Wiki

jose4j-0.9.6 - March 6, 2024

Fix Issue ~~#220~~ with a safeguard against excessive resource utilization by restricting the size of data during JWE payload decompression

jose4j-0.9.5 - February 14, 2024

Fix Issue ~~#218~~ where JWKS key resolution for ECDH-ES* decryption with OKP keys wasn't working
Fix Issue ~~#214~~ by providing a somewhat better error message for invalid JWTs (especially with cty incorrectly set)

jose4j-0.9.4 - December 5, 2023

PBES2 algorithms blocked by default with JWE AlgorithmConstraints and put a max on the iteration count to fix Issue ~~#212~~
Update slf4j-api to 1.7.36

jose4j-0.9.3 - February 8, 2023

Additional controls around RSAES-PKCS1-v1_5 including adding default AlgorithmConstraints in JsonWebEncryption to block the RSA1_5 alg
Fix Issue ~~#203~~ by disallowing iteration count < 1000 & salt < 8 bytes for PBES2. Also increased the default iteration count

jose4j-0.9.2 - October 31, 2022

Fix Issue ~~#200~~ where Google Play Console warns of unsafe encryption in SimpleAeadCipher due to a static key/iv used in a test encryption operation to check for algorithm availably. Hopefully remediate by using random values instead.

jose4j-0.9.1 - October 18, 2022

Provider context can now be used control the cipher mode used when deciphering/decrypting/unwrapping an encrypted content encryption key. Using decrypt mode with certain JCA providers might be necessary for access to the raw bytes of the decrypted key, which are needed when decrypting the JWE ciphertext.
Made addCurve public on EllipticCurves

jose4j-0.9.0 - October 5, 2022

Add RFC 8037 support per Issue ~~#72~~
- EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
- X25519 & X448 ECDH for JWE (needs Java 11)
- OKP (Octet Key Pair) type for JWK

jose4j-0.8.0 - August 31, 2022

Add support for the ES256K JWS alg (ECDSA using secp256k1 curve and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
Fix Issue ~~#198~~ with a better exception from EllipticCurveJsonWebKey when the curve isn't known/supported
Add support for producing RFC9278 JWK Thumbprint URI values

jose4j-0.7.12 - April 28, 2022

Add some ECDSA signature value validation to guard against CVE-2022-21449 when using vulnerable Java/JCE providers
Reject messages that contain private keys in JOSE headers intended to only have public keys (like epk and jwk)

jose4j-0.7.11 - March 18, 2022

update test dependencies for Issue ~~#196~~

jose4j-0.7.10 - February 15, 2022

Fix Issue ~~#194~~ where JsonWebSignature's payload and encoded payload could get in an inconsistent state when trying to verify a JWS with detached payload that needed to be (re)encoded
Address Issue ~~#190~~ where NumericDate.java#canConvertToMillis: was using a bitwise `&` instead of the boolean `&&`
More caching prevention in `Get.java` to address Issue ~~#195~~

jose4j-0.7.9 - August 18, 2021

Fix Issue ~~#189~~ where the A128KW, A192KW, and A256KW algs were not being recognized as available in Java 17.
Add an option to JwksDecryptionKeyResolver to try and disambiguate when more than one eligible key is found via attempting decryption with each of the candidate keys.

jose4j-0.7.8 - June 9, 2021

More robust isAvailable() check for HMAC algs
Add getter to InvalidJwtException for the original message without details

jose4j-0.7.7 - April 20, 2021

Allow for pluggable Concatenation Key Derivation Function for Issue ~~#185~~
Implement limited media type processing directly in TypeValidator so as to remove the dependency on javax.activation.MimeType, which has been removed in Java 11

jose4j-0.7.6 - January 27, 2021

Only use a PSSParameterSpec when the RSASSA-PSS algorithm name is used for Issue ~~#178~~

jose4j-0.7.5 - January 26, 2021

Address Issue ~~#177~~ with a check for a system property "org.jose4j.jws.use-legacy-rsapss-alg-names" that when "true" will use the older style algorithm names (<digest>with<encryption>and<mgf> -> SHA256withRSAandMGF1, SHA384withRSAandMGF1, and SHA512withRSAandMGF1) for the RSASSA-PSS class of JWS algs (PS256, PS384 and PS512) rather than RSASSA-PSS

jose4j-0.7.4 - January 5, 2021

Address Issue ~~#123~~ '[JWE] AndroidKeyStoreRSAPrivateKey cannot be cast to RSAPrivateKey' so that the `setDoKeyValidation(false)` workaround on the JWE is no longer needed

jose4j-0.7.3 - December 17, 2020

Address Issue ~~#176~~ with API updates (prepareForSign/prepareForDecrypt) better allowing for use of AndroidKeyStore key that has .setUserAuthenticationRequired(true) by giving access to the Signature/Mac/Cipher/KeyAgreement underlying the JWS/JWE instance so that its use can be authorized with something like the BiometricPrompt (see a simple example project)
Address Issue ~~#175~~ "RSA-PSS support for both JCA algorithm naming standards" with the introduction of a SignatureAlgorithmOverride on ProviderContext that allows for the caller to specify name and parameter spec to create the underlying signature rather than the normal defaults.
Check the length of the CEK against the expected key length of the content encryption algorithm (for Issue ~~#170~~)

jose4j-0.7.2 - June 25, 2020

transition to using more inclusive language for the ConstraintType names in AlgorithmConstraints by adding two new enum values (BLOCK & PERMIT) while marking the old ones as deprecated (for Issue ~~#169~~)

jose4j-0.7.1 - May 22, 2020

No longer include the correct MAC in the error message from integrity check failures with AES-CBC + HMAC-SHA2
Use ArrayList rather than LinkedList in a couple places (for Issue ~~#165~~)

jose4j-0.7.0 - October 24, 2019

Improved support for working with the "jwk" header including an EmbeddedJwkVerificationKeyResolver and get/set JwkHeader methods on JsonWebStructure for issue ~~#147~~
Added a setIssuedAtRestrictions() to JwtConsumerBuilder that allows restrictions to be placed on how far from the time of evaluation an iat value can acceptably be (for Issue ~~#144~~)
Added explicit type checking support to the JwtConsumer and Builder (Issue ~~#155~~)
Somewhat better error message when the root of the parsed JSON isn't an object (issue ~~#142~~)
Replaced a few cases of catching ClassCastException with instanceof checks (issue ~~#143~~ & ~~#137~~)
Fixed RFC 7797 unencoded non-detached payloads with JWS Compact Serialization (issue ~~#156~~)
Improved API support for setting JwtConsumerBuilder algorithm constraints for issue ~~#154~~
Addressed issue ~~#153~~ by adding object typed get/set header methods to JsonWebStructure
More proactively detect and throw exception on (long) integer overflow/underflow when handling numeric dates (for issue ~~#157~~)
Minor reworking of the critical header value type coercion
Allow subclassing of HttpsJwksVerificationKeyResolver for ~~#149~~
Added a getStringClaimValue(...) method on JwtClaims as a a best effort to get the claim value as string regardless of underlying JSON type - fixing Issue ~~#145~~
Additional context about the cause with InvalidKeyException messages
Added automatic module name `org.jose4j`
Fixed issue ~~#135~~ where IssValidator throws NPE when trying to build the error message when no iss claim is present but its configured to require iss with any value being acceptable

jose4j-0.6.5 - January 17, 2019

Updated to work with the RSASSA-PSS support recently available in Java 11 for issue ~~#129~~

jose4j-0.6.4 - July 13, 2018

Addressed Issue ~~#121~~ with an option on JwtConsumerBuilder/JwtConsumer to require that the JWT have some integrity protection, either a signature/MAC JWS or a JWE using a symmetric key management algorithm.
Improved concurrency approach of HttpsJwks (per PR13 and fixes)

jose4j-0.6.3 - January 3, 2018

Addressed issue ~~#107~~ with the addition of an SslSocketFactory setter on org.jose4j.http.Get, which allows more control over creating and configuring the secure sockets.
Addressed issue ~~#110~~ to allow for RSA PSS with a provider that doesn't support parameter spec

jose4j-0.6.2 - November 8, 2017

Support for the JWS/JWE 'x5c' header parameter (per PR12)

jose4j-0.6.1 - September 20, 2017

Explicit call to .end() on Inflater/Deflater now made in JWE compression (per PR11)

jose4j-0.6.0 - July 24, 2017

Addressed issue ~~#76~~ by providing programatic access to specific reasons for JWT invalidity through error codes on InvalidJwtException
Addressed Issue ~~#45~~ with support for the RFC 7797 b64 header for JSON Web Signature (JWS) Unencoded Payload Option
Addressed Issue ~~#99~~ by allowing the JWS payload to be an arbitrary sequence of bytes (rather than only a string)

jose4j-0.5.8 - July 5, 2017

A SignatureException out of JCA Signature verify will now return false for signature verification rather than bubbling up an exception

jose4j-0.5.7 - June 12, 2017

Addressed ~~#98~~ with range checks on byte length to bit length calculation
Addressed ~~#97~~ by using the encoded header value as-is from the message when producing the input into signing/HMAC and AEAD tag calculation

jose4j-0.5.6 - May 12, 2017

Addressed ~~#95~~ by allowing JwtConsumer to skip verification key resolution when alg is none by setting an option on the builder
Addressed ~~#94~~ with an option to attempt verification on all candidate keys when more than one eligible are found with HttpsJwksVerificationKeyResolver and JwksVerificationKeyResolver
Addressed ~~#78~~ such that JWK key_ops can now be a SimpleJwkFilter criteria and will be considered (only if present) in VerificationJwkSelector & DecryptionJwkSelector and the key resolvers that use them (HttpsJwksVerificationKeyResolver, JwksVerificationKeyResolver, and JwksDecryptionKeyResolver)

jose4j-0.5.5 - February 15, 2017

Prior to ECDH key agreement when consuming a JWE, now checks whether the ephemeral public key is on the private key's curve
Addressed ~~#84~~ algorithm constraint issue with JwtConsumer and some key resolvers

jose4j-0.5.4 - December 16, 2016

Addressed ~~#81~~ so a JWK parameter that is expected to be a String but is a different type will now result in a JoseException with a somewhat descriptive message rather than a ClassCastException

jose4j-0.5.3 - December 7, 2016

Addressed ~~#80~~ where an NPE was being thrown from JWX.setKey() when using an HSM JCA provider
Addressed ~~#77~~ 'EC and RSA Key validations fail with Sun PKCS11 Provider' in the validate key checks by only checking RSA key length and EC curve parameters if the key is an instance of the type that has those methods.
Addressed ~~#74~~ with support for HTTP Proxy servers by allowing org.jose4j.http.Get to be set up with a java.net.Proxy instance

jose4j-0.5.2 - August 10, 2016

Addressed ~~#70~~ by allowing multiple acceptable/expected issuer values to be specified when building a JwtConsumer

jose4j-0.5.1 - May 9, 2016

Addressed ~~#65~~ so that the "class " prefix is not on the logger names of AlgorithmFactory
Addressed ~~#63~~ with support for additional/arbitrary parameters in JWK
Addressed ~~#64~~ by adding key_ops to JWK
Addressed ~~#58~~ by having JwtClaims getAudience() and getStringListClaimValue(name) return an empty list rather than null when the claim isn’t present

jose4j-0.5.0 - March 4, 2016

Addressed ~~#37~~ with some fairly rudimentary but useful support for PEM encoded public keys
Addressed ~~#54~~ by enabling HttpsJwks.getJsonWebKeys() to continue to use the existing cache when an exception is thrown from refresh(). Default behavior is unchanged and setRetainCacheOnErrorDuration(...) must be called with a value larger than zero to get the new behavior.
~~#36~~ Added support for RFC 7638 JWK thumbprints
Addressed ~~#35~~ by allowing the caller of various JOSE and JWT functionality to specify a particular JCA provider by name for cryptographic operations
Addressed ~~#44~~ by providing a generic callback to JwtConsumer to customize each JWS/JWE
Addressed ~~#43~~ now supports the 'crit' header
Fix ClassCastException with AndroidKeyStoreRSAPrivateKey on Android 6.0 Marshmallow
Fix ~~#46~~ by using the original encoded payload in signature verification rather than a re-encoding of the payload
Addressed ~~#48~~ by providing a method for getting a JWS with detached content
Fix ~~#38~~ by not logging secrets and other info from ConcatKeyDerivationFunction
Fix ~~#41~~ allowing users to specify arbitrary NumericDate values
Fix ~~#39~~ - no more NPE by conditionally avoiding key length checks when raw secret key isn’t available because of non-extractable key data due to PKCS11/HSM provider

jose4j-0.4.4 - July 24, 2015

Fixed a potential security vulnerability where, when running with the Bouncy Castle (and presumably Spongy Castle) Java security provider, an HMAC JWS could be tricked into reporting a successful verify when the raw encoding of a public key was used as the secret key (more detailed info can be found here)
Addressed Issue ~~#18~~ - slf4j is now used rather than Commons Logging
Log levels of non critical messages lowered to debug
Jar is now an OSGi bundle

jose4j-0.4.3 - June 19, 2015

Fix ~~#028~~ with even more aggressive exception catching in initialization and checking algorithm availability so that a throwable/error doesn’t kill everything (enabling use on somewhat older Android versions)
Fix ~~#025~~ so now if an explicit evaluation time isn’t given to the JwtConsumeBuilder, a JwtConsumer can be created once and used many times and in multiple threads

jose4j-0.4.2 - May 26, 2015

JwtConsumer[Builder] now can be told to relax validation of the verification or deception key, which will more easily allow for things like verification of JWTs signed with a 1024 bit RSA key (i.e. what Google is doing right now) or an HMAC key that is not the full 256 bits
Address ~~#019~~ with more granular options in skipping default JWT validation(s) and added the ability to specify an expected subject value
Fix ~~#022~~ where JSON serialization of a char array wasn't escaping special characters like quote, backslash, etc.
Fix ~~#024~~ to no longer use StandardCharsets in StringUtil as it isn’t available on Android before API level 19
Fix ~~#015~~ where CompactSerializer.serialize() no longer throws unnecessary JoseException
Address ~~#014~~ with a get/setContentTypeHeaderValue on JsonWebStructure as convenient way of dealing with the cty header

jose4j-0.4.1 - March 12, 2015

Additions to the APIs for consuming and validating JSON Web Tokens (JWT) which make it easier and more efficient to do a two-pass validation, which can be useful when you need some info from inside the JWT (i.e. the issuer) in order to set up the validation policy
Fix ~~#008~~ where DirectKeyManagementAlgorithm was retuning ASYMMETRIC Key Persuasion rather than SYMMETRIC
Fix ~~#009~~ where DirectKeyManagementAlgorithm was retuning null Key Type rather than "oct"
Fix ~~#010~~ where the AesKeyWrapManagementAlgorithm and AesGcmKeyEncryptionAlgorithm algorithms were using "AES" for Key Type rather than "oct"
Fix ~~#011~~ where HmacUsingShaAlgorithm was using "HMAC" Key Type rather than "oct"
Fix ~~#012~~ where the [HTTP] Get setTrustedCertificates(...) didn't work properly when more than one trusted certificate is given
Added an optional and controllable limit to the number of characters that [HTTP] Get will read from the HTTP response body
Introduced a JwksDecryptionKeyResolver that will chose a for decryption from a given list of JWKs using the content of the JWE header (mainly kid and x5t etc)

jose4j-0.4.0 - February 13, 2015

Introduced extensive new support for producing, consuming and validating JSON Web Tokens (JWT)
New and improved JWK filtering/searching capabilities
Added support for easily obtaining (and cacheing) JWKs from an HTTPS endpoint
x5c is (again) just base64 encoded DER with no chunking/line separation

jose4j-0.3.9 - November 19, 2014

Fix ~~#007~~ where a runtime exception was being thrown from an HSM backed provider during initialization - algorithm availability checking now better handles runtime exceptions.

jose4j-0.3.8 - September 5, 2014

Add a system property check that will enable JsonWebSignature to allow the getPayload() method to be called without validating the signature to help support code written agains versions prior to v0.3.3 but running with newer versions. Setting org.jose4j.jws.getPayload-skip-verify=true will make the JsonWebSignature getPayload() method behave as it did prior to v0.3.3, which is to simply return the payload without attempting to verify the signature or throwing an exception.

jose4j-0.3.7 - August 25, 2014

JSON processing code derived from the JSON.simple toolkit pulled directly into the jose4j source code to reduce dependancies and enable modifications to the JSON code (forward slashes no longer escaped and some minor efficiency improvements)
Base64 code derived from the Apache Commons Codec project pulled directly into the jose4j source code to reduce dependancies and ensure that the requisite implementation is always available
Put back the addSeconds(int) method on IntDate so now there’s both addSeconds(int) and addSeconds(long) - code that was compiled against the int version (using v0.2.7 for example) wouldn’t run against v0.3.4 and would give java.lang.NoSuchMethodError: org.jose4j.jwt.IntDate.addSeconds(I)V
Add a system property that will enable JsonWebSignature to allow the 'none' algorithm by default to help support code written agains versions prior to 0.3.4 but running with newer versions. Setting org.jose4j.jws.default-allow-none=true will allow JsonWebSignature to use the none alg without explicitly setting AlgorithmConstraints.NO_CONSTRAINTS
Add CompactSerialization class back (it had been renamed to CompactSerializer in v0.3.0)
The x5c JWK parameter is now PEM encoded with 64 printable characters per line and \r\n as line break rather rather than just base64 encoding the DER with no chunking/line separation
Expand the range of commons-logging dependency

jose4j-0.3.6 - June 6, 2014

Added JWE support for RSAES OAEP using SHA-256 and MGF1 with SHA-256 key management (RSA-OAEP-256) which was added to draft -26 of JWA at the end of April '14
Now published to the Central Maven Repository with a new groupId of org.bitbucket.b_c - i.e.:

<dependency>
  <groupId>org.bitbucket.b_c</groupId>
  <artifactId>jose4j</artifactId>
  <version>0.3.6</version>
</dependency>

jose4j-0.3.5 - April 22, 2014

Added JWE support for AES GCM content encryption (A128GCM, A192GCM & A256GCM)
Added JWE support for AES GCM key encryption (A128GCMKW, A192GCMKW & A256GCMKW)
Added JWE support for PBES2 Key Encryption (PBES2-HS256+A128KW, PBES2-HS384+A192KW & PBES2-HS512+A256KW)
Added JWS support for RSA-PSS signatures (PS256, PS384 & PS512)
Fixed issues ~~#005~~ and ~~#006~~ where certain parameters of EC JWKs and ECDSA signature values were not the full length required by the specifications.
Fixed issue ~~#003~~ where the A256GCM implementation used the wrong algorithm identifier

jose4j-0.3.4 - November 25, 2013

JWS/JWE objects now have the ability to whitelist or blacklist the algorithms that will be accepted
Breaking change: by default JsonWebSignature will not accept a Plaintext JWS (i.e. "alg":"none"). Applications can use setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS) on JsonWebSignature to indicate that a Plaintext JWS is acceptable.
addSeconds(...) on IntDate now takes a long rather than an int (this was unfortunately a breaking change for code compiled against earlier versions but run against 0.3.4)

jose4j-0.3.3 - October 22, 2013

JsonWebStructure now has a fromCompactSerialization(...) and get/setPayload(...), which allows for client code to treat JWS/JWE more similarly in some cases
As a result of the above, JsonWebSignature.getPayload() now checks the signature and throws an exception, if it's not valid. JsonWebSignature.getUnverifiedPayload() can be used to access the payload without the signature check. This is potentially a breaking change at runtime for some usage of the getPayload() method.
Some defect fixes and clean up

jose4j-0.3.2 - October 17, 2013

JWK toJson now takes a parameter indicating the level of output to produce (i.e. public only, public+symmetric or public+symmetric+private)
Improve awareness of handling of algorithm support in the underlying Java runtime
Add a simple OctJwkGenerator utility for generateing symmetric JWKs
Added some validation to check that the given key is appropriate for the indicated algorithm and give more helpful error messages when it's not

jose4j-0.3.1 - September 16, 2013

update KDF for ECDH-ES key agreement per change in JWA -16 where the AlgorithmID value now has a length prefix (http://www.ietf.org/mail-archive/web/jose/current/msg03460.html)

jose4j-0.3.0 - August 23, 2013

Introduction of JWE support

Introduction of JWE support of Content Encryption "enc" algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
JEW Key Management "alg" algorithms: ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, RSA-OAEP, RSA1_5, A128KW, A192KW, A256KW, dir

jose4j-0.2.7 - July 19, 2013

Added private and symmetric key support in JWK
Added utilities to generate EC and RSA JWKs

jose4j-0.2.0 - January 8, 2013

Added EC "kty" JWK support
Added Elliptic Curve support for JWS with Algorithms "alg": ES256, ES384, ES512

jose4j-0.1.0 - October 31, 2012

Introduction of JWK support (only RSA "kty" Key Type)
Introduction of JWS support for Algorithms "alg": none, HS256, HS384, HS512, RS256, RS384, RS512

Note: this is not necessarily a complete list of changes. The earlier releases just attempt to capture some of the more notable milestones and additions. More granular change lists are given for more recent releases.