improve token parts handling. Remove Signature interface.

Author: lbalmaceda

lib/src/main/java/com/auth0/jwt/JWTDecoder.java

@@ -19,18 +19,12 @@
 @SuppressWarnings("WeakerAccess")
 final class JWTDecoder implements DecodedJWT {
 
-    private final String token;
-    private Header header;
-    private Payload payload;
-    private String signature;
+    private final String[] parts;
+    private final Header header;
+    private final Payload payload;
 
     JWTDecoder(String jwt) throws JWTDecodeException {
-        this.token = jwt;
-        parseToken(jwt);
-    }
-
-    private void parseToken(String token) throws JWTDecodeException {
-        final String[] parts = TokenUtils.splitToken(token);
+        parts = TokenUtils.splitToken(jwt);
         final JWTParser converter = new JWTParser();
         String headerJson;
         String payloadJson;
@@ -42,7 +36,6 @@ private void parseToken(String token) throws JWTDecodeException {
         }
         header = converter.parseHeader(headerJson);
         payload = converter.parsePayload(payloadJson);
-        signature = parts[2];
     }
 
     @Override
@@ -115,13 +108,23 @@ public Map<String, Claim> getClaims() {
         return payload.getClaims();
     }
 
+    @Override
+    public String getHeader() {
+        return parts[0];
+    }
+
+    @Override
+    public String getPayload() {
+        return parts[1];
+    }
+
     @Override
     public String getSignature() {
-        return signature;
+        return parts[2];
     }
 
     @Override
     public String getToken() {
-        return token;
+        return String.format("%s.%s.%s", parts[0], parts[1], parts[2]);
     }
 }

lib/src/main/java/com/auth0/jwt/JWTVerifier.java

@@ -1,19 +1,13 @@
 package com.auth0.jwt;
 
 import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.AlgorithmMismatchException;
-import com.auth0.jwt.exceptions.InvalidClaimException;
-import com.auth0.jwt.exceptions.JWTVerificationException;
-import com.auth0.jwt.exceptions.SignatureVerificationException;
-import com.auth0.jwt.exceptions.TokenExpiredException;
+import com.auth0.jwt.exceptions.*;
 import com.auth0.jwt.impl.PublicClaims;
 import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.Clock;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.interfaces.Verification;
-import org.apache.commons.codec.binary.Base64;
 
-import java.nio.charset.StandardCharsets;
 import java.util.*;
 
 /**
@@ -352,19 +346,13 @@ private void requireClaim(String name, Object value) {
      * @throws JWTVerificationException if any of the required contents inside the JWT is invalid.
      */
     public DecodedJWT verify(String token) throws JWTVerificationException {
-        DecodedJWT jwt = JWTDecoder.decode(token);
+        DecodedJWT jwt = JWT.decode(token);
         verifyAlgorithm(jwt, algorithm);
-        verifySignature(TokenUtils.splitToken(token));
+        algorithm.verify(jwt);
         verifyClaims(jwt, claims);
         return jwt;
     }
 
-    private void verifySignature(String[] parts) throws SignatureVerificationException {
-        byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes(StandardCharsets.UTF_8);
-        byte[] signature = Base64.decodeBase64(parts[2]);
-        algorithm.verify(content, signature);
-    }
-
     private void verifyAlgorithm(DecodedJWT jwt, Algorithm expectedAlgorithm) throws AlgorithmMismatchException {
         if (!expectedAlgorithm.getName().equals(jwt.getAlgorithm())) {
             throw new AlgorithmMismatchException("The provided Algorithm doesn't match the one defined in the JWT's Header.");
@@ -435,31 +423,28 @@ private void assertValidStringClaim(String claimName, String value, String expec
     }
 
     private void assertValidDateClaim(Date date, long leeway, boolean shouldBeFuture) {
-		Date today = clock.getToday();
-		today.setTime((long) Math.floor((today.getTime() / 1000) * 1000)); // truncate
-																		  // millis
-		if (shouldBeFuture) {
-			assertDateIsFuture(date, leeway, today);
-		} else {
-			assertDateIsPast(date, leeway, today);
-		}
-	}
-
-	private void assertDateIsFuture(Date date, long leeway, Date today) {
-		
-		today.setTime(today.getTime() - leeway * 1000);
-		if (date != null && today.after(date)) {
-			throw new TokenExpiredException(String.format("The Token has expired on %s.", date));
-		}
-	}
-	
-	private void assertDateIsPast(Date date, long leeway, Date today) {
-		today.setTime(today.getTime() + leeway * 1000);
-		if(date!=null && today.before(date)) {
-			throw new InvalidClaimException(String.format("The Token can't be used before %s.", date));
-		}
-		
-	}
+        Date today = clock.getToday();
+        today.setTime((long) Math.floor((today.getTime() / 1000) * 1000)); // truncate millis
+        if (shouldBeFuture) {
+            assertDateIsFuture(date, leeway, today);
+        } else {
+            assertDateIsPast(date, leeway, today);
+        }
+    }
+
+    private void assertDateIsFuture(Date date, long leeway, Date today) {
+        today.setTime(today.getTime() - leeway * 1000);
+        if (date != null && today.after(date)) {
+            throw new TokenExpiredException(String.format("The Token has expired on %s.", date));
+        }
+    }
+
+    private void assertDateIsPast(Date date, long leeway, Date today) {
+        today.setTime(today.getTime() + leeway * 1000);
+        if (date != null && today.before(date)) {
+            throw new InvalidClaimException(String.format("The Token can't be used before %s.", date));
+        }
+    }
 
     private void assertValidAudienceClaim(List<String> audience, List<String> value) {
         if (audience == null || !audience.containsAll(value)) {

lib/src/main/java/com/auth0/jwt/interfaces/DecodedJWT.java

@@ -3,11 +3,35 @@
 /**
  * Class that represents a Json Web Token that was decoded from it's string representation.
  */
-public interface DecodedJWT extends Payload, Header, Signature {
+public interface DecodedJWT extends Payload, Header {
     /**
      * Getter for the String Token used to create this JWT instance.
      *
      * @return the String Token.
      */
     String getToken();
+
+    /**
+     * Getter for the Header contained in the JWT as a Base64 encoded String.
+     * This represents the first part of the token.
+     *
+     * @return the Header of the JWT.
+     */
+    String getHeader();
+
+    /**
+     * Getter for the Payload contained in the JWT as a Base64 encoded String.
+     * This represents the second part of the token.
+     *
+     * @return the Payload of the JWT.
+     */
+    String getPayload();
+
+    /**
+     * Getter for the Signature contained in the JWT as a Base64 encoded String.
+     * This represents the third part of the token.
+     *
+     * @return the Signature of the JWT.
+     */
+    String getSignature();
 }

lib/src/main/java/com/auth0/jwt/interfaces/Header.java

@@ -26,7 +26,6 @@ public interface Header {
      */
     String getContentType();
 
-
     /**
      * Get the value of the "kid" claim, or null if it's not available.
      *