lccodes
diff --git a/‎.travis.yml‎
Lines changed: 1 addition & 0 deletions b/‎.travis.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwtdecodejava/JWT.java‎
Lines changed: 104 additions & 0 deletions b/‎lib/src/main/java/com/auth0/jwtdecodejava/JWT.java‎
Lines changed: 104 additions & 0 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwtdecodejava/JWTDecoder.java‎
Lines changed: 2 additions & 2 deletions b/‎lib/src/main/java/com/auth0/jwtdecodejava/JWTDecoder.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwtdecodejava/JWTVerifier.java‎
Lines changed: 104 additions & 85 deletions b/‎lib/src/main/java/com/auth0/jwtdecodejava/JWTVerifier.java‎
Lines changed: 104 additions & 85 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwtdecodejava/impl/HeaderImpl.java‎
Lines changed: 7 additions & 1 deletion b/‎lib/src/main/java/com/auth0/jwtdecodejava/impl/HeaderImpl.java‎
Lines changed: 7 additions & 1 deletion
@@ -2,6 +2,7 @@ language: java
 jdk:
   - openjdk7
   - oraclejdk7
+  - oraclejdk8
 before_cache:
   - rm -f  $HOME/.gradle/caches/modules-2/modules-2.lock
   - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
 
@@ -0,0 +1,104 @@
+package com.auth0.jwtdecodejava;
+
+import com.auth0.jwtdecodejava.algorithms.Algorithm;
+import com.auth0.jwtdecodejava.exceptions.JWTDecodeException;
+import com.auth0.jwtdecodejava.interfaces.Claim;
+
+import java.util.Date;
+
+public final class JWT implements com.auth0.jwtdecodejava.interfaces.JWT {
+
+    private final com.auth0.jwtdecodejava.interfaces.JWT jwt;
+
+    JWT(com.auth0.jwtdecodejava.interfaces.JWT jwt) {
+        this.jwt = jwt;
+    }
+
+    /**
+     * Decode a given Token into a JWT instance.
+     * Note that this method doesn't verify the JWT's signature! Use it only if you trust the issuer of the Token.
+     *
+     * @param token the String representation of the JWT.
+     * @return a decoded JWT.
+     * @throws JWTDecodeException if any part of the Token contained an invalid JWT or JSON format.
+     */
+    public static JWT decode(String token) throws JWTDecodeException {
+        return new JWT(JWTDecoder.decode(token));
+    }
+
+    /**
+     * Creates a Verification instance to configure and verify a Token using the given Algorithm.
+     *
+     * @param algorithm the Algorithm to use in JWT verifications.
+     * @return a Verification instance to configure.
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     */
+    public static JWTVerifier.Verification require(Algorithm algorithm) throws IllegalArgumentException {
+        return JWTVerifier.init(algorithm);
+    }
+
+    @Override
+    public boolean isExpired() {
+        return jwt.isExpired();
+    }
+
+    @Override
+    public String getSignature() {
+        return jwt.getSignature();
+    }
+
+    @Override
+    public String getIssuer() {
+        return jwt.getIssuer();
+    }
+
+    @Override
+    public String getSubject() {
+        return jwt.getSubject();
+    }
+
+    @Override
+    public String[] getAudience() {
+        return jwt.getAudience();
+    }
+
+    @Override
+    public Date getExpiresAt() {
+        return jwt.getExpiresAt();
+    }
+
+    @Override
+    public Date getNotBefore() {
+        return jwt.getNotBefore();
+    }
+
+    @Override
+    public Date getIssuedAt() {
+        return jwt.getIssuedAt();
+    }
+
+    @Override
+    public String getId() {
+        return jwt.getId();
+    }
+
+    @Override
+    public Claim getClaim(String name) {
+        return jwt.getClaim(name);
+    }
+
+    @Override
+    public String getAlgorithm() {
+        return jwt.getAlgorithm();
+    }
+
+    @Override
+    public String getType() {
+        return jwt.getType();
+    }
+
+    @Override
+    public String getContentType() {
+        return jwt.getContentType();
+    }
+}
@@ -12,7 +12,7 @@
 /**
  * The JWTDecoder class holds the decode method to parse a given Token into it's JWT representation.
  */
-public final class JWTDecoder implements JWT {
+final class JWTDecoder implements JWT {
 
     private Header header;
     private Payload payload;
@@ -30,7 +30,7 @@ private JWTDecoder(String jwt) throws JWTDecodeException {
      * @return a decoded JWT.
      * @throws JWTDecodeException if any part of the Token contained an invalid JWT or JSON format.
      */
-    public static JWT decode(String token) throws JWTDecodeException {
+    static JWT decode(String token) throws JWTDecodeException {
         return new JWTDecoder(token);
     }
 
 
@@ -3,110 +3,137 @@
 import com.auth0.jwtdecodejava.algorithms.Algorithm;
 import com.auth0.jwtdecodejava.exceptions.*;
 import com.auth0.jwtdecodejava.impl.PublicClaims;
-import com.auth0.jwtdecodejava.interfaces.JWT;
 
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.*;
 
 /**
  * The JWTVerifier class holds the verify method to assert that a given Token has not only a proper JWT format, but also it's signature matches.
  */
-public class JWTVerifier {
+class JWTVerifier {
     private final Algorithm algorithm;
     private final Map<String, Object> claims;
 
-    private JWTVerifier(Algorithm algorithm) throws IllegalArgumentException {
-        if (algorithm == null) {
-            throw new IllegalArgumentException("The Algorithm cannot be null.");
-        }
+    private JWTVerifier(Algorithm algorithm, Map<String, Object> claims) {
         this.algorithm = algorithm;
-        this.claims = new HashMap<>();
+        this.claims = Collections.unmodifiableMap(claims);
     }
 
     /**
      * Initialize a JWTVerifier instance using a HS Algorithm.
      *
-     * @param algorithm a HSAlgorithm. Valid values are HS256, HS384, HS512.
+     * @param algorithm the Algorithm to use on the JWT verification.
      * @return a JWTVerifier instance to configure.
-     * @throws IllegalArgumentException if the provided algorithm is null or if the secret is null.
+     * @throws IllegalArgumentException if the provided algorithm is null.
      */
-    public static JWTVerifier init(Algorithm algorithm) throws IllegalArgumentException {
-        return new JWTVerifier(algorithm);
+    static JWTVerifier.Verification init(Algorithm algorithm) throws IllegalArgumentException {
+        return new Verification(algorithm);
     }
 
-
     /**
-     * Require a specific Issuer ("iss") claim.
-     *
-     * @return this same JWTVerifier instance.
+     * The Verification class holds the Claims required by a JWT to be valid.
      */
-    public JWTVerifier withIssuer(String issuer) {
-        requireClaim(PublicClaims.ISSUER, issuer);
-        return this;
-    }
+    static class Verification {
+        private final Algorithm algorithm;
+        private final Map<String, Object> claims;
 
-    /**
-     * Require a specific Subject ("sub") claim.
-     *
-     * @return this same JWTVerifier instance.
-     */
-    public JWTVerifier withSubject(String subject) {
-        requireClaim(PublicClaims.SUBJECT, subject);
-        return this;
-    }
+        Verification(Algorithm algorithm) throws IllegalArgumentException {
+            if (algorithm == null) {
+                throw new IllegalArgumentException("The Algorithm cannot be null.");
+            }
 
-    /**
-     * Require a specific Audience ("aud") claim.
-     *
-     * @return this same JWTVerifier instance.
-     */
-    public JWTVerifier withAudience(String[] audience) {
-        requireClaim(PublicClaims.AUDIENCE, audience);
-        return this;
-    }
+            this.algorithm = algorithm;
+            this.claims = new HashMap<>();
+        }
 
-    /**
-     * Require a specific Expires At ("exp") claim.
-     *
-     * @return this same JWTVerifier instance.
-     */
-    public JWTVerifier withExpiresAt(Date expiresAt) {
-        requireClaim(PublicClaims.EXPIRES_AT, expiresAt);
-        return this;
-    }
+        /**
+         * Require a specific Issuer ("iss") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withIssuer(String issuer) {
+            requireClaim(PublicClaims.ISSUER, issuer);
+            return this;
+        }
 
-    /**
-     * Require a specific Not Before ("nbf") claim.
-     *
-     * @return this same JWTVerifier instance.
-     */
-    public JWTVerifier withNotBefore(Date notBefore) {
-        requireClaim(PublicClaims.NOT_BEFORE, notBefore);
-        return this;
-    }
+        /**
+         * Require a specific Subject ("sub") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withSubject(String subject) {
+            requireClaim(PublicClaims.SUBJECT, subject);
+            return this;
+        }
 
-    /**
-     * Require a specific Issued At ("iat") claim.
-     *
-     * @return this same JWTVerifier instance.
-     */
-    public JWTVerifier withIssuedAt(Date issuedAt) {
-        requireClaim(PublicClaims.ISSUED_AT, issuedAt);
-        return this;
-    }
+        /**
+         * Require a specific Audience ("aud") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withAudience(String[] audience) {
+            requireClaim(PublicClaims.AUDIENCE, audience);
+            return this;
+        }
 
-    /**
-     * Require a specific JWT Id ("jti") claim.
-     *
-     * @return this same JWTVerifier instance.
-     */
-    public JWTVerifier withJWTId(String jwtId) {
-        requireClaim(PublicClaims.JWT_ID, jwtId);
-        return this;
+        /**
+         * Require a specific Expires At ("exp") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withExpiresAt(Date expiresAt) {
+            requireClaim(PublicClaims.EXPIRES_AT, expiresAt);
+            return this;
+        }
+
+        /**
+         * Require a specific Not Before ("nbf") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withNotBefore(Date notBefore) {
+            requireClaim(PublicClaims.NOT_BEFORE, notBefore);
+            return this;
+        }
+
+        /**
+         * Require a specific Issued At ("iat") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withIssuedAt(Date issuedAt) {
+            requireClaim(PublicClaims.ISSUED_AT, issuedAt);
+            return this;
+        }
+
+        /**
+         * Require a specific JWT Id ("jti") claim.
+         *
+         * @return this same Verification instance.
+         */
+        public Verification withJWTId(String jwtId) {
+            requireClaim(PublicClaims.JWT_ID, jwtId);
+            return this;
+        }
+
+        /**
+         * Creates a new and reusable instance of the JWTVerifier with the configuration already provided.
+         *
+         * @return a new JWTVerifier instance.
+         */
+        public JWTVerifier build() {
+            return new JWTVerifier(algorithm, claims);
+        }
+
+        private void requireClaim(String name, Object value) {
+            if (value == null) {
+                claims.remove(name);
+                return;
+            }
+            claims.put(name, value);
+        }
     }
 
+
     /**
      * Perform the verification against the given Token, using any previous configured options.
      *
@@ -116,7 +143,7 @@ public JWTVerifier withJWTId(String jwtId) {
      * @throws JWTVerificationException if any of the required contents inside the JWT is invalid.
      */
     public JWT verify(String token) throws JWTDecodeException, JWTVerificationException {
-        JWT jwt = JWTDecoder.decode(token);
+        JWT jwt = new JWT(JWTDecoder.decode(token));
         verifyAlgorithm(jwt, algorithm);
         verifySignature(SignUtils.splitToken(token));
         verifyClaims(jwt, claims);
@@ -155,12 +182,4 @@ private void assertValidClaim(JWT jwt, String claimName, Object expectedValue) t
             throw new InvalidClaimException(String.format("The Claim '%s' value doesn't match the required one.", claimName));
         }
     }
-
-    private void requireClaim(String name, Object value) {
-        if (value == null) {
-            claims.remove(name);
-            return;
-        }
-        claims.put(name, value);
-    }
 }
@@ -3,6 +3,8 @@
 import com.auth0.jwtdecodejava.interfaces.Header;
 import com.fasterxml.jackson.databind.JsonNode;
 
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 
 import static com.auth0.jwtdecodejava.impl.ClaimImpl.extractClaim;
@@ -15,7 +17,11 @@ class HeaderImpl implements Header {
     private final Map<String, JsonNode> tree;
 
     HeaderImpl(Map<String, JsonNode> tree) {
-        this.tree = tree;
+        this.tree = Collections.unmodifiableMap(tree == null ? new HashMap<String, JsonNode>() : tree);
+    }
+
+    Map<String, JsonNode> getTree() {
+        return tree;
     }
 
     @Override