CHANGELOG.txt

version 1.0 (2012-03-01)
	* First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)
	* Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
	* Refactors the JWT class.

version 1.2 (2012-03-08)
	* Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)
	* Switches to Apache Commons Codec for Base64URL encoding and decoding
	* Consolidates the crypto utilities within the package.
	* Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)
	* Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)
	* Switches to JSON Smart for JSON serialisation and parsing.
	* Introduces claims set class with JSON objects, string, Base64URL and
	  byte array views.

version 1.6 (2012-03-20)
	* Creates class for representing, serialising and parsing JSON Web Keys
	  (JWK).
	* Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)
	* Introduces separate classes for plain, JWS and JWE headers.
	* Introduces separate classes for plain, signed and encrypted JWTs.
	* Removes the JWTContent class.
	* Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)
	* Adds support for the ZIP JWE header parameter.
	* Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)
	* Renames JWEHeader.{get|set}EncryptionAlgorithm() to
	  JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)
	* Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)
	* Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)
	* JWT.serialize() throws checked JWTException instead of
	  IllegalStateException.

version 1.12 (2012-05-21)
	* Updates the alternative JWT header type ("typ") parameter value to
	  "urn:ietf:params:oauth:token-type:jwt" (to reflect changes in
	  draft-jones-json-web-token-10).
	* Renames the JWS and JWE header parameter "jpk" to "jwk" (to reflect
	  changes in draft-ietf-jose-json-web-signature-02 and
	  draft-ietf-jose-json-web-encryption-02).
	* Changes the JWE compression algorithm to DEFLATE (to reflect changes
	  in draft-ietf-jose-json-web-encryption-02).
	* Renames JWK class to JWKSet and JWKKeyObject class to JWK (to reflect 
	  changes in draft-ietf-jose-json-web-key-02).
	* Adds toJSONObject() method to the ReadOnlyHeader interface.
	* Updates JavaDocs.

version 2.0 (2012-09-29)
	* Full rewrite of 1.* code to decouple plain/JWS/JWE/JWT object 
	  representation from JWA implementations.
	* JWS code updated to draft-ietf-jose-json-web-signature-05.
	* JWE code updated to draft-ietf-jose-json-web-encryption-05.
	* JWK code updated to draft-ietf-jose-json-web-key-05.
	* JWA code updated to draft-ietf-jose-json-web-algorithms-05.
	* JWT code updated to draft-ietf-oauth-json-web-token-03.
	* Removes existing JWE algorithm implementations since no longer
	  compatible with newer -05 specs (to be reimplemented).

version 2.0.1 (2012-09-29)
	* Adds JWS object use example.

version 2.1 (2012-10-07)
	* Changes naming from "verifier" to "validator" to conform with JWS
	  terminology.
	* Refactors library to enforce header parameter checking of signed JWS 
	  and encrypted JWE objects.
	* Simplifies package tree.

version 2.1.1 (2012-10-09)
	* Upgrades BouncyCastle.org JAR to 1.47.
	* Removes stale RSASSAVerifier.

version 2.2 (2012-10-16)
	* Updates the library to the latest JWA/JWS/JWE/JWK/JWT -06 draft suite.

version 2.3 (2012-10-23)
	* Naming changes (validation, verification) according to RFC 4949.
	* Makes PlainObject, JWSObject and JWEObject thread-safe.
	* Adds @Immutable and @ThreadSafe annotations (JCIP Annotations JAR).
	* Adds JOSEObject.getParsedParts() and getParsedString() methods to
	  get the original parsed Base64URL parts / string representation.

version 2.4 (2012-11-26)
	* Adds Maven POM support.

version 2.5 (2012-11-26)
	* Updates the library to the latest JWA/JWS/JWE/JWK -07 draft suite.

version 2.6 (2012-11-19)
	* Adds support for additional custom JSON Web Key (JWK) set members.

version 2.7 (2012-12-09)
	* Adds toBaseURL() method to ReadOnlyHeader interface.
	* Fixes assignment bug in JWEObject Base64URL parts constructor.

version 2.8 (2012-12-17)
	* Adds getParsedParts() and getParsedString() methods to JWT interface.

version 2.9 (2013-01-08)
	* Updates the library to the latest JWA/JWS/JWE/JWK -08 draft suite.
	* Updates the library to the latest JWT -06 draft.
	* Minor code refactoring and clean up.
	
version 2.10 (2013-01-15)
	* Fixes incorrect null argument treatment in overridden Object.equals() 
	  methods.
	* Renames ReadOnlyClaimsSet to ReadOnlyJWTClaimsSet and ClaimsSet to
	  JWTClaimsSet.

version 2.10.1 (2013-01-16)
	* Adds Maven support.
	* Fixes bug in build.xml script.

version 2.11.0 (2013-02-22)
	* Adds RSA1_5 / RSA OAEP with AES-GCM encryption and decryption.
	* Refactors JWTClaimsSet.
	
version 2.12.0 (2013-03-21)
	* Adds JSON Private and Symmetric Key (JPSK) support.
	* Extends HeaderFilter to allow setting of accepted header parameters.
	* Fixes ECDSA signature R + S part processing for ES384 and ES512.
	* Removes Ant build script.

version 2.13.0 (2013-03-28)
	* Adds support for A128CBC+HS256 and A256CBC+HS512 encryption methods.
	* Implements ECKey export and import.
	* Adds JWE DEFLATE support.
	* Implements basic MMA attack protection for RSA1_5 JWE algorithm (issue
	  #23).
	* Refactors JOSE header filters.
	* Refactors crypto package.
	* Adds support to translate JWKs to and from native Java key objects.

version 2.13.1 (2013-04-15)
	* Fixes incorrect time unit representation of "iat", "exp" and "nbf" JWT
	  claims.
	* If the JOSE header was parsed Header.toBase64URL() returns the 
	  original Base64URL.

version 2.14 (2013-04-16)
	* Adds support for direct JWE encryption and decryption.
	* Adds JWKSet method to lookup a key by its key ID (kid).
	* Fixes DEFLATE compression by adding nowrap flag to omit headers and
	  CRC fields.

version 2.15 (2013-05-07)
	* Adds support for "crit" header parameter introduced in draft 09.
	* Deprecates JWSObject.getSignableContent() in favour of
	  JWSObject.getSigningInput() to reflect change in JWS terminology in
	  draft 09.
	* Deprecates JWEObject.getIntegrityValue() in favour of
	  JWEObject.getAuthenticationTag() to reflect change in JWE terminology
	  in draft 09.
	* Updates authenticated AES/CBC encryption to new AES_CBC_HMAC_SHA2
	  method (draft-mcgrew-aead-aes-cbc-hmac-sha2-01).
	* Updates AES/GCM encryption by removing IV from additional 
	  authenticated data (AAD) computation.
	* Adds MIME type constants for the plain, JWS and JWE objects.
	* Refactors crypto package classes.

version 2.15.1 (2013-05-16)
	* Makes SecureRandom a static member of RSAEncrypter and DirectEncrypter
	  to speed up object instantiation (PRNG initialisation may take up to
	  a second or more).
	* Adds support for UTF-8 string based shared secrets in MACSigner and
	  MACVerifier.
	* Lets Base64URL extend Base64 class.

version 2.15.2 (2013-05-20)
	* Fixes bug in additional authentication data (AAD) composition for
	  direct JWE encryption and decryption.

version 2.16 (2013-05-30)
	* Updates the library to match the latest JOSE -11 and JWT -08 draft 
	  suite.
	* Adds builders for constructing RSA, EC and octet sequence JWKs (using
	  the builder pattern).

version 2.17 (2013-07-15)
	* Updates the library to match the latest JOSE -12 and JWT -10 draft
	  suite.
	* Fixes an assignment bug in JWTClaimsSet.setCustomClaims.
	* Upgrades BouncyCastle JAR dependency to 1.49.

version 2.17.1 (2013-07-26)
	* Adds convenience JWTClaimsSet.get{Type}Claim(String) methods.
	* Fixes JWTClaimsSet.setClaim(String,Object) null argument bug.

version 2.17.2 (2013-08-01)
	* Fixes header parsing bug in JWTParser.

version 2.18 (2013-08-20)
	* Updates the library to match the latest JOSE -14 and JWT -11 draft
	  suite.
	* Adds Header.parse(String) and Header.parse(Base64URL) static methods.
	
version 2.18.1 (2013-08-26)
	* Adds JWTClaimsSet.parse(String) method.

version 2.18.2 (2013-09-20)
    * Fixes bug in JWKSet.toJSONObject(boolean) serialiser.
    * Adds JWKSet.toPublicJWKSet() convenience method.
    * Updates references to the latest JOSE -16 drafts.

version 2.19 (2013-10-07)
    * Adds JWSHeader and JWEHeader constructor checks to reject the "none"
      algorithm.
    * Renames the methods that returns the names of the registered JOSE header
      parameters and the registered JWT claims, to reflect the terminology
      changes in the JOSE -17 / JWT -12 drafts.
    * Updates references to the latest JOSE -17 / JWT -12 drafts.

version 2.19.1 (2013-10-16)
    * Fixes critical memory leak that affected RSA encryption, caused by
      loading the BouncyCastle provider more than once in the AES key
      generation utility method (issue #68).

version 2.20 (2013-10-17)
    * Adds support for PS256, PS384 and PS512 signatures via the existing
      RSASSA signer and verifier classes.

version 2.21 (2013-11-25)
    * Adds JWKSelector utility for retrieving one or more JSON Web Keys (JWKs)
      from a set according to selected criteria such as key type, use,
      algorithm and ID.
    * Improves bad signature signalling in RSA-SSA signature verifier.
    * Adds missing A192CBC-HS384 and A192GCM method support to RSA and direct
      encrypters / decrypters.
    * Ensures all crypto providers advertise the supported algorithms through a
      public static unmodifiable set.

version 2.22 (2014-01-14)
    * Renames JWK builders methods, refactors JWK code.

version 2.22.1 (2014-01-17)
    * Refactors JWSObject signing input composition and serialisation to
      prevent header mutability and guarantee consistent serialisation.
    * Fixes JWKSelector behaviour on null type, alg, use or kid.
    * Plain, JWS and JWE object constructors switch to read-only header
      arguments.

version 2.23 (2014-04-03)
    * Adds support for "key_ops" JWK parameter.
    * Adds java.security.Provider setters to AlgorithmProvider and
      sub-interfaces.
    * Ensures EC 'x', 'y' and 'd' parameters are leading zero padded up to the
      curve field size (issues 77 and 78).
    * Fixes loss of CRT params on RSA keys (issue 75).
    * Removes javax.mail dependency.
    * Upgrades to BouncyCastle 1.50.
    * Upgrades to Apache Commons Codec 1.9.

version 2.24 (2014-04-07)
    * Removes Apache Commons Codec dependency, switches to internal base 64 and
      base 64 URL-safe encoder and decoder (based on MiG encoder code).

version 2.25 (2014-04-22)
    * Adds JWSVerifier and JWEDecrypter option to delegate handling of selected
      'crit' header parameters to the application (issue #87).
    * Removes JWS and JWE header parameter filter (issue #86).
    * Restores 'use' in octet sequence JWK class.
    * Extends JUnit tests with examples from draft-ietf-jose-cookbook-02.

version 2.26 (2014-05-23)
    * Adds experimental support for RSA-OAEP encryption SHA-256 and MGF1 with
      SHA-256, with an "RSA-OAEP-256" algorithm identifier.
    * Reintroduces A128CBC+HS256 and A256CBC+HS512 encryption (deprecated in
      JOSE draft suite 09) to enable support of legacy applications.
    * Fixes a manifest bug that affected OSGi support (issue #89).

version 2.26.1 (2014-07-14)
    * Removes checked exception from RSA1_5.decryptCEK(...) to minimise
      exposure to timing attacks for JWE with RSA1_5 (issue #91).
    * BASE64 and BASE64URL decoder successfully ignores separator (\r, \n) and
      other illegal characters (issue #96).

version 3.0 (2014-08-19)
    * Makes Plain, JWS and JWE headers immutable, removes read-only header
      interfaces, adds header builders.
    * Adds support for 'x5t#S256' parameter in JWSHeader and JWEHeader.
    * Adds support for 'iv' and 'tag' parameters in JWEHeader (required for AES
      GCM key encryption).
    * Adds support for serialising single-valued JWT audience (aud) claims.
    * Adds A128KW, A192KW and A256KW encryption support.
    * Adds A128CGMKW, A192CGMKW and A256CGMKW encryption support.
    * Updates library source code to Java 7.
    * Upgrades to BouncyCastle 1.51.

version 3.1 (2014-08-21)
    * Allows public access to Header.getAlgorithm().

version 3.1.1 (2014-08-21)
    * Refactors PlainJWT constructor to use ReadOnlyJWTClaimsSet argument
      instead of JWTClaimsSet.

version 3.1.2 (2014-09-01)
    * Closes timing attack vulnerability in MACVerifier for JWS with HS256,
      HS384 and HS512 (issue #107).
    
version 3.2 (2014-10-14)
    * Adds signed JWT support to Payload class (iss #108).

version 3.2.1 (2014-10-28)
    * Adds missing Payload conversions for JWSObject and SignedJWT (issue
    #110).

version 3.2.2 (2014-11-11)
    * Fixes JWTClaimsSet.getAllClaims inclusion of non-set registered claims
      (issue #113).

version 3.3 (2014-11-13)
    * Adds Maven profile to support Java 1.6 compilation.

version 3.4 (2014-11-18)
    * Adds JOSEHandler and JWTHandler interfaces to aid JOSE object and JWT
      parsing.

version 3.5 (2014-12-14)
	* Adds utility JWKSet.load(File) method.
	* Adds utility JWKSet.load(URL) method.
	* Adds Apache Commons IO 2.4 dependency.

version 3.6 (2015-01-12)
	* Adds ReadOnlyJWTClaimsSet.getStringArrayClaim method.
	* Adds ReadOnlyJWTClaimsSet.getStringListClaim method.

version 3.7 (2015-01-15)
	* Enforces minimal HMAC key sizes for HS256, HS384 and HS512 algorithms.

version 3.8 (2015-01-20)
	* Adds alternative byte array OctetSequenceKey.Builder constructor.

version 3.8.1 (2015-02-02)
    * Makes MACProvider.getMinRequiredSecretSize method static.
    * Fixes RSA/ECB/OAEPWithSHA1AndMGF1Padding algorithm identifier string.

version 3.8.2 (2015-02-02)
    * Moves getMinRequiredSecretSize method up to MACSigner.

version 3.9 (2015-02-15)
    * Removes misplaced 'typ' JWT claim (issue #117).
    * Updates JOSE 'typ' header constants to JWS draft 40 / JWT draft 32 (issue
      #117).

version 3.9.1 (2015-03-16)
    * Upgrades to JSON Smart 1.3.1.
    * Upgrades to BouncyCastle 1.52.

version 3.9.2 (2015-03-16)
    * Permits parsing of JSON objects with trailing whitespace.

version 3.10 (2015-03-27)
    * JWT claims set serialised according to claim insertion order (iss #121).

version 4.0-RC1 (2015-06-30)
    * Refactors the JOSE AlgorithmProvider interfaces and implementations.
    * Adds support for password-based JWE algorithms PBES2-HS256+A128KW,
      PBES2-HS384+A192KW and PBES2-HS512+A256KW.
    * Adds support for Elliptic Curve Diffie-Hellman JWE algorithms ECDH-ES,
      ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW.
    * Factors out a common JCA provider interface intended for JWS and JWE
      providers.
    * Adds new convenience constructors to JWS and JWE providers.
    * Extends JOSE and JWT processing framework and moves it to separate
      packages.
    * Replaces java.net.URL representation of 'jku' and 'x5u' header parameters
      with java.net.URI.
    * Factors a JWKMatcher class out of the JWKSelector.
    * Adds JOSEMatcher class for filtering of JOSE objects by a set of
      application-specific criteria.
    * Fixes NPE in AESDecrypter on missing JWE "iv" header parameter when
      decrypting JWE objects with the AxxxGCMKW family of algorithms.
    * Fixes NPE in AESDecrypter on missing JWE "tag" header parameter when
      decrypting JWE objects with the AxxxGCMKW family of algorithms.
    * Updates terminology and JavaDocs.

version 4.0-RC2 (2015-07-01)
    * Extends JOSEProcessor and JWTProcessor interfaces.
    * Cleans up code.

version 4.0-RC3 (2015-07-23)
    * Adds PayloadTransformer interface.

version 4.0-RC4 (2015-08-22)
    * Makes JWTClaimsSet immutable, introduces builder construction pattern.
    * Simplifies and refactors JOSE / JWT processing framework.
    * Adds JWTClaimsSetTransformer interface.

version 4.0 (2015-08-27)
    * Adds DefaultJWTClaimsSetVerifier.

version 4.0.1 (2015-09-18)
    * Fixes BouncyCastle JCA provider setting in tests (iss #150).

version 4.1 (2015-09-21)
    * Supports JSON Web Key (JWK) Thumbprint (RFC 7638).

version 4.1.1 (2015-09-21)
    * Fixes ordering of mandatory JWK parameters in
      OctetSequenceKey.computeThumbprint (iss #152).

version 4.2 (2015-09-28)
    * Adds thumbprint as key ID setter to JWK builders (iss #153).
    * Factors out generic JWK thumbprint utility.

version 4.3 (2015-10-14)
    * Adds JWSAlgorithm.Family, JWEAlgorithm.Family and EncryptionMethod.Family
      classes.
    * Adds JCASupport class for checking JCA provider support of specified
      JWS and JWE algorithms.

version 4.3.1 (2015-10-20)
    * Caches exceptions emitted by DefaultJOSEProcessor.
    * Caches exceptions emitted by DefaultJWTProcessor.
    * Caches exceptions emitted by DefaultJWTClaimsVerifier.

version 4.4 (2015-11-05)
    * JOSEObject, Payload, JWT, JWTClaimsSet, JWK and other classes implement
      Serializable.

version 4.5 (2015-11-15)
    * Adds JCASupport.isUnlimitedStrength utility for checking if JCA unlimited
      cryptographic strength is supported by the JVM.
    * Adds legacy support for AES/GCM encryption on Java 6 where
      javax.crypto.spec.GCMParameterSpec is not available, required
      BouncyCastle crypto API.

version 4.6 (2015-11-16)
    * Adds X509CertUtils for parsing DER and PEM encoded X.509 certificates.
    * Ensures JCASupport always treats JWE algorithm 'dir' as supported.
    * Fixes parsing of RSA-OAEP-256 JWE algorithm (issue #159).

version 4.7 (2015-11-17)
    * JWSProvider extends JCAAware (issue #151).
    * JWEProvider extends JCAAware (issue #151).
    * JWSVerifierFactory extends JWSProvider (issue #151).
    * JWEDecrypterFactory extends JWEProvider (issue #151).

version 4.8 (2015-11-27)
    * Adds DateUtils class for converting java.util.Date to Unix epoch times
      and comparing dates while taking into account permitted clock skew.

version 4.9 (2015-11-30)
    * Adds static KeyType.forAlgorithm method for inferring the key type for a
      standard JOSE algorithm.

version 4.10 (2015-12-08)
    * Adds AsymmetricJWK interface and lets RSAKey and ECKey implement it.
    * Adds SecretJWK interface and lets OctetSequenceKey implement it.

version 4.11 (2015-12-13)
    * Adds ClockSkewAware interfaces.
    * Makes DefaultJWTClaimsVerifier clock skew aware.

version 4.11.1 (2016-01-16)
    * Side release packaged for Java 1.6.

version 4.11.2 (2016-01-16)
    * Adds jdk16 classifier for Java 1.6.
    * Cleans up pom.xml, automated staging release.

version 4.12 (2016-02-03)
    * Adds JWTClaimsSet.getJSONObjectClaim helper method.

version 4.13 (2016-04-04)
    * Modifies the RSASSASigner to accept private RSA keys represented by the
      generic java.security.PrivateKey interface instead of the more specific
      java.security.interfaces.RSAPrivateKey. The getPrivateKey is also
      modified accordingly to return a java.security.PrivateKey instance. This
      change is required to support key stores that prevent exposure of the
      private key parameters via the java.security.interfaces.RSAPrivateKey
      API, such as the built-in key store of Android M, and various HSM
      implementations (issue #169).

version 4.13.1 (2016-04-04)
    * Fixes OSGi bundling in pom.xml

version 4.14 (2016-04-10)
    * Adds new com.nimbusds.jose.jwk.source package with an interface and
      several implementation for sourcing JSON Web Keys (JWKs). Typical sources
      can be a local text file containing a JWK set, a JWK set specified by
      URL, a Java keystore, or a database.
    * Adds new ResourceRetriever and RestrictedResourceRetriever interfaces and
      a default implementation for retrieving remote JWK sets and other objects
      by URL, with optional connect, read and size limits.
    * Extends the framework for processing JWS and JWE objects with concrete
      implementations of a JWSKeySelector and a JWEKeySelector.
    * Deprecates JSONObject.parseJSONObject in favour of JSONObject.parse.

version 4.15 (2016-04-10)
    * JWTClaimsSet.getAudience returns empty List on null / unspecified value
      (issue #171).

version 4.15.1 (2016-04-11)
    * Fixes Maven dependency ranges.

version 4.16 (2016-04-12)
    * The RemoteJWKSet class switches from the RestrictedResourceRetriever to
      the parent ResourceRetriever interface for retrieving a JWK set by URL.

version 4.16.1 (2016-04-13)
    * Improves error reporting on unsupported JWS / JWE algorithm (issue #167).

version 4.16.2 (2016-04-18)
    * Restores com.nimbusds.jwt.util.DateUtils class (issue #177).

version 4.17 (2016-05-25)
    * Switches to an alternative JCIP annotation dependency under the Apache
      License, version 2.0. The original JCIP annotation package has a Creative
      Commons which is not recommended for licensing software, see
      https://creativecommons.org/faq/ (issue #180).

version 4.18 (2016-05-28)
    * Raises default HTTP connect and read timeouts of RemoteJWKSet to 1
      second.
    * Removes asynchronous retrieval thread from the RemoteJWKSet constructor.
    * Adds a RemoteJWKSet getter for the last encountered retrieval exception.
      Intended for logging and debugging purposes.

version 4.19 (2016-06-15)
    * Changes JWKSource.get interface to throw an IOException if retrieval of
      the underlying JWKs failed, e.g. due to a network exception. Required to
      communicate retrieval exceptions in the JOSE / JWT processing framework
      (issue 182).

version 4.20 (2016-06-21)
    * Adds new KeySource and RemoteKeySource exception classes, extending the
      base checked JOSEException class.
    * Updates the JWKSource, JWSKeySelector and JWEKeySelector classes to throw
      a KeySource instead of an IOException.

version 4.21 (2016-06-29)
    * Modifies the RSADecrypter to accept private RSA keys represented by the
      generic java.security.PrivateKey interface instead of the more specific
      java.security.interfaces.RSAPrivateKey. The getPrivateKey method is also
      modified accordingly to return a java.security.PrivateKey instance. This
      change is required to support key stores that prevent exposure of the
      private key parameters via the java.security.interfaces.RSAPrivateKey
      API, such as the built-in key store of Android M, and various HSM
      implementations (issue #184).

version 4.22 (2016-07-03)
    * Adds new JWK.size method that returns the key's bit length.
    * Adds JWKMatcher support for specifying minimum and maximum key size (in
      bits) (issue #186).

version 4.23 (2016-07-25)
    * Deprecates JWTClaimsVerifier in favour of a new JWTClaimsSetVerifier that
      supports an optional SecurityContext parameter. Modifies the
      JWTProcessorConfiguration interface and the DefaultJWTProcessor class
      accordingly (issue #188).

version 4.24 (2016-08-19)
    * JWKMatcher enables support for EC curves.
    * Introduces StandardCharset.UTF_8 constant to speed up UTF-8 charset
      lookup and conversions. Use of java.nio.charset.StandardCharsets.UTF_8 is
      deliberately avoided because it's missing in Android up to API level 19.

version 4.25 (2016-08-23)
    * Adds JWKMatcher support for specifying multiple key lengths.
    * Adds meaningful JWKMatcher.toString method.
    * Deprecates JWKMatcher.getMinSize in favour of JWKMatcher.getMinKeySize.
    * Deprecates JWKMatcher.getMaxSize in favour of JWKMatcher.getMaxKeySize.

version 4.26 (2016-08-24)
    * Adds JWSAlgorithm.Family.SIGNATURE super family for all digital signature
      based JWS algorithms.
    * Adds JWEAlgorithm.Family.ASYMMETRIC super family for all public / private
      key based JWE algorithms.
    * Adds JWEAlgorithm.Family.SYMMETRIC super family for all shared key based
      JWE algorithms.
    * Adds JWKMatcher support for key use and key ID presence.
    * Adds ArrayUtils.

version 4.26.1 (2016-09-12)
    * Adds copyright and licence note to source files.

version 4.27 (2016-10-13)
    * Adds support for AES encryption ciphers to utilise internally generated
      IVs. Supported on Java 7 and later. See issue #193.

version 4.27.1 (2016-11-24)
    * Fixes JavaDocs (issue #194).

version 4.28 (2016-11-26)
    * Adds new static ECKey.Curve.forJWSAlgorithm method that looks up the
      EC curve for an EC-based JWS algorithm (issue #197).

version 4.29 (2016-11-28)
    * Removes Apache Commons dependency (issue #192).
    * Hints at key length / enc mismatch on direct encryption / decryption with
      inappropriate symmetric key length (issue #195).
    * Fixes JWKSet.load(java.io.File) to read file in UTF-8 format (issue
      #198).
    * Throws descriptive IOException on exceeding the input byte limit when
      reading a BoundedInputStream, e.g. in
      DefaultResourceRetriever.retrieveResource(java.net.URL).

version 4.30 (2016-12-01)
    * RSAKey and ECKey can reference a private key in a PKCS#11 store, such as
      smart card or HSM.
    * Adds ECDSASigner support for private EC keys stored in a PKCS#11 store.

version 4.31 (2016-12-01)
    * Adds new RSADecrypter.getCEKDecryptionException method to inspect an
      encountered Content Encryption Key (CEK) decryption exception during the
      last decrypt run. Intended for logging and debugging purposes.

version 4.31.1 (2016-12-04)
    * Updates the JOSEException message on RSA IllegalBlockSizeException to
      indicate that the RSA key is too short, and the chosen encryption method
      (enc) requires a longer RSA key (issue #203).
    * Refactors RSA encryption and decryption tests.

version 4.32 (2016-12-06)
    * Adds standard object identifiers (OID) to ECKey.Curve instances.
    * Adds static KeyUse.from method to infer KeyUse of X.509 certificate
      subject public keys.
    * Adds new RSAKey.Builder(RSAKey) constructor.
    * Adds new ECKey.Builder(ECKey) constructor.
    * Adds static RSAKey.parse(X509Certificate) method to parse an RSA JWK from
      a X.509 certificate with an RSA subject public key.
    * Adds static ECKey.parse(X509Certificate) method to parse an EC JWK from a
      X.509 certificate with an EC subject public key.
    * Adds static RSAKey.load(KeyStore,String,char[]) method to load an RSA JWK
      from a JCA key store.
    * Adds static ECKey.load(KeyStore,String,char[]) method to load an EC JWK
      from a JCA key store.
    * Adds static OctetSequenceKey.load(KeyStore,String,char[]) method to load
      a secret JWK from a JCA key store.
    * Adds static JWKSet.load(KeyStore,PasswordLookup) method to load JWKs from
      a JCA key store.g
    * Makes org.bouncycastle:bcpkix-jdk15on an optional dependency.

version 4.33 (2016-12-07)
    * Adds static JWK.parse(X509Certificate) method to parse an RSA or EC JWK
      from a X.509 certificate with an RSA or EC public key.
    * Adds static JWK.load(KeyStore,String,char[]) method to load an RSA, EC or
      secret JWK from a JCA key store.

version 4.34 (2017-01-10)
    * Adds a JWK.getKeyStore method to return a reference to the underlying
      key store (if any). Useful to help select the correct JCA provider when
      a JWK is loaded from a PKCS#11 key store (iss #207).

version 4.34.1 (2017-01-25)
    * Updates JCASupport to always mark "none" as supported JWS algorithm.

version 4.34.2 (2017-02-28)
    * Adds an explicit check during ECDH decryption to ensure the submitted
      ephemeral public EC key is on the same curve as the private EC key.
      Intended to prevent an "Invalid Curve Attack" with JCA providers that
      don't perform this check internally. See http://c2id.co/3n for details.
      Affected is the default Java SUN JCA provider that comes with Java prior
      to version 1.8.0_51. Later Java versions and the BouncyCastle JCA
      provider are not affected (issue #210). Allocated CVE-2017-12974.

version 4.35 (2017-04-09)
    * Adds support for JWK x5t#S256 header parameter (iss #205).
    * Deprecates use of RSA1_5 JWE algorithm as security measure to encourage
      use of RSA-OEAP-256 (iss #215).
    * Deprecates use of JWK x5t header parameter as part of security measure to
      move away from SHA-1 and encourage use of SHA-256 (iss #214).
    * Deprecates use of JWS and JWE x5t header parameter as part of security
      measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
    * Deprecates use of RSA-OAEP JWE algorithm as part of security measure to
      move away from SHA-1 and encourage use of SHA-256 (iss #214).
    * Upgraded JSON Smart dependency to support version range from 1.3.1 to
      2.3.
    * Refines exception messages of DefaultJOSEProcessor and
      DefaultJWTProcessor.

version 4.36 (2017-04-13)
    * Adds a check at ECKey construction time to ensure the public 'x' and 'y'
      coordinates are on the specified curve (iss #217).
    * Adds a check at ECDSAVerifier construction time to ensure the public key
      is on the specified curve (iss #217).
    * Adds a new ECDSAProvider.supportedECDSAAlgorithm() method that returns
      the name of the supported ECDSA algorithm (ES256, ES384 or ES512).

version 4.36.1 (2017-04-19)
    * Removes redundant KeyUsage OR operation in JWK tests (iss #218).

version 4.37 (2017-04-27)
    * Exposes public com.nimbusds.jose.crypto.utils.ConstantTimeUtils class.

version 4.37.1 (2017-05-05)
    * Fixes a bug in ConcatKDF which resulted in redundant digest cycles in the
      key derivation routine (iss #220).

version 4.38 (2017-05-29)
    * Adds new JWTClaimsSet.getURIClaim method.

version 4.39 (2017-06-02)
    * Fixes authenticated AES/CBC decryption to prevent Padding Oracle attacks
      in JWE with A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 encryption
      method (issue #223). Allocated CVE-2017-12973.
    * Adds new ByteUtils.safeBitLength methods that throw a checked
      IntegerOverflowException (extends JOSEException) on overflow.
    * Switches to safe bit length computation (using the new
      ByteUtils.safeBitLength methods) in crypto operations (issue #224).
    * Fixes authenticated AES/CBC decryption to prevent integer overflow
      attacks that can cause the HMAC check to be bypassed. Affected is JWE
      decryption with A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 encryption
      method (issue #224). Allocated CVE-2017-12972.

version 4.39.1 (2017-06-20)
    * Allows construction of JWKs with consistent key use (use) and key
      operations (key_ops) parameters (issue #226).
    * Removes erroneous BouncyCastle PKIX dependency (issue #225).

version 4.39.2 (2017-07-11)
    * Trips JOSE and JWT strings before parsing (issue #228).

version 4.40 (2017-07-26)
    * Adds X509CertUtils.computeSHA256Thumbprint utility method for computing
      the SHA-256 thumbprint of X.509 certificates, BASE64URL encoded.

version 4.41 (2017-08-02)
    * Adds new X509CertUtils.toPEMString utility method.

version 4.41.1 (2017-08-11)
    * Fixes buggy X509CertUtils.computeSHA256Thumbprint(X509Certificate)
      utility method (issue #232).

version 4.41.2 (2017-08-23)
    * Fixes JWTClaimsSet.getAudience when the "aud" claim is stored internally
      as the special case string representation (issue #236).

version 5.0 (2017-08-24)
    * Adds OctetKeyPair class to represent Octet Key Pair (OKP) JSON Web Keys
      (JWK). See "CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in
      JSON Object Signing and Encryption (JOSE)" (RFC 8037).
    * Adds new JWSAlgorithm.EdDSA constant for Edwards-curve Digital Signature
      Algorithm (EdDSA).
    * Factors out ECKey.Curve inner class into separate Curve class (breaking
      change).
    * Adds new Curve.Ed25519 constant for Ed25519 curve.
    * Adds new Curve.Ed448 constant for Ed448 curve.
    * Adds new Curve.X25519 constant for X25519 curve.
    * Adds new Curve.X448 constant for X448 curve.
    * Adds new CurveBasedJWK interface for ECKey and OctetKeyPair.
    * Updates JWKMatcher to support OctetKeyPair matching.
    * Updates JWK.parse method to support OctetKeyPair parsing.

version 5.1 (2017-08-25)
    * Adds ECKey.SUPPORTED_CURVES public static constant listing the supported
      curves.
    * Adds OctetKeyPair.SUPPORTED_CURVES public static constant listing the
      supported curves.
    * Adds check in OctetKeyPair constructor to throw an
      IllegalArgumentException if the curve is not Ed25519, Ed448, X25519 or
      X448.