IterativelyLabs · KarlNosworthy · May 3, 2019 · May 3, 2019 · May 4, 2019 · May 4, 2019
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,5 @@
-#Thu Apr 25 21:34:06 BST 2019
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.1.1-all.zip
diff --git a/gradlew b/gradlew
diff --git a/gradlew.bat b/gradlew.bat
diff --git a/lib/.gitignore → library/.gitignore b/lib/.gitignore → library/.gitignore
diff --git a/lib/build.gradle → library/build.gradle b/lib/build.gradle → library/build.gradle
@@ -4,6 +4,7 @@ apply plugin: 'kotlin-android'
 
 android {
     compileSdkVersion 28
+    testOptions.unitTests.includeAndroidResources = true
 
     defaultConfig {
         minSdkVersion 21

diff --git a/lib/proguard-rules.pro → library/proguard-rules.pro b/lib/proguard-rules.pro → library/proguard-rules.pro
diff --git a/lib/src/main/AndroidManifest.xml → library/src/main/AndroidManifest.xml b/lib/src/main/AndroidManifest.xml → library/src/main/AndroidManifest.xml
diff --git a/...java/com/iterativelylabs/simplejwt/JWT.kt → ...java/com/iterativelylabs/simplejwt/JWT.kt b/...java/com/iterativelylabs/simplejwt/JWT.kt → ...java/com/iterativelylabs/simplejwt/JWT.kt
@@ -4,6 +4,7 @@ import android.util.Base64
 import com.google.gson.Gson
 import com.google.gson.GsonBuilder
 import com.google.gson.reflect.TypeToken
+import com.iterativelylabs.simplejwt.internal.JWTPayloadDeserializer
 import java.lang.reflect.Type
 
 class JWT(private val token: String) {
@@ -26,17 +27,23 @@ class JWT(private val token: String) {
     }
 
     init {
-        gson = GsonBuilder().registerTypeAdapter(JWTPayload::class.java, JWTPayloadDeserializer()).create()
+        gson = GsonBuilder().registerTypeAdapter(JWTPayload::class.java,
+            JWTPayloadDeserializer()
+        ).create()
         decodeToken()
     }
 
+    @Throws(IllegalArgumentException::class)
     private fun decodeToken() {
-        val parts = arrayOf("","","")
+        if (token.isEmpty() || token.count { it == '.' }  != 2) throw IllegalArgumentException("Token is empty or formatted incorrectly")
 
+        val parts = arrayOf("","","")
         token.split(".").forEachIndexed { index, part ->
             parts[index] = part
         }
 
+        if (parts[2].isEmpty()) throw IllegalArgumentException("Signature is missing from Token")
+
         header = decodeToType(parts[0], stringMapType) ?: mapOf()
         payload = decodeToType(parts[1], JWTPayload::class.java) as? JWTPayload
         signature = parts[2]

diff --git a/...m/iterativelylabs/simplejwt/JWTPayload.kt → ...m/iterativelylabs/simplejwt/JWTPayload.kt b/...m/iterativelylabs/simplejwt/JWTPayload.kt → ...m/iterativelylabs/simplejwt/JWTPayload.kt
diff --git a/...ylabs/simplejwt/JWTPayloadDeserializer.kt → ...plejwt/internal/JWTPayloadDeserializer.kt b/...ylabs/simplejwt/JWTPayloadDeserializer.kt → ...plejwt/internal/JWTPayloadDeserializer.kt
@@ -1,14 +1,16 @@
-package com.iterativelylabs.simplejwt
+package com.iterativelylabs.simplejwt.internal
 
 import com.google.gson.JsonDeserializationContext
 import com.google.gson.JsonDeserializer
 import com.google.gson.JsonElement
 import java.lang.reflect.Type
 import com.google.gson.JsonObject
+import com.iterativelylabs.simplejwt.JWTClaim
+import com.iterativelylabs.simplejwt.JWTPayload
 import java.util.*
 
 
-class JWTPayloadDeserializer : JsonDeserializer<JWTPayload> {
+internal class JWTPayloadDeserializer : JsonDeserializer<JWTPayload> {
 
     private val RegisteredClaimNames = listOf("iss", "sub", "exp", "nbf", "iat", "jti", "aud")
 
@@ -35,7 +37,16 @@ class JWTPayloadDeserializer : JsonDeserializer<JWTPayload> {
                 }
             }
 
-            payload = JWTPayload(issuer, subject, expiresAt, notBefore, issuedAt, tokenId, listOf(), claims.toMap())
+            payload = JWTPayload(
+                issuer,
+                subject,
+                expiresAt,
+                notBefore,
+                issuedAt,
+                tokenId,
+                listOf(),
+                claims.toMap()
+            )
         }
 
         return payload

diff --git a/.../com/iterativelylabs/simplejwt/JWTTest.kt → .../com/iterativelylabs/simplejwt/JWTTest.kt b/.../com/iterativelylabs/simplejwt/JWTTest.kt → .../com/iterativelylabs/simplejwt/JWTTest.kt
@@ -9,6 +9,21 @@ import java.util.*
 @RunWith(AndroidJUnit4::class)
 class JWTTest {
 
+    @Test(expected = IllegalArgumentException::class)
+    fun `test empty token handling`() {
+        JWT("")
+    }
+
+    @Test(expected = IllegalArgumentException::class)
+    fun `test token with incorrect format handling`() {
+        JWT(".")
+    }
+
+    @Test(expected = IllegalArgumentException::class)
+    fun `test token with missing signature handling`() {
+        JWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3ZjcyN2ZjNy05OWE2LTRiOTMtYTljZi1mYTg0MTc2Mjk2ZmEiLCJpYXQiOjE1NTc0Nzk4ODB9.")
+    }
+
     @Test
     fun `test HS256 JWT token with no private claims`() {
         val tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3ZjcyN2ZjNy05OWE2LTRiOTMtYTljZi1mYTg0MTc2Mjk2ZmEiLCJpYXQiOjE1NTc0Nzk4ODB9.qdwAtmsTuo87rOOIX73Ea07JdvH8y6B6_RsOjrN0R9I"

diff --git a/settings.gradle b/settings.gradle
@@ -1 +1 @@
-include ':lib'
+include ':library'