- Ensured Edwards Curve keys (X25519 and X448) worked with ECDH-ES algorithms

- Ensured JWT Header ephemeral PublicKey ('epk' field) could be any Public JWK, not just an EcPublicJwk
- Updated README.md to ensure the installation instructions for uncommenting BouncyCastle were a little less confusing (having commented out stuff be at the end of the code block so it couldn't be confused with other lines)

Author: lhazlewood

README.md

@@ -554,6 +554,7 @@ If you're building a (non-Android) JDK project, you will want to define the foll
      - JDK 10 or earlier, and you want to use RSASSA-PSS (PS256, PS384, PS512) signature algorithms.  
      - JDK 10 or earlier, and you want to use EdECDH (X25519 or X448) Elliptic Curve Diffie-Hellman encryption.
      - JDK 14 or earlier, and you want to use EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.    
+     It is unnecessary for these algorithms on JDK 15 or later.
 <dependency>
     <groupId>org.bouncycastle</groupId>
     <artifactId>bcprov-jdk15on</artifactId>
@@ -570,9 +571,16 @@ If you're building a (non-Android) JDK project, you will want to define the foll
 ```groovy
 dependencies {
     implementation 'io.jsonwebtoken:jjwt-api:JJWT_RELEASE_VERSION'
-    runtimeOnly 'io.jsonwebtoken:jjwt-impl:JJWT_RELEASE_VERSION',
-    //'org.bouncycastle:bcprov-jdk15on:1.70',
-    'io.jsonwebtoken:jjwt-jackson:JJWT_RELEASE_VERSION' // or 'io.jsonwebtoken:jjwt-gson:JJWT_RELEASE_VERSION' for gson
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:JJWT_RELEASE_VERSION'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:JJWT_RELEASE_VERSION' // or 'io.jsonwebtoken:jjwt-gson:JJWT_RELEASE_VERSION' for gson
+    /* 
+      Uncomment this next dependency if you are using:
+       - JDK 10 or earlier, and you want to use RSASSA-PSS (PS256, PS384, PS512) signature algorithms.
+       - JDK 10 or earlier, and you want to use EdECDH (X25519 or X448) Elliptic Curve Diffie-Hellman encryption.
+       - JDK 14 or earlier, and you want to use EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
+      It is unnecessary for these algorithms on JDK 15 or later.
+    */
+    // runtimeOnly 'org.bouncycastle:bcprov-jdk15on:1.70'
 }
 ```
 
@@ -594,8 +602,13 @@ dependencies {
     runtimeOnly('io.jsonwebtoken:jjwt-orgjson:JJWT_RELEASE_VERSION') {
         exclude(group: 'org.json', module: 'json') //provided by Android natively
     }
-    // Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms
-    // AND also enable the BouncyCastle provider as shown below
+    /* 
+      Uncomment this next dependency if you want to use:
+       - RSASSA-PSS (PS256, PS384, PS512) signature algorithms.
+       - EdECDH (X25519 or X448) Elliptic Curve Diffie-Hellman encryption.
+       - EdDSA (Ed25519 or Ed448) Elliptic Curve signature algorithms.
+      ** AND ALSO ensure you enable the BouncyCastle provider as shown below **
+    */
     //implementation('org.bouncycastle:bcprov-jdk15on:1.70')
 }
 ```
@@ -1531,7 +1544,7 @@ If you want to generate sufficiently strong Elliptic Curve or RSA asymmetric key
 algorithms, use an algorithm's respective `keyPairBuilder()` method:
 
 ```java
-KeyPair keyPair = Jwts.SIG.RS256.keyPairBuilder().build(); //or RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512
+KeyPair keyPair = Jwts.SIG.RS256.keyPairBuilder().build(); //or RS384, RS512, PS256, etc...
 ```
 
 Once you've generated a `KeyPair`, you can use the private key (`keyPair.getPrivate()`) to create a JWS and the 
@@ -1540,9 +1553,12 @@ public key (`keyPair.getPublic()`) to parse/verify a JWS.
 > **Note**
 > 
 > **The `PS256`, `PS384`, and `PS512` algorithms require JDK 11 or a compatible JCA Provider
-> (like BouncyCastle) in the runtime classpath.**  If you are using JDK 10 or earlier and you want to use them, see
-> the [Installation](#Installation) section to see how to enable BouncyCastle.  All other algorithms are natively
-> supported by the JDK.
+> (like BouncyCastle) in the runtime classpath.**  
+> **The `EdDSA`, `Ed25519` and `Ed448` algorithms require JDK 15 or a compatible JCA Provider 
+> (like BouncyCastle) in the runtime classpath.** 
+> If you want to use either set of algorithms, and you are on an earlier JDK that does not support them, 
+> see the [Installation](#Installation) section to see how to enable BouncyCastle.  All other algorithms are 
+> natively supported by the JDK.
 
 <a name="jws-create"></a>
 ### Creating a JWS
@@ -2377,7 +2393,7 @@ All `Jwk` instances support [JWK Thumbprint](https://www.rfc-editor.org/rfc/rfc7
 `thumbprint()` and `thumbprint(HashAlgorithm)` methods:
 
 ```java
-HashAlgorithm hashAlg = getAHashAlgorithm();
+HashAlgorithm hashAlg = Jwks.HASH.SHA256; // or SHA384, SHA512, etc.
 
 Jwk<?> jwk = Jwks.builder(). /* ... */ .build();
 
@@ -2388,7 +2404,7 @@ JwkThumbprint anotherThumbprint = jwk.thumbprint(hashAlg); // thumbprint using s
 
 The resulting `JwkThumbprint` instance provides some useful methods:
 
-* `jwkThumbprint.toByteArray()`: the thumbprint's actual digest bytes - i.e. the output from the hash algorithm
+* `jwkThumbprint.toByteArray()`: the thumbprint's actual digest bytes - i.e. the raw output from the hash algorithm
 * `jwkThumbprint.toString()`: the digest bytes as a Base64URL-encoded string
 * `jwkThumbprint.getHashAlgorithm()`: the specific `HashAlgorithm` used to compute the thumbprint
 * `jwkThumbprint.toURI()`: the thumbprint's canonical URI as defined by the [JWK Thumbprint URI](https://www.rfc-editor.org/rfc/rfc9278.html) specification
@@ -2405,6 +2421,7 @@ For example:
 ```java
 String kid = jwk.thumbprint().toString(); // Thumbprint bytes as a Base64URL-encoded string
 Key key = findKey(kid);
+assert jwk.toKey().equals(key);
 ```
 
 However, because `Jwk` instances are immutable, you can't set the key id after the JWK is created. For example, the
@@ -2496,7 +2513,7 @@ This code would print the following string literal to the System console:
 {kty=oct, k=<redacted>, kid=HMAC key used in https://www.rfc-editor.org/rfc/rfc7515#appendix-A.1.1 example.}
 ```
 
-This is true for all secret or private key values in `SecretJwk` and `PrivateJwk` (e.g. `RsaPrivateJwk`, 
+This is true for all secret or private key members in `SecretJwk` and `PrivateJwk` (e.g. `RsaPrivateJwk`, 
 `EcPrivateJwk`, etc) instances.
 
 <a name="compression"></a>
@@ -3110,6 +3127,50 @@ String subject = Jwts.parserBuilder()
 assert "Alice".equals(subject);
 ```
 
+<a name="example-jws-eddsa"></a>
+### JWT Signed with EdDSA
+
+This is an example showing how to digitally sign and verify a JWT using the 
+[Edwards Curve Digital Signature Algorithm](https://www.rfc-editor.org/rfc/rfc8032) using
+`Ed25519` or `Ed448` keys.
+
+> **Note**
+>
+> **The `Ed25519` and `Ed448` algorithms require JDK 15 or a compatible JCA Provider
+> (like BouncyCastle) in the runtime classpath.**
+>
+> If you are using JDK 14 or earlier and you want to use them, see
+> the [Installation](#Installation) section to see how to enable BouncyCastle.
+
+The `EdDSA` signature algorithm is defined for JWS in [RFC 8037, Section 3.1](https://www.rfc-editor.org/rfc/rfc8037#section-3.1)
+using keys for two Edwards curves:
+
+* `Ed25519`: `EdDSA` using curve `Ed25519`. `Ed25519` algorithm keys must be 256 bits (32 bytes) long and produce 
+             signatures 512 bits (64 bytes) long.
+* `Ed448`: `EdDSA` using curve `Ed448`. `Ed448` algorithm keys must be 456 bits (57 bytes) long and produce signatures 
+           912 bits (114 bytes) long.
+
+In this example, Bob will sign a JWT using his Edwards Curve private key, and Alice can verify it came from Bob 
+using Bob's Edwards Curve public key:
+
+```java
+// Create a test key suitable for the EdDSA signature algorithm using Ed25519 or Ed448 keys:
+SignatureAlgorithm alg = Jwts.SIG.Ed25519; //or Ed448
+KeyPair pair = alg.keyPairBuilder().build();
+
+// Bob creates the compact JWS with his Edwards Curve private key:
+String jws = Jwts.builder().setSubject("Alice")
+    .signWith(pair.getPrivate(), alg) // <-- Bob's Edwards Curve private key
+    .compact();
+
+// Alice receives and verifies the compact JWS came from Bob:
+String subject = Jwts.parserBuilder()
+    .verifyWith(pair.getPublic()) // <-- Bob's Edwards Curve public key
+    .build().parseClaimsJws(jws).getPayload().getSubject();
+
+assert "Alice".equals(subject);
+```
+
 <a name="example-jwe-dir"></a>
 ### JWT Encrypted Directly with a SecretKey
 

api/src/main/java/io/jsonwebtoken/JweHeader.java

@@ -16,8 +16,8 @@
 package io.jsonwebtoken;
 
 import io.jsonwebtoken.security.AeadAlgorithm;
-import io.jsonwebtoken.security.EcPublicJwk;
 import io.jsonwebtoken.security.KeyAlgorithm;
+import io.jsonwebtoken.security.PublicJwk;
 import io.jsonwebtoken.security.StandardKeyAlgorithms;
 
 import javax.crypto.SecretKey;
@@ -72,7 +72,7 @@ public interface JweHeader extends ProtectedHeader<JweHeader>, JweHeaderMutator<
      * @see StandardKeyAlgorithms#ECDH_ES_A192KW
      * @see StandardKeyAlgorithms#ECDH_ES_A256KW
      */
-    EcPublicJwk getEphemeralPublicKey();
+    PublicJwk<?> getEphemeralPublicKey();
 
     /**
      * Returns any information about the JWE producer for use with key agreement algorithms, or {@code null} if not

api/src/main/java/io/jsonwebtoken/lang/Strings.java

@@ -1270,5 +1270,30 @@ public static String arrayToCommaDelimitedString(Object[] arr) {
         return arrayToDelimitedString(arr, ",");
     }
 
+    /**
+     * Appends a space character (<code>' '</code>) if the argument is not empty, otherwise does nothing.  This method
+     * can be thought of as &quot;non-empty space&quot;.  Using this method allows reduction of this:
+     * <blockquote><pre>
+     * if (sb.length != 0) {
+     *     sb.append(' ');
+     * }
+     * sb.append(nextWord);</pre></blockquote>
+     * <p>To this:</p>
+     * <blockquote><pre>
+     * nespace(sb).append(nextWord);</pre></blockquote>
+     * @param sb the string builder to append a space to if non-empty
+     * @return the string builder argument for method chaining.
+     * @since JJWT_RELEASE_VERSION
+     */
+    public static StringBuilder nespace(StringBuilder sb) {
+        if (sb == null) {
+            return null;
+        }
+        if (sb.length() != 0) {
+            sb.append(' ');
+        }
+        return sb;
+    }
+
 }
 

api/src/main/java/io/jsonwebtoken/security/UnsupportedKeyException.java

@@ -20,7 +20,7 @@
  *
  * @since JJWT_RELEASE_VERSION
  */
-public class UnsupportedKeyException extends KeyException {
+public class UnsupportedKeyException extends InvalidKeyException {
 
     /**
      * Creates a new instance with the specified explanation message.
@@ -34,8 +34,8 @@ public UnsupportedKeyException(String message) {
     /**
      * Creates a new instance with the specified explanation message and underlying cause.
      *
-     * @param msg the message explaining why the exception is thrown.
-     * @param cause   the underlying cause that resulted in this exception being thrown.
+     * @param msg   the message explaining why the exception is thrown.
+     * @param cause the underlying cause that resulted in this exception being thrown.
      */
     public UnsupportedKeyException(String msg, Throwable cause) {
         super(msg, cause);

api/src/test/groovy/io/jsonwebtoken/lang/StringsTest.groovy

@@ -26,10 +26,10 @@ class StringsTest {
         assertFalse Strings.hasText(null)
         assertFalse Strings.hasText("")
         assertFalse Strings.hasText("   ")
-        assertTrue Strings.hasText("  foo   ");
+        assertTrue Strings.hasText("  foo   ")
         assertTrue Strings.hasText("foo")
     }
-    
+
     @Test
     void testClean() {
         assertEquals "this is a test", Strings.clean("this is a test")
@@ -41,34 +41,55 @@ class StringsTest {
         assertNull Strings.clean("\t")
         assertNull Strings.clean("      ")
     }
-    
+
     @Test
     void testCleanCharSequence() {
-    	def result = Strings.clean(new StringBuilder("this is a test"))
-    	assertNotNull result
+        def result = Strings.clean(new StringBuilder("this is a test"))
+        assertNotNull result
         assertEquals "this is a test", result.toString()
-        
+
         result = Strings.clean(new StringBuilder("   this is a test"))
-    	assertNotNull result
+        assertNotNull result
         assertEquals "this is a test", result.toString()
-        
+
         result = Strings.clean(new StringBuilder("   this is a test   "))
-    	assertNotNull result
+        assertNotNull result
         assertEquals "this is a test", result.toString()
-        
+
         result = Strings.clean(new StringBuilder("\nthis is a test \t  "))
-    	assertNotNull result
+        assertNotNull result
         assertEquals "this is a test", result.toString()
-        
+
         assertNull Strings.clean((StringBuilder) null)
         assertNull Strings.clean(new StringBuilder(""))
         assertNull Strings.clean(new StringBuilder("\t"))
         assertNull Strings.clean(new StringBuilder("      "))
     }
-    
-    
+
+
     @Test
     void testTrimWhitespace() {
-    	assertEquals "", Strings.trimWhitespace("      ")
+        assertEquals "", Strings.trimWhitespace("      ")
+    }
+
+    @Test
+    void testNespaceNull() {
+        assertNull Strings.nespace(null)
+    }
+
+    @Test
+    void testNespaceEmpty() {
+        StringBuilder sb = new StringBuilder()
+        Strings.nespace(sb)
+        assertEquals 0, sb.length() // didn't add space because it's already empty
+        assertEquals '', sb.toString()
+    }
+
+    @Test
+    void testNespaceNonEmpty() {
+        StringBuilder sb = new StringBuilder()
+        sb.append("Hello")
+        Strings.nespace(sb).append("World")
+        assertEquals 'Hello World', sb.toString()
     }
 }

impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeader.java

@@ -24,7 +24,7 @@
 import io.jsonwebtoken.impl.security.JwkConverter;
 import io.jsonwebtoken.lang.Collections;
 import io.jsonwebtoken.lang.Strings;
-import io.jsonwebtoken.security.EcPublicJwk;
+import io.jsonwebtoken.security.PublicJwk;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
@@ -39,9 +39,10 @@ public class DefaultJweHeader extends AbstractProtectedHeader<JweHeader> impleme
 
     static final Field<String> ENCRYPTION_ALGORITHM = Fields.string("enc", "Encryption Algorithm");
 
-    public static final Field<EcPublicJwk> EPK = Fields.builder(EcPublicJwk.class)
+    @SuppressWarnings("unchecked")
+    public static final Field<PublicJwk<?>> EPK = Fields.builder((Class<PublicJwk<?>>) (Class<?>) PublicJwk.class)
             .setId("epk").setName("Ephemeral Public Key")
-            .setConverter(JwkConverter.EC_PUBLIC_JWK).build();
+            .setConverter(JwkConverter.PUBLIC_JWK).build();
     static final Field<byte[]> APU = Fields.bytes("apu", "Agreement PartyUInfo").build();
     static final Field<byte[]> APV = Fields.bytes("apv", "Agreement PartyVInfo").build();
 
@@ -79,14 +80,8 @@ public String getEncryptionAlgorithm() {
         return idiomaticGet(ENCRYPTION_ALGORITHM);
     }
 
-//    @Override
-//    public JweHeader setEncryptionAlgorithm(String enc) {
-//        put(ENCRYPTION_ALGORITHM, enc);
-//        return this;
-//    }
-
     @Override
-    public EcPublicJwk getEphemeralPublicKey() {
+    public PublicJwk<?> getEphemeralPublicKey() {
         return idiomaticGet(EPK);
     }
 
@@ -138,12 +133,6 @@ public byte[] getPbes2Salt() {
         return idiomaticGet(P2S);
     }
 
-//    @Override
-//    public JweHeader setPbes2Salt(byte[] salt) {
-//        put(P2S, salt);
-//        return this;
-//    }
-
     @Override
     public Integer getPbes2Count() {
         return idiomaticGet(P2C);

impl/src/main/java/io/jsonwebtoken/impl/security/AbstractJwkBuilder.java

@@ -57,14 +57,12 @@ protected void setContext(JwkContext<K> ctx) {
 
     @Override
     public T setProvider(Provider provider) {
-        Assert.notNull(provider, "Provider cannot be null.");
         jwkContext.setProvider(provider);
         return self();
     }
 
     @Override
     public T setRandom(SecureRandom random) {
-        Assert.notNull(random, "SecureRandom cannot be null.");
         jwkContext.setRandom(random);
         return self();
     }

impl/src/main/java/io/jsonwebtoken/impl/security/Curves.java

@@ -30,10 +30,6 @@ public final class Curves {
     public static final Curve P_256 = new ECCurve("P-256", "secp256r1"); // JDK standard
     public static final Curve P_384 = new ECCurve("P-384", "secp384r1"); // JDK standard
     public static final Curve P_521 = new ECCurve("P-521", "secp521r1"); // JDK standard
-    public static final EdwardsCurve X25519 = EdwardsCurve.X25519;
-    public static final EdwardsCurve X448 = EdwardsCurve.X448;
-    public static final EdwardsCurve Ed25519 = EdwardsCurve.Ed25519;
-    public static final EdwardsCurve Ed448 = EdwardsCurve.Ed448;
 
     private static final Collection<ECCurve> EC_CURVES = Collections.setOf((ECCurve) P_256, (ECCurve) P_384, (ECCurve) P_521);