lccodes
diff --git a/‎lib/src/main/java/com/auth0/jwt/JWTVerifier.java‎
Lines changed: 4 additions & 1 deletion b/‎lib/src/main/java/com/auth0/jwt/JWTVerifier.java‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java‎
Lines changed: 12 additions & 5 deletions b/‎lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java‎
Lines changed: 12 additions & 5 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java‎
Lines changed: 10 additions & 10 deletions b/‎lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java‎
Lines changed: 4 additions & 7 deletions b/‎lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java‎
Lines changed: 4 additions & 7 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwt/algorithms/NoneAlgorithm.java‎
Lines changed: 3 additions & 3 deletions b/‎lib/src/main/java/com/auth0/jwt/algorithms/NoneAlgorithm.java‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java‎
Lines changed: 4 additions & 7 deletions b/‎lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java‎
Lines changed: 4 additions & 7 deletions
diff --git a/‎lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmUtils.java‎
Lines changed: 16 additions & 0 deletions b/‎lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmUtils.java‎
Lines changed: 16 additions & 0 deletions
@@ -3,6 +3,7 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.*;
 import com.auth0.jwt.impl.PublicClaims;
+import org.apache.commons.codec.binary.Base64;
 
 import java.util.*;
 
@@ -213,7 +214,9 @@ public JWT verify(String token) throws JWTDecodeException, JWTVerificationExcept
     }
 
     private void verifySignature(String[] parts) throws SignatureVerificationException {
-        algorithm.verify(parts);
+        byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes();
+        byte[] signature = Base64.decodeBase64(parts[2]);
+        algorithm.verify(content, signature);
     }
 
     private void verifyAlgorithm(JWT jwt, Algorithm expectedAlgorithm) throws AlgorithmMismatchException {
 
@@ -137,12 +137,19 @@ public String toString() {
     }
 
     /**
-     * Verify the given JWT parts using this Algorithm instance.
+     * Verify the given content using this Algorithm instance.
      *
-     * @param jwtParts a valid array of size 3 representing the JWT parts.
-     * @throws SignatureVerificationException if the Token's Signature is invalid.
+     * @param contentBytes   an array of bytes representing the base64 encoded content to be verified against the signature.
+     * @param signatureBytes an array of bytes representing the base64 encoded signature to compare the content against.
+     * @throws SignatureVerificationException if the Token's Signature is invalid, meaning that it doesn't match the signatureBytes, or if the Key is invalid.
      */
-    public abstract void verify(String[] jwtParts) throws SignatureVerificationException;
+    public abstract void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException;
 
-    public abstract byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException;
+    /**
+     * Sign the given content using this Algorithm instance.
+     *
+     * @param contentBytes an array of bytes representing the base64 encoded content to be verified against the signature.
+     * @throws SignatureGenerationException if the Key is invalid.
+     */
+    public abstract byte[] sign(byte[] contentBytes) throws SignatureGenerationException;
 }
@@ -2,9 +2,11 @@
 
 import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
-import org.apache.commons.codec.binary.Base64;
 
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.SignatureException;
 import java.security.interfaces.ECKey;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
@@ -34,17 +36,15 @@ ECKey getKey() {
     }
 
     @Override
-    public void verify(String[] jwtParts) throws SignatureVerificationException {
+    public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
         if (!(key instanceof ECPublicKey)) {
             throw new IllegalArgumentException("The given ECKey is not an ECPublicKey.");
         }
         try {
-            String content = String.format("%s.%s", jwtParts[0], jwtParts[1]);
-            byte[] signature = Base64.decodeBase64(jwtParts[2]);
-            if (!isDERSignature(signature)) {
-                signature = JOSEToDER(signature);
+            if (!isDERSignature(signatureBytes)) {
+                signatureBytes = JOSEToDER(signatureBytes);
             }
-            boolean valid = crypto.verifySignatureFor(getDescription(), (ECPublicKey) key, content.getBytes(), signature);
+            boolean valid = crypto.verifySignatureFor(getDescription(), (ECPublicKey) key, contentBytes, signatureBytes);
 
             if (!valid) {
                 throw new SignatureVerificationException(this);
@@ -55,12 +55,12 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
     }
 
     @Override
-    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+    public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         try {
             if (!(key instanceof ECPrivateKey)) {
                 throw new IllegalArgumentException("The given ECKey is not a ECPrivateKey.");
             }
-            return crypto.createSignatureFor(getDescription(), (PrivateKey) key, headerAndPayloadBytes);
+            return crypto.createSignatureFor(getDescription(), (PrivateKey) key, contentBytes);
         } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalArgumentException e) {
             throw new SignatureGenerationException(this, e);
         }
 
@@ -2,7 +2,6 @@
 
 import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
-import org.apache.commons.codec.binary.Base64;
 
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -30,11 +29,9 @@ String getSecret() {
     }
 
     @Override
-    public void verify(String[] jwtParts) throws SignatureVerificationException {
+    public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
         try {
-            String message = String.format("%s.%s", jwtParts[0], jwtParts[1]);
-            byte[] signature = Base64.decodeBase64(jwtParts[2]);
-            boolean valid = crypto.verifyMacFor(getDescription(), secret.getBytes(), message.getBytes(), signature);
+            boolean valid = crypto.verifyMacFor(getDescription(), secret.getBytes(), contentBytes, signatureBytes);
 
             if (!valid) {
                 throw new SignatureVerificationException(this);
@@ -45,9 +42,9 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
     }
 
     @Override
-    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+    public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         try {
-            return crypto.createMacFor(getDescription(), secret.getBytes(), headerAndPayloadBytes);
+            return crypto.createMacFor(getDescription(), secret.getBytes(), contentBytes);
         } catch (NoSuchAlgorithmException | InvalidKeyException e) {
             throw new SignatureGenerationException(this, e);
         }
 
@@ -10,14 +10,14 @@ class NoneAlgorithm extends Algorithm {
     }
 
     @Override
-    public void verify(String[] jwtParts) throws SignatureVerificationException {
-        if (!jwtParts[2].isEmpty()) {
+    public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
+        if (signatureBytes.length > 0) {
             throw new SignatureVerificationException(this);
         }
     }
 
     @Override
-    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+    public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         return new byte[0];
     }
 }
@@ -2,7 +2,6 @@
 
 import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
-import org.apache.commons.codec.binary.Base64;
 
 import java.security.*;
 import java.security.interfaces.RSAKey;
@@ -32,14 +31,12 @@ RSAKey getKey() {
     }
 
     @Override
-    public void verify(String[] jwtParts) throws SignatureVerificationException {
+    public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
         if (!(key instanceof PublicKey)) {
             throw new IllegalArgumentException("The given RSAKey is not a RSAPublicKey.");
         }
         try {
-            String content = String.format("%s.%s", jwtParts[0], jwtParts[1]);
-            byte[] signature = Base64.decodeBase64(jwtParts[2]);
-            boolean valid = crypto.verifySignatureFor(getDescription(), (RSAPublicKey) key, content.getBytes(), signature);
+            boolean valid = crypto.verifySignatureFor(getDescription(), (RSAPublicKey) key, contentBytes, signatureBytes);
 
             if (!valid) {
                 throw new SignatureVerificationException(this);
@@ -50,12 +47,12 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
     }
 
     @Override
-    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+    public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         try {
             if (!(key instanceof PrivateKey)) {
                 throw new IllegalArgumentException("The given RSAKey is not a RSAPrivateKey.");
             }
-            return crypto.createSignatureFor(getDescription(), (RSAPrivateKey) key, headerAndPayloadBytes);
+            return crypto.createSignatureFor(getDescription(), (RSAPrivateKey) key, contentBytes);
         } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalArgumentException e) {
             throw new SignatureGenerationException(this, e);
         }
 
@@ -0,0 +1,16 @@
+package com.auth0.jwt.algorithms;
+
+import org.apache.commons.codec.binary.Base64;
+
+class AlgorithmUtils {
+
+    static void verify(Algorithm algorithm, String jwt) {
+        String[] parts = jwt.split("\\.");
+        byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes();
+        byte[] signature = new byte[0];
+        if (parts.length == 3) {
+            signature = Base64.decodeBase64(parts[2]);
+        }
+        algorithm.verify(content, signature);
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`import com.auth0.jwt.algorithms.Algorithm;`
`4`	`4`	`import com.auth0.jwt.exceptions.*;`
`5`	`5`	`import com.auth0.jwt.impl.PublicClaims;`
	`6`	`+import org.apache.commons.codec.binary.Base64;`
`6`	`7`
`7`	`8`	`import java.util.*;`
`8`	`9`
`@@ -213,7 +214,9 @@ public JWT verify(String token) throws JWTDecodeException, JWTVerificationExcept`
`213`	`214`	`}`
`214`	`215`
`215`	`216`	`private void verifySignature(String[] parts) throws SignatureVerificationException {`
`216`		`- algorithm.verify(parts);`
	`217`	`+ byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes();`
	`218`	`+ byte[] signature = Base64.decodeBase64(parts[2]);`
	`219`	`+ algorithm.verify(content, signature);`
`217`	`220`	`}`
`218`	`221`
`219`	`222`	`private void verifyAlgorithm(JWT jwt, Algorithm expectedAlgorithm) throws AlgorithmMismatchException {`
Original file line number	Diff line number	Diff line change
`@@ -10,14 +10,14 @@ class NoneAlgorithm extends Algorithm {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`@Override`
`13`		`- public void verify(String[] jwtParts) throws SignatureVerificationException {`
`14`		`- if (!jwtParts[2].isEmpty()) {`
	`13`	`+ public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {`
	`14`	`+ if (signatureBytes.length > 0) {`
`15`	`15`	`throw new SignatureVerificationException(this);`
`16`	`16`	`}`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`@Override`
`20`		`- public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {`
	`20`	`+ public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {`
`21`	`21`	`return new byte[0];`
`22`	`22`	`}`
`23`	`23`	`}`