Fix dex index overflow exception (#1007)

fix DexIndexOverflowException due to com.auth0.jwt #1002

use another lib - nimbus-jose-jwt

Author: sergey-akhalkov

android/app/build.gradle

@@ -22,7 +22,5 @@ android {
 
 dependencies {
     compile "com.facebook.react:react-native:+"
-    //todo as required minimal sdk version will be more then 23, upgrade this to latest version
-    //see https://github.com/auth0/java-jwt/issues/131
-    compile 'com.auth0:java-jwt:2.2.2'
-}
+    compile 'com.nimbusds:nimbus-jose-jwt:5.1'
+}

android/app/src/main/java/com/microsoft/codepush/react/CodePushUpdateUtils.java

@@ -3,7 +3,11 @@
 import android.content.Context;
 import android.util.Base64;
 
-import com.auth0.jwt.JWTVerifier;
+import java.security.interfaces.*;
+
+import com.nimbusds.jose.*;
+import com.nimbusds.jose.crypto.*;
+import com.nimbusds.jwt.*;
 
 import org.json.JSONArray;
 import org.json.JSONException;
@@ -176,11 +180,17 @@ public static void verifyFolderHash(String folderPath, String expectedHash) {
 
     public static Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publicKey) {
         try {
-            final JWTVerifier verifier = new JWTVerifier(publicKey);
-            final Map<String, Object> claims = verifier.verify(jwt);
-            CodePushUtils.log("JWT verification succeeded:\n" + claims.toString());
-            return claims;
-        } catch (Exception e) {
+            SignedJWT signedJWT = SignedJWT.parse(jwt);
+            JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey)publicKey);
+            if (signedJWT.verify(verifier)) {
+                Map<String, Object> claims = signedJWT.getJWTClaimsSet().getClaims();
+                CodePushUtils.log("JWT verification succeeded:\n" + claims.toString());
+                return claims;
+            }
+            return null;
+        } catch (Exception ex) {
+            CodePushUtils.log(ex.getMessage());
+            CodePushUtils.log(ex.getStackTrace().toString());
             return null;
         }
     }
@@ -248,5 +258,4 @@ public static void verifySignature(String folderPath, String stringPublicKey) th
 
         CodePushUpdateUtils.verifyFolderHash(folderPath, contentHash);
     }
-
 }