diff --git a/CHANGELOG.md b/CHANGELOG.md
index 66481f12a..1168cdf20 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
## Release Notes
+### JJWT_RELEASE_VERSION
+
+Enabled reflective access on JDK 17+ to `java.io.ByteArrayInputStream` and `sun.security.util.KeyUtil` for
+`jjwt-impl.jar`
+
### 0.12.0
This is a big release! JJWT now fully supports Encrypted JSON Web Tokens (JWE), JSON Web Keys (JWK) and more! See the
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/io/Streams.java b/impl/src/main/java/io/jsonwebtoken/impl/io/Streams.java
index f556a7e96..15a81df03 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/io/Streams.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/io/Streams.java
@@ -15,6 +15,7 @@
*/
package io.jsonwebtoken.impl.io;
+import io.jsonwebtoken.impl.lang.AddOpens;
import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Classes;
@@ -42,6 +43,11 @@ public class Streams {
*/
public static final int EOF = -1;
+ static {
+ // For reflective access to ByteArrayInputStream via the 'bytes' static method on >= JDK 9:
+ AddOpens.open("java.base", "java.io");
+ }
+
public static byte[] bytes(final InputStream in, String exmsg) {
if (in instanceof ByteArrayInputStream) {
return Classes.getFieldValue(in, "buf", byte[].class);
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/lang/AddOpens.java b/impl/src/main/java/io/jsonwebtoken/impl/lang/AddOpens.java
new file mode 100644
index 000000000..a693230d1
--- /dev/null
+++ b/impl/src/main/java/io/jsonwebtoken/impl/lang/AddOpens.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2021 Stefan Zobel
+ * Copyright © 2023 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.jsonwebtoken.impl.lang;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+
+/**
+ * A utility class that allows to open arbitrary packages to the calling module
+ * at runtime, so it is a kind of dynamic device for "--add-opens" that could be
+ * used inside libraries instead of forcing the application to be run with
+ * command line parameters like "--add-opens java.base/java.util=ALL-UNNAMED" or
+ * having the "Add-Opens:" entries supplied in the application Jar manifest.
+ * Note that this still works in the Java 17 GA release, dated 2021-09-14 but it
+ * may break at any time in the future (theoretically even for a minor
+ * release!).
+ *
+ * @since JJWT_RELEASE_VERSION, gratefully copied from https://github.com/stefan-zobel/wip/blob/b74e927edddf19a5dce7c8610835f620c0b6f557/src/main/java/misc/AddOpens.java
+ * under the terms of the Apache 2 open source license (same as the JJWT license).
+ */
+public final class AddOpens {
+
+ // field offset of the override field (Warning: this may change at any time!)
+ private static final long OVERRIDE_OFFSET = 12;
+ private static final sun.misc.Unsafe U = getUnsafe();
+
+ private AddOpens() {
+ throw new AssertionError();
+ }
+
+ /**
+ * Open one or more packages in the given module to the current module. Example
+ * usage:
+ *
+ * {@code
+ * boolean success = AddOpens.open("java.base", "java.util", "java.net");
+ * }
+ *
+ * @param moduleName the module you want to open
+ * @param packageNames packages in that module you want to be opened
+ * @return {@code true} if the open operation has succeeded for all packages,
+ * otherwise {@code false}
+ */
+ public static boolean open(String moduleName, String... packageNames) {
+ // Use reflection so that this code can run on Java 8
+ Class javaLangModule;
+ try {
+ javaLangModule = Class.forName("java.lang.Module");
+ } catch (Throwable t) {
+ // we must be < Java 9
+ return true;
+ }
+ try {
+ // the module we are currently running in (either named or unnamed)
+ Object thisModule = getCurrentModule();
+ // find the module to open
+ Object targetModule = findModule(moduleName);
+ // get the method that is also used by "--add-opens"
+ Method m = javaLangModule.getDeclaredMethod("implAddOpens", String.class, javaLangModule);
+ // override language-level access checks
+ setAccessible(m);
+ // open given packages in the target module to this module
+ for (String package_ : packageNames) {
+ m.invoke(targetModule, package_, thisModule);
+ }
+ return true;
+ } catch (Throwable ignore) {
+ return false;
+ }
+ }
+
+ private static Object findModule(String moduleName) {
+ // Use reflection so that this code can run on Java 8
+ try {
+ Class moduleLayerClass = Class.forName("java.lang.ModuleLayer");
+ Method bootMethod = moduleLayerClass.getDeclaredMethod("boot");
+ Object bootLayer = bootMethod.invoke(null);
+ Method findModuleMethod = moduleLayerClass.getDeclaredMethod("findModule", String.class);
+ Object optionalModule = findModuleMethod.invoke(bootLayer, moduleName);
+ Class optionalClass = Class.forName("java.util.Optional");
+ Method getMethod = optionalClass.getDeclaredMethod("get");
+ return getMethod.invoke(optionalModule);
+ } catch (Throwable t) {
+ return null;
+ }
+ }
+
+ private static Object getCurrentModule() {
+ // Use reflection so that this code can run on Java 8
+ try {
+ Method m = Class.class.getDeclaredMethod("getModule");
+ setAccessible(m);
+ return m.invoke(AddOpens.class);
+ } catch (Throwable t) {
+ return null;
+ }
+ }
+
+ private static void setAccessible(Method method) {
+ if (U != null) {
+ U.putBoolean(method, OVERRIDE_OFFSET, true);
+ }
+ }
+
+ private static sun.misc.Unsafe getUnsafe() {
+ try {
+ Field unsafe = sun.misc.Unsafe.class.getDeclaredField("theUnsafe");
+ unsafe.setAccessible(true);
+ return (sun.misc.Unsafe) unsafe.get(null);
+ } catch (Throwable ignore) {
+ return null;
+ }
+ }
+}
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/lang/Services.java b/impl/src/main/java/io/jsonwebtoken/impl/lang/Services.java
index 2f6f619b2..cd9c2f11a 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/lang/Services.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/lang/Services.java
@@ -18,7 +18,6 @@
import io.jsonwebtoken.lang.Assert;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
import java.util.ServiceLoader;
import java.util.concurrent.ConcurrentHashMap;
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/security/KeysBridge.java b/impl/src/main/java/io/jsonwebtoken/impl/security/KeysBridge.java
index e98b3d8a4..980b01bf1 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/security/KeysBridge.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/security/KeysBridge.java
@@ -15,6 +15,7 @@
*/
package io.jsonwebtoken.impl.security;
+import io.jsonwebtoken.impl.lang.AddOpens;
import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.impl.lang.OptionalMethodInvoker;
import io.jsonwebtoken.lang.Assert;
@@ -41,6 +42,11 @@ public final class KeysBridge {
new OptionalMethodInvoker<>(SUN_KEYUTIL_CLASSNAME, "getKeySize", Key.class, true);
private static final String SUN_KEYUTIL_ERR = "Unexpected " + SUN_KEYUTIL_CLASSNAME + " invocation error.";
+ static {
+ // For reflective access to KeyUtil on >= JDK 9:
+ AddOpens.open("java.base", "sun.security.util");
+ }
+
// prevent instantiation
private KeysBridge() {
}
diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/io/FakeServiceDescriptorClassLoader.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/io/FakeServiceDescriptorClassLoader.groovy
deleted file mode 100644
index 4e2ea5088..000000000
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/io/FakeServiceDescriptorClassLoader.groovy
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2019 jsonwebtoken.io
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package io.jsonwebtoken.impl.io
-
-class FakeServiceDescriptorClassLoader extends ClassLoader {
- private String serviceDescriptor
-
- FakeServiceDescriptorClassLoader(ClassLoader parent, String serviceDescriptor) {
- super(parent)
- this.serviceDescriptor = serviceDescriptor
- }
-
- @Override
- Enumeration getResources(String name) throws IOException {
- if (name.startsWith("META-INF/services/")) {
- return super.getResources(serviceDescriptor)
- } else {
- return super.getResources(name)
- }
- }
-
- static void runWithFake(String fakeDescriptor, Closure closure) {
- ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader()
- try {
- Thread.currentThread().setContextClassLoader(new FakeServiceDescriptorClassLoader(originalClassLoader, fakeDescriptor))
- closure.run()
- } finally {
- if(originalClassLoader != null) {
- Thread.currentThread().setContextClassLoader(originalClassLoader)
- }
- }
- }
-}
\ No newline at end of file
diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/io/NoServiceDescriptorClassLoader.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/io/NoServiceDescriptorClassLoader.groovy
deleted file mode 100644
index 4dc95e52c..000000000
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/io/NoServiceDescriptorClassLoader.groovy
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2019 jsonwebtoken.io
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package io.jsonwebtoken.impl.io
-
-class NoServiceDescriptorClassLoader extends ClassLoader {
- NoServiceDescriptorClassLoader(ClassLoader parent) {
- super(parent)
- }
-
- @Override
- Enumeration getResources(String name) throws IOException {
- if (name.startsWith("META-INF/services/")) {
- return Collections.emptyEnumeration()
- } else {
- return super.getResources(name)
- }
- }
-
- static void runWith(Closure closure) {
- ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader()
- try {
- Thread.currentThread().setContextClassLoader(new NoServiceDescriptorClassLoader(originalClassLoader))
- closure.run()
- } finally {
- if(originalClassLoader != null) {
- Thread.currentThread().setContextClassLoader(originalClassLoader)
- }
- }
- }
-}
\ No newline at end of file
diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/lang/DefaultRegistryTest.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/lang/DefaultRegistryTest.groovy
index 712d6de11..8e0f3b739 100644
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/lang/DefaultRegistryTest.groovy
+++ b/impl/src/test/groovy/io/jsonwebtoken/impl/lang/DefaultRegistryTest.groovy
@@ -76,6 +76,6 @@ class DefaultRegistryTest {
@Test
void testToString() {
- assertEquals reg.@DELEGATE.toString(), reg.toString()
+ assertEquals '{a=a, b=b, c=c, d=d}', reg.toString()
}
}
diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/lang/ServicesTest.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/lang/ServicesTest.groovy
index 6ce428992..8af9300e7 100644
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/lang/ServicesTest.groovy
+++ b/impl/src/test/groovy/io/jsonwebtoken/impl/lang/ServicesTest.groovy
@@ -19,17 +19,9 @@ import io.jsonwebtoken.StubService
import io.jsonwebtoken.impl.DefaultStubService
import org.junit.After
import org.junit.Test
-import org.junit.runner.RunWith
-import org.powermock.api.easymock.PowerMock
-import org.powermock.core.classloader.annotations.PrepareForTest
-import org.powermock.modules.junit4.PowerMockRunner
-
-import java.lang.reflect.Field
import static org.junit.Assert.*
-@RunWith(PowerMockRunner.class)
-@PrepareForTest([Services])
class ServicesTest {
@Test
@@ -41,9 +33,7 @@ class ServicesTest {
@Test(expected = UnavailableImplementationException)
void testLoadFirstUnavailable() {
- NoServicesClassLoader.runWith {
- Services.loadFirst(StubService.class)
- }
+ Services.loadFirst(NoService.class)
}
@Test
@@ -55,9 +45,7 @@ class ServicesTest {
@Test(expected = UnavailableImplementationException)
void testLoadAllUnavailable() {
- NoServicesClassLoader.runWith {
- Services.loadAll(StubService.class)
- }
+ Services.loadAll(NoService.class)
}
@Test
@@ -79,38 +67,5 @@ class ServicesTest {
Services.reload();
}
- static class NoServicesClassLoader extends ClassLoader {
- private NoServicesClassLoader(ClassLoader parent) {
- super(parent)
- }
-
- @Override
- Enumeration getResources(String name) throws IOException {
- if (name.startsWith("META-INF/services/")) {
- return Collections.emptyEnumeration()
- } else {
- return super.getResources(name)
- }
- }
-
- static void runWith(Closure closure) {
- Field field = PowerMock.field(Services.class, "CLASS_LOADER_ACCESSORS")
- def originalValue = field.get(Services.class)
- try {
- // use powermock to change the list of the classloaders we are using
- List classLoaderAccessors = [
- new Services.ClassLoaderAccessor() {
- @Override
- ClassLoader getClassLoader() {
- return new NoServicesClassLoader(Thread.currentThread().getContextClassLoader())
- }
- }
- ]
- field.set(Services.class, classLoaderAccessors)
- closure.run()
- } finally {
- field.set(Services.class, originalValue)
- }
- }
- }
+ interface NoService {} // no implementations
}
diff --git a/pom.xml b/pom.xml
index 14f907324..9d5455009 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,8 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-
+
4.0.0
io.jsonwebtoken
@@ -90,13 +91,13 @@
UTF-8
-
+
${basedir}
0.11.2
- 3.2.2
- 3.8.1
+ 3.3.0
+ 3.11.0
3.1.1
3.2.1
3.1.0
@@ -106,14 +107,14 @@
4.2.rc3
true
- 1.7
+ 7
${user.name}-${maven.build.timestamp}
2.12.7.1
20230618
2.9.0
-
+
1.76
@@ -129,31 +130,11 @@
3.0.0-M5
4.3.1
${jjwt.root}/target/clover/clover.db
-
+
- --add-opens java.base/java.time.zone=ALL-UNNAMED,
- --add-opens java.base/java.lang.ref=ALL-UNNAMED,
- --add-opens java.base/java.lang=ALL-UNNAMED,
- --add-opens java.base/java.lang.reflect=ALL-UNNAMED,
- --add-opens java.base/java.net=ALL-UNNAMED,
- --add-opens java.base/java.nio.charset=ALL-UNNAMED,
- --add-opens java.base/java.nio.file=ALL-UNNAMED,
- --add-opens java.base/java.security.cert=ALL-UNNAMED,
- --add-opens java.base/java.text=ALL-UNNAMED,
- --add-opens java.base/java.util.regex=ALL-UNNAMED,
- --add-opens java.base/java.util.stream=ALL-UNNAMED,
- --add-opens java.base/java.util.concurrent=ALL-UNNAMED,
- --add-opens java.base/java.util.concurrent.atomic=ALL-UNNAMED,
- --add-opens java.base/java.util.concurrent.locks=ALL-UNNAMED,
- --add-opens java.base/java.time=ALL-UNNAMED,
- --add-opens java.base/java.util=ALL-UNNAMED,
- --add-opens java.base/java.io=ALL-UNNAMED,
- --add-opens java.base/java.security=ALL-UNNAMED,
- --add-opens java.base/jdk.internal.loader=ALL-UNNAMED,
- --add-opens java.base/sun.nio.fs=ALL-UNNAMED,
- --add-opens java.base/sun.security.x509=ALL-UNNAMED,
- --add-opens java.base/sun.security.util=ALL-UNNAMED,
- --add-opens java.logging/java.util.logging=ALL-UNNAMED
+ --add-opens java.base/java.lang=ALL-UNNAMED,
+ --add-opens java.desktop/java.beans=ALL-UNNAMED,
+ --add-opens java.base/java.lang.ref=ALL-UNNAMED
@@ -309,6 +290,7 @@
io/jsonwebtoken/impl/io/FilteredInputStream.java
io/jsonwebtoken/impl/io/FilteredOutputStream.java
io/jsonwebtoken/impl/io/CharSequenceReader.java
+ io/jsonwebtoken/impl/lang/AddOpens.java
100.000000%
100.000000%
@@ -387,6 +369,20 @@
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ ${maven.jar.version}
+
+
+
+ true
+ true
+
+ ${project.build.outputDirectory}/META-INF/MANIFEST.MF
+
+
+
org.apache.maven.plugins
maven-source-plugin
@@ -478,7 +474,8 @@
-
+
@@ -517,6 +514,40 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
org.apache.maven.plugins
maven-compiler-plugin
@@ -609,7 +640,7 @@
org.apache.felix
maven-bundle-plugin
- 3.3.0
+ 3.5.0
bundle-manifest
@@ -628,18 +659,6 @@
org.apache.maven.plugins
maven-jar-plugin
- ${maven.jar.version}
-
-
-
- true
- true
-
-
- ${project.build.outputDirectory}/META-INF/MANIFEST.MF
-
-
-
io.jsonwebtoken.coveralls
@@ -655,6 +674,8 @@
1.7
+ 3.2.2
+ 3.8.1
bcprov-jdk15to18
bcpkix-jdk15to18
@@ -665,13 +686,39 @@
[1.8,)
- 1.13.1
+ 3.0.2
3.0.19
4.2
2.0.7
0.15.6
+ 3.1.2
+ 3.1.2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
jdk9AndLater
@@ -679,6 +726,8 @@
[1.9,)
+ 3.11.0
+ false
-html5
${test.addOpens}, --illegal-access=debug