Skip to content

Commit a8c3103

Browse files
thaggiethaggie
committed
JWTVerifier was creating a URL safe base 64 decoder but wasn't using it as it was using the non URL safe static methods on Base64.
I'm assuming here that a) these things are wanted to be decoded URL safe b) the verifier isn't expected to be thread safe.
1 parent e040916 commit a8c3103

File tree

1 file changed

+10
-13
lines changed

1 file changed

+10
-13
lines changed

src/main/java/com/auth0/jwt/JWTVerifier.java

Lines changed: 10 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,22 @@
11
package com.auth0.jwt;
22

3-
import com.fasterxml.jackson.databind.JsonNode;
4-
import com.fasterxml.jackson.databind.ObjectMapper;
5-
6-
import org.apache.commons.codec.binary.Base64;
7-
8-
import javax.crypto.Mac;
9-
import javax.crypto.spec.SecretKeySpec;
10-
113
import java.io.IOException;
12-
import java.io.UnsupportedEncodingException;
134
import java.nio.charset.Charset;
145
import java.security.InvalidKeyException;
156
import java.security.MessageDigest;
167
import java.security.NoSuchAlgorithmException;
178
import java.security.SignatureException;
18-
import java.util.ArrayList;
19-
import java.util.Arrays;
209
import java.util.HashMap;
2110
import java.util.Map;
2211

12+
import javax.crypto.Mac;
13+
import javax.crypto.spec.SecretKeySpec;
14+
15+
import org.apache.commons.codec.binary.Base64;
16+
17+
import com.fasterxml.jackson.databind.JsonNode;
18+
import com.fasterxml.jackson.databind.ObjectMapper;
19+
2320
/**
2421
* JWT Java Implementation
2522
* Adapted from https://bitbucket.org/lluisfaja/javajwt/wiki/Home
@@ -119,7 +116,7 @@ void verifySignature(String[] pieces, String algorithm) throws NoSuchAlgorithmEx
119116
hmac.init(new SecretKeySpec(secret, algorithm));
120117
byte[] sig = hmac.doFinal(new StringBuilder(pieces[0]).append(".").append(pieces[1]).toString().getBytes());
121118

122-
if (!MessageDigest.isEqual(sig, decoder.decodeBase64(pieces[2]))) {
119+
if (!MessageDigest.isEqual(sig, decoder.decode(pieces[2]))) {
123120
throw new SignatureException("signature verification failed");
124121
}
125122
}
@@ -173,7 +170,7 @@ String getAlgorithm(JsonNode jwtHeader) {
173170
}
174171

175172
JsonNode decodeAndParse(String b64String) throws IOException {
176-
String jsonString = new String(decoder.decodeBase64(b64String), "UTF-8");
173+
String jsonString = new String(decoder.decode(b64String), "UTF-8");
177174
JsonNode jwtHeader = mapper.readValue(jsonString, JsonNode.class);
178175
return jwtHeader;
179176
}

0 commit comments

Comments
 (0)