Skip to content

v1.1.0

Latest
Compare
Choose a tag to compare
@rdebusscher rdebusscher released this 20 Aug 16:48
· 4 commits to master since this release
  • Support for Reading PEM in PKCS8 unencrypted format.
  • Support custom claims of type number array in JWT payload.
  • More alternative interpretations of claims (like comma separated string for aud interpreted as array)
  • Support for parsing Strings in the different Readers.
  • Convert 'Java Objects' to JsonValue instances and vice versa.
  • The exp, iat, and nbf claims can be set as LocalDateTime value using the JWTClaimsSet.Builder
  • Support for setting 'crit' header values that are handled by application (understood by JWSVerifier implementations). Possibility to pass on these header clams to DefaultJWSVerifierFactory ad JWTDecoder.
  • New method within the builder to define the expiration time as a duration from current time. Builder.expirationTime(Duration).
  • Identify the SecretKey through the class KeyFamilyUtil.
  • The reason for a Failed JWT token verification (signature, verifier, ...) can be found within MDC of SLF4J with key JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON.
  • Possibility to recreate the SecureRandom or developer can provide (implement the interface SecureRandomProvider) the instance that is retrieved by JCASupportConfiguration.getSecureRandom.
  • Do not allow un-encoded payload for JWT ( https://datatracker.ietf.org/doc/html/rfc7797#section-7 [RFC-7797, Section 7])
  • Define constants for Spec based values; see HeaderParameterNames, JWKIdentifiers, and JWTClaimNames (defined as PublicAPI)
  • Support for the flattened JWS JSON Serialization syntax (besides the compact String serialisation).
    Added method to JWTEncoder and JWTDecoder to support this.
  • Validations on Signatures using EC Curves to capture the CVE-2022-21449 (https://nvd.nist.gov/vuln/detail/cve-2022-21449)
  • Important changes / new features from Nimbus Jose library (since JWT Support classes are based on the Nimbus Jose classes)
    • Limit size of parsed headers (plain, JWS, ...) to 20 000 characters. (JWTDecoder throws an InvalidJWTException)
    • Support for RSA-OAEP-384 and RSA-OAEP-512.
    • EC Curve P-256K renamed to SECP256K1
    • X509CertChainUtils.parse method for File (and String)
    • X509CertChainUtils.store method to add certificates to Java KeyStore.
    • b64 header parameter is now supported (no longer use header.parameter to specify this value)
    • Improved detection of missing values
    • Updates KeyUse.from(X509Certificate) to return null when the certificate public key use doesn't map to a single JWK use value.