From 2f27f553fd6665c7ff9aeab25596868d77494a93 Mon Sep 17 00:00:00 2001
From: Jonas Abreu <jonas@vidageek.net>
Date: Thu, 17 Sep 2015 14:56:41 -0300
Subject: [PATCH 1/2] use the same data to sign and verify signature

---
 src/clj_jwt/core.clj       | 14 +++++++-------
 test/clj_jwt/core_test.clj |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/clj_jwt/core.clj b/src/clj_jwt/core.clj
index 457c1ce..b8bbf8e 100644
--- a/src/clj_jwt/core.clj
+++ b/src/clj_jwt/core.clj
@@ -14,7 +14,7 @@
                                        url-safe-decode-str))
 (defn- update-map [m k f] (if (contains? m k) (update-in m [k] f) m))
 
-(defrecord JWT [header claims signature])
+(defrecord JWT [header claims signature signed-data])
 
 ; ----------------------------------
 ; JsonWebToken
@@ -62,7 +62,7 @@
      (let [this*   (set-alg this alg)
            sign-fn (get-signature-fn alg)
            data    (str (encoded-header this*) "." (encoded-claims this*))]
-       (assoc this* :signature (sign-fn key data)))))
+       (assoc this* :signature (sign-fn key data) :signed-data data))))
 
   (verify
     ([this] (verify this ""))
@@ -72,9 +72,8 @@
          (= :none alg) (= "" key (:signature this))
 
          (supported-algorithm? alg)
-         (let [verify-fn (get-verify-fn alg)
-               data    (str (encoded-header this) "." (encoded-claims this))]
-           (verify-fn key data (:signature this)))
+         (let [verify-fn (get-verify-fn alg)]
+           (verify-fn key (:signed-data this) (:signature this)))
 
          :else (throw (Exception. "Unkown signature")))))
     ([this algorithm key]
@@ -83,7 +82,7 @@
        false))))
 
 ; =jwt
-(defn jwt [claim] (init (->JWT "" "" "") claim))
+(defn jwt [claim] (init (->JWT "" "" "" "") claim))
 
 ; =str->jwt
 (defn str->jwt
@@ -91,4 +90,5 @@
   (let [[header claims signature] (str/split jwt-string #"\.")]
     (->JWT (encoded-json->map header)
            (encoded-json->map claims)
-           (or signature ""))))
+           (or signature "")
+           (str header "." claims))))
diff --git a/test/clj_jwt/core_test.clj b/test/clj_jwt/core_test.clj
index dd5c9bf..84c322b 100644
--- a/test/clj_jwt/core_test.clj
+++ b/test/clj_jwt/core_test.clj
@@ -98,8 +98,8 @@
 
 (facts "JWT verify"
   (fact "Unknown signature algorithm should be thrown exception."
-    (verify (->JWT {:typ "JWT" :alg "DUMMY"} claim ""))    => (throws Exception)
-    (verify (->JWT {:typ "JWT" :alg "DUMMY"} claim "") "") => (throws Exception))
+    (verify (->JWT {:typ "JWT" :alg "DUMMY"} claim "" ""))    => (throws Exception)
+    (verify (->JWT {:typ "JWT" :alg "DUMMY"} claim "" "") "") => (throws Exception))
 
   (fact "Plain JWT should be verified."
     (-> claim jwt verify)                             => true

From 8d4778a20a243ad6e0a8deae6500877c6c9de09f Mon Sep 17 00:00:00 2001
From: liquidz <liquidz.uo@gmail.com>
Date: Fri, 18 Sep 2015 22:24:41 +0900
Subject: [PATCH 2/2] #20 rename signed-data to encoded-data

---
 project.clj          | 8 ++++----
 src/clj_jwt/core.clj | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/project.clj b/project.clj
index b191dd7..ea81238 100644
--- a/project.clj
+++ b/project.clj
@@ -1,13 +1,13 @@
-(defproject clj-jwt "0.1.0"
+(defproject clj-jwt "0.1.1"
   :description  "Clojure library for JSON Web Token(JWT)"
   :url          "https://github.com/liquidz/clj-jwt"
   :license      {:name "Eclipse Public License"
                  :url "http://www.eclipse.org/legal/epl-v10.html"}
-  :dependencies [[org.clojure/clojure "1.6.0"]
+  :dependencies [[org.clojure/clojure "1.7.0"]
                  [org.clojure/data.json "0.2.6"]
                  [org.clojure/data.codec "0.1.0"]
                  [org.bouncycastle/bcpkix-jdk15on "1.52"]
                  [crypto-equality "1.0.0"]
-                 [clj-time "0.9.0"]]
-  :profiles {:dev {:dependencies [[midje "1.6.3"  :exclusions [org.clojure/clojure]]]}}
+                 [clj-time "0.11.0"]]
+  :profiles {:dev {:dependencies [[midje "1.7.0"  :exclusions [org.clojure/clojure]]]}}
   :plugins  [[lein-midje "3.1.3"]])
diff --git a/src/clj_jwt/core.clj b/src/clj_jwt/core.clj
index b8bbf8e..f759c1a 100644
--- a/src/clj_jwt/core.clj
+++ b/src/clj_jwt/core.clj
@@ -14,7 +14,7 @@
                                        url-safe-decode-str))
 (defn- update-map [m k f] (if (contains? m k) (update-in m [k] f) m))
 
-(defrecord JWT [header claims signature signed-data])
+(defrecord JWT [header claims signature encoded-data])
 
 ; ----------------------------------
 ; JsonWebToken
@@ -62,7 +62,7 @@
      (let [this*   (set-alg this alg)
            sign-fn (get-signature-fn alg)
            data    (str (encoded-header this*) "." (encoded-claims this*))]
-       (assoc this* :signature (sign-fn key data) :signed-data data))))
+       (assoc this* :signature (sign-fn key data) :encoded-data data))))
 
   (verify
     ([this] (verify this ""))
@@ -73,7 +73,7 @@
 
          (supported-algorithm? alg)
          (let [verify-fn (get-verify-fn alg)]
-           (verify-fn key (:signed-data this) (:signature this)))
+           (verify-fn key (:encoded-data this) (:signature this)))
 
          :else (throw (Exception. "Unkown signature")))))
     ([this algorithm key]