google / jsontoken Goto Github PK

View Code? Open in Web Editor NEW

17.0 11.0 22.0 233 KB

Automatically exported from code.google.com/p/jsontoken

License: Apache License 2.0

Java 100.00%

jsontoken's People

Contributors

Stargazers

Watchers

Forkers

roshni cityoflearning pkdevboxy koskeans kannanmurugesan cthulhu59 andonescu tgeng zalimeni will-lin4 neotim isabella232 test-mass-forker-org-1 ghas-results

jsontoken's Issues

issuedAtIsValid and expirationIsValid does not take into account clock skew

Wrong exception message in SignedTokenAudienceChecker class

Line 70 - there is
if (!Objects.equal(ourUri.getPath(), tokenUri.getPath())) {
      throw new SignatureException("path in token URI (" + tokenUri.getAuthority() + ") is wrong");
    }
while shoudl be 

if (!Objects.equal(ourUri.getPath(), tokenUri.getPath())) {
      throw new SignatureException("path in token URI (" + tokenUri.getPath() + ") is wrong");
    }

Original issue reported on code.google.com by [email protected] on 11 May 2014 at 7:59

Cannot check out the project in eclipse

What steps will reproduce the problem?
1. Import project to Eclipse
2. Specify the url of repository: http://jsontoken.googlecode.com/svn/
3. Start check out 

What is the expected output? What do you see instead?

the project is expected to be imported in Eclipse.Instead the check out process 
get stuck in the file "FakeClock.java" 

What version of the product are you using? On what operating system?
Windows 7, eclipse indigo service release 2

Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 13 Jun 2013 at 12:00

JsonTokenTest fails

What steps will reproduce the problem?
1. mvn test -Dtest=JsonTokenTest

What is the expected output? What do you see instead?
tests should pass, the error is:

Results :

Failed tests: 
  testCreateJsonToken(net.oauth.jsontoken.JsonTokenTest): expected:<...hbGciOiJIUzI1NiIsImtpZCI6ImtleTIifQ.eyJpc3MiOiJnb29nbGUuY29tIiwiYmFyIjoxNSwiZm9vIjoic29tZSB2YWx1ZSIsImF1ZCI6Imh0dHA6Ly93d3cuZ29vZ2xlLmNvbSIsImlhdCI6MTI3NjY2OTcyMiwiZXhwIjoxMjc2NjY5NzIyfQ.jKcuP6BR_-cKpQv2XdFLguYgOxw4ahkZiqjcgrQcm70> but was:<...tZW1iZXJzIjp7ImFsZyI6e30sImtpZCI6e319fQ.eyJtZW1iZXJzIjp7ImlzcyI6e30sImJhciI6e30sImZvbyI6e30sImF1ZCI6e30sImlhdCI6e30sImV4cCI6e319fQ.lccHLtj8zadeTRfbISWZ9SDdprwdvL5eANUfRcFXJkc>

Tests in error: 
  testPublicKey(net.oauth.jsontoken.JsonTokenTest): JWT header is missing the required 'alg' parameter


What version of the product are you using? On what operating system?
similar failures in trunk (r34) and the 1.0 tag.

Please provide any additional information below.
OSX 10.6, Java 1.6, maven 3.0.3

see attempt to use this here:
http://groups.google.com/group/in-app-payments/browse_thread/thread/d9aeddaab4d4
0f74

Original issue reported on code.google.com by [email protected] on 17 Aug 2011 at 5:29

jsontoken-1.2

How to get jsontoken-1.2 from maven?
Maven repo has only 1.0 and 1.1
https://mvnrepository.com/artifact/com.googlecode.jsontoken/jsontoken

Both 1.0 and 1.1 has Google Collection(old Guava).

https://search.maven.org/artifact/com.googlecode.jsontoken/jsontoken/

Improve existing tests to have better separation of three parts

Change imports to follow style guide

https://google.github.io/styleguide/javaguide.html#s3.3.3-import-ordering-and-spacing

hi :
We found a problem about JSON Injection in jsontoken.The method writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the JSON entity.

Update JsonTokenParser verify documentation to include more situations of error

Request bugfix release

Hi.

We use version 1.0 in a commercial project, but are now experiencing problems 
with clock skew. They are already fixed in 
https://code.google.com/p/jsontoken/source/diff?spec=svn41&r=41&format=side&path
=/trunk/src/main/java/net/oauth/jsontoken/JsonTokenParser.java, but we would 
like to use an artifact from a public Maven repo instead of building from 
source.

Would you mind releaseing a maintenance release 1.1 or 1.0.1? Thanks.

Original issue reported on code.google.com by [email protected] on 17 May 2013 at 10:08

Use Java Time instead of joda time

Cannot use jsontoken with Guava

What steps will reproduce the problem?
1. Setup a gradle java project with Guava 17.0 (uses RateLimiter) and jsontoken 
1.1 (for use with google wallet JwtGenerater) and try to utilize the 
RateLimiter.

What is the expected output? What do you see instead?
No problems should appear.  

However, I see this:
Caused by: java.lang.NoSuchMethodError: 
com.google.common.base.Platform.systemNanoTime()J
    at com.google.common.base.Ticker$1.read(Ticker.java:60) ~[guava-17.0.jar:na]
    at com.google.common.util.concurrent.RateLimiter$SleepingTicker$1.read(RateLimiter.java:718) ~[guava-17.0.jar:na]
    at com.google.common.util.concurrent.RateLimiter.<init>(RateLimiter.java:333) ~[guava-17.0.jar:na]
    at com.google.common.util.concurrent.RateLimiter.<init>(RateLimiter.java:89) ~[guava-17.0.jar:na]
    at com.google.common.util.concurrent.RateLimiter$Bursty.<init>(RateLimiter.java:692) ~[guava-17.0.jar:na]
    at com.google.common.util.concurrent.RateLimiter.create(RateLimiter.java:247) ~[guava-17.0.jar:na]
    at com.google.common.util.concurrent.RateLimiter.create(RateLimiter.java:242) ~[guava-17.0.jar:na]
    at com.laquinta.service.propertymaster.dao.TripAdvisorDAO.<init>(TripAdvisorDAO.java:84) ~[TripAdvisorDAO.class:na]
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_05]
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_05]
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_05]
    at java.lang.reflect.Constructor.newInstance(Constructor.java:408) ~[na:1.8.0_05]
    at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148) ~[spring-beans-4.0.5.RELEASE.jar:4.0.5.RELEASE]
    ... 54 common frames omitted

What version of the product are you using? On what operating system?
Guava 17.0
jsontoken 1.1

Please provide any additional information below.
The problem appears to be that jsontoken uses the old collections jar instead 
of guava.  (http://jsontoken.googlecode.com/svn/trunk/pom.xml).

Original issue reported on code.google.com by [email protected] on 8 Jul 2014 at 12:21

JsonToken

JsonToken does not support the "nbf" or "jti" or "sub" claims which are in the 
latest draft.

Original issue reported on code.google.com by [email protected] on 17 Apr 2014 at 7:48

Set up tests to automatically run on each commit.

UrlBasedVerifierProvider does not work with recent version of gson

What steps will reproduce the problem?
1.
In pom.xml switch to a recent version of gson, 2.2.4 for example
2.
Use UrlBasedVerifierProvider to fetch a certicate from an url.
3.

What is the expected output? What do you see instead?
I should get a List<Verifier> 

I get an exception
[INFO] com.google.gson.JsonSyntaxException: 
com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) 
to accept malformed JSON at line 2 column 2
[INFO]  at com.google.gson.JsonParser.parse(JsonParser.java:65)
[INFO]  at com.google.gson.JsonParser.parse(JsonParser.java:45)
[INFO]  at 
net.oauth.jsontoken.discovery.UrlBasedVerifierProvider.findVerifier(UrlBasedVeri
fierProvider.java:58)
[INFO]  at 
net.oauth.jsontoken.JsonTokenParser.verifyAndDeserialize(JsonTokenParser.java:10
8)


How to Fix it
@
https://code.google.com/p/jsontoken/source/browse/trunk/src/main/java/net/oauth/
jsontoken/discovery/UrlBasedVerifierProvider.java#51

replace
String line = "";
  do {
          line = buff.readLine();
          content.append(line + "\n");
        } while (line != null);

with
String line = buff.readLine();
  while (line != null) {
          content.append(line + "\n");
          line = buff.readLine();
        } ;

The later won't add an unwanted "null" string at the end of the json string.

Original issue reported on code.google.com by [email protected] on 22 Aug 2013 at 8:10

There is a vulnerability in Guava: Google Core Libraries for Java 29.0-jre,upgrade recommended

jsontoken/pom.xml

Line 91 in 2ef6dea

CVE-2020-8908

Recommended upgrade version：
30.0-jre

Add an async interface for parsing json tokens.

Header field 'typ' is never set if createheader called.

What steps will reproduce the problem?
1. Instantiate similar to: JsonToken jsonToken = new JsonToken(signer);

2. Fill the object out;

3. Call jsonToken.serializeAndSign();

What is the expected output? What do you see instead?

Should get something like: {"alg":"RS256","typ":"JWT"}

But instead get: {"alg":"RS256"}

What version of the product are you using? On what operating system?

Using trunk (1.0 is similar).

Please provide any additional information below.

Google specifies that for obtaining access tokens on service accounts the "typ" 
field must exist. See 
https://developers.google.com/accounts/docs/OAuth2ServiceAccount#formingheader 
for details.

Original issue reported on code.google.com by [email protected] on 16 May 2013 at 9:42

Update documentation to reflect all exceptions thrown

There is a vulnerability in Apache Commons Codec 1.4,upgrade recommended

jsontoken/pom.xml

Line 84 in 2ef6dea

Recommended upgrade version：
1.13