CHANGELOG.txt

version 1.0 (2012-03-01)
	* First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)
	* Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
	* Refactors the JWT class.

version 1.2 (2012-03-08)
	* Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)
	* Switches to Apache Commons Codec for Base64URL encoding and decoding
	* Consolidates the crypto utilities within the package.
	* Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)
	* Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)
	* Switches to JSON Smart for JSON serialisation and parsing.
	* Introduces claims set class with JSON objects, string, Base64URL and
	  byte array views.

version 1.6 (2012-03-20)
	* Creates class for representing, serialising and parsing JSON Web Keys
	  (JWK).
	* Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)
	* Introduces separate classes for plain, JWS and JWE headers.
	* Introduces separate classes for plain, signed and encrypted JWTs.
	* Removes the JWTContent class.
	* Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)
	* Adds support for the ZIP JWE header parameter.
	* Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)
	* Renames JWEHeader.{get|set}EncryptionAlgorithm() to
	  JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)
	* Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)
	* Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)
	* JWT.serialize() throws checked JWTException instead of
	  IllegalStateException.

version 1.12 (2012-05-21)
	* Updates the alternative JWT header type ("typ") parameter value to
	  "urn:ietf:params:oauth:token-type:jwt" (to reflect changes in
	  draft-jones-json-web-token-10).
	* Renames the JWS and JWE header parameter "jpk" to "jwk" (to reflect
	  changes in draft-ietf-jose-json-web-signature-02 and
	  draft-ietf-jose-json-web-encryption-02).
	* Changes the JWE compression algorithm to DEFLATE (to reflect changes
	  in draft-ietf-jose-json-web-encryption-02).
	* Renames JWK class to JWKSet and JWKKeyObject class to JWK (to reflect
	  changes in draft-ietf-jose-json-web-key-02).
	* Adds toJSONObject() method to the ReadOnlyHeader interface.
	* Updates JavaDocs.

version 2.0 (2012-09-29)
	* Full rewrite of 1.* code to decouple plain/JWS/JWE/JWT object
	  representation from JWA implementations.
	* JWS code updated to draft-ietf-jose-json-web-signature-05.
	* JWE code updated to draft-ietf-jose-json-web-encryption-05.
	* JWK code updated to draft-ietf-jose-json-web-key-05.
	* JWA code updated to draft-ietf-jose-json-web-algorithms-05.
	* JWT code updated to draft-ietf-oauth-json-web-token-03.
	* Removes existing JWE algorithm implementations since no longer
	  compatible with newer -05 specs (to be reimplemented).

version 2.0.1 (2012-09-29)
	* Adds JWS object use example.

version 2.1 (2012-10-07)
	* Changes naming from "verifier" to "validator" to conform with JWS
	  terminology.
	* Refactors library to enforce header parameter checking of signed JWS
	  and encrypted JWE objects.
	* Simplifies package tree.

version 2.1.1 (2012-10-09)
	* Upgrades BouncyCastle.org JAR to 1.47.
	* Removes stale RSASSAVerifier.

version 2.2 (2012-10-16)
	* Updates the library to the latest JWA/JWS/JWE/JWK/JWT -06 draft suite.

version 2.3 (2012-10-23)
	* Naming changes (validation, verification) according to RFC 4949.
	* Makes PlainObject, JWSObject and JWEObject thread-safe.
	* Adds @Immutable and @ThreadSafe annotations (JCIP Annotations JAR).
	* Adds JOSEObject.getParsedParts() and getParsedString() methods to
	  get the original parsed Base64URL parts / string representation.

version 2.4 (2012-11-26)
	* Adds Maven POM support.

version 2.5 (2012-11-26)
	* Updates the library to the latest JWA/JWS/JWE/JWK -07 draft suite.

version 2.6 (2012-11-19)
	* Adds support for additional custom JSON Web Key (JWK) set members.

version 2.7 (2012-12-09)
	* Adds toBaseURL() method to ReadOnlyHeader interface.
	* Fixes assignment bug in JWEObject Base64URL parts constructor.

version 2.8 (2012-12-17)
	* Adds getParsedParts() and getParsedString() methods to JWT interface.

version 2.9 (2013-01-08)
	* Updates the library to the latest JWA/JWS/JWE/JWK -08 draft suite.
	* Updates the library to the latest JWT -06 draft.
	* Minor code refactoring and clean up.

version 2.10 (2013-01-15)
	* Fixes incorrect null argument treatment in overridden Object.equals()
	  methods.
	* Renames ReadOnlyClaimsSet to ReadOnlyJWTClaimsSet and ClaimsSet to
	  JWTClaimsSet.

version 2.10.1 (2013-01-16)
	* Adds Maven support.
	* Fixes bug in build.xml script.

version 2.11.0 (2013-02-22)
	* Adds RSA1_5 / RSA OAEP with AES-GCM encryption and decryption.
	* Refactors JWTClaimsSet.

version 2.12.0 (2013-03-21)
	* Adds JSON Private and Symmetric Key (JPSK) support.
	* Extends HeaderFilter to allow setting of accepted header parameters.
	* Fixes ECDSA signature R + S part processing for ES384 and ES512.
	* Removes Ant build script.

version 2.13.0 (2013-03-28)
	* Adds support for A128CBC+HS256 and A256CBC+HS512 encryption methods.
	* Implements ECKey export and import.
	* Adds JWE DEFLATE support.
	* Implements basic MMA attack protection for RSA1_5 JWE algorithm (issue
	  #23).
	* Refactors JOSE header filters.
	* Refactors crypto package.
	* Adds support to translate JWKs to and from native Java key objects.

version 2.13.1 (2013-04-15)
	* Fixes incorrect time unit representation of "iat", "exp" and "nbf" JWT
	  claims.
	* If the JOSE header was parsed Header.toBase64URL() returns the
	  original Base64URL.

version 2.14 (2013-04-16)
	* Adds support for direct JWE encryption and decryption.
	* Adds JWKSet method to lookup a key by its key ID (kid).
	* Fixes DEFLATE compression by adding nowrap flag to omit headers and
	  CRC fields.

version 2.15 (2013-05-07)
	* Adds support for "crit" header parameter introduced in draft 09.
	* Deprecates JWSObject.getSignableContent() in favour of
	  JWSObject.getSigningInput() to reflect change in JWS terminology in
	  draft 09.
	* Deprecates JWEObject.getIntegrityValue() in favour of
	  JWEObject.getAuthenticationTag() to reflect change in JWE terminology
	  in draft 09.
	* Updates authenticated AES/CBC encryption to new AES_CBC_HMAC_SHA2
	  method (draft-mcgrew-aead-aes-cbc-hmac-sha2-01).
	* Updates AES/GCM encryption by removing IV from additional
	  authenticated data (AAD) computation.
	* Adds MIME type constants for the plain, JWS and JWE objects.
	* Refactors crypto package classes.

version 2.15.1 (2013-05-16)
	* Makes SecureRandom a static member of RSAEncrypter and DirectEncrypter
	  to speed up object instantiation (PRNG initialisation may take up to
	  a second or more).
	* Adds support for UTF-8 string based shared secrets in MACSigner and
	  MACVerifier.
	* Lets Base64URL extend Base64 class.

version 2.15.2 (2013-05-20)
	* Fixes bug in additional authentication data (AAD) composition for
	  direct JWE encryption and decryption.

version 2.16 (2013-05-30)
	* Updates the library to match the latest JOSE -11 and JWT -08 draft
	  suite.
	* Adds builders for constructing RSA, EC and octet sequence JWKs (using
	  the builder pattern).

version 2.17 (2013-07-15)
	* Updates the library to match the latest JOSE -12 and JWT -10 draft
	  suite.
	* Fixes an assignment bug in JWTClaimsSet.setCustomClaims.
	* Upgrades BouncyCastle JAR dependency to 1.49.

version 2.17.1 (2013-07-26)
	* Adds convenience JWTClaimsSet.get{Type}Claim(String) methods.
	* Fixes JWTClaimsSet.setClaim(String,Object) null argument bug.

version 2.17.2 (2013-08-01)
	* Fixes header parsing bug in JWTParser.

version 2.18 (2013-08-20)
	* Updates the library to match the latest JOSE -14 and JWT -11 draft
	  suite.
	* Adds Header.parse(String) and Header.parse(Base64URL) static methods.

version 2.18.1 (2013-08-26)
	* Adds JWTClaimsSet.parse(String) method.

version 2.18.2 (2013-09-20)
    * Fixes bug in JWKSet.toJSONObject(boolean) serialiser.
    * Adds JWKSet.toPublicJWKSet() convenience method.
    * Updates references to the latest JOSE -16 drafts.

version 2.19 (2013-10-07)
    * Adds JWSHeader and JWEHeader constructor checks to reject the "none"
      algorithm.
    * Renames the methods that returns the names of the registered JOSE header
      parameters and the registered JWT claims, to reflect the terminology
      changes in the JOSE -17 / JWT -12 drafts.
    * Updates references to the latest JOSE -17 / JWT -12 drafts.

version 2.19.1 (2013-10-16)
    * Fixes critical memory leak that affected RSA encryption, caused by
      loading the BouncyCastle provider more than once in the AES key
      generation utility method (issue #68).

version 2.20 (2013-10-17)
    * Adds support for PS256, PS384 and PS512 signatures via the existing
      RSASSA signer and verifier classes.

version 2.21 (2013-11-25)
    * Adds JWKSelector utility for retrieving one or more JSON Web Keys (JWKs)
      from a set according to selected criteria such as key type, use,
      algorithm and ID.
    * Improves bad signature signalling in RSA-SSA signature verifier.
    * Adds missing A192CBC-HS384 and A192GCM method support to RSA and direct
      encrypters / decrypters.
    * Ensures all crypto providers advertise the supported algorithms through a
      public static unmodifiable set.

version 2.22 (2014-01-14)
    * Renames JWK builders methods, refactors JWK code.

version 2.22.1 (2014-01-17)
    * Refactors JWSObject signing input composition and serialisation to
      prevent header mutability and guarantee consistent serialisation.
    * Fixes JWKSelector behaviour on null type, alg, use or kid.
    * Plain, JWS and JWE object constructors switch to read-only header
      arguments.

version 2.23 (2014-04-03)
    * Adds support for "key_ops" JWK parameter.
    * Adds java.security.Provider setters to AlgorithmProvider and
      sub-interfaces.
    * Ensures EC 'x', 'y' and 'd' parameters are leading zero padded up to the
      curve field size (issues 77 and 78).
    * Fixes loss of CRT params on RSA keys (issue 75).
    * Removes javax.mail dependency.
    * Upgrades to BouncyCastle 1.50.
    * Upgrades to Apache Commons Codec 1.9.

version 2.24 (2014-04-07)
    * Removes Apache Commons Codec dependency, switches to internal base 64 and
      base 64 URL-safe encoder and decoder (based on MiG encoder code).

version 2.25 (2014-04-22)
    * Adds JWSVerifier and JWEDecrypter option to delegate handling of selected
      'crit' header parameters to the application (issue #87).
    * Removes JWS and JWE header parameter filter (issue #86).
    * Restores 'use' in octet sequence JWK class.
    * Extends JUnit tests with examples from draft-ietf-jose-cookbook-02.

version 2.26 (2014-05-23)
    * Adds experimental support for RSA-OAEP encryption SHA-256 and MGF1 with
      SHA-256, with an "RSA-OAEP-256" algorithm identifier.
    * Reintroduces A128CBC+HS256 and A256CBC+HS512 encryption (deprecated in
      JOSE draft suite 09) to enable support of legacy applications.
    * Fixes a manifest bug that affected OSGi support (issue #89).

version 2.26.1 (2014-07-14)
    * Removes checked exception from RSA1_5.decryptCEK(...) to minimise
      exposure to timing attacks for JWE with RSA1_5 (issue #91).
    * BASE64 and BASE64URL decoder successfully ignores separator (\r, \n) and
      other illegal characters (issue #96).

version 3.0 (2014-08-19)
    * Makes Plain, JWS and JWE headers immutable, removes read-only header
      interfaces, adds header builders.
    * Adds support for 'x5t#S256' parameter in JWSHeader and JWEHeader.
    * Adds support for 'iv' and 'tag' parameters in JWEHeader (required for AES
      GCM key encryption).
    * Adds support for serialising single-valued JWT audience (aud) claims.
    * Adds A128KW, A192KW and A256KW encryption support.
    * Adds A128CGMKW, A192CGMKW and A256CGMKW encryption support.
    * Updates library source code to Java 7.
    * Upgrades to BouncyCastle 1.51.

version 3.1 (2014-08-21)
    * Allows public access to Header.getAlgorithm().

version 3.1.1 (2014-08-21)
    * Refactors PlainJWT constructor to use ReadOnlyJWTClaimsSet argument
      instead of JWTClaimsSet.

version 3.1.2 (2014-09-01)
    * Closes timing attack vulnerability in MACVerifier for JWS with HS256,
      HS384 and HS512 (issue #107).

version 3.2 (2014-10-14)
    * Adds signed JWT support to Payload class (iss #108).

version 3.2.1 (2014-10-28)
    * Adds missing Payload conversions for JWSObject and SignedJWT (issue
    #110).

version 3.2.2 (2014-11-11)
    * Fixes JWTClaimsSet.getAllClaims inclusion of non-set registered claims
      (issue #113).

version 3.3 (2014-11-13)
    * Adds Maven profile to support Java 1.6 compilation.

version 3.4 (2014-11-18)
    * Adds JOSEHandler and JWTHandler interfaces to aid JOSE object and JWT
      parsing.

version 3.5 (2014-12-14)
	* Adds utility JWKSet.load(File) method.
	* Adds utility JWKSet.load(URL) method.
	* Adds Apache Commons IO 2.4 dependency.

version 3.6 (2015-01-12)
	* Adds ReadOnlyJWTClaimsSet.getStringArrayClaim method.
	* Adds ReadOnlyJWTClaimsSet.getStringListClaim method.

version 3.7 (2015-01-15)
	* Enforces minimal HMAC key sizes for HS256, HS384 and HS512 algorithms.

version 3.8 (2015-01-20)
	* Adds alternative byte array OctetSequenceKey.Builder constructor.

version 3.8.1 (2015-02-02)
    * Makes MACProvider.getMinRequiredSecretSize method static.
    * Fixes RSA/ECB/OAEPWithSHA1AndMGF1Padding algorithm identifier string.

version 3.8.2 (2015-02-02)
    * Moves getMinRequiredSecretSize method up to MACSigner.

version 3.9 (2015-02-15)
    * Removes misplaced 'typ' JWT claim (issue #117).
    * Updates JOSE 'typ' header constants to JWS draft 40 / JWT draft 32 (issue
      #117).

version 3.9.1 (2015-03-16)
    * Upgrades to JSON Smart 1.3.1.
    * Upgrades to BouncyCastle 1.52.

version 3.9.2 (2015-03-16)
    * Permits parsing of JSON objects with trailing whitespace.

version 3.10 (2015-03-27)
    * JWT claims set serialised according to claim insertion order (iss #121).

version 4.0-RC1 (2015-06-30)
    * Refactors the JOSE AlgorithmProvider interfaces and implementations.
    * Adds support for password-based JWE algorithms PBES2-HS256+A128KW,
      PBES2-HS384+A192KW and PBES2-HS512+A256KW.
    * Adds support for Elliptic Curve Diffie-Hellman JWE algorithms ECDH-ES,
      ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW.
    * Factors out a common JCA provider interface intended for JWS and JWE
      providers.
    * Adds new convenience constructors to JWS and JWE providers.
    * Extends JOSE and JWT processing framework and moves it to separate
      packages.
    * Replaces java.net.URL representation of 'jku' and 'x5u' header parameters
      with java.net.URI.
    * Factors a JWKMatcher class out of the JWKSelector.
    * Adds JOSEMatcher class for filtering of JOSE objects by a set of
      application-specific criteria.
    * Fixes NPE in AESDecrypter on missing JWE "iv" header parameter when
      decrypting JWE objects with the AxxxGCMKW family of algorithms.
    * Fixes NPE in AESDecrypter on missing JWE "tag" header parameter when
      decrypting JWE objects with the AxxxGCMKW family of algorithms.
    * Updates terminology and JavaDocs.

version 4.0-RC2 (2015-07-01)
    * Extends JOSEProcessor and JWTProcessor interfaces.
    * Cleans up code.

version 4.0-RC3 (2015-07-23)
    * Adds PayloadTransformer interface.

version 4.0-RC4 (2015-08-22)
    * Makes JWTClaimsSet immutable, introduces builder construction pattern.
    * Simplifies and refactors JOSE / JWT processing framework.
    * Adds JWTClaimsSetTransformer interface.

version 4.0 (2015-08-27)
    * Adds DefaultJWTClaimsSetVerifier.

version 4.0.1 (2015-09-18)
    * Fixes BouncyCastle JCA provider setting in tests (iss #150).

version 4.1 (2015-09-21)
    * Supports JSON Web Key (JWK) Thumbprint (RFC 7638).

version 4.1.1 (2015-09-21)
    * Fixes ordering of mandatory JWK parameters in
      OctetSequenceKey.computeThumbprint (iss #152).

version 4.2 (2015-09-28)
    * Adds thumbprint as key ID setter to JWK builders (iss #153).
    * Factors out generic JWK thumbprint utility.

version 4.3 (2015-10-14)
    * Adds JWSAlgorithm.Family, JWEAlgorithm.Family and EncryptionMethod.Family
      classes.
    * Adds JCASupport class for checking JCA provider support of specified
      JWS and JWE algorithms.

version 4.3.1 (2015-10-20)
    * Caches exceptions emitted by DefaultJOSEProcessor.
    * Caches exceptions emitted by DefaultJWTProcessor.
    * Caches exceptions emitted by DefaultJWTClaimsVerifier.

version 4.4 (2015-11-05)
    * JOSEObject, Payload, JWT, JWTClaimsSet, JWK and other classes implement
      Serializable.

version 4.5 (2015-11-15)
    * Adds JCASupport.isUnlimitedStrength utility for checking if JCA unlimited
      cryptographic strength is supported by the JVM.
    * Adds legacy support for AES/GCM encryption on Java 6 where
      javax.crypto.spec.GCMParameterSpec is not available, required
      BouncyCastle crypto API.

version 4.6 (2015-11-16)
    * Adds X509CertUtils for parsing DER and PEM encoded X.509 certificates.
    * Ensures JCASupport always treats JWE algorithm 'dir' as supported.
    * Fixes parsing of RSA-OAEP-256 JWE algorithm (issue #159).

version 4.7 (2015-11-17)
    * JWSProvider extends JCAAware (issue #151).
    * JWEProvider extends JCAAware (issue #151).
    * JWSVerifierFactory extends JWSProvider (issue #151).
    * JWEDecrypterFactory extends JWEProvider (issue #151).

version 4.8 (2015-11-27)
    * Adds DateUtils class for converting java.util.Date to Unix epoch times
      and comparing dates while taking into account permitted clock skew.

version 4.9 (2015-11-30)
    * Adds static KeyType.forAlgorithm method for inferring the key type for a
      standard JOSE algorithm.

version 4.10 (2015-12-08)
    * Adds AsymmetricJWK interface and lets RSAKey and ECKey implement it.
    * Adds SecretJWK interface and lets OctetSequenceKey implement it.

version 4.11 (2015-12-13)
    * Adds ClockSkewAware interfaces.
    * Makes DefaultJWTClaimsVerifier clock skew aware.

version 4.11.1 (2016-01-16)
    * Side release packaged for Java 1.6.

version 4.11.2 (2016-01-16)
    * Adds jdk16 classifier for Java 1.6.
    * Cleans up pom.xml, automated staging release.

version 4.12 (2016-02-03)
    * Adds JWTClaimsSet.getJSONObjectClaim helper method.

version 4.13 (2016-04-04)
    * Modifies the RSASSASigner to accept private RSA keys represented by the
      generic java.security.PrivateKey interface instead of the more specific
      java.security.interfaces.RSAPrivateKey. The getPrivateKey is also
      modified accordingly to return a java.security.PrivateKey instance. This
      change is required to support key stores that prevent exposure of the
      private key parameters via the java.security.interfaces.RSAPrivateKey
      API, such as the built-in key store of Android M, and various HSM
      implementations (issue #169).

version 4.13.1 (2016-04-04)
    * Fixes OSGi bundling in pom.xml

version 4.14 (2016-04-10)
    * Adds new com.nimbusds.jose.jwk.source package with an interface and
      several implementation for sourcing JSON Web Keys (JWKs). Typical sources
      can be a local text file containing a JWK set, a JWK set specified by
      URL, a Java keystore, or a database.
    * Adds new ResourceRetriever and RestrictedResourceRetriever interfaces and
      a default implementation for retrieving remote JWK sets and other objects
      by URL, with optional connect, read and size limits.
    * Extends the framework for processing JWS and JWE objects with concrete
      implementations of a JWSKeySelector and a JWEKeySelector.
    * Deprecates JSONObject.parseJSONObject in favour of JSONObject.parse.

version 4.15 (2016-04-10)
    * JWTClaimsSet.getAudience returns empty List on null / unspecified value
      (issue #171).

version 4.15.1 (2016-04-11)
    * Fixes Maven dependency ranges.

version 4.16 (2016-04-12)
    * The RemoteJWKSet class switches from the RestrictedResourceRetriever to
      the parent ResourceRetriever interface for retrieving a JWK set by URL.

version 4.16.1 (2016-04-13)
    * Improves error reporting on unsupported JWS / JWE algorithm (issue #167).

version 4.16.2 (2016-04-18)
    * Restores com.nimbusds.jwt.util.DateUtils class (issue #177).

version 4.17 (2016-05-25)
    * Switches to an alternative JCIP annotation dependency under the Apache
      License, version 2.0. The original JCIP annotation package has a Creative
      Commons which is not recommended for licensing software, see
      https://creativecommons.org/faq/ (issue #180).

version 4.18 (2016-05-28)
    * Raises default HTTP connect and read timeouts of RemoteJWKSet to 1
      second.
    * Removes asynchronous retrieval thread from the RemoteJWKSet constructor.
    * Adds a RemoteJWKSet getter for the last encountered retrieval exception.
      Intended for logging and debugging purposes.

version 4.19 (2016-06-15)
    * Changes JWKSource.get interface to throw an IOException if retrieval of
      the underlying JWKs failed, e.g. due to a network exception. Required to
      communicate retrieval exceptions in the JOSE / JWT processing framework
      (issue 182).

version 4.20 (2016-06-21)
    * Adds new KeySource and RemoteKeySource exception classes, extending the
      base checked JOSEException class.
    * Updates the JWKSource, JWSKeySelector and JWEKeySelector classes to throw
      a KeySource instead of an IOException.

version 4.21 (2016-06-29)
    * Modifies the RSADecrypter to accept private RSA keys represented by the
      generic java.security.PrivateKey interface instead of the more specific
      java.security.interfaces.RSAPrivateKey. The getPrivateKey method is also
      modified accordingly to return a java.security.PrivateKey instance. This
      change is required to support key stores that prevent exposure of the
      private key parameters via the java.security.interfaces.RSAPrivateKey
      API, such as the built-in key store of Android M, and various HSM
      implementations (issue #184).

version 4.22 (2016-07-03)
    * Adds new JWK.size method that returns the key's bit length.
    * Adds JWKMatcher support for specifying minimum and maximum key size (in
      bits) (issue #186).

version 4.23 (2016-07-25)
    * Deprecates JWTClaimsVerifier in favour of a new JWTClaimsSetVerifier that
      supports an optional SecurityContext parameter. Modifies the
      JWTProcessorConfiguration interface and the DefaultJWTProcessor class
      accordingly (issue #188).

version 4.24 (2016-08-19)
    * JWKMatcher enables support for EC curves.
    * Introduces StandardCharset.UTF_8 constant to speed up UTF-8 charset
      lookup and conversions. Use of java.nio.charset.StandardCharsets.UTF_8 is
      deliberately avoided because it's missing in Android up to API level 19.

version 4.25 (2016-08-23)
    * Adds JWKMatcher support for specifying multiple key lengths.
    * Adds meaningful JWKMatcher.toString method.
    * Deprecates JWKMatcher.getMinSize in favour of JWKMatcher.getMinKeySize.
    * Deprecates JWKMatcher.getMaxSize in favour of JWKMatcher.getMaxKeySize.

version 4.26 (2016-08-24)
    * Adds JWSAlgorithm.Family.SIGNATURE super family for all digital signature
      based JWS algorithms.
    * Adds JWEAlgorithm.Family.ASYMMETRIC super family for all public / private
      key based JWE algorithms.
    * Adds JWEAlgorithm.Family.SYMMETRIC super family for all shared key based
      JWE algorithms.
    * Adds JWKMatcher support for key use and key ID presence.
    * Adds ArrayUtils.

version 4.26.1 (2016-09-12)
    * Adds copyright and licence note to source files.

version 4.27 (2016-10-13)
    * Adds support for AES encryption ciphers to utilise internally generated
      IVs. Supported on Java 7 and later. See issue #193.

version 4.27.1 (2016-11-24)
    * Fixes JavaDocs (issue #194).

version 4.28 (2016-11-26)
    * Adds new static ECKey.Curve.forJWSAlgorithm method that looks up the
      EC curve for an EC-based JWS algorithm (issue #197).

version 4.29 (2016-11-28)
    * Removes Apache Commons dependency (issue #192).
    * Hints at key length / enc mismatch on direct encryption / decryption with
      inappropriate symmetric key length (issue #195).
    * Fixes JWKSet.load(java.io.File) to read file in UTF-8 format (issue
      #198).
    * Throws descriptive IOException on exceeding the input byte limit when
      reading a BoundedInputStream, e.g. in
      DefaultResourceRetriever.retrieveResource(java.net.URL).

version 4.30 (2016-12-01)
    * RSAKey and ECKey can reference a private key in a PKCS#11 store, such as
      smart card or HSM.
    * Adds ECDSASigner support for private EC keys stored in a PKCS#11 store.

version 4.31 (2016-12-01)
    * Adds new RSADecrypter.getCEKDecryptionException method to inspect an
      encountered Content Encryption Key (CEK) decryption exception during the
      last decrypt run. Intended for logging and debugging purposes.

version 4.31.1 (2016-12-04)
    * Updates the JOSEException message on RSA IllegalBlockSizeException to
      indicate that the RSA key is too short, and the chosen encryption method
      (enc) requires a longer RSA key (issue #203).
    * Refactors RSA encryption and decryption tests.

version 4.32 (2016-12-06)
    * Adds standard object identifiers (OID) to ECKey.Curve instances.
    * Adds static KeyUse.from method to infer KeyUse of X.509 certificate
      subject public keys.
    * Adds new RSAKey.Builder(RSAKey) constructor.
    * Adds new ECKey.Builder(ECKey) constructor.
    * Adds static RSAKey.parse(X509Certificate) method to parse an RSA JWK from
      a X.509 certificate with an RSA subject public key.
    * Adds static ECKey.parse(X509Certificate) method to parse an EC JWK from a
      X.509 certificate with an EC subject public key.
    * Adds static RSAKey.load(KeyStore,String,char[]) method to load an RSA JWK
      from a JCA key store.
    * Adds static ECKey.load(KeyStore,String,char[]) method to load an EC JWK
      from a JCA key store.
    * Adds static OctetSequenceKey.load(KeyStore,String,char[]) method to load
      a secret JWK from a JCA key store.
    * Adds static JWKSet.load(KeyStore,PasswordLookup) method to load JWKs from
      a JCA key store.g
    * Makes org.bouncycastle:bcpkix-jdk15on an optional dependency.

version 4.33 (2016-12-07)
    * Adds static JWK.parse(X509Certificate) method to parse an RSA or EC JWK
      from a X.509 certificate with an RSA or EC public key.
    * Adds static JWK.load(KeyStore,String,char[]) method to load an RSA, EC or
      secret JWK from a JCA key store.

version 4.34 (2017-01-10)
    * Adds a JWK.getKeyStore method to return a reference to the underlying
      key store (if any). Useful to help select the correct JCA provider when
      a JWK is loaded from a PKCS#11 key store (iss #207).

version 4.34.1 (2017-01-25)
    * Updates JCASupport to always mark "none" as supported JWS algorithm.

version 4.34.2 (2017-02-28)
    * Adds an explicit check during ECDH decryption to ensure the submitted
      ephemeral public EC key is on the same curve as the private EC key.
      Intended to prevent an "Invalid Curve Attack" with JCA providers that
      don't perform this check internally. See http://c2id.co/3n for details.
      Affected is the default Java SUN JCA provider that comes with Java prior
      to version 1.8.0_51. Later Java versions and the BouncyCastle JCA
      provider are not affected (issue #210). Allocated CVE-2017-12974.

version 4.35 (2017-04-09)
    * Adds support for JWK x5t#S256 header parameter (iss #205).
    * Deprecates use of RSA1_5 JWE algorithm as security measure to encourage
      use of RSA-OEAP-256 (iss #215).
    * Deprecates use of JWK x5t header parameter as part of security measure to
      move away from SHA-1 and encourage use of SHA-256 (iss #214).
    * Deprecates use of JWS and JWE x5t header parameter as part of security
      measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
    * Deprecates use of RSA-OAEP JWE algorithm as part of security measure to
      move away from SHA-1 and encourage use of SHA-256 (iss #214).
    * Upgraded JSON Smart dependency to support version range from 1.3.1 to
      2.3.
    * Refines exception messages of DefaultJOSEProcessor and
      DefaultJWTProcessor.

version 4.36 (2017-04-13)
    * Adds a check at ECKey construction time to ensure the public 'x' and 'y'
      coordinates are on the specified curve (iss #217).
    * Adds a check at ECDSAVerifier construction time to ensure the public key
      is on the specified curve (iss #217).
    * Adds a new ECDSAProvider.supportedECDSAAlgorithm() method that returns
      the name of the supported ECDSA algorithm (ES256, ES384 or ES512).

version 4.36.1 (2017-04-19)
    * Removes redundant KeyUsage OR operation in JWK tests (iss #218).

version 4.37 (2017-04-27)
    * Exposes public com.nimbusds.jose.crypto.utils.ConstantTimeUtils class.

version 4.37.1 (2017-05-05)
    * Fixes a bug in ConcatKDF which resulted in redundant digest cycles in the
      key derivation routine (iss #220).

version 4.38 (2017-05-29)
    * Adds new JWTClaimsSet.getURIClaim method.

version 4.39 (2017-06-02)
    * Fixes authenticated AES/CBC decryption to prevent Padding Oracle attacks
      in JWE with A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 encryption
      method (issue #223). Allocated CVE-2017-12973.
    * Adds new ByteUtils.safeBitLength methods that throw a checked
      IntegerOverflowException (extends JOSEException) on overflow.
    * Switches to safe bit length computation (using the new
      ByteUtils.safeBitLength methods) in crypto operations (issue #224).
    * Fixes authenticated AES/CBC decryption to prevent integer overflow
      attacks that can cause the HMAC check to be bypassed. Affected is JWE
      decryption with A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 encryption
      method (issue #224). Allocated CVE-2017-12972.

version 4.39.1 (2017-06-20)
    * Allows construction of JWKs with consistent key use (use) and key
      operations (key_ops) parameters (issue #226).
    * Removes erroneous BouncyCastle PKIX dependency (issue #225).

version 4.39.2 (2017-07-11)
    * Trips JOSE and JWT strings before parsing (issue #228).

version 4.40 (2017-07-26)
    * Adds X509CertUtils.computeSHA256Thumbprint utility method for computing
      the SHA-256 thumbprint of X.509 certificates, BASE64URL encoded.

version 4.41 (2017-08-02)
    * Adds new X509CertUtils.toPEMString utility method.

version 4.41.1 (2017-08-11)
    * Fixes buggy X509CertUtils.computeSHA256Thumbprint(X509Certificate)
      utility method (issue #232).

version 4.41.2 (2017-08-23)
    * Fixes JWTClaimsSet.getAudience when the "aud" claim is stored internally
      as the special case string representation (issue #236).

version 5.0 (2017-08-24)
    * Adds OctetKeyPair class to represent Octet Key Pair (OKP) JSON Web Keys
      (JWK). See "CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in
      JSON Object Signing and Encryption (JOSE)" (RFC 8037).
    * Adds new JWSAlgorithm.EdDSA constant for Edwards-curve Digital Signature
      Algorithm (EdDSA).
    * Factors out ECKey.Curve inner class into separate Curve class (breaking
      change).
    * Adds new Curve.Ed25519 constant for Ed25519 curve.
    * Adds new Curve.Ed448 constant for Ed448 curve.
    * Adds new Curve.X25519 constant for X25519 curve.
    * Adds new Curve.X448 constant for X448 curve.
    * Adds new CurveBasedJWK interface for ECKey and OctetKeyPair.
    * Updates JWKMatcher to support OctetKeyPair matching.
    * Updates JWK.parse method to support OctetKeyPair parsing.

version 5.1 (2017-08-25)
    * Adds ECKey.SUPPORTED_CURVES public static constant listing the supported
      curves.
    * Adds OctetKeyPair.SUPPORTED_CURVES public static constant listing the
      supported curves.
    * Adds check in OctetKeyPair constructor to throw an
      IllegalArgumentException if the curve is not Ed25519, Ed448, X25519 or
      X448.

version 5.2 (2017-12-18)
    * Adds JCASupport.isSupported(Algorithm) and
      JCASupport.isSupported(Algorithm, Provider) methods.
    * Fixes .gitignore ignoring src/test on case-insensitive systems.

version 5.3 (2018-01-04)
    * Modifies the default DefaultResourceRetriever behaviour to call the
      disconnect method of the underlying HttpURLConnection after trying to
      retrieve the resource. Whether the TCP socket is actually closed or
      reused depends on the underlying HTTP implementation and the setting of
      the {@code keep.alive} system property. See issue #248.
    * Adds a new DefaultResourceRetriever constructor and setter to control
      calling the disconnect method of the underlying HttpURLConnection. See
      issue #248.
    * Fixes the string-to-byte conversion for the HMAC computation in
      AES/CBC/PKCS5Padding/HMAC-SHA2 to use explicitly UTF-8 instead of relying
      on the default system character set (iss #249).
    * Fixes the string-to-byte conversion for the CIK generation in legacy
      concat KDF to use explicitly UTF-8 instead of relying on the default
      system character set (iss #249).

version 5.4 (2018-01-11)
    * Adds new KeyUtils class.
    * Fixes the AES/GCM/NoPadding content encryption / decryption helper class
      to make sure the algorithm of the passed SecretKey is "AES" (iss #250).

version 5.5 (2018-02-27)
    * Adds required JWK constructor check of the first certificate in the X.509
      certificate chain parameter ("x5c") to ensure its public subject key info
      matches the JWK type and public parameters ("n" and "e" for an RSA JWK,
      "x" and "y" for an EC JWK) (iss #237).
    * Adds new AsymmetricJWK.matches(X509certificate) interface method to check
      if the JWK type and public key parameters match the public subject key
      info of the specified X.509 certificate.
    * JWKMetadata.parseX509CertChain adds check for non-empty chain.
    * Adds new static X509CertChainUtils.parse(List<Base64>) method.
    * Adds new JWK.getParsedX509CertChain() method.
    * Fixes typo in AsymmetricJWK interface name.

version 5.6 (2018-03-05)
    * Adds new JWTClaimsSet.toJSONObject(boolean) method to enable output of
      claims with null values (iss #252).

version 5.7 (2018-03-09)
    * Makes JWKSet immutable (iss #256).
    * Fixes the AESKW.unwrapCEK helper to normalise the KEK algorithm to "AES"
      (iss #257).

version 5.8 (2018-03-28)
    * Adds "ES256P" JWS algorithm based on the "secp256k1" curve ("P-256K").
      Note that the "ES256P" algorithm name and "P-256K" curve name are not
      registered in the JSON Web Signature and Encryption Algorithms Registry
      (see RFC 7518, section 7).

version 5.9 (2018-03-28)
    * Adds missing EC point check for P-256K curve.

version 5.10 (2018-04-26)
    * Adds capability to load JWKSet from InputStream, see
      JWKSet.load(InputStream).

version 5.11 (2018-06-07)
    * Adds X509CertUtils.toPEMString(X509Certificate, boolean) method which
      enables controls output of line breaks in string representing the
      PEM-encoded certificate.

version 5.12 (2018-06-13)
    * Adds X.509 certificate SHA-256 thumbprint (x5t#S256) matching to
      JWKMatcher.

version 5.13 (2018-07-17)
    * Updates the RSAEncrypter to enable the Content Encryption Key (CEK) to
      be passed directly (iss #266).
    * Adds an optional promiscuous mode to the DirectDecrypter to decrypt any
      JWE by passing the content encryption key (CEK) directly. The that mode
      the JWE algorithm checks for "alg":"dir" and encrypted key not being
      present will be skipped.

version 5.14 (2018-07-20)
    * Adds new com.nimbusds.jose.jwk.gen package with RSA, EC and octet
      sequence JWK generators (iss #268).

version 6.0 (2018-08-07)
    * Adds an Ed25519Signer and Ed25519Verifier for EdDSA with an Ed25519
      curve (RFC 8037, section 3.1). Requires the optional
      com.google.crypto.tink:tink:1.2.0-rc2 dependency.
    * Adds an X25519Encrypter and X25519Decrypter for ECDH-ES key agreement
      with an X25519 curve (RFC 8037, section 3.2). Requires the optional
      com.google.crypto.tink:tink:1.2.0-rc2 dependency.
    * Adds an OctetKeyPairGenerator for generating JSON Web Keys (JWT) of
      type "OKP" with Ed25519 and X25519 curves.
    * Breaking change: The ephemeral public key (epk) in JWEHeader is now
      represented by the more general JWK class instead of ECKey which only
      allowed EC JWKs. The change was necessary to implement ECDH-ES key
      agreement with an Octet Key Pair (OKP) JWK.
    * Refactors the Base64 and Base64URL codec utilities to prevent potential
      cache timing attacks due to use of table lookups. The Base64URL utility
      is used to decode the encrypted key portion in a JWE object (iss #270).
    * Fixes Maven build so that the output JDK 1.7 JAR has 1.7 classes and not
      1.6 (iss #271).

version 6.0.1 (2018-08-22)
    * Updates Tink dependency to 1.2.0.

version 6.0.2 (2018-09-07)
    * Makes JWKGenerator a public class with publicly accessible methods (iss
      #274).

version 6.1 (2018-10-08)
    * Updates the RSASSASigner to reject weak RSA keys (shorter than 2048
      bits). To use a weak key use the new RSASSASigner constructors with the
      boolean allowWeakKey parameter (iss #219).
    * Updates the RSADecrypter to reject weak RSA keys (shorter than 2048
      bits). To use a weak key use the new RSADecrypter constructor with the
      boolean allowWeakKey parameter (iss #219).

version 6.1.1 (2018-10-11)
    * Fixes weak key checking in RSASSASigner and RSADecrypter to ignore
      PKCS#11 backed RSA keys that have an RSAPrivateKey interface but will
      throw an Exception when trying to call the RSAPrivateKey.getModulus
      method (iss #279).

version 6.2 (2018-10-26)
    * Adds new JWK.parseFromPEMEncodedObjects method for parsing a public /
      (private) JWK from a string of PEM-encoded objects: X.509 certificate
      (PEM header: BEGIN CERTIFICATE), PKCS#1 RSAPublicKey (PEM header: BEGIN
      RSA PUBLIC KEY), X.509 SubjectPublicKeyInfo (PEM header: BEGIN PUBLIC
      KEY), PKCS#1 RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY), PKCS#8
      PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY), or matching pair of the
      above.
    * Adds new JWK.parseFromPEMEncodedX509Cert method.

version 6.3 (2018-11-06)
    * Allows RemoteJWKSet to be configured with a JWKSetCache, the retrieved
      JWK set is cached for 5 minutes by the DefaultJWKSetCache (iss #278).
    * Updates JSONObjectUtils to return null on missing member or null member
      value where the Java type permits (iss #282).

version 6.3.1 (2018-11-20)
    * Fixes buggy DefaultJWKSetCache expiration check (iss #285).

version 6.4 (2018-11-23)
    * Moves the cryptographic primitives and framework from
      the com.nimbusds.jose.crypto package to a new
      com.nimbusds.jose.crypto.impl package and makes them public to enable
      reuse (iss #286).

version 6.4.1 (2018-11-27)
    * For RSA-OAEP, use the Java standard name OAEPWithSHA-1AndMGF1Padding for
      both encryption and decryption (iss #288).

version 6.4.2 (2018-12-01)
    * Clearing the JWKSetCache must undefine the put timestamp (iss #289).
    * Updates JWKSetCache.put JavaDoc to clarify that putting null clears the
      cache.

version 6.5 (2018-12-12)
    * Updates ECDHDecrypter with a new constructor to support HSM-based
      KeyStore instances (iss #291).

version 6.5.1 (2018-12-20)
    * Updates DeflateUtils to prevent a potential memory leak (iss #294).

version 6.6 (2019-01-16)
    * Adds new JWKSecurityContext and JWKSecurityContextJWKSet classes to
      enable passing of keys through the SecurityContext (iss #296).

version 6.7 (2019-01-16)
    * Adds new JWKMatcher.forJWSHeader and JWKMatcher.forJWEHeader helper
      methods (iss #296).

version 6.8 (2019-01-31)
	* Updates the ECDHEncrypter to enable the Content Encryption Key (CEK) to
      be passed directly (iss #292).

version 7.0 (2019-02-06)
    * Makes KeyUse a non-enum class to allow values other than "sig" and "enc",
      see RFC 7517, section 4.2 (iss #297). Adds new KeyUse.getValue method
      alias for KeyUse.identifier().

version 7.0.1 (2019-02-24)
    * Fixes NPE on parsing a JWKSet from a JSON object with missing "keys"
      member (iss #300).

version 7.1 (2019-04-15)
    * Fixes JWK.parseFromPEMEncodedObjects to include private key parameters
      (if available) in the output JWK rather than just a reference to the
      java.security.PrivateKey (pr #48).
    * ECKey.Builder.privateKey(java.security.PrivateKey) will first check if
      the key is an instance of java.security.ECPrivate key and call the
      appropriate builder method method instead (pr #48).
    * RSAKey.Builder.privateKey(java.security.PrivateKey) will first check if
      the key is an instance of java.security.RSAPrivate key and call the
      appropriate builder method method instead (pr #48).
    * Overrides equals and hashCode for JWK, RSAKey, ECKey, OctetSequenceKey
      and OctetKeyPair classes (pr #47).
    * Overrides equals and hashCode for JWTClaimsSet (pr #49).

version 7.2 (2019-04-17)
    * Updates RSAKeyGenerator and ECKeyGenerator to accept PKCS#11 based
      KeyStore instances.
    * Increases the default HTTP connect and read timeouts in RemoteJWKSet to
      500ms.

version 7.2.1 (2019-05-22)
    * KeyType.parse(null) should throw IllegalArgumentException instead of
      NullPointerException (iss #307).
    * Updates to com.google.crypto.tink:tink:1.2.2

version 7.3 (2019-06-16)
    * New JWTClaimsSetAwareJWSKeySelector interface for selecting key
      candidates for validation of signed JWTs which provides access to the
      JWT claims in addition to the JWS header. Can be useful in cases such as
      multi-tenant applications where the JWK set to use for the JWS validation
      is determined by the JWT issuer (iss) claim. Adds an appropriate getter
      and setter for the JWTClaimsSetAwareJWSKeySelector to the
      JWTProcessorConfiguration interface (breaking change).

version 7.3.1 (2019-06-24)
    * Fixes `RSAKey.parse(rsaKey.toJSONObject())` with present "x5c" parameter
      (iss #314).

version 7.4 (2019-07-03)
    * Adds SingleKeyJWSKeySelector that always returns the same key.

version 7.5 (2019-07-17)
    * Adds JWSAlgorithmFamilyJWSKeySelector that expects an algorithm from a
      specified algorithm family.

version 7.5.1 (2019-07-18)
    * Restores DefaultJWTProcessor.process(PlainJWT, C) throws JOSEException
      (iss #319).

version 7.6 (2019-07-24)
    * Adds new static X509CertUtils.parseWithException methods.

version 7.7 (2019-08-01)
    * Updates JWSObject to be able to handle detached payloads ("JSON Web
      Signature (JWS) Unencoded Payload Option", RFC 7797) and adds a new
      JWSObject.serialize(boolean) method to serialise them.
    * New MACVerifier(OctetSequenceKey, Set<String>) constructor.

version 7.8 (2019-08-23)
    * Adds HTTP proxy support to JWKSet and DefaultResourceRetriever.

version 7.9 (2019-10-05)
    * Adds new static null-safe Base64.from(String) and Base64URL.from(String)
      methods.
    * Makes JWKSet and KeyUse serializable (iss #330).
    * Fixes NPE when parsing JOSE header with missing or null "alg" (iss #332).
      Allocated CVE-2019-17195.
    * Fixes IllegalArgumentException when parsing JOSE header with null "typ"
      (iss #333). Allocated CVE-2019-17195.
    * Fixes NPE when parsing JOSE header with null "crit" (iss #334). Allocated
      CVE-2019-17195.
    * Fixes NPE when parsing JOSE header with null "jwk" (iss #335). Allocated
      CVE-2019-17195.
    * Fixes NPE when parsing JOSE header with null BASE64 or BASE65URL encoded
      parameters (iss #336). Allocated CVE-2019-17195.
    * Fixes IllegalArgumentException when parsing JWE header with null "zip"
      (iss #337). Allocated CVE-2019-17195.
    * Catch unexpected exceptions in JSONObjectUtils.parse and rethrow as
      ParseException. Allocated CVE-2019-17195. Also addresses CVE-2021-27568.

version 8.0 (2019-10-15)
    * Adds new JOSEObjectTypeVerifier interface for verifying the "typ" (type)
      header parameter of processed JOSE objects. A configurable
      DefaultJOSEObjectTypeVerifier is provided.
    * Updates the ConfigurableJOSEProcessor interface with methods for setting
      a JWS and a JWE JOSEObjectTypeVerifier (API breaking change).
    * Updates the DefaultJOSEProcessor and DefaultJWTProcessor classes to
      support JWS and JWE "typ" (type) header parameter verification via the
      new JOSEObjectTypeVerifier interface.
    * Makes JOSEObject.hashCode() and JOSEObject.equals() case insensitive.
    * Removes exception caching in DefaultJOSEProcessor and DefaultJWTProcessor
      (iss #229).
    * JWK.parseFromPEMEncodedObjects should throw a JOSEException on a missing
      PEM-encoded public key required to construct the JWK (iss #331).

version 8.1 (2019-10-15)
    * Extends DefaultJWTClaimsVerifier with configurable checks for "iat",
      "exp", "nbf", "iss" and "aud".

version 8.2 (2019-10-17)
    * Redesigns DefaultJWTClaimsVerifier to support complex audience checks,
      arbitrary exact claim matching, presence and prohibited checks.

version 8.2.1 (2019-11-07)
    * IOUtils.readFileToString must close FileInputStream after usage to
      release resources (iss #342).

version 8.3 (2019-12-14)
    * The Curve.P_256K ("P-256K") is given a new name as Curve.SECP256K1
      ("secp256k1") following a change in the underlying "COSE and JOSE
      Registrations for WebAuthn Algorithms"
      (draft-ietf-cose-webauthn-algorithms-03) specification. The old
      Curve.P_256K is deprecated (iss #341).

version 8.4 (2019-12-21)
    * Adds new JWTClaimsSet.Builder.getClaims method.

version 8.4.1 (2020-01-25)
    * Fixes overflow bug in Base64 decode method (iss #345).

version 8.5 (2020-01-27)
    * Makes X509CertUtils.PEM_BEGIN_MARKER and PEM_END_MARKER constants public.

version 8.5.1 (2020-02-04)
    * Removes redundant PEM parsing in JWK.parseFromPEMEncodedObjects (iss
      #344).
    * Removes parsedX5c from JWK.equals and JWK.hashCode calculation because
      it's redundant (iss #346).

version 8.6 (2020-02-09)
    * Adds JWK toRSAKey, toECKey, toOctetSequenceKey and toOctetKeyPair cast
      methods.

version 8.7 (2020-02-22)
    * Adds new X509CertChainUtils.parse(String) and parse(File) methods.
    * Adds new X509CertChainUtils.store(KeyStore,List<X509Certificate>) method.

version 8.8 (2020-02-23)
    * Adds new X509CertUtils.store method for storing private key / X.509
      certificates pairs in a Java KeyStore.
    * Updates X509CertChainUtils.store to return the UUID aliases for the
      stored certificate entries.
    * Adds new short-hand IOUtils.readInputStreamToString and readFileToString
      methods using UTF-8 encoding.

version 8.9 (2020-03-03)
    * Updates DefaultJWEDecrypterFactory to support opaque keys, e.g. keys
      stored in a HSM or remote keystore (iss #350).

version 8.10 (2020-03-11)
    * Extends JWKSetCache interface with requiresRefresh method to indicate
      the cached JWK set is about to expire and should be updated. Intended to
      allow for transient retrieval exceptions (iss #348).

version 8.11 (2020-03-27)
    * Adds new DateUtils.isWithin method for checking if a date is within the
      specified reference, give or take an accepted clock skew.

version 8.12 (2020-04-05)
    * Adds new JWSSignerFactory factory for creating a JWS signer from a given
      JWK, with a DefaultJWSSignerFactory implementation supporting HMAC, RSA,
      EC and EdDSA signatures.

version 8.13 (2020-04-06)
    * Adds new JWKSet.isPresent(JWK) method which returns true if the specified
      JWK is present in the JWK set as public or private JWK, by comparing its
      thumbprint with those of the keys in the set.

version 8.14 (2020-04-06)
    * Renames JWKSet.isPresent to JWKSet.containsJWK.

version 8.14.1 (2020-04-09)
    * Fixes parsing of JWK key_ops from JWK.toJSONObject() output (iss #355).

version 8.15 (2020-04-17)
    * Implements JSON Web Signature (JWS) Unencoded Payload Option (RFC 7797).
      Adds new JWSHeader.Builder.base64URLEncodePayload and
      JWSHeader.isBase64URLEncodePayload methods for the boolean "b64"
      parameter. Adds new static JWSObject.parse(String,Payload) method for
      parsing JWS objects with a detached and optionally unencoded payload.
    * Makes the "b64" (base64url-encode payload) JWS header parameter a
      processed header parameter in
      CriticalHeaderParamsDeferral.getProcessedCriticalHeaderParams().

version 8.16 (2020-04-26)
    * Updates the JCA algorithm names for PS256, PS384 and PS512.

version 8.17 (2020-05-12)
    * Updates JWKMatcher.forJWSHeader to support EdDSA.

version 8.17.1 (2020-05-27)
    * Improves ambiguous JWT claim verification error message (iss #361).

version 8.18 (2020-06-02)
    * Updates JWSVerificationKeySelector to support multiple allowed JWS
      algorithms, replaces getExpectedJWSAlgorithm method with isAllowed (iss
      #353).
    * Fixes JWSHeader.parse ParseException message for non-JWS headers (iss
      #360).

version 8.18.1 (2020-06-03)
    * Reverts removal of JWSVerificationKeySelector.getExpectedJWSAlgorithm
      (iss #362).

version 8.19 (2020-06-03)
    * Adds new static Algorithm.parse method.
    * Adds new static JSONObjectUtils.getBase64URL method.
    * Updates JWKMetadata to allow parsing of null optional parameters.
    * Updates the static RSAKey, ECKey, OctetSequenceKey and OctetKeyPair
      parse(JSONObject) methods to allow null optional parameters (iss
      #358).

version 8.20 (2020-08-06)
    * Adds RestrictedResourceRetriever.getHeaders and setHeaders methods.
    * Updates optional com.google.crypto.tink:tink dependency to 1.3.0.

version 9.0 (2020-09-06)
    * Replaces or removes all JSON Smart interfaces and classes from all
      visible classes and methods in the library. Replaces all
      net.minidev.json.JSONObject method arguments and return types with
      java.util.Map<String,Object>. Replaces all net.minidev.json.JSONArray
      method arguments and return types with java.util.List<Object>. Removes
      all net.minidev.json.JSONAware interfaces of classes, leaving their
      toJSONString methods intact.
    * Adds new JSONObjectUtils.toJSONString static methods for serialising a
      java.util.Map<String,Object> to a JSON object entity.
    * Adds new JSONObjectUtils.newJSONObject static helper method.
    * Adds new JSONArrayUtils.newJSONArray static helper method.
    * Shades the net.minidev:json-smart:1.3.1 dependency.
    * JWK.parse with missing "kty" member must throw ParseException (iss #363).

version 9.0.1 (2020-09-14)
    * JWKSet.parse must ignore unknown key types (kty) (iss #377).

version 9.1 (2020-10-20)
    * Caches JWT.getJWTClaimsSet() result in implementations to improve
      performance (iss #380).
    * Adds new static X509CertUtils.setProvider(java.security.Provider) method
      for setting a preferred JCA provider for the certification operations.
      The X509CertUtils.getProvider method returns the currently configured JCA
      provider (iss #382).

version 9.1.1 (2020-10-26)
    * Fixes time unit conversion in DefaultJWKSetCache.getLifespan and
      getRefreshTime (iss #384).

version 9.1.2 (2020-10-30)
    * Prevent instantiation of unneeded new SecureRandom in
      DefaultJWSVerifierFactory to save resources (iss #385).

version 9.1.3 (2020-11-25)
    * Fixes BadJWTException message by DefaultJWTClaimsVerifier.

version 9.1.4 (2020-12-04)
    * Removes redundant second JSON object parse in SignedJWT.getJWTClaimsSet
      (iss #390).

version 9.1.5 (2020-12-07)
    * Fixes MANIFEST.MF Import-Package for shaded JSON Smart dependency (iss
      #386).
    * Updates optional Google Tink dependency to 1.5.0.

version 9.2 (2020-12-14)
    * Updates DefaultResourceRetriever to allow setting of a SSLSocketFactory
      (iss #301).

version 9.3 (2020-12-27)
    * Makes DefaultJWKSetCache thread-safe (iss #392).
    * Adds new JWKSetWithTimestamp class, for use by DefaultJWKSetCache.
    * Bumps minimal optional BouncyCastle dependency to 1.68.

version 9.4 (2020-12-28)
    * Adds new JWSSignerOption marker interface for passing optional
      configurations to a JWSSigner. Implemented the option
      UserAuthenticationRequired for triggering a PIN or biometric prompt to
      unlock a private signing key in Android. Implemented the option
      AllowWeakRSAKey to accept weak RSA keys shorter than 2048 bits.
    * Adds new checked ActionRequiredForJWSCompletionException and a
      CompletableJWSObjectSigning interface to handle
      UserAuthenticationRequired in a JWSSigner implementation.
    * Updates the RSASSASigner for the RSxxx and PSxxx JWS algorithms to
      support the new UserAuthenticationRequired and AllowWeakRSAKey options.
    * Deprecates the RSASSASigner constructors with the boolean argument for
      accepting weak RSA keys.
    * Updates JWSObject to support JWSSigners which throw an
      ActionRequiredForJWSCompletionException.

version 9.4.1 (2021-01-08)
    * Makes DefaultJWKSetCache.put NPE safe in concurrent scenarios (iss #392).

version 9.4.2 (2021-01-28)
    * Adds quick check in ECDSAVerifier to reject ESxxx signatures which length
      doesn't match the expected for the ESxxx algorithm (iss #399).
    * Marks shaded net.minidev:json-smart:1.3.1 as optional (iss #397).

version 9.5 (2021-02-01)
    * Adds JWKSet.toString(boolean) to return a JSON string representation of
      the JWK set with boolean parameter to control inclusion of non-public
      keys.

version 9.6 (2021-02-20)
    * Adds optional org.bouncycastle:bc-fips:[1.0.2,2.0.0) dependency as a FIPS
      140-2, Level 1 compliant JCA provider.
    * Updates RSASSASigner and RSASSAVerifier to support PS256, PS384 and PS512
      with the BouncyCastle FIPS JCA provider using the alternative JCA
      "SHA256withRSAandMGF1", "SHA384withRSAandMGF1" and "SHA512withRSAandMGF1"
      names (iss #403).
    * New BouncyCastleFIPSProviderSingleton class.
    * Updates JCASupport.isSupported(JWSAlgorithm, Provider) for the
      alternative JCA "SHA256withRSAandMGF1", "SHA384withRSAandMGF1" and
      "SHA512withRSAandMGF1" names to "RSASSA-PSS".

version 9.6.1 (2021-02-22)
    * Fixes new RSASSASigner(RSAKey) conversion to PrivateKey (iss #404).

version 9.7 (2021-02-22)
    * Adds JWTClaimsSet.toPayload() convenience method.

version 9.8 (2021-04-03)
    * Adds new package com.nimbusds.jose.mint with a JWS minter framework.

version 9.8.1 (2021-04-06)
    * Bumps JSON Smart to 1.3.2.
    * Cleans up / refactors code and tests.

version 9.9 (2021-04-26)
    * Deprecates the default DefaultJWTClaimsVerifier constructor to prevent
      insecure use (iss #417).
    * Edits the DefaultJWTClaimsVerifier JavaDoc.
    * Bumps JSON Smart to 1.3.3.

version 9.9.1 (2021-05-04)
    * Bumps JSON Smart to 2.4.7.

version 9.9.2 (2021-05-05)
    * Shades net.minidev:accessors-smart after the update to JSON Smart 2.4.7
      (iss #418).

version 9.9.3 (2021-05-07)
    * Shades org.ow2.asm:asm after the update to JSON Smart 2.4.7 (iss #419).

version 9.10 (2021-06-05)
    * Enforces a string length limit of 10K chars when parsing JOSE headers
      (after BASE64URL decoding). The 10K chars should be sufficient to
      accommodate JOSE headers with an X.509 certificate chain in the "x5c"
      header parameter (iss #424).
    * Prevents StackOverflowError when parsing a JOSE header with a very large
      number of nested JOSE objects (iss #425).
    * Removes the interface JWTClaimsVerifier deprecated in version 4.23
      (2016-07-25).
    * New static JSONObjectUtils.parse(java.lang.String, int) method with an
      argument to set a limit on the length of the parsed string.

version 9.10.1 (2021-06-26)
    * Updates JSONObjectUtils.parse(String, int) to catch StackOverflowErrors
      and throw them as ParseException (iss #434).
    * Locks BouncyCastle dependency to version 1.68.

version 9.11 (2021-07-11)
    * Adds HeaderParameterNames class with String constants for the standard
      JWS and JWE header parameter names used in this library.
    * Adds JWKParameterNames class with String constants for the standard JSON
      Web Key (JWK) parameter names.
    * Adds JWTClaimNames class with String constants for the standard JSON Web
      Token (JWT) claim names.
    * Provides Curve.hashCode based on the JOSE curve name.
    * Adds PBKDF2.deriveKey check to ensure iteration count is greater than 0.
    * Makes com.github.stephenc.jcip:jcip-annotations:1.0-1 dependency
      optional.
    * Refactors PBKDF2 code with additional checks.

version 9.11.1 (2021-07-13)
    * Fixes an NPE in KeyUseAndOpsConsistency.areConsistent when the KeyUse
      is a non-standard value other than "sig" and "enc" (iss #436).

version 9.11.2 (2021-07-27)
    * Restores com.github.stephenc.jcip:jcip-annotations:1.0-1 dependency as
      non-optional (iss #438).

version 9.11.3 (2021-08-01)
    * Refactors RSASSA.getSignerAndVerifier to obtain a Signature for PSxxx
      without a PSSParameterSpec when the JCA algorithm name contains the
      necessary PSS parameters. Intended to prevent an
      UnsupportedOperationException with the nCipher JCA provider.

version 9.12 (2021-08-11)
    * Increases MAX_HEADER_STRING_LENGTH from 10K to 20K to accommodate larger
      JOSE x5c header parameters (iss #440).

version 9.12.1 (2021-08-14)
    * Removes double quote (") characters from ParseException, JOSEException,
      BadJOSEException and other exception messages to make the strings
      compliant when used in OAuth 2.0 error_description strings. See RFC 6749,
      section 5.2.

version 9.13 (2021-08-22)
    * Adds support for ECDH public key authenticated encryption with JWE
      algorithm identifiers ECDH-1PU, ECDH-1PU+A128KW, ECDH-1PU+A128KW and
      ECDH-1PU+A256KW. See Public Key Authenticated Encryption for JOSE:
      ECDH-1PU (draft-madden-jose-ecdh-1pu-04).
    * Adds support for extended nonce ChaCha20-Poly1305 content encryption with
      JWE encryption method identifier XC20P. See Chacha derived AEAD
      algorithms in JSON Object Signing and Encryption (JOSE)
      (draft-amringer-jose-chacha-02).

version 9.14 (2021-09-16)
    * Adds a DefaultJWTClaimsVerifier.currentTime method that returns the
      current time for the purpose of "exp" (expiration time) and "nbf"
      (not-before time) claim verification. This method can be overridden to
      inject an alternative time provider (e.g. for testing purposes) or to
      disable "exp" and "nbf" verification.

version 9.15 (2021-09-23)
    * Adds RSA-OAEP-384 and RSA-OAEP-512 JWE algorithm support to RSAEncrypter
      and RSADecrypter.

version 9.15.1 (2021-09-26)
    * Updates RSAEncrypter to allow passing of SecretKey with "ChaCha20"
      algorithm (for enc=XC20P).

version 9.15.2 (2021-09-28)
    * DefaultJWTClaimsVerifier must report the names of missing required claims
      and prohibited claims in sorted order (iss #444).

version 9.16 (2022-01-24)
    * New base JOSEObjectJSON class for representing JOSE secured objects
      serialisable to general or flattened JSON format.
    * New JWSObjectJSON class for representing JWS secured objects serialisable
      to general or flattened JSON, with one or more signatures.
    * RemoteJWKSet can have its default HTTP timeouts and entity size limit
      overridden by setting the Java system properties
      com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout,
      com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout and
      com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit (iss
      #453).
    * JSONObjectUtils.getJSONObject must accept java.util.Map values (iss
      #445).
    * JSONObjectUtils.getJSONObject verifies java.util.Map<String, Object> keys
      are String before cast.
    * Updates BouncyCastle to 1.70.
    * Upgrades to Google Tink 1.6.1.

version 9.16.1 (2022-01-25)
    * Updates RemoteJWKSet for efficient cache updates when the
      RemoteJWKSet.get method is called from multiple threads (iss #457).

version 9.17 (2022-01-30)
    * RemoteJWKSet allows an optional failover JWKSource.
    * Excludes com.google.protobuf:protobuf-java and com.google.code.gson:gson
      below com.google.crypto.tink:tink:1.6.1. These transitive dependencies
      are not required in the context of the Nimbus JOSE+JWT library and have
      recent reported vulnerabilities in the pulled versions.

version 9.18 (2022-01-30)
    * ThumbprintURI implements draft-ietf-oauth-jwk-thumbprint-uri-00.

version 9.19 (2022-02-07)
    * Updates KeyUse.from(X509Certificate) to return null when the certificate
      public key use doesn't map to a single JWK use value (iss #461).

version 9.20 (2022-02-21)
    * Upgrades ThumbprintURI to draft-ietf-oauth-jwk-thumbprint-uri-01.

version 9.21 (2022-03-07)
    * Prevent construction and parsing of JWS and JWE headers with non-public
      key in "jwk" parameter (iss #467).

version 9.21.1 (2022-04-21)
    * ECDSA.transcodeSignatureToDER must not throw unchecked exceptions (iss
      #473).
    * Adds line of defence against CVE-2022-21449 attacks on vulnerable JREs in
      addition to the existing defence in ECDSA.transcodeSignatureToDER (iss
      #474).
    * Bumps JSON Smart to 2.4.8.

version 9.22 (2022-04-22)
    * Adds ECDSA R and S signature value checking to prevent exploitation of
      Java runtimes and JCE providers vulnerable to CVE-2022-21449 (iss #472).
    * Makes ECParameterTable public.
    * Adds ByteUtils.isZeroFilled static method.

version 9.23 (2022-05-28)
    * Adds JWKMatcher support for matching JWKs with present "x5c".
    * Updates JWKMatcher to match "x5t#S256" against a key's "x5t#S256"
      parameter as well as the computed thumbprint of a "x5c" parameter.
    * Simplifies JCASupport.isSupported(JWSAlgorithm,Provider)

version 9.24 (2022-08-16)
    * Replaces JSON Smart 2.4.8 (shaded) with GSon 2.9.1 (also shaded) (iss
      #448, #483).

version 9.24.1 (2022-08-16)
    * Fixes GSon relocation pattern in maven-shade-plugin config (iss #484).

version 9.24.2 (2022-08-19)
    * Fixes GSon integer parsing in JSONObjectUtils (iss #485).

version 9.24.3 (2022-08-26)
    * Updates Google Tink to 1.7.0.

version 9.24.4 (2022-09-09)
    * Fixes GSon serialisation of HTML and XML control characters (iss #489).

version 9.25 (2022-09-13)
    * Adds support to use a SecureRandom in RSAKeyGenerator.generate() and
      ECKeyGenerator.generate().

version 9.25.1 (2022-09-20)
    * Updates the DirectCryptoProvider (alg=dir) to support HSM-based SecretKey
      instances with A128GCM, A192GCM and A256GCM (iss #490).

version 9.25.2 (2022-09-22)
    * KeyUtils.toAESKey must not recreate the SecretKey but wrap it, to avoid
      calling its getEncoded method (iss #490).

version 9.25.3 (2022-09-24)
    * KeyUtils.toAESKey must return the input key unmodified if its algorithm
      is AES (iss #490).

version 9.25.4 (2022-09-27)
    * JSONObjectUtils.parse must throw ParseException on empty string (iss
      #492).
    * JWSObject.parse with empty signature must throw ParseException instead of
      postpone error condition to signature validation (iss #493).

version 9.25.5 (2022-10-11)
    * The module-info.class from the shaded com.google.gson package must not be
      included in the JAR (iss #496).

version 9.25.6 (2022-10-13)
    * Addresses incomplete #496 fix to remove module-info.class for the shaded
      com.google.gson package (iss #497).

version 9.26 (2022-12-26)
    * JWK adds support for exp, nbf and exp parameters as specified in OpenID
      Connect Federation 1.0.
    * Adds copy OctetSequenceKey.Builder.
    * Updates GSon to 2.10.

version 9.27 (2023-01-02)
    * JWKGenerator classes add support for exp, nbf and exp time attributes as
      specified in OpenID Connect Federation 1.0.

version 9.28 (2023-01-05)
    * New JWKSourceBuilder entry point for building JWKSource instances that
      wrap a generic JWKSetSource with caching (including refresh ahead), rate
      limiting, retrial, fail-over, health status reporting and outage
      tolerance capabilities.
    * New CachingJWKSetSource, RefreshAheadCachingJWKSetSource,
      RateLimitedJWKSetSource, RetryingJWKSetSource, JWKSourceWithFailover,
      JWKSetSourceWithHealthStatusReporting and
      OutageTolerantJWKSetSource classes wrapping a generic JWKSetSource with a
      capability.
    * Deprecates the JWKSetCache interface and its DefaultJWKSetCache
      implementation.
    * Deprecates the RemoteJWKSet class.
    * Deprecates the JWKSetWithTimestamp class.
    * DefaultResourceRetriever adds support for file based URLs.
    * New JWKSet isEmpty and size shorthand methods.
    * New com.nimbusds.jose.util.cache package with generic CachedObject class.
    * New com.nimbusds.jose.util.events package with Event and EventListener
      interfaces.
    * New com.nimbusds.jose.util.health package with HealthReportListener
      interface, HealthReport class and HealthStatus enum.
    * New IOUtils.closeSilently(java.io.Closeable) method.

version 9.29 (2023-01-20)
    * Adds static DateUtils.nowWithSecondsPrecision method.

version 9.30 (2023-01-29)
    * Adds ECKeyGenerator and RSAKeyGenerator provider(java.security.Provider)
      method to set an explicit JCA provider.

version 9.30.1 (2023-01-31)
    * Updates the RSASSASigner constructor to allow RSAPrivateKey instances
      with the "RSASSA-PSS" algorithm (iss #506).

version 9.30.2 (2023-02-15)
    * CachedObject.computeExpirationTime must return Long.MAX_VALUE when the
      sum of the current time and TTL wraps around (iss #510).

version 9.31 (2023-02-21)
    * Updates JWTClaimsSet.parse to allow "sub" values that are JSON numbers,
      will be converted to string. Intended to enable interoperability with JWT
      libraries that output JSON numbers in the "sub" claim.
    * JWTClaimsSet.parse must throw ParseException on "sub" and "aud" claims of
      illegal JSON type (iss #511).