auth0 · poovamraj · Mar 25, 2022 · Mar 18, 2022 · Mar 23, 2022 · Mar 23, 2022
diff --git a/config/checkstyle/checkstyle.xml b/config/checkstyle/checkstyle.xml
diff --git a/lib/build.gradle b/lib/build.gradle
@@ -2,6 +2,12 @@ plugins {
     id 'java'
     id 'jacoco'
     id 'com.auth0.gradle.oss-library.java'
+    id 'checkstyle'
+}
+
+checkstyle {
+    toolVersion '10.0'
+    checkstyleTest.enabled = false //We are disabling lint checks for tests
 }
 
 logger.lifecycle("Using version ${version} for ${group}.${name}")

diff --git a/lib/src/main/java/com/auth0/jwt/JWT.java b/lib/src/main/java/com/auth0/jwt/JWT.java
@@ -6,6 +6,9 @@
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.interfaces.Verification;
 
+/**
+ * Exposes all the JWT functionalities.
+ */
 @SuppressWarnings("WeakerAccess")
 public class JWT {
 
@@ -22,11 +25,13 @@ public JWT() {
     /**
      * Decode a given Json Web Token.
      * <p>
-     * Note that this method <b>doesn't verify the token's signature!</b> Use it only if you trust the token or you already verified it.
+     * Note that this method <b>doesn't verify the token's signature!</b>
+     * Use it only if you trust the token or you already verified it.
      *
      * @param token with jwt format as string.
      * @return a decoded JWT.
-     * @throws JWTDecodeException if any part of the token contained an invalid jwt or JSON format of each of the jwt parts.
+     * @throws JWTDecodeException if any part of the token contained an invalid jwt
+     *                            or JSON format of each of the jwt parts.
      */
     public DecodedJWT decodeJwt(String token) throws JWTDecodeException {
         return new JWTDecoder(parser, token);
@@ -35,11 +40,13 @@ public DecodedJWT decodeJwt(String token) throws JWTDecodeException {
     /**
      * Decode a given Json Web Token.
      * <p>
-     * Note that this method <b>doesn't verify the token's signature!</b> Use it only if you trust the token or you already verified it.
+     * Note that this method <b>doesn't verify the token's signature!</b>
+     * Use it only if you trust the token or you already verified it.
      *
      * @param token with jwt format as string.
      * @return a decoded JWT.
-     * @throws JWTDecodeException if any part of the token contained an invalid jwt or JSON format of each of the jwt parts.
+     * @throws JWTDecodeException if any part of the token contained an invalid jwt
+     *                            or JSON format of each of the jwt parts.
      */
     public static DecodedJWT decode(String token) throws JWTDecodeException {
         return new JWTDecoder(token);
@@ -57,7 +64,7 @@ public static Verification require(Algorithm algorithm) {
     }
 
     /**
-     * Returns a Json Web Token builder used to create and sign tokens
+     * Returns a Json Web Token builder used to create and sign tokens.
      *
      * @return a token builder.
      */

diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java
@@ -15,7 +15,8 @@
 import java.util.Map.Entry;
 
 /**
- * The JWTCreator class holds the sign method to generate a complete JWT (with Signature) from a given Header and Payload content.
+ * The JWTCreator class holds the sign method to generate a complete JWT (with Signature)
+ * from a given Header and Payload content.
  * <p>
  * This class is thread-safe.
  */
@@ -38,7 +39,8 @@ public final class JWTCreator {
         mapper.configure(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY, true);
     }
 
-    private JWTCreator(Algorithm algorithm, Map<String, Object> headerClaims, Map<String, Object> payloadClaims) throws JWTCreationException {
+    private JWTCreator(Algorithm algorithm, Map<String, Object> headerClaims, Map<String, Object> payloadClaims)
+            throws JWTCreationException {
         this.algorithm = algorithm;
         try {
             headerJson = mapper.writeValueAsString(new HeaderClaimsHolder(headerClaims));
@@ -96,7 +98,8 @@ public Builder withHeader(Map<String, Object> headerClaims) {
 
         /**
          * Add a specific Key Id ("kid") claim to the Header.
-         * If the {@link Algorithm} used to sign this token was instantiated with a KeyProvider, the 'kid' value will be taken from that provider and this one will be ignored.
+         * If the {@link Algorithm} used to sign this token was instantiated with a KeyProvider,
+         * the 'kid' value will be taken from that provider and this one will be ignored.
          *
          * @param keyId the Key Id value.
          * @return this same Builder instance.
@@ -322,48 +325,6 @@ public Builder withClaim(String name, Instant value) throws IllegalArgumentExcep
             return this;
         }
 
-        /**
-         * Add a custom Array Claim with the given items.
-         *
-         * @param name  the Claim's name.
-         * @param items the Claim's value.
-         * @return this same Builder instance.
-         * @throws IllegalArgumentException if the name is null.
-         */
-        public Builder withArrayClaim(String name, String[] items) throws IllegalArgumentException {
-            assertNonNull(name);
-            addClaim(name, items);
-            return this;
-        }
-
-        /**
-         * Add a custom Array Claim with the given items.
-         *
-         * @param name  the Claim's name.
-         * @param items the Claim's value.
-         * @return this same Builder instance.
-         * @throws IllegalArgumentException if the name is null.
-         */
-        public Builder withArrayClaim(String name, Integer[] items) throws IllegalArgumentException {
-            assertNonNull(name);
-            addClaim(name, items);
-            return this;
-        }
-
-        /**
-         * Add a custom Array Claim with the given items.
-         *
-         * @param name  the Claim's name.
-         * @param items the Claim's value.
-         * @return this same Builder instance.
-         * @throws IllegalArgumentException if the name is null
-         */
-        public Builder withArrayClaim(String name, Long[] items) throws IllegalArgumentException {
-            assertNonNull(name);
-            addClaim(name, items);
-            return this;
-        }
-
         /**
          * Add a custom Map Claim with the given items.
          * <p>
@@ -381,7 +342,8 @@ public Builder withClaim(String name, Map<String, ?> map) throws IllegalArgument
             assertNonNull(name);
             // validate map contents
             if (map != null && !validateClaim(map)) {
-                throw new IllegalArgumentException("Expected map containing Map, List, Boolean, Integer, Long, Double, String and Date");
+                throw new IllegalArgumentException("Expected map containing Map, List, Boolean, Integer, "
+                        + "Long, Double, String and Date");
             }
             addClaim(name, map);
             return this;
@@ -405,12 +367,55 @@ public Builder withClaim(String name, List<?> list) throws IllegalArgumentExcept
             assertNonNull(name);
             // validate list contents
             if (list != null && !validateClaim(list)) {
-                throw new IllegalArgumentException("Expected list containing Map, List, Boolean, Integer, Long, Double, String and Date");
+                throw new IllegalArgumentException("Expected list containing Map, List, Boolean, Integer, "
+                        + "Long, Double, String and Date");
             }
             addClaim(name, list);
             return this;
         }
 
+        /**
+         * Add a custom Array Claim with the given items.
+         *
+         * @param name  the Claim's name.
+         * @param items the Claim's value.
+         * @return this same Builder instance.
+         * @throws IllegalArgumentException if the name is null.
+         */
+        public Builder withArrayClaim(String name, String[] items) throws IllegalArgumentException {
+            assertNonNull(name);
+            addClaim(name, items);
+            return this;
+        }
+
+        /**
+         * Add a custom Array Claim with the given items.
+         *
+         * @param name  the Claim's name.
+         * @param items the Claim's value.
+         * @return this same Builder instance.
+         * @throws IllegalArgumentException if the name is null.
+         */
+        public Builder withArrayClaim(String name, Integer[] items) throws IllegalArgumentException {
+            assertNonNull(name);
+            addClaim(name, items);
+            return this;
+        }
+
+        /**
+         * Add a custom Array Claim with the given items.
+         *
+         * @param name  the Claim's name.
+         * @param items the Claim's value.
+         * @return this same Builder instance.
+         * @throws IllegalArgumentException if the name is null
+         */
+        public Builder withArrayClaim(String name, Long[] items) throws IllegalArgumentException {
+            assertNonNull(name);
+            addClaim(name, items);
+            return this;
+        }
+
         /**
          * Add specific Claims to set as the Payload. If the provided map is null then
          * nothing is changed.
@@ -426,16 +431,18 @@ public Builder withClaim(String name, List<?> list) throws IllegalArgumentExcept
          * </p>
          *
          * @param payloadClaims the values to use as Claims in the token's payload.
-         * @throws IllegalArgumentException if any of the claim keys or null, or if the values are not of a supported type.
          * @return this same Builder instance.
+         * @throws IllegalArgumentException if any of the claim keys or null,
+         *                                  or if the values are not of a supported type.
          */
         public Builder withPayload(Map<String, ?> payloadClaims) throws IllegalArgumentException {
             if (payloadClaims == null) {
                 return this;
             }
 
             if (!validatePayload(payloadClaims)) {
-                throw new IllegalArgumentException("Claim values must only be of types Map, List, Boolean, Integer, Long, Double, String and Date");
+                throw new IllegalArgumentException("Claim values must only be of types Map, List, Boolean, Integer, "
+                        + "Long, Double, String and Date");
             }
 
             // add claims only after validating all claims so as not to corrupt the claims map of this builder
@@ -504,16 +511,18 @@ private static boolean isBasicType(Object value) {
             if (c.isArray()) {
                 return c == Integer[].class || c == Long[].class || c == String[].class;
             }
-            return c == String.class || c == Integer.class || c == Long.class || c == Double.class || c == Date.class || c == Instant.class || c == Boolean.class;
+            return c == String.class || c == Integer.class || c == Long.class || c == Double.class
+                    || c == Date.class || c == Instant.class || c == Boolean.class;
         }
 
         /**
-         * Creates a new JWT and signs is with the given algorithm
+         * Creates a new JWT and signs is with the given algorithm.
          *
          * @param algorithm used to sign the JWT
          * @return a new JWT token
          * @throws IllegalArgumentException if the provided algorithm is null.
-         * @throws JWTCreationException     if the claims could not be converted to a valid JSON or there was a problem with the signing key.
+         * @throws JWTCreationException     if the claims could not be converted to a valid JSON
+         *                                  or there was a problem with the signing key.
          */
         public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCreationException {
             if (algorithm == null) {
@@ -546,10 +555,13 @@ private void addClaim(String name, Object value) {
     }
 
     private String sign() throws SignatureGenerationException {
-        String header = Base64.getUrlEncoder().withoutPadding().encodeToString(headerJson.getBytes(StandardCharsets.UTF_8));
-        String payload = Base64.getUrlEncoder().withoutPadding().encodeToString(payloadJson.getBytes(StandardCharsets.UTF_8));
+        String header = Base64.getUrlEncoder().withoutPadding()
+                .encodeToString(headerJson.getBytes(StandardCharsets.UTF_8));
+        String payload = Base64.getUrlEncoder().withoutPadding()
+                .encodeToString(payloadJson.getBytes(StandardCharsets.UTF_8));
 
-        byte[] signatureBytes = algorithm.sign(header.getBytes(StandardCharsets.UTF_8), payload.getBytes(StandardCharsets.UTF_8));
+        byte[] signatureBytes = algorithm.sign(header.getBytes(StandardCharsets.UTF_8),
+                payload.getBytes(StandardCharsets.UTF_8));
         String signature = Base64.getUrlEncoder().withoutPadding().encodeToString((signatureBytes));
 
         return String.format("%s.%s.%s", header, payload, signature);

diff --git a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java
@@ -42,7 +42,7 @@ final class JWTDecoder implements DecodedJWT, Serializable {
             payloadJson = new String(Base64.getUrlDecoder().decode(parts[1]), StandardCharsets.UTF_8);
         } catch (NullPointerException e) {
             throw new JWTDecodeException("The UTF-8 Charset isn't initialized.", e);
-        } catch (IllegalArgumentException e){
+        } catch (IllegalArgumentException e) {
             throw new JWTDecodeException("The input is not a valid base 64 encoded string.", e);
         }
         header = converter.parseHeader(headerJson);