicJwk<?> publicJwk) {
method UNSAFE_JSON (line 142) | public static String UNSAFE_JSON(Jwk<?> jwk) {
class CRV (line 161) | public static final class CRV {
method get (line 174) | public static Registry<String, Curve> get() {
method CRV (line 258) | private CRV() {
class HASH (line 286) | public static final class HASH {
method get (line 302) | public static Registry<String, HashAlgorithm> get() {
method HASH (line 361) | private HASH() {
class OP (line 381) | public static final class OP {
method builder (line 399) | public static KeyOperationBuilder builder() {
method policy (line 408) | public static KeyOperationPolicyBuilder policy() {
method get (line 418) | public static Registry<String, KeyOperation> get() {
method OP (line 494) | private OP() {
FILE: api/src/main/java/io/jsonwebtoken/security/KeyAlgorithm.java
type KeyAlgorithm (line 47) | @SuppressWarnings("JavadocLinkAsPlainText")
method getEncryptionKey (line 66) | KeyResult getEncryptionKey(KeyRequest<E> request) throws SecurityExcep...
method getDecryptionKey (line 83) | SecretKey getDecryptionKey(DecryptionKeyRequest<D> request) throws Sec...
FILE: api/src/main/java/io/jsonwebtoken/security/KeyBuilder.java
type KeyBuilder (line 33) | public interface KeyBuilder<K extends Key, B extends KeyBuilder<K, B>> e...
FILE: api/src/main/java/io/jsonwebtoken/security/KeyBuilderSupplier.java
type KeyBuilderSupplier (line 30) | public interface KeyBuilderSupplier<K extends Key, B extends KeyBuilder<...
method key (line 39) | B key();
FILE: api/src/main/java/io/jsonwebtoken/security/KeyException.java
class KeyException (line 24) | public class KeyException extends SecurityException {
method KeyException (line 31) | public KeyException(String message) {
method KeyException (line 41) | public KeyException(String msg, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/KeyLengthSupplier.java
type KeyLengthSupplier (line 23) | public interface KeyLengthSupplier {
method getKeyBitLength (line 30) | int getKeyBitLength();
FILE: api/src/main/java/io/jsonwebtoken/security/KeyOperation.java
type KeyOperation (line 34) | public interface KeyOperation extends Identifiable {
method getDescription (line 41) | String getDescription();
method isRelated (line 54) | boolean isRelated(KeyOperation operation);
FILE: api/src/main/java/io/jsonwebtoken/security/KeyOperationBuilder.java
type KeyOperationBuilder (line 31) | public interface KeyOperationBuilder extends Builder<KeyOperation> {
method id (line 40) | KeyOperationBuilder id(String id);
method description (line 48) | KeyOperationBuilder description(String description);
method related (line 72) | KeyOperationBuilder related(String id);
FILE: api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicied.java
type KeyOperationPolicied (line 24) | public interface KeyOperationPolicied<T extends KeyOperationPolicied<T>> {
method operationPolicy (line 50) | T operationPolicy(KeyOperationPolicy policy) throws IllegalArgumentExc...
FILE: api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicy.java
type KeyOperationPolicy (line 26) | public interface KeyOperationPolicy {
method getOperations (line 33) | Collection<KeyOperation> getOperations();
method validate (line 41) | @SuppressWarnings("GrazieInspection")
FILE: api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicyBuilder.java
type KeyOperationPolicyBuilder (line 36) | public interface KeyOperationPolicyBuilder extends CollectionMutator<Key...
method unrelated (line 54) | KeyOperationPolicyBuilder unrelated();
method add (line 79) | @Override
method add (line 110) | @Override
FILE: api/src/main/java/io/jsonwebtoken/security/KeyPair.java
type KeyPair (line 29) | public interface KeyPair<A extends PublicKey, B extends PrivateKey> {
method getPublic (line 36) | A getPublic();
method getPrivate (line 43) | B getPrivate();
method toJavaKeyPair (line 50) | java.security.KeyPair toJavaKeyPair();
FILE: api/src/main/java/io/jsonwebtoken/security/KeyPairBuilder.java
type KeyPairBuilder (line 30) | public interface KeyPairBuilder extends SecurityBuilder<KeyPair, KeyPair...
FILE: api/src/main/java/io/jsonwebtoken/security/KeyPairBuilderSupplier.java
type KeyPairBuilderSupplier (line 28) | public interface KeyPairBuilderSupplier {
method keyPair (line 37) | KeyPairBuilder keyPair();
FILE: api/src/main/java/io/jsonwebtoken/security/KeyRequest.java
type KeyRequest (line 45) | public interface KeyRequest<T> extends Request<T> {
method getEncryptionAlgorithm (line 57) | AeadAlgorithm getEncryptionAlgorithm();
method getHeader (line 76) | JweHeader getHeader();
FILE: api/src/main/java/io/jsonwebtoken/security/KeyResult.java
type KeyResult (line 33) | public interface KeyResult extends Message<byte[]>, KeySupplier<SecretKe...
FILE: api/src/main/java/io/jsonwebtoken/security/KeySupplier.java
type KeySupplier (line 26) | public interface KeySupplier<K extends Key> {
method getKey (line 33) | K getKey();
FILE: api/src/main/java/io/jsonwebtoken/security/Keys.java
class Keys (line 34) | public final class Keys {
method invokeStatic (line 42) | private static <T> T invokeStatic(String method, Class<?>[] argTypes, ...
method Keys (line 47) | private Keys() {
method hmacShaKeyFor (line 59) | public static SecretKey hmacShaKeyFor(byte[] bytes) throws WeakKeyExce...
method secretKeyFor (line 138) | @SuppressWarnings("DeprecatedIsStillUsed")
method keyPairFor (line 243) | @SuppressWarnings("DeprecatedIsStillUsed")
method password (line 276) | public static Password password(char[] password) {
method builder (line 301) | public static SecretKeyBuilder builder(SecretKey key) {
method builder (line 328) | public static PrivateKeyBuilder builder(PrivateKey key) {
FILE: api/src/main/java/io/jsonwebtoken/security/MacAlgorithm.java
type MacAlgorithm (line 63) | public interface MacAlgorithm extends SecureDigestAlgorithm<SecretKey, S...
FILE: api/src/main/java/io/jsonwebtoken/security/MalformedKeyException.java
class MalformedKeyException (line 24) | public class MalformedKeyException extends InvalidKeyException {
method MalformedKeyException (line 31) | public MalformedKeyException(String message) {
method MalformedKeyException (line 41) | public MalformedKeyException(String msg, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/MalformedKeySetException.java
class MalformedKeySetException (line 24) | public class MalformedKeySetException extends SecurityException {
method MalformedKeySetException (line 31) | public MalformedKeySetException(String message) {
method MalformedKeySetException (line 41) | public MalformedKeySetException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/Message.java
type Message (line 26) | public interface Message<T> {
method getPayload (line 35) | T getPayload();
FILE: api/src/main/java/io/jsonwebtoken/security/OctetPrivateJwk.java
type OctetPrivateJwk (line 67) | public interface OctetPrivateJwk<K extends PrivateKey, L extends PublicK...
FILE: api/src/main/java/io/jsonwebtoken/security/OctetPrivateJwkBuilder.java
type OctetPrivateJwkBuilder (line 28) | public interface OctetPrivateJwkBuilder<K extends PrivateKey, L extends ...
FILE: api/src/main/java/io/jsonwebtoken/security/OctetPublicJwk.java
type OctetPublicJwk (line 62) | public interface OctetPublicJwk<K extends PublicKey> extends PublicJwk<K> {
FILE: api/src/main/java/io/jsonwebtoken/security/OctetPublicJwkBuilder.java
type OctetPublicJwkBuilder (line 29) | public interface OctetPublicJwkBuilder<A extends PublicKey, B extends Pr...
FILE: api/src/main/java/io/jsonwebtoken/security/Password.java
type Password (line 36) | public interface Password extends SecretKey, Destroyable {
method toCharArray (line 62) | char[] toCharArray();
FILE: api/src/main/java/io/jsonwebtoken/security/PrivateJwk.java
type PrivateJwk (line 44) | public interface PrivateJwk<K extends PrivateKey, L extends PublicKey, M...
method toPublicJwk (line 51) | M toPublicJwk();
method toKeyPair (line 60) | KeyPair<L, K> toKeyPair();
FILE: api/src/main/java/io/jsonwebtoken/security/PrivateJwkBuilder.java
type PrivateJwkBuilder (line 32) | public interface PrivateJwkBuilder<K extends PrivateKey, L extends Publi...
method publicKey (line 52) | T publicKey(L publicKey);
FILE: api/src/main/java/io/jsonwebtoken/security/PrivateKeyBuilder.java
type PrivateKeyBuilder (line 28) | public interface PrivateKeyBuilder extends KeyBuilder<PrivateKey, Privat...
method publicKey (line 37) | PrivateKeyBuilder publicKey(PublicKey publicKey);
FILE: api/src/main/java/io/jsonwebtoken/security/PublicJwk.java
type PublicJwk (line 26) | public interface PublicJwk<K extends PublicKey> extends AsymmetricJwk<K> {
FILE: api/src/main/java/io/jsonwebtoken/security/PublicJwkBuilder.java
type PublicJwkBuilder (line 33) | public interface PublicJwkBuilder<K extends PublicKey, L extends Private...
method privateKey (line 46) | P privateKey(L privateKey);
FILE: api/src/main/java/io/jsonwebtoken/security/Request.java
type Request (line 38) | public interface Request<T> extends Message<T> {
method getProvider (line 47) | Provider getProvider();
method getSecureRandom (line 56) | SecureRandom getSecureRandom();
FILE: api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwk.java
type RsaPrivateJwk (line 42) | public interface RsaPrivateJwk extends PrivateJwk<RSAPrivateKey, RSAPubl...
FILE: api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwkBuilder.java
type RsaPrivateJwkBuilder (line 26) | public interface RsaPrivateJwkBuilder extends PrivateJwkBuilder<RSAPriva...
FILE: api/src/main/java/io/jsonwebtoken/security/RsaPublicJwk.java
type RsaPublicJwk (line 41) | public interface RsaPublicJwk extends PublicJwk<RSAPublicKey> {
FILE: api/src/main/java/io/jsonwebtoken/security/RsaPublicJwkBuilder.java
type RsaPublicJwkBuilder (line 26) | public interface RsaPublicJwkBuilder extends PublicJwkBuilder<RSAPublicK...
FILE: api/src/main/java/io/jsonwebtoken/security/SecretJwk.java
type SecretJwk (line 32) | public interface SecretJwk extends Jwk<SecretKey> {
FILE: api/src/main/java/io/jsonwebtoken/security/SecretJwkBuilder.java
type SecretJwkBuilder (line 25) | public interface SecretJwkBuilder extends JwkBuilder<SecretKey, SecretJw...
FILE: api/src/main/java/io/jsonwebtoken/security/SecretKeyAlgorithm.java
type SecretKeyAlgorithm (line 25) | public interface SecretKeyAlgorithm extends KeyAlgorithm<SecretKey, Secr...
FILE: api/src/main/java/io/jsonwebtoken/security/SecretKeyBuilder.java
type SecretKeyBuilder (line 26) | public interface SecretKeyBuilder extends KeyBuilder<SecretKey, SecretKe...
FILE: api/src/main/java/io/jsonwebtoken/security/SecureDigestAlgorithm.java
type SecureDigestAlgorithm (line 53) | public interface SecureDigestAlgorithm<S extends Key, V extends Key>
FILE: api/src/main/java/io/jsonwebtoken/security/SecureRequest.java
type SecureRequest (line 27) | public interface SecureRequest<T, K extends Key> extends Request<T>, Key...
FILE: api/src/main/java/io/jsonwebtoken/security/SecurityBuilder.java
type SecurityBuilder (line 33) | public interface SecurityBuilder<T, B extends SecurityBuilder<T, B>> ext...
method provider (line 42) | B provider(Provider provider);
method random (line 51) | B random(SecureRandom random);
FILE: api/src/main/java/io/jsonwebtoken/security/SecurityException.java
class SecurityException (line 26) | public class SecurityException extends JwtException {
method SecurityException (line 33) | public SecurityException(String message) {
method SecurityException (line 43) | public SecurityException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/SignatureAlgorithm.java
type SignatureAlgorithm (line 54) | public interface SignatureAlgorithm extends SecureDigestAlgorithm<Privat...
FILE: api/src/main/java/io/jsonwebtoken/security/SignatureException.java
class SignatureException (line 23) | @SuppressWarnings("deprecation")
method SignatureException (line 31) | public SignatureException(String message) {
method SignatureException (line 41) | public SignatureException(String message, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/UnsupportedKeyException.java
class UnsupportedKeyException (line 23) | public class UnsupportedKeyException extends KeyException {
method UnsupportedKeyException (line 30) | public UnsupportedKeyException(String message) {
method UnsupportedKeyException (line 40) | public UnsupportedKeyException(String msg, Throwable cause) {
FILE: api/src/main/java/io/jsonwebtoken/security/VerifyDigestRequest.java
type VerifyDigestRequest (line 32) | public interface VerifyDigestRequest extends Request<InputStream>, Diges...
FILE: api/src/main/java/io/jsonwebtoken/security/VerifySecureDigestRequest.java
type VerifySecureDigestRequest (line 33) | public interface VerifySecureDigestRequest<K extends Key> extends Secure...
FILE: api/src/main/java/io/jsonwebtoken/security/WeakKeyException.java
class WeakKeyException (line 24) | public class WeakKeyException extends InvalidKeyException {
method WeakKeyException (line 31) | public WeakKeyException(String message) {
FILE: api/src/main/java/io/jsonwebtoken/security/X509Accessor.java
type X509Accessor (line 34) | public interface X509Accessor {
method getX509Url (line 67) | URI getX509Url();
method getX509Chain (line 89) | List<X509Certificate> getX509Chain();
method getX509Sha1Thumbprint (line 113) | byte[] getX509Sha1Thumbprint();
method getX509Sha256Thumbprint (line 137) | byte[] getX509Sha256Thumbprint();
FILE: api/src/main/java/io/jsonwebtoken/security/X509Builder.java
type X509Builder (line 27) | public interface X509Builder<T extends X509Builder<T>> extends X509Mutat...
method x509Sha1Thumbprint (line 41) | T x509Sha1Thumbprint(boolean enable);
method x509Sha256Thumbprint (line 55) | T x509Sha256Thumbprint(boolean enable);
FILE: api/src/main/java/io/jsonwebtoken/security/X509Mutator.java
type X509Mutator (line 31) | public interface X509Mutator<T extends X509Mutator<T>> {
method x509Url (line 65) | T x509Url(URI uri);
method x509Chain (line 88) | T x509Chain(List<X509Certificate> chain);
method x509Sha1Thumbprint (line 114) | T x509Sha1Thumbprint(byte[] thumbprint);
method x509Sha256Thumbprint (line 140) | T x509Sha256Thumbprint(byte[] thumbprint);
FILE: extensions/gson/src/main/java/io/jsonwebtoken/gson/io/GsonDeserializer.java
class GsonDeserializer (line 24) | public class GsonDeserializer<T> extends AbstractDeserializer<T> {
method GsonDeserializer (line 29) | public GsonDeserializer() {
method GsonDeserializer (line 33) | @SuppressWarnings("unchecked")
method GsonDeserializer (line 38) | private GsonDeserializer(Gson gson, Class<T> returnType) {
method doDeserialize (line 45) | @Override
FILE: extensions/gson/src/main/java/io/jsonwebtoken/gson/io/GsonSerializer.java
class GsonSerializer (line 32) | public class GsonSerializer<T> extends AbstractSerializer<T> {
method GsonSerializer (line 42) | public GsonSerializer() {
method GsonSerializer (line 46) | public GsonSerializer(Gson gson) {
method doSerialize (line 62) | @Override
method writeValue (line 78) | protected void writeValue(Object o, java.io.Writer writer) {
class TestSupplier (line 82) | private static class TestSupplier<T> implements Supplier<T> {
method TestSupplier (line 87) | private TestSupplier(T value) {
method get (line 91) | @Override
FILE: extensions/gson/src/main/java/io/jsonwebtoken/gson/io/GsonSupplierSerializer.java
class GsonSupplierSerializer (line 25) | public final class GsonSupplierSerializer implements JsonSerializer<Supp...
method serialize (line 29) | @Override
FILE: extensions/jackson/src/main/java/io/jsonwebtoken/jackson/io/JacksonDeserializer.java
class JacksonDeserializer (line 36) | public class JacksonDeserializer<T> extends AbstractDeserializer<T> {
method JacksonDeserializer (line 45) | public JacksonDeserializer() {
method JacksonDeserializer (line 74) | public JacksonDeserializer(Map<String, Class<?>> claimTypeMap) {
method JacksonDeserializer (line 84) | @SuppressWarnings("unchecked")
method JacksonDeserializer (line 118) | public JacksonDeserializer(ObjectMapper objectMapper, Map<String, Clas...
method JacksonDeserializer (line 127) | private JacksonDeserializer(ObjectMapper objectMapper, Class<T> return...
method doDeserialize (line 134) | @Override
class MappedTypeDeserializer (line 143) | private static class MappedTypeDeserializer extends UntypedObjectDeser...
method MappedTypeDeserializer (line 147) | private MappedTypeDeserializer(Map<String, Class<?>> claimTypeMap) {
method deserialize (line 152) | @Override
FILE: extensions/jackson/src/main/java/io/jsonwebtoken/jackson/io/JacksonSerializer.java
class JacksonSerializer (line 35) | public class JacksonSerializer<T> extends AbstractSerializer<T> {
method newObjectMapper (line 60) | static ObjectMapper newObjectMapper() {
method JacksonSerializer (line 72) | public JacksonSerializer() {
method JacksonSerializer (line 81) | public JacksonSerializer(ObjectMapper objectMapper) {
method doSerialize (line 86) | @Override
FILE: extensions/jackson/src/main/java/io/jsonwebtoken/jackson/io/JacksonSupplierSerializer.java
class JacksonSupplierSerializer (line 26) | final class JacksonSupplierSerializer extends StdSerializer<Supplier<?>> {
method JacksonSupplierSerializer (line 30) | public JacksonSupplierSerializer() {
method serialize (line 34) | @Override
FILE: extensions/orgjson/src/main/java/io/jsonwebtoken/orgjson/io/OrgJsonDeserializer.java
class OrgJsonDeserializer (line 37) | public class OrgJsonDeserializer extends AbstractDeserializer<Object> {
method OrgJsonDeserializer (line 41) | public OrgJsonDeserializer() {
method OrgJsonDeserializer (line 45) | private OrgJsonDeserializer(JSONTokenerFactory factory) {
method doDeserialize (line 49) | @Override
method parse (line 54) | private Object parse(Reader reader) throws JSONException {
method toMap (line 75) | private Map<String, Object> toMap(JSONObject o) {
method toList (line 88) | private List<Object> toList(JSONArray a) {
method convertIfNecessary (line 100) | private Object convertIfNecessary(Object v) {
class JSONTokenerFactory (line 118) | static class JSONTokenerFactory { // package-protected on purpose. Not...
method JSONTokenerFactory (line 127) | JSONTokenerFactory() {
method testTokener (line 138) | protected void testTokener(@SuppressWarnings("SameParameterValue") R...
method toString (line 148) | private static String toString(Reader reader) throws IOException {
method newTokener (line 159) | private JSONTokener newTokener(Reader reader) {
FILE: extensions/orgjson/src/main/java/io/jsonwebtoken/orgjson/io/OrgJsonSerializer.java
class OrgJsonSerializer (line 41) | public class OrgJsonSerializer<T> extends AbstractSerializer<T> {
method doSerialize (line 57) | @Override
method isJSONString (line 68) | private static boolean isJSONString(Object o) {
method toJSONInstance (line 75) | private Object toJSONInstance(Object object) throws IOException {
method toJSONObject (line 133) | private JSONObject toJSONObject(Map<?, ?> m) throws IOException {
method toJSONArray (line 149) | private JSONArray toJSONArray(Collection<?> c) throws IOException {
method toString (line 167) | protected String toString(Object o) {
method toBytes (line 191) | @Deprecated
FILE: impl/src/main/java/io/jsonwebtoken/impl/AbstractAudienceCollection.java
class AbstractAudienceCollection (line 29) | abstract class AbstractAudienceCollection<P> extends DefaultNestedCollec...
method AbstractAudienceCollection (line 31) | protected AbstractAudienceCollection(P parent, Collection<? extends St...
FILE: impl/src/main/java/io/jsonwebtoken/impl/AbstractTextCodec.java
class AbstractTextCodec (line 27) | @Deprecated
method encode (line 33) | @Override
method decodeToString (line 40) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/AbstractX509Context.java
class AbstractX509Context (line 27) | public class AbstractX509Context<T extends X509Mutator<T>> extends Param...
method AbstractX509Context (line 29) | public AbstractX509Context(Set<Parameter<?>> params) {
method self (line 33) | @SuppressWarnings("unchecked")
method getX509Url (line 38) | @Override
method x509Url (line 43) | @Override
method getX509Chain (line 49) | @Override
method x509Chain (line 54) | @Override
method getX509Sha1Thumbprint (line 60) | @Override
method x509Sha1Thumbprint (line 65) | @Override
method getX509Sha256Thumbprint (line 71) | @Override
method x509Sha256Thumbprint (line 76) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/AndroidBase64Codec.java
class AndroidBase64Codec (line 25) | @Deprecated
method encode (line 28) | @Override
method decode (line 33) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/Base64Codec.java
class Base64Codec (line 25) | @Deprecated
method encode (line 28) | public String encode(byte[] data) {
method decode (line 32) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/Base64UrlCodec.java
class Base64UrlCodec (line 25) | @Deprecated
method encode (line 28) | @Override
method decode (line 33) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/CompressionCodecLocator.java
class CompressionCodecLocator (line 26) | public class CompressionCodecLocator implements Function<Header, Compres...
method CompressionCodecLocator (line 30) | public CompressionCodecLocator(CompressionCodecResolver resolver) {
method apply (line 34) | @Override
method locate (line 39) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultClaims.java
class DefaultClaims (line 30) | public class DefaultClaims extends ParameterMap implements Claims {
method DefaultClaims (line 51) | protected DefaultClaims() { // visibility for testing
method DefaultClaims (line 55) | public DefaultClaims(ParameterMap m) {
method DefaultClaims (line 59) | public DefaultClaims(Map<String, ?> map) {
method getName (line 63) | @Override
method getIssuer (line 68) | @Override
method getSubject (line 73) | @Override
method getAudience (line 78) | @Override
method getExpiration (line 83) | @Override
method getNotBefore (line 88) | @Override
method getIssuedAt (line 93) | @Override
method getId (line 98) | @Override
method get (line 103) | @Override
method castClaimValue (line 129) | private <T> T castClaimValue(String name, Object value, Class<T> requi...
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultClaimsBuilder.java
class DefaultClaimsBuilder (line 24) | public final class DefaultClaimsBuilder extends DelegatingClaimsMutator<...
method DefaultClaimsBuilder (line 27) | public DefaultClaimsBuilder() {
method build (line 31) | @Override
class Supplier (line 38) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 40) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultClock.java
class DefaultClock (line 27) | public class DefaultClock implements Clock {
method now (line 39) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultHeader.java
class DefaultHeader (line 29) | public class DefaultHeader extends ParameterMap implements Header {
method DefaultHeader (line 46) | public DefaultHeader(Map<String, ?> values) {
method DefaultHeader (line 50) | protected DefaultHeader(Registry<String, Parameter<?>> registry, Map<S...
method getName (line 54) | @Override
method nameOf (line 59) | static String nameOf(Header header) {
method getType (line 64) | @Override
method getContentType (line 69) | @Override
method getAlgorithm (line 74) | @Override
method getCompressionAlgorithm (line 79) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwe.java
class DefaultJwe (line 27) | public class DefaultJwe<P> extends DefaultProtectedJwt<JweHeader, P> imp...
method DefaultJwe (line 33) | public DefaultJwe(JweHeader header, P payload, byte[] iv, byte[] aadTa...
method getInitializationVector (line 38) | @Override
method toStringBuilder (line 43) | @Override
method equals (line 48) | @Override
method hashCode (line 60) | @Override
method accept (line 65) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeader.java
class DefaultJweHeader (line 37) | public class DefaultJweHeader extends DefaultProtectedHeader implements ...
method isCandidate (line 64) | static boolean isCandidate(ParameterMap map) {
method DefaultJweHeader (line 79) | public DefaultJweHeader(Map<String, ?> map) {
method getName (line 83) | @Override
method getEncryptionAlgorithm (line 88) | @Override
method getEphemeralPublicKey (line 93) | @Override
method getAgreementPartyUInfo (line 98) | @Override
method getAgreementPartyVInfo (line 103) | @Override
method getInitializationVector (line 108) | @Override
method getAuthenticationTag (line 113) | @Override
method getPbes2Salt (line 118) | public byte[] getPbes2Salt() {
method getPbes2Count (line 122) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderBuilder.java
class DefaultJweHeaderBuilder (line 25) | public class DefaultJweHeaderBuilder<T extends JweHeaderMutator<T> & X50...
method DefaultJweHeaderBuilder (line 28) | protected DefaultJweHeaderBuilder() {
method DefaultJweHeaderBuilder (line 32) | protected DefaultJweHeaderBuilder(DefaultJweHeaderMutator<?> src) {
method x509Sha1Thumbprint (line 36) | @Override
method x509Sha256Thumbprint (line 42) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderMutator.java
class DefaultJweHeaderMutator (line 36) | public class DefaultJweHeaderMutator<T extends JweHeaderMutator<T>>
method DefaultJweHeaderMutator (line 41) | public DefaultJweHeaderMutator() {
method DefaultJweHeaderMutator (line 48) | public DefaultJweHeaderMutator(DefaultJweHeaderMutator<?> src) {
method put (line 57) | private <F> T put(Parameter<F> param, F value) {
method clear (line 62) | @Override
method contentType (line 77) | @Override
method type (line 82) | @Override
method setType (line 87) | @Override
method setContentType (line 92) | @Override
method setCompressionAlgorithm (line 97) | @Override
method critical (line 106) | @Override
method jwk (line 116) | @Override
method jwkSetUrl (line 121) | @Override
method keyId (line 126) | @Override
method setKeyId (line 131) | @Override
method setAlgorithm (line 136) | @Override
method x509Url (line 145) | @Override
method x509Chain (line 151) | @Override
method x509Sha1Thumbprint (line 157) | @Override
method x509Sha256Thumbprint (line 163) | @Override
method agreementPartyUInfo (line 173) | @Override
method agreementPartyUInfo (line 178) | @Override
method agreementPartyVInfo (line 183) | @Override
method agreementPartyVInfo (line 188) | @Override
method pbes2Count (line 193) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJws.java
class DefaultJws (line 22) | public class DefaultJws<P> extends DefaultProtectedJwt<JwsHeader, P> imp...
method DefaultJws (line 28) | public DefaultJws(JwsHeader header, P payload, byte[] signature, Strin...
method getSignature (line 33) | @Override
method accept (line 38) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwsHeader.java
class DefaultJwsHeader (line 27) | public class DefaultJwsHeader extends DefaultProtectedHeader implements ...
method DefaultJwsHeader (line 35) | public DefaultJwsHeader(Map<String, ?> map) {
method getName (line 39) | @Override
method isPayloadEncoded (line 44) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwt.java
class DefaultJwt (line 25) | public class DefaultJwt<H extends Header, P> implements Jwt<H, P> {
method DefaultJwt (line 30) | public DefaultJwt(H header, P payload) {
method getHeader (line 35) | @Override
method getBody (line 40) | @Override
method getPayload (line 45) | @Override
method toStringBuilder (line 50) | protected StringBuilder toStringBuilder() {
method toString (line 62) | @Override
method equals (line 67) | @Override
method hashCode (line 80) | @Override
method accept (line 85) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtBuilder.java
class DefaultJwtBuilder (line 81) | public class DefaultJwtBuilder implements JwtBuilder {
method DefaultJwtBuilder (line 113) | public DefaultJwtBuilder() {
method header (line 118) | @Override
method claims (line 123) | @Override
method provider (line 128) | @Override
method random (line 134) | @Override
method serializeToJsonWith (line 140) | @Override
method json (line 145) | @Override
method base64UrlEncodeWith (line 151) | @Override
method b64Url (line 156) | @Override
method encodePayload (line 163) | @Override
method setHeader (line 175) | @Override
method setHeaderParams (line 180) | @Override
method setHeaderParam (line 185) | @Override
method forSigningKey (line 190) | protected static <K extends Key> SecureDigestAlgorithm<K, ?> forSignin...
method signWith (line 204) | @Override
method signWith (line 211) | @Override
method signWith (line 251) | @SuppressWarnings({"deprecation", "unchecked"}) // TODO: remove method...
method signWith (line 259) | @SuppressWarnings("deprecation") // TODO: remove method for 1.0
method signWith (line 270) | @SuppressWarnings("deprecation") // TODO: remove method for 1.0
method signWith (line 280) | @SuppressWarnings("deprecation") // TODO: remove method for 1.0
method encryptWith (line 286) | @Override
method encryptWith (line 294) | @Override
method compressWith (line 322) | @Override
method setPayload (line 332) | @Override
method content (line 337) | @Override
method content (line 345) | @Override
method content (line 353) | @Override
method content (line 361) | @Override
method content (line 370) | @Override
method content (line 379) | @Override
method setClaims (line 388) | @Override
method addClaims (line 394) | @Override
method claims (line 399) | @Override
method claim (line 404) | @Override
method setIssuer (line 409) | @Override
method issuer (line 414) | @Override
method setSubject (line 419) | @Override
method subject (line 424) | @Override
method setAudience (line 429) | @Override
method audience (line 435) | @Override
method setExpiration (line 440) | @Override
method expiration (line 445) | @Override
method setNotBefore (line 450) | @Override
method notBefore (line 455) | @Override
method setIssuedAt (line 460) | @Override
method issuedAt (line 465) | @Override
method setId (line 470) | @Override
method id (line 475) | @Override
method assertPayloadEncoding (line 480) | private void assertPayloadEncoding(String type) {
method compact (line 487) | @Override
method writeAndClose (line 540) | private void writeAndClose(String name, Map<String, ?> map, OutputStre...
method writeAndClose (line 549) | private void writeAndClose(String name, final Payload payload, OutputS...
method sign (line 563) | private String sign(final Payload payload, final Key key, final Provid...
method unprotected (line 645) | private String unprotected(final Payload content) {
method encrypt (line 670) | private void encrypt(final AeadRequest req, final AeadResult res) thro...
method encrypt (line 681) | private String encrypt(final Payload content, final Key key, final Pro...
class DefaultBuilderClaims (line 747) | private static class DefaultBuilderClaims extends DelegatingClaimsMuta...
method DefaultBuilderClaims (line 751) | private DefaultBuilderClaims(JwtBuilder builder) {
method and (line 756) | @Override
method build (line 761) | private io.jsonwebtoken.Claims build() {
class DefaultBuilderHeader (line 766) | private static class DefaultBuilderHeader extends DefaultJweHeaderBuil...
method DefaultBuilderHeader (line 770) | private DefaultBuilderHeader(JwtBuilder builder) {
method and (line 775) | @Override
method get (line 780) | @SuppressWarnings("SameParameterValue")
method build (line 785) | private Header build() {
method encode (line 790) | private OutputStream encode(OutputStream out, String name) {
method encodeAndWrite (line 795) | private void encodeAndWrite(String name, Map<String, ?> map, OutputStr...
method encodeAndWrite (line 800) | private void encodeAndWrite(String name, Payload payload, OutputStream...
method encodeAndWrite (line 805) | private void encodeAndWrite(String name, byte[] data, OutputStream out) {
method toInputStream (line 810) | private InputStream toInputStream(final String name, Payload payload) {
class Supplier (line 822) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 824) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtHeaderBuilder.java
class DefaultJwtHeaderBuilder (line 28) | public class DefaultJwtHeaderBuilder extends DefaultJweHeaderBuilder<Jwt...
method DefaultJwtHeaderBuilder (line 30) | public DefaultJwtHeaderBuilder() {
method DefaultJwtHeaderBuilder (line 34) | public DefaultJwtHeaderBuilder(DefaultJweHeaderMutator<?> src) {
method sanitizeCrit (line 43) | private static ParameterMap sanitizeCrit(ParameterMap m, boolean prote...
method build (line 69) | @Override
class Supplier (line 89) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 91) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
class DefaultJwtParser (line 94) | @SuppressWarnings("unchecked")
method DefaultJwtParser (line 216) | @SuppressWarnings("deprecation")
method isSigned (line 251) | @Override
method hasContentType (line 264) | private static boolean hasContentType(Header header) {
method verifySignature (line 268) | private byte[] verifySignature(final TokenizedJwt tokenized, final Jws...
method parse (line 361) | @Override
method parse (line 367) | private Jwt<?, ?> parse(Reader compact, Payload unencodedPayload) {
method normalize (line 721) | private static Object normalize(Object o) {
method validateExpectedClaims (line 728) | private void validateExpectedClaims(Header header, Claims claims) {
method parse (line 775) | @SuppressWarnings("deprecation")
method parse (line 781) | private Jwt<?, ?> parse(CharSequence compact, Payload unencodedPayload) {
method parseContentJwt (line 786) | @Override
method parseClaimsJwt (line 791) | @Override
method parseContentJws (line 796) | @Override
method parseClaimsJws (line 801) | @Override
method parseUnsecuredContent (line 806) | @Override
method parseUnsecuredClaims (line 811) | @Override
method parseSignedContent (line 816) | @Override
method parseSignedContent (line 821) | private Jws<byte[]> parseSignedContent(CharSequence jws, Payload unenc...
method parseSignedClaims (line 825) | @Override
method parseSignedClaims (line 830) | private Jws<Claims> parseSignedClaims(CharSequence jws, Payload unenco...
method parseSignedContent (line 835) | @Override
method payloadFor (line 841) | private static Payload payloadFor(InputStream in) {
method parseSignedContent (line 850) | @Override
method parseSignedClaims (line 856) | @Override
method parseSignedClaims (line 862) | @Override
method parseEncryptedContent (line 870) | @Override
method parseEncryptedClaims (line 875) | @Override
method decode (line 880) | protected byte[] decode(CharSequence base64UrlEncoded, String name) {
method deserialize (line 892) | protected Map<String, ?> deserialize(InputStream in, final String name) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParserBuilder.java
class DefaultJwtParserBuilder (line 63) | public class DefaultJwtParserBuilder implements JwtParserBuilder {
method unsecured (line 115) | @Override
method unsecuredDecompression (line 121) | @Override
method provider (line 127) | @Override
method deserializeJsonWith (line 133) | @Override
method json (line 138) | @Override
method base64UrlDecodeWith (line 144) | @SuppressWarnings("deprecation")
method b64Url (line 151) | @Override
method requireIssuedAt (line 158) | @Override
method requireIssuer (line 164) | @Override
method requireAudience (line 170) | @Override
method requireSubject (line 176) | @Override
method requireId (line 182) | @Override
method requireExpiration (line 188) | @Override
method requireNotBefore (line 194) | @Override
method require (line 200) | @Override
method setClock (line 208) | @Override
method clock (line 213) | @Override
method critical (line 220) | @Override
method setAllowedClockSkewSeconds (line 230) | @Override
method clockSkewSeconds (line 235) | @Override
method setSigningKey (line 242) | @Override
method setSigningKey (line 248) | @Override
method setSigningKey (line 255) | @Override
method verifyWith (line 267) | @Override
method verifyWith (line 272) | @Override
method verifyWith (line 277) | private JwtParserBuilder verifyWith(Key key) {
method decryptWith (line 285) | @Override
method decryptWith (line 290) | @Override
method decryptWith (line 295) | private JwtParserBuilder decryptWith(final Key key) {
method zip (line 303) | @Override
method enc (line 313) | @Override
method sig (line 323) | @Override
method key (line 333) | @Override
method setSigningKeyResolver (line 343) | @SuppressWarnings("deprecation") //TODO: remove for 1.0
method keyLocator (line 351) | @Override
method setCompressionCodecResolver (line 357) | @SuppressWarnings("deprecation")
method build (line 364) | @Override
class Supplier (line 432) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 434) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultMutableJweHeader.java
class DefaultMutableJweHeader (line 27) | public class DefaultMutableJweHeader extends DefaultJweHeaderMutator<Def...
method DefaultMutableJweHeader (line 29) | public DefaultMutableJweHeader(DefaultJweHeaderMutator<?> src) {
method get (line 33) | private <T> T get(Parameter<T> param) {
method getAlgorithm (line 41) | @Override
method getContentType (line 46) | @Override
method getType (line 51) | @Override
method getCompressionAlgorithm (line 56) | @Override
method getJwkSetUrl (line 65) | @Override
method getJwk (line 70) | @Override
method getKeyId (line 75) | @Override
method getCritical (line 80) | @Override
method getX509Url (line 89) | @Override
method getX509Chain (line 94) | @Override
method getX509Sha1Thumbprint (line 99) | @Override
method getX509Sha256Thumbprint (line 104) | @Override
method getAgreementPartyUInfo (line 113) | @Override
method getAgreementPartyVInfo (line 118) | @Override
method getPbes2Count (line 123) | @Override
method getEncryptionAlgorithm (line 128) | @Override
method getEphemeralPublicKey (line 133) | @Override
method getInitializationVector (line 138) | @Override
method getAuthenticationTag (line 143) | @Override
method getPbes2Salt (line 148) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultProtectedHeader.java
class DefaultProtectedHeader (line 41) | public class DefaultProtectedHeader extends DefaultHeader implements Pro...
method isCandidate (line 63) | static boolean isCandidate(ParameterMap map) {
method DefaultProtectedHeader (line 77) | protected DefaultProtectedHeader(Registry<String, Parameter<?>> regist...
method getKeyId (line 81) | @Override
method getJwkSetUrl (line 86) | @Override
method getJwk (line 91) | @Override
method getX509Url (line 96) | @Override
method getX509Chain (line 101) | @Override
method getX509Sha1Thumbprint (line 106) | @Override
method getX509Sha256Thumbprint (line 111) | @Override
method getCritical (line 116) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultProtectedJwt.java
class DefaultProtectedJwt (line 26) | abstract class DefaultProtectedJwt<H extends ProtectedHeader, P> extends...
method DefaultProtectedJwt (line 32) | protected DefaultProtectedJwt(H header, P payload, byte[] digest, Stri...
method getDigest (line 38) | @Override
method toStringBuilder (line 43) | @Override
method equals (line 49) | @Override
method hashCode (line 61) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultTokenizedJwe.java
class DefaultTokenizedJwe (line 22) | class DefaultTokenizedJwe extends DefaultTokenizedJwt implements Tokeniz...
method DefaultTokenizedJwe (line 27) | DefaultTokenizedJwe(CharSequence protectedHeader, CharSequence body, C...
method getEncryptedKey (line 34) | @Override
method getIv (line 39) | @Override
method createHeader (line 44) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DefaultTokenizedJwt.java
class DefaultTokenizedJwt (line 24) | class DefaultTokenizedJwt implements TokenizedJwt {
method DefaultTokenizedJwt (line 30) | DefaultTokenizedJwt(CharSequence protectedHeader, CharSequence payload...
method getProtected (line 36) | @Override
method getPayload (line 41) | @Override
method getDigest (line 46) | @Override
method createHeader (line 51) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DelegateAudienceCollection.java
class DelegateAudienceCollection (line 23) | public class DelegateAudienceCollection<P> implements ClaimsMutator.Audi...
method DelegateAudienceCollection (line 29) | public DelegateAudienceCollection(P parent, ClaimsMutator.AudienceColl...
method single (line 34) | @Override
method add (line 40) | @Override
method add (line 46) | @Override
method clear (line 52) | @Override
method remove (line 58) | @Override
method and (line 64) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/DelegatingClaimsMutator.java
class DelegatingClaimsMutator (line 34) | public class DelegatingClaimsMutator<T extends MapMutator<String, Object...
method DelegatingClaimsMutator (line 41) | protected DelegatingClaimsMutator() {
method put (line 45) | <F> T put(Parameter<F> param, F value) {
method put (line 50) | @Override // override starting in 0.12.4
method putAll (line 66) | @Override // overridden starting in 0.12.4
method get (line 75) | <F> F get(Parameter<F> param) {
method setIssuer (line 79) | @Override
method issuer (line 84) | @Override
method setSubject (line 89) | @Override
method subject (line 94) | @Override
method setAudience (line 99) | @Override
method getAudience (line 105) | private Set<String> getAudience() {
method audienceSingle (line 116) | private T audienceSingle(String aud) {
method audience (line 127) | @Override
method setExpiration (line 143) | @Override
method expiration (line 148) | @Override
method setNotBefore (line 153) | @Override
method notBefore (line 158) | @Override
method setIssuedAt (line 163) | @Override
method issuedAt (line 168) | @Override
method setId (line 173) | @Override
method id (line 178) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/FixedClock.java
class FixedClock (line 28) | public class FixedClock implements Clock {
method FixedClock (line 36) | public FixedClock() {
method FixedClock (line 46) | public FixedClock(Date now) {
method FixedClock (line 56) | public FixedClock(long timeInMillis) {
method now (line 60) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/IdLocator.java
class IdLocator (line 29) | public class IdLocator<H extends Header, R extends Identifiable> impleme...
method IdLocator (line 37) | public IdLocator(Parameter<String> param, Registry<String, R> registry...
method locate (line 45) | @Override
method apply (line 79) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/JwtTokenizer.java
class JwtTokenizer (line 26) | public class JwtTokenizer {
method read (line 33) | private static int read(Reader r, char[] buf) {
method tokenize (line 42) | @SuppressWarnings("unchecked")
FILE: impl/src/main/java/io/jsonwebtoken/impl/ParameterMap.java
class ParameterMap (line 36) | public class ParameterMap implements Map<String, Object>, ParameterReada...
method ParameterMap (line 46) | public ParameterMap(Set<Parameter<?>> params) {
method ParameterMap (line 50) | public ParameterMap(Registry<String, ? extends Parameter<?>> registry)...
method ParameterMap (line 60) | public ParameterMap(Registry<String, ? extends Parameter<?>> registry,...
method ParameterMap (line 64) | public ParameterMap(Registry<String, ? extends Parameter<?>> registry,...
method assertMutable (line 77) | private void assertMutable() {
method replace (line 84) | protected ParameterMap replace(Parameter<?> param) {
method getName (line 89) | @Override
method get (line 94) | @Override
method size (line 102) | @Override
method isEmpty (line 107) | @Override
method containsKey (line 112) | @Override
method containsValue (line 117) | @Override
method get (line 122) | @Override
method put (line 135) | protected final <T> Object put(Parameter<T> param, Object value) {
method put (line 142) | @Override
method nullSafePut (line 156) | private Object nullSafePut(String name, Object value) {
method apply (line 165) | private <T> Object apply(Parameter<T> param, Object rawValue) {
method remove (line 199) | @Override
method putAll (line 206) | @Override
method clear (line 217) | @Override
method keySet (line 224) | @Override
method values (line 229) | @Override
method entrySet (line 234) | @Override
method toString (line 239) | @Override
method hashCode (line 244) | @Override
method equals (line 249) | @SuppressWarnings("EqualsWhichDoesntCheckParameterClass")
class ParameterMapSet (line 255) | private abstract class ParameterMapSet<T> extends AbstractSet<T> {
method size (line 257) | @Override
class KeySet (line 263) | private class KeySet extends ParameterMapSet<String> {
method iterator (line 264) | @Override
class ValueSet (line 270) | private class ValueSet extends ParameterMapSet<Object> {
method iterator (line 271) | @Override
class EntrySet (line 277) | private class EntrySet extends ParameterMapSet<Entry<String, Object>> {
method iterator (line 278) | @Override
class ParameterMapIterator (line 284) | private abstract class ParameterMapIterator<T> implements Iterator<T> {
method ParameterMapIterator (line 290) | ParameterMapIterator() {
method hasNext (line 295) | @Override
method nextEntry (line 300) | protected Map.Entry<String, Object> nextEntry() {
method remove (line 305) | @Override
class ValueIterator (line 315) | private class ValueIterator extends ParameterMapIterator<Object> {
method next (line 316) | @Override
class KeyIterator (line 322) | private class KeyIterator extends ParameterMapIterator<String> {
method next (line 323) | @Override
class EntryIterator (line 329) | private class EntryIterator extends ParameterMapIterator<Entry<String,...
method next (line 330) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/Payload.java
class Payload (line 31) | class Payload {
method Payload (line 44) | Payload(Claims claims) {
method Payload (line 48) | Payload(CharSequence content, String contentType) {
method Payload (line 52) | Payload(byte[] content, String contentType) {
method Payload (line 56) | Payload(InputStream inputStream, String contentType) {
method Payload (line 60) | private Payload(Claims claims, CharSequence string, byte[] bytes, Inpu...
method isClaims (line 77) | boolean isClaims() {
method getRequiredClaims (line 81) | Claims getRequiredClaims() {
method isString (line 85) | boolean isString() {
method getContentType (line 89) | String getContentType() {
method setZip (line 93) | public void setZip(CompressionAlgorithm zip) {
method isCompressed (line 97) | boolean isCompressed() {
method setClaimsExpected (line 101) | public void setClaimsExpected(boolean claimsExpected) {
method isConsumable (line 112) | boolean isConsumable() {
method isEmpty (line 116) | boolean isEmpty() {
method compress (line 120) | public OutputStream compress(OutputStream out) {
method decompress (line 124) | public Payload decompress(CompressionAlgorithm alg) {
method getBytes (line 143) | public byte[] getBytes() {
method toInputStream (line 147) | InputStream toInputStream() {
FILE: impl/src/main/java/io/jsonwebtoken/impl/TextCodec.java
type TextCodec (line 25) | @Deprecated
method encode (line 42) | String encode(String data);
method encode (line 44) | String encode(byte[] data);
method decode (line 46) | byte[] decode(String encoded);
method decodeToString (line 48) | String decodeToString(String encoded);
FILE: impl/src/main/java/io/jsonwebtoken/impl/TokenizedJwe.java
type TokenizedJwe (line 18) | public interface TokenizedJwe extends TokenizedJwt {
method getEncryptedKey (line 20) | CharSequence getEncryptedKey();
method getIv (line 22) | CharSequence getIv();
FILE: impl/src/main/java/io/jsonwebtoken/impl/TokenizedJwt.java
type TokenizedJwt (line 22) | public interface TokenizedJwt {
method getProtected (line 29) | CharSequence getProtected();
method getPayload (line 36) | CharSequence getPayload();
method getDigest (line 43) | CharSequence getDigest();
method createHeader (line 51) | Header createHeader(Map<String, ?> m);
FILE: impl/src/main/java/io/jsonwebtoken/impl/X509Context.java
type X509Context (line 21) | public interface X509Context<T extends X509Mutator<T>> extends X509Acces...
FILE: impl/src/main/java/io/jsonwebtoken/impl/compression/AbstractCompressionAlgorithm.java
class AbstractCompressionAlgorithm (line 40) | @SuppressWarnings("deprecation")
method propagate (line 43) | private static <T, R> Function<T, R> propagate(CheckedFunction<T, R> f...
method forCompression (line 47) | private static <T, R> Function<T, R> forCompression(CheckedFunction<T,...
method forDecompression (line 51) | private static <T, R> Function<T, R> forDecompression(CheckedFunction<...
method AbstractCompressionAlgorithm (line 62) | protected AbstractCompressionAlgorithm(String id) {
method getId (line 90) | @Override
method getAlgorithmName (line 95) | @Override
method compress (line 100) | @Override
method doCompress (line 105) | protected abstract OutputStream doCompress(OutputStream out) throws IO...
method decompress (line 107) | @Override
method doDecompress (line 112) | protected abstract InputStream doDecompress(InputStream is) throws IOE...
method compress (line 114) | @Override
method doCompress (line 120) | private byte[] doCompress(byte[] data) throws IOException {
method decompress (line 140) | @Override
method doDecompress (line 153) | protected byte[] doDecompress(byte[] compressed) throws IOException {
FILE: impl/src/main/java/io/jsonwebtoken/impl/compression/DeflateCompressionAlgorithm.java
class DeflateCompressionAlgorithm (line 33) | public class DeflateCompressionAlgorithm extends AbstractCompressionAlgo...
method DeflateCompressionAlgorithm (line 37) | public DeflateCompressionAlgorithm() {
method doCompress (line 41) | @Override
method doDecompress (line 46) | @Override
method doDecompress (line 51) | @Override
method doDecompressBackCompat (line 74) | byte[] doDecompressBackCompat(byte[] compressed) throws IOException {
FILE: impl/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionAlgorithm.java
class GzipCompressionAlgorithm (line 29) | public class GzipCompressionAlgorithm extends AbstractCompressionAlgorit...
method GzipCompressionAlgorithm (line 33) | public GzipCompressionAlgorithm() {
method doCompress (line 37) | @Override
method doDecompress (line 42) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/AbstractParser.java
class AbstractParser (line 24) | public abstract class AbstractParser<T> implements Parser<T> {
method parse (line 26) | @Override
method parse (line 32) | @Override
method parse (line 39) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/AbstractParserBuilder.java
class AbstractParserBuilder (line 26) | public abstract class AbstractParserBuilder<T, B extends ParserBuilder<T...
method self (line 32) | @SuppressWarnings("unchecked")
method provider (line 37) | @Override
method json (line 43) | @Override
method build (line 49) | @Override
method doBuild (line 58) | protected abstract Parser<T> doBuild();
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/Base64Codec.java
class Base64Codec (line 53) | class Base64Codec extends BaseNCodec {
method Base64Codec (line 423) | Base64Codec() {
method Base64Codec (line 441) | Base64Codec(final boolean urlSafe) {
method Base64Codec (line 463) | Base64Codec(final int lineLength) {
method Base64Codec (line 487) | Base64Codec(final int lineLength, final byte[] lineSeparator) {
method Base64Codec (line 514) | Base64Codec(final int lineLength, final byte[] lineSeparator, final bo...
method Base64Codec (line 542) | Base64Codec(final int lineLength, final byte[] lineSeparator, final bo...
method decode (line 590) | @Override
method encode (line 667) | @Override
method isInAlphabet (line 745) | @Override
method isUrlSafe (line 756) | public boolean isUrlSafe() {
method validateCharacter (line 772) | private void validateCharacter(final int emptyBitsMask, final Context ...
method validateTrailingCharacter (line 787) | private void validateTrailingCharacter() {
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/Base64InputStream.java
class Base64InputStream (line 58) | public class Base64InputStream extends BaseNCodecInputStream {
method Base64InputStream (line 65) | public Base64InputStream(final InputStream inputStream) {
method Base64InputStream (line 76) | Base64InputStream(final InputStream inputStream, final boolean doEncod...
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/Base64OutputStream.java
class Base64OutputStream (line 62) | class Base64OutputStream extends BaseNCodecOutputStream {
method Base64OutputStream (line 69) | Base64OutputStream(final OutputStream outputStream) {
method Base64OutputStream (line 80) | Base64OutputStream(final OutputStream outputStream, final boolean doEn...
method Base64OutputStream (line 96) | Base64OutputStream(final OutputStream outputStream, final boolean doEn...
method Base64OutputStream (line 114) | Base64OutputStream(final OutputStream outputStream, final boolean doEn...
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/Base64UrlStreamEncoder.java
class Base64UrlStreamEncoder (line 23) | public final class Base64UrlStreamEncoder implements Encoder<OutputStrea...
method Base64UrlStreamEncoder (line 27) | private Base64UrlStreamEncoder() {
method encode (line 30) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/BaseNCodec.java
class BaseNCodec (line 50) | abstract class BaseNCodec {
class Context (line 180) | static class Context {
method toString (line 232) | @Override
method createPositiveCapacity (line 249) | private static int createPositiveCapacity(final int minCapacity) {
method isWhiteSpace (line 284) | @Deprecated
method compareUnsigned (line 289) | private static int compareUnsigned(int x, int y) {
method resizeBuffer (line 301) | private static byte[] resizeBuffer(final Context context, final int mi...
method BaseNCodec (line 326) | protected BaseNCodec(final int unencodedBlockSize, final int encodedBl...
method BaseNCodec (line 341) | protected BaseNCodec(final int unencodedBlockSize, final int encodedBl...
method BaseNCodec (line 358) | protected BaseNCodec(final int unencodedBlockSize, final int encodedBl...
method available (line 376) | int available(final Context context) { // package protected for acces...
method containsAlphabetOrPad (line 388) | protected boolean containsAlphabetOrPad(final byte[] arrayOctet) {
method length (line 400) | static int length(byte[] bytes) {
method isEmpty (line 404) | static boolean isEmpty(byte[] bytes) {
method decode (line 414) | public byte[] decode(final byte[] pArray) {
method decode (line 427) | abstract void decode(byte[] pArray, int i, int length, Context context);
method decode (line 435) | public byte[] decode(final String pArray) {
method encode (line 445) | public byte[] encode(final byte[] pArray) {
method encode (line 461) | public byte[] encode(final byte[] pArray, final int offset, final int ...
method encode (line 474) | abstract void encode(byte[] pArray, int i, int length, Context context);
method encodeAsString (line 485) | public String encodeAsString(final byte[] pArray) {
method encodeToString (line 496) | public String encodeToString(final byte[] pArray) {
method ensureBufferSize (line 507) | protected byte[] ensureBufferSize(final int size, final Context contex...
method getDefaultBufferSize (line 542) | protected int getDefaultBufferSize() {
method getEncodedLength (line 553) | public long getEncodedLength(final byte[] pArray) {
method hasData (line 570) | boolean hasData(final Context context) { // package protected for acc...
method isInAlphabet (line 581) | protected abstract boolean isInAlphabet(byte value);
method isInAlphabet (line 592) | public boolean isInAlphabet(final byte[] arrayOctet, final boolean all...
method isInAlphabet (line 611) | public boolean isInAlphabet(final String basen) {
method isStrictDecoding (line 627) | public boolean isStrictDecoding() {
method readResults (line 644) | int readResults(final byte[] b, final int bPos, final int bAvail, fina...
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/BaseNCodecInputStream.java
class BaseNCodecInputStream (line 30) | class BaseNCodecInputStream extends FilterInputStream {
method BaseNCodecInputStream (line 49) | protected BaseNCodecInputStream(final InputStream inputStream, final B...
method available (line 63) | @Override
method isStrictDecoding (line 85) | public boolean isStrictDecoding() {
method mark (line 99) | @Override
method markSupported (line 109) | @Override
method read (line 120) | @Override
method read (line 145) | @Override
method reset (line 204) | @Override
method skip (line 215) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/BaseNCodecOutputStream.java
class BaseNCodecOutputStream (line 36) | class BaseNCodecOutputStream extends FilterOutputStream {
method BaseNCodecOutputStream (line 53) | BaseNCodecOutputStream(final OutputStream outputStream, final BaseNCod...
method close (line 70) | @Override
method eof (line 82) | public void eof() {
method flush (line 96) | @Override
method flush (line 108) | private void flush(final boolean propagate) throws IOException {
method isStrictDecoding (line 134) | public boolean isStrictDecoding() {
method write (line 149) | @Override
method write (line 174) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/ByteBase64UrlStreamEncoder.java
class ByteBase64UrlStreamEncoder (line 27) | public class ByteBase64UrlStreamEncoder implements Encoder<OutputStream,...
method ByteBase64UrlStreamEncoder (line 31) | public ByteBase64UrlStreamEncoder(Encoder<byte[], String> delegate) {
method encode (line 35) | @Override
class TranslatingOutputStream (line 41) | private static class TranslatingOutputStream extends FilteredOutputStr...
method TranslatingOutputStream (line 46) | public TranslatingOutputStream(OutputStream dst, Encoder<byte[], Str...
method close (line 52) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/BytesInputStream.java
class BytesInputStream (line 29) | public final class BytesInputStream extends ByteArrayInputStream {
method BytesInputStream (line 31) | BytesInputStream(byte[] buf) {
method getBytes (line 35) | public byte[] getBytes() {
method close (line 39) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/CharSequenceReader.java
class CharSequenceReader (line 32) | public class CharSequenceReader extends Reader implements Serializable {
method CharSequenceReader (line 74) | public CharSequenceReader(final CharSequence charSequence) {
method CharSequenceReader (line 92) | public CharSequenceReader(final CharSequence charSequence, final int s...
method CharSequenceReader (line 113) | public CharSequenceReader(final CharSequence charSequence, final int s...
method close (line 134) | @Override
method end (line 145) | private int end() {
method mark (line 158) | @Override
method markSupported (line 168) | @Override
method read (line 179) | @Override
method read (line 196) | @Override
method ready (line 243) | @Override
method reset (line 252) | @Override
method skip (line 263) | @Override
method start (line 282) | private int start() {
method toString (line 292) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/ClosedInputStream.java
class ClosedInputStream (line 26) | public final class ClosedInputStream extends InputStream {
method ClosedInputStream (line 30) | private ClosedInputStream() {
method read (line 33) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/Codec.java
class Codec (line 26) | public class Codec implements Converter<byte[], CharSequence> {
method Codec (line 34) | public Codec(Encoder<byte[], String> encoder, Decoder<CharSequence, by...
method applyTo (line 39) | @Override
method applyFrom (line 44) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/CodecPolicy.java
type CodecPolicy (line 27) | enum CodecPolicy {
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/ConvertingParser.java
class ConvertingParser (line 25) | public class ConvertingParser<T> extends AbstractParser<T> {
method ConvertingParser (line 30) | public ConvertingParser(Function<Reader, Map<String, ?>> deserializer,...
method parse (line 35) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/CountingInputStream.java
class CountingInputStream (line 23) | public class CountingInputStream extends FilterInputStream {
method CountingInputStream (line 27) | public CountingInputStream(InputStream in) {
method getCount (line 31) | public long getCount() {
method add (line 35) | private void add(long n) {
method read (line 40) | @Override
method read (line 47) | @Override
method read (line 54) | @Override
method skip (line 61) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/DecodingInputStream.java
class DecodingInputStream (line 23) | public class DecodingInputStream extends FilteredInputStream {
method DecodingInputStream (line 28) | public DecodingInputStream(InputStream in, String codecName, String na...
method onThrowable (line 34) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/DelegateStringDecoder.java
class DelegateStringDecoder (line 25) | @SuppressWarnings("DeprecatedIsStillUsed")
method DelegateStringDecoder (line 31) | public DelegateStringDecoder(Decoder<CharSequence, byte[]> delegate) {
method decode (line 35) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/EncodingOutputStream.java
class EncodingOutputStream (line 23) | public class EncodingOutputStream extends FilteredOutputStream {
method EncodingOutputStream (line 28) | public EncodingOutputStream(OutputStream out, String codecName, String...
method onThrowable (line 34) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/FilteredInputStream.java
class FilteredInputStream (line 35) | public abstract class FilteredInputStream extends FilterInputStream {
method FilteredInputStream (line 42) | public FilteredInputStream(final InputStream in) {
method afterRead (line 65) | @SuppressWarnings({"unused", "RedundantThrows"}) // Possibly thrown fr...
method available (line 76) | @Override
method beforeRead (line 106) | @SuppressWarnings({"unused", "RedundantThrows"}) // Possibly thrown fr...
method close (line 116) | @Override
method onThrowable (line 135) | protected void onThrowable(final Throwable t) throws IOException {
method mark (line 145) | @Override
method markSupported (line 155) | @Override
method read (line 166) | @Override
method read (line 186) | @Override
method read (line 208) | @Override
method reset (line 226) | @Override
method skip (line 242) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/FilteredOutputStream.java
class FilteredOutputStream (line 38) | public class FilteredOutputStream extends FilterOutputStream {
method FilteredOutputStream (line 45) | public FilteredOutputStream(final OutputStream out) {
method afterWrite (line 63) | @SuppressWarnings({"unused", "RedundantThrows"}) // Possibly thrown fr...
method beforeWrite (line 80) | @SuppressWarnings({"unused", "RedundantThrows"}) // Possibly thrown fr...
method close (line 90) | @Override
method flush (line 104) | @Override
method onThrowable (line 122) | protected void onThrowable(final Throwable t) throws IOException {
method write (line 133) | @Override
method write (line 153) | @Override
method write (line 170) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/JsonObjectDeserializer.java
class JsonObjectDeserializer (line 32) | public class JsonObjectDeserializer implements Function<Reader, Map<Stri...
method JsonObjectDeserializer (line 42) | public JsonObjectDeserializer(Deserializer<?> deserializer, String nam...
method apply (line 47) | @Override
method malformed (line 74) | protected RuntimeException malformed(Throwable t) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/NamedSerializer.java
class NamedSerializer (line 26) | public class NamedSerializer extends AbstractSerializer<Map<String, ?>> {
method NamedSerializer (line 31) | public NamedSerializer(String name, Serializer<Map<String, ?>> seriali...
method doSerialize (line 36) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/StandardCompressionAlgorithms.java
class StandardCompressionAlgorithms (line 24) | @SuppressWarnings("unused") // used via reflection in io.jsonwebtoken.Jw...
method StandardCompressionAlgorithms (line 29) | public StandardCompressionAlgorithms() {
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/Streams.java
class Streams (line 36) | public class Streams {
method bytes (line 43) | public static byte[] bytes(final InputStream in, String exmsg) {
method of (line 53) | public static InputStream of(byte[] bytes) {
method of (line 57) | public static InputStream of(CharSequence seq) {
method reader (line 61) | public static Reader reader(byte[] bytes) {
method reader (line 65) | public static Reader reader(InputStream in) {
method reader (line 69) | public static Reader reader(CharSequence seq) {
method flush (line 73) | public static void flush(Flushable... flushables) {
method copy (line 89) | public static long copy(final InputStream inputStream, final OutputStr...
method copy (line 104) | public static long copy(final InputStream in, final OutputStream out, ...
method reset (line 119) | public static void reset(final InputStream in) {
method write (line 137) | public static void write(final OutputStream out, final byte[] bytes, S...
method write (line 141) | public static void write(final OutputStream out, final byte[] data, fi...
method writeAndClose (line 152) | public static void writeAndClose(final OutputStream out, final byte[] ...
method run (line 160) | public static <V> V run(Callable<V> c, String ioExMsg) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/TeeOutputStream.java
class TeeOutputStream (line 26) | public class TeeOutputStream extends FilteredOutputStream {
method TeeOutputStream (line 30) | public TeeOutputStream(OutputStream one, OutputStream two) {
method close (line 35) | @Override
method flush (line 44) | @Override
method write (line 50) | @Override
method write (line 56) | @Override
method write (line 62) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/io/UncloseableInputStream.java
class UncloseableInputStream (line 26) | public final class UncloseableInputStream extends FilterInputStream {
method UncloseableInputStream (line 28) | public UncloseableInputStream(InputStream in) {
method close (line 32) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/BiConsumer.java
type BiConsumer (line 18) | public interface BiConsumer<T, U> {
method accept (line 20) | void accept(T t, U u);
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/BigIntegerUBytesConverter.java
class BigIntegerUBytesConverter (line 22) | public class BigIntegerUBytesConverter implements Converter<BigInteger, ...
method applyTo (line 28) | @Override
method applyFrom (line 50) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Bytes.java
class Bytes (line 22) | public final class Bytes {
method Bytes (line 32) | private Bytes() {
method nullSafe (line 35) | public static byte[] nullSafe(byte[] bytes) {
method randomBits (line 39) | public static byte[] randomBits(int numBits) {
method random (line 43) | public static byte[] random(int numBytes) {
method toBytes (line 52) | public static byte[] toBytes(int i) {
method toBytes (line 61) | public static byte[] toBytes(long l) {
method toLong (line 74) | public static long toLong(byte[] bytes) {
method toInt (line 86) | public static int toInt(byte[] bytes) {
method indexOf (line 94) | public static int indexOf(byte[] source, byte[] target) {
method indexOf (line 98) | public static int indexOf(byte[] source, byte[] target, int fromIndex) {
method indexOf (line 103) | static int indexOf(byte[] source, int srcOffset, int srcLen,
method startsWith (line 140) | public static boolean startsWith(byte[] src, byte[] prefix) {
method startsWith (line 144) | public static boolean startsWith(byte[] src, byte[] prefix, int offset) {
method endsWith (line 159) | public static boolean endsWith(byte[] src, byte[] suffix) {
method concat (line 163) | public static byte[] concat(byte[]... arrays) {
method clear (line 188) | public static void clear(byte[] bytes) {
method isEmpty (line 193) | public static boolean isEmpty(byte[] bytes) {
method length (line 197) | public static int length(byte[] bytes) {
method bitLength (line 201) | public static long bitLength(byte[] bytes) {
method length (line 223) | public static int length(int bitLength) {
method bitsMsg (line 228) | public static String bitsMsg(long bitLength) {
method bytesMsg (line 232) | public static String bytesMsg(int byteArrayLength) {
method increment (line 236) | public static void increment(byte[] a) {
method prepad (line 254) | public static byte[] prepad(byte[] bytes, int length) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/CheckedFunction.java
type CheckedFunction (line 18) | public interface CheckedFunction<T, R> {
method apply (line 19) | R apply(T t) throws Exception;
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/CheckedSupplier.java
type CheckedSupplier (line 21) | public interface CheckedSupplier<T> {
method get (line 23) | T get() throws Exception;
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/CollectionConverter.java
class CollectionConverter (line 27) | class CollectionConverter<T, C extends Collection<T>> implements Convert...
method forList (line 32) | public static <T> CollectionConverter<T, List<T>> forList(Converter<T,...
method forSet (line 36) | public static <T> CollectionConverter<T, Set<T>> forSet(Converter<T, O...
method CollectionConverter (line 40) | public CollectionConverter(Converter<T, Object> elementConverter, Func...
method applyTo (line 45) | @SuppressWarnings({"rawtypes", "unchecked"})
method toElementList (line 59) | private C toElementList(Collection<?> c) {
method applyFrom (line 69) | @Override
class CreateListFunction (line 91) | private static class CreateListFunction<A> implements Function<Integer...
method apply (line 92) | @Override
class CreateSetFunction (line 98) | private static class CreateSetFunction<T> implements Function<Integer,...
method apply (line 99) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/CompactMediaTypeIdConverter.java
class CompactMediaTypeIdConverter (line 21) | public final class CompactMediaTypeIdConverter implements Converter<Stri...
method compactIfPossible (line 29) | static String compactIfPossible(String cty) {
method applyTo (line 46) | @Override
method applyFrom (line 51) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/CompoundConverter.java
class CompoundConverter (line 20) | public class CompoundConverter<A, B, C> implements Converter<A, C> {
method CompoundConverter (line 25) | public CompoundConverter(Converter<A, B> first, Converter<B, C> second) {
method applyTo (line 30) | @Override
method applyFrom (line 36) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/ConstantFunction.java
class ConstantFunction (line 25) | public final class ConstantFunction<T, R> implements Function<T, R> {
method ConstantFunction (line 29) | public ConstantFunction(R value) {
method apply (line 33) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Converter.java
type Converter (line 18) | public interface Converter<A, B> {
method applyTo (line 26) | B applyTo(A a);
method applyFrom (line 34) | A applyFrom(B b);
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Converters.java
class Converters (line 27) | public final class Converters {
method Converters (line 41) | private Converters() {
method forType (line 44) | public static <T> Converter<T, Object> forType(Class<T> clazz) {
method forSet (line 48) | public static <T> Converter<Set<T>, Object> forSet(Converter<T, Object...
method forList (line 52) | public static <T> Converter<List<T>, Object> forList(Converter<T, Obje...
method forEncoded (line 56) | public static <T> Converter<T, Object> forEncoded(Class<T> elementType...
method compound (line 60) | public static <A, B, C> Converter<A, C> compound(final Converter<A, B>...
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultCollectionMutator.java
class DefaultCollectionMutator (line 25) | public class DefaultCollectionMutator<E, M extends CollectionMutator<E, ...
method DefaultCollectionMutator (line 29) | public DefaultCollectionMutator(Collection<? extends E> seed) {
method self (line 33) | @SuppressWarnings("unchecked")
method doAdd (line 38) | private boolean doAdd(E e) {
method add (line 43) | @Override
method remove (line 49) | @Override
method add (line 55) | @Override
method clear (line 65) | @Override
method changed (line 77) | protected void changed() {
method getCollection (line 80) | protected Collection<E> getCollection() {
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultNestedCollection.java
class DefaultNestedCollection (line 23) | public class DefaultNestedCollection<E, P> extends DefaultCollectionMuta...
method DefaultNestedCollection (line 28) | public DefaultNestedCollection(P parent, Collection<? extends E> seed) {
method and (line 33) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultParameter.java
class DefaultParameter (line 23) | public class DefaultParameter<T> implements Parameter<T> {
method DefaultParameter (line 32) | public DefaultParameter(String id, String name, boolean secret,
method getId (line 44) | @Override
method getName (line 49) | @Override
method supports (line 54) | @Override
method cast (line 66) | @SuppressWarnings("unchecked")
method isSecret (line 94) | @Override
method hashCode (line 99) | @Override
method equals (line 104) | @Override
method toString (line 112) | @Override
method applyTo (line 117) | @Override
method applyFrom (line 122) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultParameterBuilder.java
class DefaultParameterBuilder (line 24) | public class DefaultParameterBuilder<T> implements ParameterBuilder<T> {
method DefaultParameterBuilder (line 33) | public DefaultParameterBuilder(Class<T> type) {
method setId (line 37) | @Override
method setName (line 43) | @Override
method setSecret (line 49) | @Override
method list (line 55) | @SuppressWarnings("unchecked")
method set (line 63) | @SuppressWarnings("unchecked")
method setConverter (line 71) | @Override
method build (line 77) | @SuppressWarnings({"rawtypes", "unchecked"})
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultRegistry.java
class DefaultRegistry (line 27) | public class DefaultRegistry<K, V> extends DelegatingMap<K, V, Map<K, V>...
method toMap (line 31) | private static <K, V> Map<K, V> toMap(Collection<? extends V> values, ...
method DefaultRegistry (line 42) | public DefaultRegistry(String name, String keyName, Collection<? exten...
method apply (line 49) | @Override
method forKey (line 54) | @Override
method immutable (line 64) | static <T> T immutable() {
method put (line 68) | @Override
method remove (line 73) | @Override
method putAll (line 78) | @Override
method clear (line 83) | @Override
method hashCode (line 88) | @Override
method equals (line 93) | @Override
method toString (line 104) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DelegatingCheckedFunction.java
class DelegatingCheckedFunction (line 18) | public class DelegatingCheckedFunction<T, R> implements CheckedFunction<...
method DelegatingCheckedFunction (line 22) | public DelegatingCheckedFunction(Function<T, R> delegate) {
method apply (line 26) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DelegatingMap.java
class DelegatingMap (line 31) | public class DelegatingMap<K, V, T extends Map<K, V>> implements Map<K, ...
method DelegatingMap (line 41) | protected DelegatingMap(T delegate) {
method setDelegate (line 45) | protected void setDelegate(T delegate) {
method size (line 49) | @Override
method values (line 54) | @Override
method get (line 59) | @Override
method isEmpty (line 64) | @Override
method containsKey (line 69) | @Override
method containsValue (line 74) | @Override
method put (line 79) | @Override
method remove (line 84) | @Override
method putAll (line 89) | @Override
method clear (line 94) | @Override
method keySet (line 99) | @Override
method entrySet (line 104) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/DelegatingMapMutator.java
class DelegatingMapMutator (line 25) | public class DelegatingMapMutator<K, V, D extends Map<K, V>, T extends M...
method DelegatingMapMutator (line 28) | protected DelegatingMapMutator(D delegate) {
method self (line 32) | @SuppressWarnings("unchecked")
method empty (line 37) | @Override
method add (line 43) | @Override
method add (line 49) | @Override
method delete (line 55) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/EncodedObjectConverter.java
class EncodedObjectConverter (line 20) | public class EncodedObjectConverter<T> implements Converter<T, Object> {
method EncodedObjectConverter (line 25) | public EncodedObjectConverter(Class<T> type, Converter<T, ? super Char...
method applyTo (line 30) | @Override
method applyFrom (line 36) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/FormattedStringFunction.java
class FormattedStringFunction (line 20) | public class FormattedStringFunction<T> implements Function<T, String> {
method FormattedStringFunction (line 24) | public FormattedStringFunction(String msg) {
method apply (line 28) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/FormattedStringSupplier.java
class FormattedStringSupplier (line 21) | public class FormattedStringSupplier implements Supplier<String> {
method FormattedStringSupplier (line 27) | public FormattedStringSupplier(String msg, Object[] args) {
method get (line 32) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Function.java
type Function (line 18) | public interface Function<T, R> {
method apply (line 20) | R apply(T t);
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Functions.java
class Functions (line 20) | public final class Functions {
method Functions (line 22) | private Functions() {
method identity (line 25) | public static <T> Function<T, T> identity() {
method wrapFmt (line 51) | public static <T, R, E extends RuntimeException> Function<T, R> wrapFm...
method wrap (line 55) | public static <T, R, E extends RuntimeException> Function<T, R> wrap(F...
method andThen (line 73) | public static <T, V, R> Function<T, R> andThen(final Function<T, ? ext...
method firstResult (line 98) | @SafeVarargs
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/IdRegistry.java
class IdRegistry (line 24) | public class IdRegistry<T extends Identifiable> extends StringRegistry<T> {
method apply (line 27) | @Override
method fn (line 34) | @SuppressWarnings("unchecked")
method IdRegistry (line 39) | public IdRegistry(String name, Collection<T> instances) {
method IdRegistry (line 54) | public IdRegistry(String name, Collection<T> instances, boolean caseSe...
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/JwtDateConverter.java
class JwtDateConverter (line 24) | public class JwtDateConverter implements Converter<Date, Object> {
method applyTo (line 28) | @Override
method applyFrom (line 37) | @Override
method toSpecDate (line 49) | public static Date toSpecDate(Object value) {
method toDate (line 76) | public static Date toDate(Object v) {
method parseIso8601Date (line 102) | private static Date parseIso8601Date(String value) throws IllegalArgum...
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/LocatorFunction.java
class LocatorFunction (line 22) | public class LocatorFunction<T> implements Function<Header, T> {
method LocatorFunction (line 26) | public LocatorFunction(Locator<T> locator) {
method apply (line 30) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Nameable.java
type Nameable (line 18) | public interface Nameable {
method getName (line 20) | String getName();
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/NestedIdentifiableCollection.java
class NestedIdentifiableCollection (line 33) | public class NestedIdentifiableCollection<E extends Identifiable, P> imp...
method nullSafe (line 38) | private static <K, V> Map<K, V> nullSafe(Map<K, V> m) {
method NestedIdentifiableCollection (line 42) | public NestedIdentifiableCollection(P parent, Map<String, ? extends E>...
method assertId (line 48) | protected final String assertId(E i) {
method doAdd (line 58) | private boolean doAdd(E e) {
method add (line 64) | @Override
method remove (line 73) | @Override
method clear (line 83) | @Override
method add (line 92) | @Override
method and (line 102) | @Override
method changed (line 107) | protected void changed() {
method getValues (line 110) | protected final Map<String, E> getValues() {
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/NullSafeConverter.java
class NullSafeConverter (line 20) | public class NullSafeConverter<A, B> implements Converter<A, B> {
method NullSafeConverter (line 24) | public NullSafeConverter(Converter<A, B> converter) {
method applyTo (line 28) | @Override
method applyFrom (line 33) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/OptionalMethodInvoker.java
class OptionalMethodInvoker (line 23) | public class OptionalMethodInvoker<T, R> extends ReflectionFunction<T, R> {
method OptionalMethodInvoker (line 31) | public OptionalMethodInvoker(String fqcn, String methodName) {
method OptionalMethodInvoker (line 35) | public OptionalMethodInvoker(String fqcn, String methodName, Class<?> ...
method supports (line 50) | @Override
method invoke (line 59) | @SuppressWarnings("unchecked")
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Parameter.java
type Parameter (line 20) | public interface Parameter<T> extends Identifiable, Converter<T, Object> {
method getName (line 22) | String getName();
method supports (line 24) | boolean supports(Object value);
method cast (line 26) | T cast(Object value);
method isSecret (line 28) | boolean isSecret();
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/ParameterBuilder.java
type ParameterBuilder (line 26) | public interface ParameterBuilder<T> extends Builder<Parameter<T>> {
method setId (line 28) | ParameterBuilder<T> setId(String id);
method setName (line 30) | ParameterBuilder<T> setName(String name);
method setSecret (line 32) | ParameterBuilder<T> setSecret(boolean secret);
method list (line 34) | ParameterBuilder<List<T>> list();
method set (line 36) | ParameterBuilder<Set<T>> set();
method setConverter (line 38) | ParameterBuilder<T> setConverter(Converter<T, ?> converter);
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/ParameterReadable.java
type ParameterReadable (line 18) | public interface ParameterReadable {
method get (line 20) | <T> T get(Parameter<T> param);
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Parameters.java
class Parameters (line 35) | public final class Parameters {
method Parameters (line 37) | private Parameters() { // prevent instantiation
method string (line 40) | public static Parameter<String> string(String id, String name) {
method rfcDate (line 44) | public static Parameter<Date> rfcDate(String id, String name) {
method x509Chain (line 48) | public static Parameter<List<X509Certificate>> x509Chain(String id, St...
method builder (line 54) | public static <T> ParameterBuilder<T> builder(Class<T> type) {
method stringSet (line 58) | public static Parameter<Set<String>> stringSet(String id, String name) {
method uri (line 62) | public static Parameter<URI> uri(String id, String name) {
method bytes (line 66) | public static ParameterBuilder<byte[]> bytes(String id, String name) {
method bigInt (line 70) | public static ParameterBuilder<BigInteger> bigInt(String id, String na...
method secretBigInt (line 74) | public static Parameter<BigInteger> secretBigInt(String id, String nam...
method registry (line 78) | public static Registry<String, Parameter<?>> registry(Parameter<?>... ...
method registry (line 82) | public static Registry<String, Parameter<?>> registry(Collection<Param...
method registry (line 86) | public static Registry<String, Parameter<?>> registry(Registry<String,...
method replace (line 93) | public static Registry<String, ? extends Parameter<?>> replace(Registr...
method bytes (line 103) | private static byte[] bytes(BigInteger i) {
method bytesEquals (line 107) | public static boolean bytesEquals(BigInteger a, BigInteger b) {
method equals (line 121) | private static <T> boolean equals(T a, T b, Parameter<T> param) {
method equals (line 138) | public static <T> boolean equals(ParameterReadable a, Object o, Parame...
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/PositiveIntegerConverter.java
class PositiveIntegerConverter (line 22) | public class PositiveIntegerConverter implements Converter<Integer, Obje...
method applyTo (line 26) | @Override
method applyFrom (line 31) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/PropagatingExceptionFunction.java
class PropagatingExceptionFunction (line 24) | public class PropagatingExceptionFunction<T, R, E extends RuntimeExcepti...
method PropagatingExceptionFunction (line 31) | public PropagatingExceptionFunction(Function<T, R> f, Class<E> excepti...
method PropagatingExceptionFunction (line 35) | public PropagatingExceptionFunction(CheckedFunction<T, R> f, Class<E> ...
method PropagatingExceptionFunction (line 39) | public PropagatingExceptionFunction(CheckedFunction<T, R> fn, Class<E>...
method PropagatingExceptionFunction (line 48) | public PropagatingExceptionFunction(CheckedFunction<T, R> f, Class<E> ...
method apply (line 54) | @SuppressWarnings("unchecked")
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/RedactedSupplier.java
class RedactedSupplier (line 22) | public class RedactedSupplier<T> implements Supplier<T> {
method RedactedSupplier (line 28) | public RedactedSupplier(T value) {
method get (line 32) | @Override
method hashCode (line 37) | @Override
method equals (line 42) | @Override
method toString (line 53) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/RedactedValueConverter.java
class RedactedValueConverter (line 21) | public class RedactedValueConverter<T> implements Converter<T, Object> {
method RedactedValueConverter (line 25) | public RedactedValueConverter(Converter<T, Object> delegate) {
method applyTo (line 29) | @Override
method applyFrom (line 38) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/ReflectionFunction.java
class ReflectionFunction (line 18) | abstract class ReflectionFunction<T, R> implements Function<T, R> {
method supports (line 23) | protected abstract boolean supports(T input);
method invoke (line 25) | protected abstract R invoke(T input) throws Throwable;
method apply (line 27) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/RequiredBitLengthConverter.java
class RequiredBitLengthConverter (line 20) | public class RequiredBitLengthConverter implements Converter<byte[], Obj...
method RequiredBitLengthConverter (line 27) | public RequiredBitLengthConverter(Converter<byte[], Object> converter,...
method RequiredBitLengthConverter (line 31) | public RequiredBitLengthConverter(Converter<byte[], Object> converter,...
method assertLength (line 37) | private byte[] assertLength(byte[] bytes) {
method applyTo (line 49) | @Override
method applyFrom (line 55) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/RequiredParameterReader.java
class RequiredParameterReader (line 26) | public class RequiredParameterReader implements ParameterReadable {
method RequiredParameterReader (line 30) | public RequiredParameterReader(Header header) {
method RequiredParameterReader (line 34) | public RequiredParameterReader(ParameterReadable src) {
method name (line 39) | private String name() {
method malformed (line 43) | private JwtException malformed(String msg) {
method get (line 51) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/RequiredTypeConverter.java
class RequiredTypeConverter (line 23) | public class RequiredTypeConverter<T> implements Converter<T, Object> {
method RequiredTypeConverter (line 27) | public RequiredTypeConverter(Class<T> type) {
method applyTo (line 31) | @Override
method applyFrom (line 36) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/Services.java
class Services (line 31) | public final class Services {
method getClassLoader (line 37) | @Override
method getClassLoader (line 43) | @Override
method getClassLoader (line 49) | @Override
method Services (line 56) | private Services() {
method get (line 70) | public static <T> T get(Class<T> spi) {
method findCached (line 80) | private static <T> T findCached(Class<T> spi) {
method loadFirst (line 89) | private static <T> T loadFirst(Class<T> spi) {
method reload (line 106) | public static void reload() {
type ClassLoaderAccessor (line 110) | private interface ClassLoaderAccessor {
method getClassLoader (line 111) | ClassLoader getClassLoader();
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/StringRegistry.java
class StringRegistry (line 27) | public class StringRegistry<V> extends DefaultRegistry<String, V> {
method StringRegistry (line 33) | public StringRegistry(String name, String keyName, Collection<V> value...
method StringRegistry (line 37) | public StringRegistry(String name, String keyName, Collection<V> value...
method get (line 49) | @Override
class CaseInsensitiveFunction (line 61) | private static final class CaseInsensitiveFunction implements Function...
method CaseInsensitiveFunction (line 67) | private CaseInsensitiveFunction(Locale locale) {
method apply (line 71) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/UnavailableImplementationException.java
class UnavailableImplementationException (line 23) | public final class UnavailableImplementationException extends RuntimeExc...
method UnavailableImplementationException (line 30) | UnavailableImplementationException(final Class<?> klass) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/lang/UriStringConverter.java
class UriStringConverter (line 22) | public class UriStringConverter implements Converter<URI, CharSequence> {
method applyTo (line 24) | @Override
method applyFrom (line 30) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractAsymmetricJwk.java
class AbstractAsymmetricJwk (line 30) | public abstract class AbstractAsymmetricJwk<K extends Key> extends Abstr...
method AbstractAsymmetricJwk (line 39) | AbstractAsymmetricJwk(JwkContext<K> ctx, List<Parameter<?>> thumbprint...
method getPublicKeyUse (line 43) | @Override
method getX509Url (line 48) | @Override
method getX509Chain (line 53) | @Override
method getX509Sha1Thumbprint (line 58) | @Override
method getX509Sha256Thumbprint (line 63) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractAsymmetricJwkBuilder.java
class AbstractAsymmetricJwkBuilder (line 51) | abstract class AbstractAsymmetricJwkBuilder<K extends Key, J extends Asy...
method AbstractAsymmetricJwkBuilder (line 59) | public AbstractAsymmetricJwkBuilder(JwkContext<K> ctx) {
method AbstractAsymmetricJwkBuilder (line 65) | AbstractAsymmetricJwkBuilder(AbstractAsymmetricJwkBuilder<?, ?, ?> b, ...
method publicKeyUse (line 71) | @Override
method x509Chain (line 85) | @Override
method x509Url (line 92) | @Override
method x509Sha1Thumbprint (line 107) | @Override
method x509Sha256Thumbprint (line 113) | @Override
method x509Sha1Thumbprint (line 119) | @Override
method x509Sha256Thumbprint (line 125) | @Override
method build (line 131) | @Override
class DefaultPublicJwkBuilder (line 137) | private abstract static class DefaultPublicJwkBuilder<K extends Public...
method DefaultPublicJwkBuilder (line 143) | DefaultPublicJwkBuilder(JwkContext<K> ctx) {
method privateKey (line 147) | @Override
method newPrivateBuilder (line 154) | protected abstract P newPrivateBuilder(JwkContext<L> ctx);
class DefaultPrivateJwkBuilder (line 157) | private abstract static class DefaultPrivateJwkBuilder<K extends Priva...
method DefaultPrivateJwkBuilder (line 163) | DefaultPrivateJwkBuilder(JwkContext<K> ctx) {
method DefaultPrivateJwkBuilder (line 167) | DefaultPrivateJwkBuilder(DefaultPublicJwkBuilder<L, K, J, M, ?, ?> b...
method publicKey (line 172) | @Override
class DefaultRsaPublicJwkBuilder (line 179) | static class DefaultRsaPublicJwkBuilder
method DefaultRsaPublicJwkBuilder (line 183) | DefaultRsaPublicJwkBuilder(JwkContext<RSAPublicKey> ctx) {
method newPrivateBuilder (line 187) | @Override
class DefaultEcPublicJwkBuilder (line 193) | static class DefaultEcPublicJwkBuilder
method DefaultEcPublicJwkBuilder (line 196) | DefaultEcPublicJwkBuilder(JwkContext<ECPublicKey> src) {
method newPrivateBuilder (line 200) | @Override
class DefaultOctetPublicJwkBuilder (line 206) | static class DefaultOctetPublicJwkBuilder<A extends PublicKey, B exten...
method DefaultOctetPublicJwkBuilder (line 210) | DefaultOctetPublicJwkBuilder(JwkContext<A> ctx) {
method newPrivateBuilder (line 215) | @Override
class DefaultRsaPrivateJwkBuilder (line 221) | static class DefaultRsaPrivateJwkBuilder
method DefaultRsaPrivateJwkBuilder (line 224) | DefaultRsaPrivateJwkBuilder(JwkContext<RSAPrivateKey> src) {
method DefaultRsaPrivateJwkBuilder (line 228) | DefaultRsaPrivateJwkBuilder(DefaultRsaPublicJwkBuilder b, JwkContext...
class DefaultEcPrivateJwkBuilder (line 233) | static class DefaultEcPrivateJwkBuilder
method DefaultEcPrivateJwkBuilder (line 236) | DefaultEcPrivateJwkBuilder(JwkContext<ECPrivateKey> src) {
method DefaultEcPrivateJwkBuilder (line 240) | DefaultEcPrivateJwkBuilder(DefaultEcPublicJwkBuilder b, JwkContext<E...
class DefaultOctetPrivateJwkBuilder (line 245) | static class DefaultOctetPrivateJwkBuilder<A extends PrivateKey, B ext...
method DefaultOctetPrivateJwkBuilder (line 248) | DefaultOctetPrivateJwkBuilder(JwkContext<A> src) {
method DefaultOctetPrivateJwkBuilder (line 253) | DefaultOctetPrivateJwkBuilder(DefaultOctetPublicJwkBuilder<B, A> b, ...
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractCurve.java
class AbstractCurve (line 25) | abstract class AbstractCurve implements Curve {
method AbstractCurve (line 31) | AbstractCurve(String id, String jcaName) {
method getId (line 36) | @Override
method getJcaName (line 41) | public String getJcaName() {
method hashCode (line 45) | @Override
method equals (line 50) | @Override
method toString (line 62) | @Override
method keyPair (line 67) | public KeyPairBuilder keyPair() {
method contains (line 77) | abstract boolean contains(Key key);
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractEcJwkFactory.java
class AbstractEcJwkFactory (line 31) | abstract class AbstractEcJwkFactory<K extends Key & ECKey, J extends Jwk...
method getCurveByJwaId (line 33) | protected static ECCurve getCurveByJwaId(String jwaCurveId) {
method toOctetString (line 51) | static String toOctetString(EllipticCurve curve, BigInteger coordinate) {
method AbstractEcJwkFactory (line 59) | AbstractEcJwkFactory(Class<K> keyType, Set<Parameter<?>> params) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractFamilyJwkFactory.java
class AbstractFamilyJwkFactory (line 30) | abstract class AbstractFamilyJwkFactory<K extends Key, J extends Jwk<K>>...
method put (line 32) | protected static <T> void put(JwkContext<?> ctx, Parameter<T> param, T...
method AbstractFamilyJwkFactory (line 40) | AbstractFamilyJwkFactory(String ktyValue, Class<K> keyType, Set<Parame...
method getId (line 46) | @Override
method supports (line 51) | @Override
method newContext (line 56) | @Override
method supports (line 64) | @Override
method supportsKeyValues (line 69) | protected boolean supportsKeyValues(JwkContext<?> ctx) {
method generateKey (line 73) | protected K generateKey(final JwkContext<K> ctx, final CheckedFunction...
method getKeyFactoryJcaName (line 77) | protected String getKeyFactoryJcaName(final JwkContext<?> ctx) {
method generateKey (line 82) | protected <T extends Key> T generateKey(final JwkContext<?> ctx, final...
method createJwk (line 100) | @Override
method createJwkFromKey (line 117) | protected abstract J createJwkFromKey(JwkContext<K> ctx);
method createJwkFromValues (line 120) | protected abstract J createJwkFromValues(JwkContext<K> ctx);
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractJwk.java
class AbstractJwk (line 47) | public abstract class AbstractJwk<K extends Key> implements Jwk<K>, Para...
method AbstractJwk (line 68) | AbstractJwk(JwkContext<K> ctx, List<Parameter<?>> thumbprintParams) {
method computeHashCode (line 95) | private int computeHashCode() {
method getRequiredThumbprintValue (line 116) | private String getRequiredThumbprintValue(Parameter<?> param) {
method toThumbprintJson (line 130) | private String toThumbprintJson() {
method thumbprint (line 145) | @Override
method thumbprint (line 150) | @Override
method getType (line 160) | @Override
method getName (line 165) | @Override
method getOperations (line 170) | @Override
method getAlgorithm (line 175) | @Override
method getId (line 180) | @Override
method toKey (line 185) | @Override
method size (line 190) | @Override
method isEmpty (line 195) | @Override
method containsKey (line 200) | @Override
method containsValue (line 205) | @Override
method get (line 210) | @Override
method get (line 224) | @Override
method keySet (line 229) | @Override
method values (line 234) | @Override
method entrySet (line 239) | @Override
method immutable (line 244) | private static Object immutable() {
method put (line 248) | @Override
method remove (line 253) | @Override
method putAll (line 258) | @Override
method clear (line 263) | @Override
method toString (line 268) | @Override
method hashCode (line 273) | @Override
method equals (line 278) | @Override
method equals (line 289) | protected abstract boolean equals(Jwk<?> jwk);
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractJwkBuilder.java
class AbstractJwkBuilder (line 43) | abstract class AbstractJwkBuilder<K extends Key, J extends Jwk<K>, T ext...
method AbstractJwkBuilder (line 53) | @SuppressWarnings("unchecked")
method AbstractJwkBuilder (line 59) | protected AbstractJwkBuilder(JwkContext<K> context, JwkFactory<K, J> f...
method newContext (line 64) | @SuppressWarnings("unchecked")
method provider (line 69) | @Override
method random (line 75) | @Override
method algorithm (line 81) | @Override
method id (line 88) | @Override
method idFromThumbprint (line 96) | @Override
method idFromThumbprint (line 101) | @Override
method operations (line 110) | @Override
method operationPolicy (line 122) | @Override
method build (line 140) | @Override
class DefaultSecretJwkBuilder (line 162) | static class DefaultSecretJwkBuilder extends AbstractJwkBuilder<Secret...
method DefaultSecretJwkBuilder (line 164) | public DefaultSecretJwkBuilder(JwkContext<SecretKey> ctx) {
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractJwkParserBuilder.java
class AbstractJwkParserBuilder (line 23) | abstract class AbstractJwkParserBuilder<T, B extends ParserBuilder<T, B>...
method operationPolicy (line 28) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractPrivateJwk.java
class AbstractPrivateJwk (line 29) | abstract class AbstractPrivateJwk<K extends PrivateKey, L extends Public...
method AbstractPrivateJwk (line 34) | AbstractPrivateJwk(JwkContext<K> ctx, List<Parameter<?>> thumbprintPar...
method toPublicJwk (line 42) | @Override
method toKeyPair (line 47) | @Override
method equals (line 52) | @Override
method equals (line 57) | protected abstract boolean equals(PrivateJwk<?, ?, ?> jwk);
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractPublicJwk.java
class AbstractPublicJwk (line 25) | abstract class AbstractPublicJwk<K extends PublicKey> extends AbstractAs...
method AbstractPublicJwk (line 26) | AbstractPublicJwk(JwkContext<K> ctx, List<Parameter<?>> thumbprintPara...
method equals (line 30) | @Override
method equals (line 35) | protected abstract boolean equals(PublicJwk<?> jwk);
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractSecureDigestAlgorithm.java
class AbstractSecureDigestAlgorithm (line 29) | abstract class AbstractSecureDigestAlgorithm<S extends Key, V extends Ke...
method AbstractSecureDigestAlgorithm (line 31) | AbstractSecureDigestAlgorithm(String id, String jcaName) {
method keyType (line 35) | protected static String keyType(boolean signing) {
method validateKey (line 39) | protected abstract void validateKey(Key key, boolean signing);
method digest (line 41) | @Override
method doDigest (line 58) | protected abstract byte[] doDigest(SecureRequest<InputStream, S> reque...
method verify (line 60) | @Override
method doVerify (line 78) | protected abstract boolean doVerify(VerifySecureDigestRequest<V> reque...
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractSecurityBuilder.java
class AbstractSecurityBuilder (line 23) | abstract class AbstractSecurityBuilder<T, B extends SecurityBuilder<T, B...
method self (line 28) | @SuppressWarnings("unchecked")
method provider (line 33) | @Override
method random (line 39) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AbstractSignatureAlgorithm.java
class AbstractSignatureAlgorithm (line 31) | abstract class AbstractSignatureAlgorithm extends AbstractSecureDigestAl...
method AbstractSignatureAlgorithm (line 37) | AbstractSignatureAlgorithm(String id, String jcaName) {
method validateKey (line 41) | @Override
method sign (line 52) | protected final byte[] sign(Signature sig, InputStream payload) throws...
method doDigest (line 62) | @Override
method verify (line 73) | protected boolean verify(Signature sig, InputStream payload, byte[] di...
method doVerify (line 83) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AesAlgorithm.java
class AesAlgorithm (line 42) | abstract class AesAlgorithm extends CryptoAlgorithm implements KeyBuilde...
method assertKeyBitLength (line 63) | static void assertKeyBitLength(int keyBitLength) {
method keyFor (line 70) | static SecretKey keyFor(byte[] bytes) {
method AesAlgorithm (line 76) | AesAlgorithm(String id, final String jcaTransformation, int keyBitLeng...
method getKeyBitLength (line 86) | @Override
method key (line 91) | @Override
method assertKey (line 96) | protected SecretKey assertKey(SecretKey key) {
method validateLengthIfPossible (line 102) | private void validateLengthIfPossible(SecretKey key) {
method lengthMsg (line 106) | protected static String lengthMsg(String id, String type, int required...
method validateLength (line 112) | protected byte[] validateLength(SecretKey key, int requiredBitLength, ...
method assertBytes (line 132) | protected byte[] assertBytes(byte[] bytes, String type, int requiredBi...
method assertIvLength (line 141) | byte[] assertIvLength(final byte[] iv) {
method assertTag (line 145) | byte[] assertTag(byte[] tag) {
method assertDecryptionIv (line 149) | byte[] assertDecryptionIv(IvSupplier src) throws IllegalArgumentExcept...
method ensureInitializationVector (line 155) | protected byte[] ensureInitializationVector(Request<?> request) {
method getIvSpec (line 171) | protected AlgorithmParameterSpec getIvSpec(byte[] iv) {
method withCipher (line 176) | protected void withCipher(Cipher cipher, InputStream in, OutputStream ...
method updateAAD (line 181) | private void updateAAD(Cipher cipher, InputStream aad) throws Exception {
method withCipher (line 193) | protected byte[] withCipher(Cipher cipher, InputStream in, InputStream...
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AesGcmKeyAlgorithm.java
class AesGcmKeyAlgorithm (line 40) | public class AesGcmKeyAlgorithm extends AesAlgorithm implements SecretKe...
method AesGcmKeyAlgorithm (line 44) | public AesGcmKeyAlgorithm(int keyLen) {
method getEncryptionKey (line 48) | @Override
method getDecryptionKey (line 82) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AesWrapKeyAlgorithm.java
class AesWrapKeyAlgorithm (line 33) | public class AesWrapKeyAlgorithm extends AesAlgorithm implements SecretK...
method AesWrapKeyAlgorithm (line 37) | public AesWrapKeyAlgorithm(int keyLen) {
method getEncryptionKey (line 41) | @Override
method getDecryptionKey (line 58) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/AsymmetricJwkFactory.java
class AsymmetricJwkFactory (line 23) | class AsymmetricJwkFactory implements FamilyJwkFactory<Key, Jwk<Key>> {
method AsymmetricJwkFactory (line 29) | @SuppressWarnings({"unchecked", "rawtypes"})
method getId (line 37) | @Override
method supports (line 42) | @Override
method supports (line 48) | @Override
method newContext (line 53) | @Override
method createJwk (line 60) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/ConcatKDF.java
class ConcatKDF (line 37) | final class ConcatKDF extends CryptoAlgorithm {
method ConcatKDF (line 57) | ConcatKDF(String jcaName) {
method deriveKey (line 84) | public SecretKey deriveKey(final byte[] Z, final long derivedKeyBitLen...
class ClearableByteArrayOutputStream (line 170) | private static class ClearableByteArrayOutputStream extends ByteArrayO...
method ClearableByteArrayOutputStream (line 172) | public ClearableByteArrayOutputStream(int size) {
method reset (line 176) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/ConstantKeyLocator.java
class ConstantKeyLocator (line 26) | public class ConstantKeyLocator extends LocatorAdapter<Key> implements F...
method ConstantKeyLocator (line 31) | public ConstantKeyLocator(Key jwsKey, Key jweKey) {
method locate (line 36) | @Override
method locate (line 41) | @Override
method apply (line 46) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/CryptoAlgorithm.java
class CryptoAlgorithm (line 32) | abstract class CryptoAlgorithm implements Identifiable {
method CryptoAlgorithm (line 38) | CryptoAlgorithm(String id, String jcaName) {
method getId (line 45) | @Override
method getJcaName (line 50) | String getJcaName() {
method ensureSecureRandom (line 54) | static SecureRandom ensureSecureRandom(Request<?> request) {
method jca (line 59) | protected JcaTemplate jca() {
method jca (line 63) | protected JcaTemplate jca(Request<?> request) {
method getJcaName (line 71) | protected String getJcaName(Request<?> request) {
method generateCek (line 75) | protected SecretKey generateCek(KeyRequest<?> request) {
method equals (line 82) | @Override
method hashCode (line 94) | @Override
method toString (line 102) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultAeadRequest.java
class DefaultAeadRequest (line 29) | public class DefaultAeadRequest extends DefaultSecureRequest<InputStream...
method DefaultAeadRequest (line 36) | DefaultAeadRequest(InputStream payload, Provider provider, SecureRando...
method DefaultAeadRequest (line 43) | public DefaultAeadRequest(InputStream payload, Provider provider, Secu...
method getAssociatedData (line 48) | @Override
method getIv (line 53) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultAeadResult.java
class DefaultAeadResult (line 25) | public class DefaultAeadResult implements AeadResult, DigestSupplier, Iv...
method DefaultAeadResult (line 31) | public DefaultAeadResult(OutputStream out) {
method getOutputStream (line 35) | @Override
method getDigest (line 40) | @Override
method setTag (line 45) | @Override
method setIv (line 51) | @Override
method getIv (line 57) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultDecryptAeadRequest.java
class DefaultDecryptAeadRequest (line 27) | public class DefaultDecryptAeadRequest extends DefaultAeadRequest implem...
method DefaultDecryptAeadRequest (line 31) | public DefaultDecryptAeadRequest(InputStream payload, SecretKey key, I...
method getDigest (line 37) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultDecryptionKeyRequest.java
class DefaultDecryptionKeyRequest (line 27) | public class DefaultDecryptionKeyRequest<K extends Key> extends DefaultK...
method DefaultDecryptionKeyRequest (line 31) | public DefaultDecryptionKeyRequest(byte[] encryptedCek, Provider provi...
method assertBytePayload (line 37) | @Override
method getKey (line 42) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultDynamicJwkBuilder.java
class DefaultDynamicJwkBuilder (line 45) | @SuppressWarnings("unused") //used via reflection by io.jsonwebtoken.sec...
method DefaultDynamicJwkBuilder (line 49) | public DefaultDynamicJwkBuilder() {
method DefaultDynamicJwkBuilder (line 53) | public DefaultDynamicJwkBuilder(JwkContext<K> ctx) {
method key (line 57) | @Override
method key (line 62) | @Override
method key (line 67) | @Override
method key (line 72) | @Override
method key (line 77) | @Override
method unsupportedKey (line 82) | private static UnsupportedKeyException unsupportedKey(Key key, Excepti...
method key (line 87) | @SuppressWarnings("unchecked")
method key (line 103) | @SuppressWarnings("unchecked")
method octetKey (line 120) | @Override
method octetKey (line 125) | @Override
method chain (line 130) | @SuppressWarnings("unchecked")
method rsaChain (line 140) | @Override
method ecChain (line 149) | @Override
method octetKeyPair (line 158) | @SuppressWarnings("unchecked") // ok because of the EdwardsCurve.asser...
method octetChain (line 168) | @SuppressWarnings("unchecked") // ok because of the EdwardsCurve.asser...
method rsaKeyPair (line 179) | @Override
method ecKeyPair (line 186) | @Override
method keyPair (line 193) | @SuppressWarnings("unchecked")
method build (line 202) | @Override
class Supplier (line 214) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 216) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultEcPrivateJwk.java
class DefaultEcPrivateJwk (line 32) | class DefaultEcPrivateJwk extends AbstractPrivateJwk<ECPrivateKey, ECPub...
method DefaultEcPrivateJwk (line 40) | DefaultEcPrivateJwk(JwkContext<ECPrivateKey> ctx, EcPublicJwk pubJwk) {
method equals (line 48) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultEcPublicJwk.java
class DefaultEcPublicJwk (line 30) | class DefaultEcPublicJwk extends AbstractPublicJwk<ECPublicKey> implemen...
method DefaultEcPublicJwk (line 44) | DefaultEcPublicJwk(JwkContext<ECPublicKey> ctx) {
method equalsPublic (line 48) | static boolean equalsPublic(ParameterReadable self, Object candidate) {
method equals (line 54) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultHashAlgorithm.java
class DefaultHashAlgorithm (line 29) | public final class DefaultHashAlgorithm extends CryptoAlgorithm implemen...
method DefaultHashAlgorithm (line 33) | DefaultHashAlgorithm(String id) {
method digest (line 37) | @Override
method verify (line 55) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultJwkContext.java
class DefaultJwkContext (line 40) | public class DefaultJwkContext<K extends Key> extends AbstractX509Contex...
method DefaultJwkContext (line 73) | public DefaultJwkContext() {
method DefaultJwkContext (line 80) | public DefaultJwkContext(Set<Parameter<?>> params) {
method DefaultJwkContext (line 84) | public DefaultJwkContext(Set<Parameter<?>> params, JwkContext<?> other) {
method DefaultJwkContext (line 88) | public DefaultJwkContext(Set<Parameter<?>> params, JwkContext<?> other...
method DefaultJwkContext (line 95) | public DefaultJwkContext(Set<Parameter<?>> params, JwkContext<?> other...
method parameter (line 125) | @Override
method getName (line 134) | @Override
method putAll (line 153) | @Override
method getAlgorithm (line 159) | @Override
method setAlgorithm (line 164) | @Override
method getId (line 170) | @Override
method setId (line 175) | @Override
method setIdThumbprintAlgorithm (line 181) | @Override
method getIdThumbprintAlgorithm (line 187) | @Override
method getOperations (line 192) | @Override
method setOperations (line 197) | @Override
method getType (line 203) | @Override
method setType (line 208) | @Override
method getPublicKeyUse (line 214) | @Override
method setPublicKeyUse (line 219) | @Override
method isSigUse (line 225) | @Override
method getKey (line 239) | @Override
method setKey (line 244) | @Override
method getPublicKey (line 250) | @Override
method setPublicKey (line 255) | @Override
method getProvider (line 261) | @Override
method setProvider (line 266) | @Override
method getRandom (line 272) | @Override
method setRandom (line 277) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultJwkParserBuilder.java
class DefaultJwkParserBuilder (line 23) | public class DefaultJwkParserBuilder extends AbstractJwkParserBuilder<Jw...
method doBuild (line 25) | @Override
class Supplier (line 34) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 36) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultJwkSet.java
class DefaultJwkSet (line 30) | public class DefaultJwkSet extends ParameterMap implements JwkSet {
method param (line 34) | static Parameter<Set<Jwk<?>>> param(Converter<Jwk<?>, ?> converter) {
method DefaultJwkSet (line 43) | public DefaultJwkSet(Parameter<Set<Jwk<?>>> param, Map<String, ?> src) {
method getName (line 47) | @Override
method getKeys (line 52) | @Override
method iterator (line 61) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultJwkSetBuilder.java
class DefaultJwkSetBuilder (line 33) | public class DefaultJwkSetBuilder extends AbstractSecurityBuilder<JwkSet...
method DefaultJwkSetBuilder (line 40) | public DefaultJwkSetBuilder() {
method delete (line 46) | @Override
method empty (line 52) | @Override
method add (line 58) | @Override
method add (line 64) | @Override
method refresh (line 70) | private JwkSetBuilder refresh() {
method provider (line 85) | @Override
method operationPolicy (line 91) | @Override
method ensureKeys (line 97) | Collection<Jwk<?>> ensureKeys() {
method add (line 102) | @Override
method add (line 113) | @Override
method keys (line 123) | @Override
method build (line 128) | @Override
class Supplier (line 134) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 136) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultJwkSetParserBuilder.java
class DefaultJwkSetParserBuilder (line 23) | public class DefaultJwkSetParserBuilder extends AbstractJwkParserBuilder...
method ignoreUnsupported (line 28) | @Override
method doBuild (line 34) | @Override
class Supplier (line 43) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 45) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultJwkThumbprint.java
class DefaultJwkThumbprint (line 28) | class DefaultJwkThumbprint implements JwkThumbprint {
method DefaultJwkThumbprint (line 38) | DefaultJwkThumbprint(byte[] digest, HashAlgorithm alg) {
method getHashAlgorithm (line 49) | @Override
method toByteArray (line 54) | @Override
method toURI (line 59) | @Override
method toString (line 64) | @Override
method hashCode (line 69) | @Override
method equals (line 74) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyOperation.java
class DefaultKeyOperation (line 25) | final class DefaultKeyOperation implements KeyOperation {
method of (line 45) | static KeyOperation of(String id, String description, String related) {
method DefaultKeyOperation (line 49) | DefaultKeyOperation(String id) {
method DefaultKeyOperation (line 53) | DefaultKeyOperation(String id, String description, Set<String> related) {
method getId (line 59) | @Override
method getDescription (line 64) | @Override
method isRelated (line 69) | @Override
method hashCode (line 74) | @Override
method equals (line 79) | @Override
method toString (line 85) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyOperationBuilder.java
class DefaultKeyOperationBuilder (line 25) | public class DefaultKeyOperationBuilder implements KeyOperationBuilder {
method id (line 31) | @Override
method description (line 37) | @Override
method related (line 43) | @Override
method build (line 51) | @Override
class Supplier (line 57) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 59) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyOperationPolicy.java
class DefaultKeyOperationPolicy (line 26) | final class DefaultKeyOperationPolicy implements KeyOperationPolicy {
method DefaultKeyOperationPolicy (line 32) | DefaultKeyOperationPolicy(Collection<KeyOperation> ops, boolean allowU...
method getOperations (line 38) | @Override
method validate (line 43) | @Override
method hashCode (line 57) | @Override
method equals (line 65) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyOperationPolicyBuilder.java
class DefaultKeyOperationPolicyBuilder (line 25) | public class DefaultKeyOperationPolicyBuilder extends DefaultCollectionM...
method DefaultKeyOperationPolicyBuilder (line 30) | public DefaultKeyOperationPolicyBuilder() {
method unrelated (line 34) | @Override
method build (line 40) | @Override
class Supplier (line 46) | @SuppressWarnings("unused") // used via reflection in the api module's...
method get (line 48) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyPair.java
class DefaultKeyPair (line 24) | public class DefaultKeyPair<A extends PublicKey, B extends PrivateKey> i...
method DefaultKeyPair (line 31) | public DefaultKeyPair(A publicKey, B privateKey) {
method getPublic (line 37) | @Override
method getPrivate (line 42) | @Override
method toJavaKeyPair (line 47) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyPairBuilder.java
class DefaultKeyPairBuilder (line 24) | public class DefaultKeyPairBuilder extends AbstractSecurityBuilder<KeyPa...
method DefaultKeyPairBuilder (line 30) | public DefaultKeyPairBuilder(String jcaName) {
method DefaultKeyPairBuilder (line 36) | public DefaultKeyPairBuilder(String jcaName, int bitLength) {
method DefaultKeyPairBuilder (line 42) | public DefaultKeyPairBuilder(String jcaName, AlgorithmParameterSpec pa...
method build (line 48) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyRequest.java
class DefaultKeyRequest (line 26) | public class DefaultKeyRequest<T> extends DefaultRequest<T> implements K...
method DefaultKeyRequest (line 31) | public DefaultKeyRequest(T payload, Provider provider, SecureRandom se...
method getHeader (line 37) | @Override
method getEncryptionAlgorithm (line 42) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyResult.java
class DefaultKeyResult (line 24) | public class DefaultKeyResult extends DefaultMessage<byte[]> implements ...
method DefaultKeyResult (line 28) | public DefaultKeyResult(SecretKey key) {
method DefaultKeyResult (line 32) | public DefaultKeyResult(SecretKey key, byte[] encryptedKey) {
method assertBytePayload (line 37) | @Override
method getKey (line 42) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyUseStrategy.java
class DefaultKeyUseStrategy (line 18) | public class DefaultKeyUseStrategy implements KeyUseStrategy {
method toJwkValue (line 26) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultMacAlgorithm.java
class DefaultMacAlgorithm (line 45) | final class DefaultMacAlgorithm extends AbstractSecureDigestAlgorithm<Se...
method DefaultMacAlgorithm (line 76) | private DefaultMacAlgorithm(int digestBitLength) {
method DefaultMacAlgorithm (line 80) | DefaultMacAlgorithm(String id, String jcaName, int minKeyBitLength) {
method getKeyBitLength (line 86) | @Override
method isJwaStandard (line 91) | private boolean isJwaStandard() {
method isJwaStandardJcaName (line 95) | private static boolean isJwaStandardJcaName(String jcaName) {
method findByKey (line 100) | static DefaultMacAlgorithm findByKey(Key key) {
method key (line 125) | @Override
method assertAlgorithmName (line 130) | private void assertAlgorithmName(SecretKey key, boolean signing) {
method validateKey (line 150) | @Override
method doDigest (line 201) | @Override
method doVerify (line 219) | protected boolean doVerify(VerifySecureDigestRequest<SecretKey> reques...
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultMessage.java
class DefaultMessage (line 21) | class DefaultMessage<T> implements Message<T> {
method DefaultMessage (line 25) | DefaultMessage(T payload) {
method assertBytePayload (line 31) | protected void assertBytePayload(byte[] payload) {
method getPayload (line 35) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultOctetPrivateJwk.java
class DefaultOctetPrivateJwk (line 31) | public class DefaultOctetPrivateJwk<T extends PrivateKey, P extends Publ...
method DefaultOctetPrivateJwk (line 38) | DefaultOctetPrivateJwk(JwkContext<T> ctx, OctetPublicJwk<P> pubJwk) {
method equals (line 45) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultOctetPublicJwk.java
class DefaultOctetPublicJwk (line 29) | public class DefaultOctetPublicJwk<T extends PublicKey> extends Abstract...
method DefaultOctetPublicJwk (line 39) | DefaultOctetPublicJwk(JwkContext<T> ctx) {
method equalsPublic (line 43) | static boolean equalsPublic(ParameterReadable self, Object candidate) {
method equals (line 47) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultRequest.java
class DefaultRequest (line 23) | public class DefaultRequest<T> extends DefaultMessage<T> implements Requ...
method DefaultRequest (line 28) | public DefaultRequest(T payload, Provider provider, SecureRandom secur...
method getProvider (line 34) | @Override
method getSecureRandom (line 39) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultRsaKeyAlgorithm.java
class DefaultRsaKeyAlgorithm (line 38) | public class DefaultRsaKeyAlgorithm extends CryptoAlgorithm implements K...
method DefaultRsaKeyAlgorithm (line 44) | public DefaultRsaKeyAlgorithm(String id, String jcaTransformationStrin...
method DefaultRsaKeyAlgorithm (line 48) | public DefaultRsaKeyAlgorithm(String id, String jcaTransformationStrin...
method keyType (line 53) | private static String keyType(boolean encryption) {
method validate (line 57) | protected void validate(Key key, boolean encryption) { // true = encry...
method getEncryptionKey (line 83) | @Override
method getDecryptionKey (line 106) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultRsaPrivateJwk.java
class DefaultRsaPrivateJwk (line 35) | class DefaultRsaPrivateJwk extends AbstractPrivateJwk<RSAPrivateKey, RSA...
method DefaultRsaPrivateJwk (line 54) | DefaultRsaPrivateJwk(JwkContext<RSAPrivateKey> ctx, RsaPublicJwk pubJw...
method equals (line 62) | private static boolean equals(RSAOtherPrimeInfo a, RSAOtherPrimeInfo b) {
method equalsOtherPrimes (line 70) | private static boolean equalsOtherPrimes(ParameterReadable a, Paramete...
method equals (line 85) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultRsaPublicJwk.java
class DefaultRsaPublicJwk (line 30) | class DefaultRsaPublicJwk extends AbstractPublicJwk<RSAPublicKey> implem...
method DefaultRsaPublicJwk (line 40) | DefaultRsaPublicJwk(JwkContext<RSAPublicKey> ctx) {
method equalsPublic (line 44) | static boolean equalsPublic(ParameterReadable self, Object candidate) {
method equals (line 48) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultSecretJwk.java
class DefaultSecretJwk (line 28) | class DefaultSecretJwk extends AbstractJwk<SecretKey> implements SecretJ...
method DefaultSecretJwk (line 37) | DefaultSecretJwk(JwkContext<SecretKey> ctx) {
method equals (line 41) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultSecretKeyBuilder.java
class DefaultSecretKeyBuilder (line 26) | public class DefaultSecretKeyBuilder extends AbstractSecurityBuilder<Sec...
method DefaultSecretKeyBuilder (line 32) | public DefaultSecretKeyBuilder(String jcaName, int bitLength) {
method build (line 42) | @Override
FILE: impl/src/main/java/io/jsonwebtoken/impl/security/DefaultSecureRequest.java
class DefaultSecureRequ
Condensed preview — 728 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (3,500K chars).
[
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 1131,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n<!--\nPLEASE DO N"
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"chars": 28,
"preview": "blank_issues_enabled: false\n"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.md",
"chars": 1288,
"preview": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n<!--\nPLEASE D"
},
{
"path": ".github/stale.yml",
"chars": 2589,
"preview": "#\n# Copyright (C) 2014 jsonwebtoken.io\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not"
},
{
"path": ".github/workflows/ci.yml",
"chars": 6365,
"preview": "name: CI\n\non:\n workflow_dispatch: \n pull_request: # all pull requests\n push:\n branches:\n - master\n\nenv:\n MVN"
},
{
"path": ".gitignore",
"chars": 249,
"preview": ".DS_Store\n\n# Mobile Tools for Java (J2ME)\n.mtj.tmp/\n\n# Package Files #\n*.jar\n*.war\n*.ear\n\n# virtual machine crash logs, "
},
{
"path": ".mvn/wrapper/maven-wrapper.properties",
"chars": 1224,
"preview": "# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE f"
},
{
"path": "CHANGELOG.md",
"chars": 56825,
"preview": "## Release Notes\n\n### 0.13.0\n\nThis is the last minor JJWT release branch that will support Java 7. Any necessary emergen"
},
{
"path": "LICENSE",
"chars": 11324,
"preview": "Apache License\n Version 2.0, January 2004\n http://www.apache.org/licens"
},
{
"path": "NOTICE.md",
"chars": 3066,
"preview": "## Base64 implementation\n\nJJWT's `io.jsonwebtoken.io.Base64` implementation is based on [MigBase64](https://github.com/b"
},
{
"path": "README.adoc",
"chars": 164710,
"preview": ":doctype: book\n= Java JWT: JSON Web Token for Java and Android\n:project-version: 0.13.0\n:toc:\n:toc-title:\n:toc-placement"
},
{
"path": "SECURITY.md",
"chars": 2850,
"preview": "Thanks for helping make JJWT safe for everyone.\n\n# Security Policy\n\nThe JJWT development team are security professionals"
},
{
"path": "api/pom.xml",
"chars": 1787,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!--\n ~ Copyright 2018 JWTK\n ~\n ~ Licensed under the Apache License, Version 2"
},
{
"path": "api/src/main/java/io/jsonwebtoken/ClaimJwtException.java",
"chars": 3405,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Claims.java",
"chars": 6504,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/ClaimsBuilder.java",
"chars": 971,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/ClaimsMutator.java",
"chars": 12838,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Clock.java",
"chars": 1000,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/CompressionCodec.java",
"chars": 2681,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/CompressionCodecResolver.java",
"chars": 2243,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/CompressionCodecs.java",
"chars": 1988,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/CompressionException.java",
"chars": 1468,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/ExpiredJwtException.java",
"chars": 1724,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Header.java",
"chars": 7917,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/HeaderMutator.java",
"chars": 6689,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Identifiable.java",
"chars": 3336,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/IncorrectClaimException.java",
"chars": 2232,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/InvalidClaimException.java",
"chars": 2921,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Jwe.java",
"chars": 2390,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JweHeader.java",
"chars": 8736,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JweHeaderMutator.java",
"chars": 5635,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Jws.java",
"chars": 2411,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwsHeader.java",
"chars": 4002,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Jwt.java",
"chars": 3897,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtBuilder.java",
"chars": 55715,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtException.java",
"chars": 1373,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtHandler.java",
"chars": 4957,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtHandlerAdapter.java",
"chars": 2932,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtParser.java",
"chars": 24103,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtParserBuilder.java",
"chars": 44992,
"preview": "/*\n * Copyright (C) 2019 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/JwtVisitor.java",
"chars": 3362,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/Jwts.java",
"chars": 67421,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/Locator.java",
"chars": 1745,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/LocatorAdapter.java",
"chars": 4809,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/MalformedJwtException.java",
"chars": 1435,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/MissingClaimException.java",
"chars": 2454,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/PrematureJwtException.java",
"chars": 1706,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/ProtectedHeader.java",
"chars": 4349,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/ProtectedHeaderMutator.java",
"chars": 5952,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/ProtectedJwt.java",
"chars": 1560,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/RequiredTypeException.java",
"chars": 1478,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java",
"chars": 27758,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/SignatureException.java",
"chars": 1636,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/SigningKeyResolver.java",
"chars": 3280,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/SigningKeyResolverAdapter.java",
"chars": 6518,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/SupportedJwtVisitor.java",
"chars": 10024,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/UnsupportedJwtException.java",
"chars": 1668,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/AbstractDeserializer.java",
"chars": 2769,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/AbstractSerializer.java",
"chars": 2477,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Base64.java",
"chars": 27679,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Base64Decoder.java",
"chars": 1270,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Base64Encoder.java",
"chars": 1285,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Base64Support.java",
"chars": 945,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Base64UrlDecoder.java",
"chars": 946,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Base64UrlEncoder.java",
"chars": 946,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/CodecException.java",
"chars": 1410,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/CompressionAlgorithm.java",
"chars": 2406,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Decoder.java",
"chars": 1132,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Decoders.java",
"chars": 1477,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/DecodingException.java",
"chars": 1410,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/DeserializationException.java",
"chars": 1436,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Deserializer.java",
"chars": 1778,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Encoder.java",
"chars": 1161,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Encoders.java",
"chars": 1465,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/EncodingException.java",
"chars": 1165,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/ExceptionPropagatingDecoder.java",
"chars": 2089,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/ExceptionPropagatingEncoder.java",
"chars": 2091,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/IOException.java",
"chars": 1502,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Parser.java",
"chars": 2533,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/ParserBuilder.java",
"chars": 2295,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/SerialException.java",
"chars": 1385,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/SerializationException.java",
"chars": 1423,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/io/Serializer.java",
"chars": 1997,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Arrays.java",
"chars": 3929,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Assert.java",
"chars": 23175,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Builder.java",
"chars": 1049,
"preview": "/*\n * Copyright (C) 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Classes.java",
"chars": 16254,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/CollectionMutator.java",
"chars": 1955,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Collections.java",
"chars": 20384,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Conjunctor.java",
"chars": 987,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/DateFormats.java",
"chars": 3733,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/InstantiationException.java",
"chars": 1192,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/MapMutator.java",
"chars": 2912,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Maps.java",
"chars": 2787,
"preview": "/*\n * Copyright (C) 2019 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/NestedCollection.java",
"chars": 1183,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Objects.java",
"chars": 37616,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Registry.java",
"chars": 2116,
"preview": "/*\n * Copyright © 2020 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/RuntimeEnvironment.java",
"chars": 2732,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Strings.java",
"chars": 51265,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/Supplier.java",
"chars": 1138,
"preview": "/*\n * Copyright (C) 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/lang/UnknownClassException.java",
"chars": 1860,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/AeadAlgorithm.java",
"chars": 4572,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/AeadRequest.java",
"chars": 1081,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/AeadResult.java",
"chars": 1847,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/AssociatedDataSupplier.java",
"chars": 1593,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/AsymmetricJwk.java",
"chars": 2924,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/AsymmetricJwkBuilder.java",
"chars": 3251,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Curve.java",
"chars": 1461,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/DecryptAeadRequest.java",
"chars": 1108,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/DecryptionKeyRequest.java",
"chars": 2152,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/DigestAlgorithm.java",
"chars": 4660,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/DigestSupplier.java",
"chars": 1268,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/DynamicJwkBuilder.java",
"chars": 22878,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/EcPrivateJwk.java",
"chars": 2062,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/EcPrivateJwkBuilder.java",
"chars": 967,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/EcPublicJwk.java",
"chars": 1984,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/EcPublicJwkBuilder.java",
"chars": 983,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/HashAlgorithm.java",
"chars": 1996,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/InvalidKeyException.java",
"chars": 1556,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/IvSupplier.java",
"chars": 1392,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Jwk.java",
"chars": 8032,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/JwkBuilder.java",
"chars": 7287,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/JwkParserBuilder.java",
"chars": 1237,
"preview": "/*\n * Copyright (C) 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/JwkSet.java",
"chars": 1972,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/JwkSetBuilder.java",
"chars": 2751,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/JwkSetParserBuilder.java",
"chars": 2458,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/JwkThumbprint.java",
"chars": 1669,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Jwks.java",
"chars": 24828,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyAlgorithm.java",
"chars": 4753,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyBuilder.java",
"chars": 1388,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyBuilderSupplier.java",
"chars": 1525,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyException.java",
"chars": 1447,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyLengthSupplier.java",
"chars": 1093,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyOperation.java",
"chars": 2501,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyOperationBuilder.java",
"chars": 3165,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicied.java",
"chars": 2629,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicy.java",
"chars": 1479,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicyBuilder.java",
"chars": 5687,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyPair.java",
"chars": 1568,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyPairBuilder.java",
"chars": 1257,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyPairBuilderSupplier.java",
"chars": 1426,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyRequest.java",
"chars": 4261,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeyResult.java",
"chars": 1358,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/KeySupplier.java",
"chars": 1186,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Keys.java",
"chars": 15035,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/MacAlgorithm.java",
"chars": 3055,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/MalformedKeyException.java",
"chars": 1505,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/MalformedKeySetException.java",
"chars": 1517,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Message.java",
"chars": 1341,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/OctetPrivateJwk.java",
"chars": 3823,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/OctetPrivateJwkBuilder.java",
"chars": 1286,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/OctetPublicJwk.java",
"chars": 3485,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/OctetPublicJwkBuilder.java",
"chars": 1371,
"preview": "/*\n * Copyright (C) 2019 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Password.java",
"chars": 2676,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/PrivateJwk.java",
"chars": 2715,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/PrivateJwkBuilder.java",
"chars": 2573,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/PrivateKeyBuilder.java",
"chars": 1395,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/PublicJwk.java",
"chars": 890,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/PublicJwkBuilder.java",
"chars": 2286,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/Request.java",
"chars": 2627,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwk.java",
"chars": 2049,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/RsaPrivateJwkBuilder.java",
"chars": 976,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/RsaPublicJwk.java",
"chars": 1968,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/RsaPublicJwkBuilder.java",
"chars": 994,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecretJwk.java",
"chars": 1440,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecretJwkBuilder.java",
"chars": 852,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecretKeyAlgorithm.java",
"chars": 961,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecretKeyBuilder.java",
"chars": 951,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecureDigestAlgorithm.java",
"chars": 2450,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecureRequest.java",
"chars": 969,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecurityBuilder.java",
"chars": 2141,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SecurityException.java",
"chars": 1541,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SignatureAlgorithm.java",
"chars": 2332,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/SignatureException.java",
"chars": 1521,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/UnsupportedKeyException.java",
"chars": 1449,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/VerifyDigestRequest.java",
"chars": 1322,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/VerifySecureDigestRequest.java",
"chars": 1451,
"preview": "/*\n * Copyright © 2022 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/WeakKeyException.java",
"chars": 1144,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/X509Accessor.java",
"chars": 8507,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/X509Builder.java",
"chars": 2465,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/main/java/io/jsonwebtoken/security/X509Mutator.java",
"chars": 8826,
"preview": "/*\n * Copyright (C) 2021 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/CompressionExceptionTest.groovy",
"chars": 1200,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/ExpiredJwtExceptionTest.groovy",
"chars": 1636,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/IncorrectClaimExceptionTest.groovy",
"chars": 2065,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/InvalidClaimExceptionTest.groovy",
"chars": 1482,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/JwtHandlerAdapterTest.groovy",
"chars": 2407,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/MalformedJwtExceptionTest.groovy",
"chars": 1199,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/MissingClaimExceptionTest.groovy",
"chars": 2059,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/PrematureJwtExceptionTest.groovy",
"chars": 1642,
"preview": "/*\n * Copyright (C) 2015 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/RequiredTypeExceptionTest.groovy",
"chars": 1189,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/SignatureExceptionTest.groovy",
"chars": 1190,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/SigningKeyResolverAdapterTest.groovy",
"chars": 3889,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/UnsupportedJwtExceptionTest.groovy",
"chars": 1205,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/AbstractDeserializerTest.groovy",
"chars": 2503,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/AbstractSerializerTest.groovy",
"chars": 1772,
"preview": "/*\n * Copyright © 2023 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may "
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/Base64DecoderTest.groovy",
"chars": 1147,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/Base64EncoderTest.groovy",
"chars": 1130,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/Base64Test.groovy",
"chars": 8388,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/CodecExceptionTest.groovy",
"chars": 1026,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
},
{
"path": "api/src/test/groovy/io/jsonwebtoken/io/DecodersTest.groovy",
"chars": 1244,
"preview": "/*\n * Copyright (C) 2014 jsonwebtoken.io\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you ma"
}
]
// ... and 528 more files (download for full content)
About this extraction
This page contains the full source code of the jwtk/jjwt GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 728 files (3.2 MB), approximately 876.1k tokens, and a symbol index with 2804 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.