Skip to content
This repository was archived by the owner on May 20, 2025. It is now read-only.

Commit 776d3e0

Browse files
sergey-akhalkovsergey-akhalkov
committed
[5.1.0-beta] android: fix DexIndexOverflowException due to com.auth0.jwt #1002
use another lib - nimbus-jose-jwt
1 parent 08470d4 commit 776d3e0

File tree

2 files changed

+18
-11
lines changed

2 files changed

+18
-11
lines changed

android/app/build.gradle

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,5 @@ android {
2222

2323
dependencies {
2424
compile "com.facebook.react:react-native:+"
25-
//todo as required minimal sdk version will be more then 23, upgrade this to latest version
26-
//see https://github.com/auth0/java-jwt/issues/131
27-
compile 'com.auth0:java-jwt:2.2.2'
28-
}
25+
compile 'com.nimbusds:nimbus-jose-jwt:5.1'
26+
}

android/app/src/main/java/com/microsoft/codepush/react/CodePushUpdateUtils.java

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,11 @@
33
import android.content.Context;
44
import android.util.Base64;
55

6-
import com.auth0.jwt.JWTVerifier;
6+
import java.security.interfaces.*;
7+
8+
import com.nimbusds.jose.*;
9+
import com.nimbusds.jose.crypto.*;
10+
import com.nimbusds.jwt.*;
711

812
import org.json.JSONArray;
913
import org.json.JSONException;
@@ -176,11 +180,17 @@ public static void verifyFolderHash(String folderPath, String expectedHash) {
176180

177181
public static Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publicKey) {
178182
try {
179-
final JWTVerifier verifier = new JWTVerifier(publicKey);
180-
final Map<String, Object> claims = verifier.verify(jwt);
181-
CodePushUtils.log("JWT verification succeeded:\n" + claims.toString());
182-
return claims;
183-
} catch (Exception e) {
183+
SignedJWT signedJWT = SignedJWT.parse(jwt);
184+
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey)publicKey);
185+
if (signedJWT.verify(verifier)) {
186+
Map<String, Object> claims = signedJWT.getJWTClaimsSet().getClaims();
187+
CodePushUtils.log("JWT verification succeeded:\n" + claims.toString());
188+
return claims;
189+
}
190+
return null;
191+
} catch (Exception ex) {
192+
CodePushUtils.log(ex.getMessage());
193+
CodePushUtils.log(ex.getStackTrace().toString());
184194
return null;
185195
}
186196
}
@@ -248,5 +258,4 @@ public static void verifySignature(String folderPath, String stringPublicKey) th
248258

249259
CodePushUpdateUtils.verifyFolderHash(folderPath, contentHash);
250260
}
251-
252261
}

0 commit comments

Comments
 (0)