Wiki
Clone wikijose4j / Release Notes
jose4j-0.9.6 - March 6, 2024
- Fix Issue
#220with a safeguard against excessive resource utilization by restricting the size of data during JWE payload decompression
jose4j-0.9.5 - February 14, 2024
- Fix Issue
#218where JWKS key resolution for ECDH-ES* decryption with OKP keys wasn't working - Fix Issue
#214by providing a somewhat better error message for invalid JWTs (especially with cty incorrectly set)
jose4j-0.9.4 - December 5, 2023
- PBES2 algorithms blocked by default with JWE AlgorithmConstraints and put a max on the iteration count to fix Issue
#212 - Update slf4j-api to 1.7.36
jose4j-0.9.3 - February 8, 2023
- Additional controls around RSAES-PKCS1-v1_5 including adding default AlgorithmConstraints in JsonWebEncryption to block the RSA1_5 alg
- Fix Issue
#203by disallowing iteration count < 1000 & salt < 8 bytes for PBES2. Also increased the default iteration count
jose4j-0.9.2 - October 31, 2022
- Fix Issue
#200where Google Play Console warns of unsafe encryption in SimpleAeadCipher due to a static key/iv used in a test encryption operation to check for algorithm availably. Hopefully remediate by using random values instead.
jose4j-0.9.1 - October 18, 2022
- Provider context can now be used control the cipher mode used when deciphering/decrypting/unwrapping an encrypted content encryption key. Using decrypt mode with certain JCA providers might be necessary for access to the raw bytes of the decrypted key, which are needed when decrypting the JWE ciphertext.
- Made addCurve public on EllipticCurves
jose4j-0.9.0 - October 5, 2022
- Add RFC 8037 support per Issue
#72- EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
- X25519 & X448 ECDH for JWE (needs Java 11)
- OKP (Octet Key Pair) type for JWK
jose4j-0.8.0 - August 31, 2022
- Add support for the ES256K JWS alg (ECDSA using secp256k1 curve and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
- Fix Issue
#198with a better exception from EllipticCurveJsonWebKey when the curve isn't known/supported - Add support for producing RFC9278 JWK Thumbprint URI values
jose4j-0.7.12 - April 28, 2022
- Add some ECDSA signature value validation to guard against CVE-2022-21449 when using vulnerable Java/JCE providers
- Reject messages that contain private keys in JOSE headers intended to only have public keys (like epk and jwk)
jose4j-0.7.11 - March 18, 2022
- update test dependencies for Issue
#196
jose4j-0.7.10 - February 15, 2022
- Fix Issue
#194where JsonWebSignature's payload and encoded payload could get in an inconsistent state when trying to verify a JWS with detached payload that needed to be (re)encoded - Address Issue
#190where NumericDate.java#canConvertToMillis: was using a bitwise `&` instead of the boolean `&&` - More caching prevention in `Get.java` to address Issue
#195
jose4j-0.7.9 - August 18, 2021
- Fix Issue
#189where the A128KW, A192KW, and A256KW algs were not being recognized as available in Java 17. - Add an option to JwksDecryptionKeyResolver to try and disambiguate when more than one eligible key is found via attempting decryption with each of the candidate keys.
jose4j-0.7.8 - June 9, 2021
- More robust isAvailable() check for HMAC algs
- Add getter to InvalidJwtException for the original message without details
jose4j-0.7.7 - April 20, 2021
- Allow for pluggable Concatenation Key Derivation Function for Issue
#185 - Implement limited media type processing directly in TypeValidator so as to remove the dependency on javax.activation.MimeType, which has been removed in Java 11
jose4j-0.7.6 - January 27, 2021
- Only use a PSSParameterSpec when the RSASSA-PSS algorithm name is used for Issue
#178
jose4j-0.7.5 - January 26, 2021
- Address Issue
#177with a check for a system property "org.jose4j.jws.use-legacy-rsapss-alg-names" that when "true" will use the older style algorithm names (<digest>with<encryption>and<mgf> -> SHA256withRSAandMGF1, SHA384withRSAandMGF1, and SHA512withRSAandMGF1) for the RSASSA-PSS class of JWS algs (PS256, PS384 and PS512) rather than RSASSA-PSS
jose4j-0.7.4 - January 5, 2021
- Address Issue
#123'[JWE] AndroidKeyStoreRSAPrivateKey cannot be cast to RSAPrivateKey' so that the `setDoKeyValidation(false)` workaround on the JWE is no longer needed
jose4j-0.7.3 - December 17, 2020
- Address Issue
#176with API updates (prepareForSign/prepareForDecrypt) better allowing for use of AndroidKeyStore key that has .setUserAuthenticationRequired(true) by giving access to the Signature/Mac/Cipher/KeyAgreement underlying the JWS/JWE instance so that its use can be authorized with something like the BiometricPrompt (see a simple example project) - Address Issue
#175"RSA-PSS support for both JCA algorithm naming standards" with the introduction of a SignatureAlgorithmOverride on ProviderContext that allows for the caller to specify name and parameter spec to create the underlying signature rather than the normal defaults. - Check the length of the CEK against the expected key length of the content encryption algorithm (for Issue
#170)
jose4j-0.7.2 - June 25, 2020
- transition to using more inclusive language for the ConstraintType names in AlgorithmConstraints by adding two new enum values (BLOCK & PERMIT) while marking the old ones as deprecated (for Issue
#169)
jose4j-0.7.1 - May 22, 2020
- No longer include the correct MAC in the error message from integrity check failures with AES-CBC + HMAC-SHA2
- Use ArrayList rather than LinkedList in a couple places (for Issue
#165)
jose4j-0.7.0 - October 24, 2019
- Improved support for working with the "jwk" header including an EmbeddedJwkVerificationKeyResolver and get/set JwkHeader methods on JsonWebStructure for issue
#147 - Added a setIssuedAtRestrictions() to JwtConsumerBuilder that allows restrictions to be placed on how far from the time of evaluation an iat value can acceptably be (for Issue
#144) - Added explicit type checking support to the JwtConsumer and Builder (Issue
#155) - Somewhat better error message when the root of the parsed JSON isn't an object (issue
#142) - Replaced a few cases of catching ClassCastException with instanceof checks (issue
#143‰) - Fixed RFC 7797 unencoded non-detached payloads with JWS Compact Serialization (issue
#156) - Improved API support for setting JwtConsumerBuilder algorithm constraints for issue
#154 - Addressed issue
#153by adding object typed get/set header methods to JsonWebStructure - More proactively detect and throw exception on (long) integer overflow/underflow when handling numeric dates (for issue
#157) - Minor reworking of the critical header value type coercion
- Allow subclassing of HttpsJwksVerificationKeyResolver for
#149 - Added a getStringClaimValue(...) method on JwtClaims as a a best effort to get the claim value as string regardless of underlying JSON type - fixing Issue
#145 - Additional context about the cause with InvalidKeyException messages
- Added automatic module name `org.jose4j`
- Fixed issue
#135where IssValidator throws NPE when trying to build the error message when no iss claim is present but its configured to require iss with any value being acceptable
jose4j-0.6.5 - January 17, 2019
- Updated to work with the RSASSA-PSS support recently available in Java 11 for issue
#129
jose4j-0.6.4 - July 13, 2018
- Addressed Issue
#121with an option on JwtConsumerBuilder/JwtConsumer to require that the JWT have some integrity protection, either a signature/MAC JWS or a JWE using a symmetric key management algorithm. - Improved concurrency approach of HttpsJwks (per PR13 and fixes)
jose4j-0.6.3 - January 3, 2018
- Addressed issue
#107with the addition of an SslSocketFactory setter on org.jose4j.http.Get, which allows more control over creating and configuring the secure sockets. - Addressed issue
#110to allow for RSA PSS with a provider that doesn't support parameter spec
jose4j-0.6.2 - November 8, 2017
- Support for the JWS/JWE 'x5c' header parameter (per PR12)
jose4j-0.6.1 - September 20, 2017
- Explicit call to .end() on Inflater/Deflater now made in JWE compression (per PR11)
jose4j-0.6.0 - July 24, 2017
- Addressed issue
#76by providing programatic access to specific reasons for JWT invalidity through error codes on InvalidJwtException - Addressed Issue
#45with support for the RFC 7797 b64 header for JSON Web Signature (JWS) Unencoded Payload Option - Addressed Issue
#99by allowing the JWS payload to be an arbitrary sequence of bytes (rather than only a string)
jose4j-0.5.8 - July 5, 2017
- A SignatureException out of JCA Signature verify will now return false for signature verification rather than bubbling up an exception
jose4j-0.5.7 - June 12, 2017
- Addressed
#98with range checks on byte length to bit length calculation - Addressed
#97by using the encoded header value as-is from the message when producing the input into signing/HMAC and AEAD tag calculation
jose4j-0.5.6 - May 12, 2017
- Addressed
#95by allowing JwtConsumer to skip verification key resolution when alg is none by setting an option on the builder - Addressed
#94with an option to attempt verification on all candidate keys when more than one eligible are found with HttpsJwksVerificationKeyResolver and JwksVerificationKeyResolver - Addressed
#78such that JWK key_ops can now be a SimpleJwkFilter criteria and will be considered (only if present) in VerificationJwkSelector & DecryptionJwkSelector and the key resolvers that use them (HttpsJwksVerificationKeyResolver, JwksVerificationKeyResolver, and JwksDecryptionKeyResolver)
jose4j-0.5.5 - February 15, 2017
- Prior to ECDH key agreement when consuming a JWE, now checks whether the ephemeral public key is on the private key's curve
- Addressed
#84algorithm constraint issue with JwtConsumer and some key resolvers
jose4j-0.5.4 - December 16, 2016
- Addressed
#81so a JWK parameter that is expected to be a String but is a different type will now result in a JoseException with a somewhat descriptive message rather than a ClassCastException
jose4j-0.5.3 - December 7, 2016
- Addressed
#80where an NPE was being thrown from JWX.setKey() when using an HSM JCA provider - Addressed
#77'EC and RSA Key validations fail with Sun PKCS11 Provider' in the validate key checks by only checking RSA key length and EC curve parameters if the key is an instance of the type that has those methods. - Addressed
#74with support for HTTP Proxy servers by allowing org.jose4j.http.Get to be set up with a java.net.Proxy instance
jose4j-0.5.2 - August 10, 2016
- Addressed
#70by allowing multiple acceptable/expected issuer values to be specified when building a JwtConsumer
jose4j-0.5.1 - May 9, 2016
- Addressed
#65so that the "class " prefix is not on the logger names of AlgorithmFactory - Addressed
#63with support for additional/arbitrary parameters in JWK - Addressed
#64by adding key_ops to JWK - Addressed
#58by having JwtClaims getAudience() and getStringListClaimValue(name) return an empty list rather than null when the claim isn’t present
jose4j-0.5.0 - March 4, 2016
- Addressed
#37with some fairly rudimentary but useful support for PEM encoded public keys - Addressed
#54by enabling HttpsJwks.getJsonWebKeys() to continue to use the existing cache when an exception is thrown from refresh(). Default behavior is unchanged and setRetainCacheOnErrorDuration(...) must be called with a value larger than zero to get the new behavior. #36Added support for RFC 7638 JWK thumbprints- Addressed
#35by allowing the caller of various JOSE and JWT functionality to specify a particular JCA provider by name for cryptographic operations - Addressed
#44by providing a generic callback to JwtConsumer to customize each JWS/JWE - Addressed
#43now supports the 'crit' header - Fix ClassCastException with AndroidKeyStoreRSAPrivateKey on Android 6.0 Marshmallow
- Fix
#46by using the original encoded payload in signature verification rather than a re-encoding of the payload - Addressed
#48by providing a method for getting a JWS with detached content - Fix
#38by not logging secrets and other info from ConcatKeyDerivationFunction - Fix
#41allowing users to specify arbitrary NumericDate values - Fix
#39- no more NPE by conditionally avoiding key length checks when raw secret key isn’t available because of non-extractable key data due to PKCS11/HSM provider
jose4j-0.4.4 - July 24, 2015
- Fixed a potential security vulnerability where, when running with the Bouncy Castle (and presumably Spongy Castle) Java security provider, an HMAC JWS could be tricked into reporting a successful verify when the raw encoding of a public key was used as the secret key (more detailed info can be found here)
- Addressed Issue
#18- slf4j is now used rather than Commons Logging - Log levels of non critical messages lowered to debug
- Jar is now an OSGi bundle
jose4j-0.4.3 - June 19, 2015
- Fix
#028with even more aggressive exception catching in initialization and checking algorithm availability so that a throwable/error doesn’t kill everything (enabling use on somewhat older Android versions) - Fix
#025so now if an explicit evaluation time isn’t given to the JwtConsumeBuilder, a JwtConsumer can be created once and used many times and in multiple threads
jose4j-0.4.2 - May 26, 2015
- JwtConsumer[Builder] now can be told to relax validation of the verification or deception key, which will more easily allow for things like verification of JWTs signed with a 1024 bit RSA key (i.e. what Google is doing right now) or an HMAC key that is not the full 256 bits
- Address
#019with more granular options in skipping default JWT validation(s) and added the ability to specify an expected subject value - Fix
#022where JSON serialization of a char array wasn't escaping special characters like quote, backslash, etc. - Fix
#024to no longer use StandardCharsets in StringUtil as it isn’t available on Android before API level 19 - Fix
#015where CompactSerializer.serialize() no longer throws unnecessary JoseException - Address
#014with a get/setContentTypeHeaderValue on JsonWebStructure as convenient way of dealing with the cty header
jose4j-0.4.1 - March 12, 2015
- Additions to the APIs for consuming and validating JSON Web Tokens (JWT) which make it easier and more efficient to do a two-pass validation, which can be useful when you need some info from inside the JWT (i.e. the issuer) in order to set up the validation policy
- Fix
#008where DirectKeyManagementAlgorithm was retuning ASYMMETRIC Key Persuasion rather than SYMMETRIC - Fix
#009where DirectKeyManagementAlgorithm was retuning null Key Type rather than "oct" - Fix
#010where the AesKeyWrapManagementAlgorithm and AesGcmKeyEncryptionAlgorithm algorithms were using "AES" for Key Type rather than "oct" - Fix
#011where HmacUsingShaAlgorithm was using "HMAC" Key Type rather than "oct" - Fix
#012where the [HTTP] Get setTrustedCertificates(...) didn't work properly when more than one trusted certificate is given - Added an optional and controllable limit to the number of characters that [HTTP] Get will read from the HTTP response body
- Introduced a JwksDecryptionKeyResolver that will chose a for decryption from a given list of JWKs using the content of the JWE header (mainly kid and x5t etc)
jose4j-0.4.0 - February 13, 2015
- Introduced extensive new support for producing, consuming and validating JSON Web Tokens (JWT)
- New and improved JWK filtering/searching capabilities
- Added support for easily obtaining (and cacheing) JWKs from an HTTPS endpoint
- x5c is (again) just base64 encoded DER with no chunking/line separation
jose4j-0.3.9 - November 19, 2014
- Fix
#007where a runtime exception was being thrown from an HSM backed provider during initialization - algorithm availability checking now better handles runtime exceptions.
jose4j-0.3.8 - September 5, 2014
- Add a system property check that will enable JsonWebSignature to allow the getPayload() method to be called without validating the signature to help support code written agains versions prior to v0.3.3 but running with newer versions. Setting org.jose4j.jws.getPayload-skip-verify=true will make the JsonWebSignature getPayload() method behave as it did prior to v0.3.3, which is to simply return the payload without attempting to verify the signature or throwing an exception.
jose4j-0.3.7 - August 25, 2014
- JSON processing code derived from the JSON.simple toolkit pulled directly into the jose4j source code to reduce dependancies and enable modifications to the JSON code (forward slashes no longer escaped and some minor efficiency improvements)
- Base64 code derived from the Apache Commons Codec project pulled directly into the jose4j source code to reduce dependancies and ensure that the requisite implementation is always available
- Put back the addSeconds(int) method on IntDate so now there’s both addSeconds(int) and addSeconds(long) - code that was compiled against the int version (using v0.2.7 for example) wouldn’t run against v0.3.4 and would give java.lang.NoSuchMethodError: org.jose4j.jwt.IntDate.addSeconds(I)V
- Add a system property that will enable JsonWebSignature to allow the 'none' algorithm by default to help support code written agains versions prior to 0.3.4 but running with newer versions. Setting org.jose4j.jws.default-allow-none=true will allow JsonWebSignature to use the none alg without explicitly setting AlgorithmConstraints.NO_CONSTRAINTS
- Add CompactSerialization class back (it had been renamed to CompactSerializer in v0.3.0)
- The x5c JWK parameter is now PEM encoded with 64 printable characters per line and \r\n as line break rather rather than just base64 encoding the DER with no chunking/line separation
- Expand the range of commons-logging dependency
jose4j-0.3.6 - June 6, 2014
- Added JWE support for RSAES OAEP using SHA-256 and MGF1 with SHA-256 key management (RSA-OAEP-256) which was added to draft -26 of JWA at the end of April '14
- Now published to the Central Maven Repository with a new groupId of org.bitbucket.b_c - i.e.:
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
<version>0.3.6</version>
</dependency>
jose4j-0.3.5 - April 22, 2014
- Added JWE support for AES GCM content encryption (A128GCM, A192GCM & A256GCM)
- Added JWE support for AES GCM key encryption (A128GCMKW, A192GCMKW & A256GCMKW)
- Added JWE support for PBES2 Key Encryption (PBES2-HS256+A128KW, PBES2-HS384+A192KW & PBES2-HS512+A256KW)
- Added JWS support for RSA-PSS signatures (PS256, PS384 & PS512)
- Fixed issues
#005and#006where certain parameters of EC JWKs and ECDSA signature values were not the full length required by the specifications. - Fixed issue
#003where the A256GCM implementation used the wrong algorithm identifier
jose4j-0.3.4 - November 25, 2013
- JWS/JWE objects now have the ability to whitelist or blacklist the algorithms that will be accepted
- Breaking change: by default JsonWebSignature will not accept a Plaintext JWS (i.e. "alg":"none"). Applications can use setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS) on JsonWebSignature to indicate that a Plaintext JWS is acceptable.
- addSeconds(...) on IntDate now takes a long rather than an int (this was unfortunately a breaking change for code compiled against earlier versions but run against 0.3.4)
jose4j-0.3.3 - October 22, 2013
- JsonWebStructure now has a fromCompactSerialization(...) and get/setPayload(...), which allows for client code to treat JWS/JWE more similarly in some cases
- As a result of the above, JsonWebSignature.getPayload() now checks the signature and throws an exception, if it's not valid. JsonWebSignature.getUnverifiedPayload() can be used to access the payload without the signature check. This is potentially a breaking change at runtime for some usage of the getPayload() method.
- Some defect fixes and clean up
jose4j-0.3.2 - October 17, 2013
- JWK toJson now takes a parameter indicating the level of output to produce (i.e. public only, public+symmetric or public+symmetric+private)
- Improve awareness of handling of algorithm support in the underlying Java runtime
- Add a simple OctJwkGenerator utility for generateing symmetric JWKs
- Added some validation to check that the given key is appropriate for the indicated algorithm and give more helpful error messages when it's not
jose4j-0.3.1 - September 16, 2013
- update KDF for ECDH-ES key agreement per change in JWA -16 where the AlgorithmID value now has a length prefix (http://www.ietf.org/mail-archive/web/jose/current/msg03460.html)
jose4j-0.3.0 - August 23, 2013
Introduction of JWE support
- Introduction of JWE support of Content Encryption "enc" algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
- JEW Key Management "alg" algorithms: ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, RSA-OAEP, RSA1_5, A128KW, A192KW, A256KW, dir
jose4j-0.2.7 - July 19, 2013
- Added private and symmetric key support in JWK
- Added utilities to generate EC and RSA JWKs
jose4j-0.2.0 - January 8, 2013
- Added EC "kty" JWK support
- Added Elliptic Curve support for JWS with Algorithms "alg": ES256, ES384, ES512
jose4j-0.1.0 - October 31, 2012
- Introduction of JWK support (only RSA "kty" Key Type)
- Introduction of JWS support for Algorithms "alg": none, HS256, HS384, HS512, RS256, RS384, RS512
Note: this is not necessarily a complete list of changes. The earlier releases just attempt to capture some of the more notable milestones and additions. More granular change lists are given for more recent releases.
Updated