some fix in jws, jwsjs

ChangeLog.txt

@@ -1,6 +1,14 @@
 
 ChangeLog for jsrsasign
 
+* Changes from 8.0.6 to x.x.x (2018-Mar-11)
+  - src/jws 3.3.10 to 3.3.11
+    - verify method returns false in case of
+      without all of head, payload and signature
+      to fix issue #332.
+  - src/jwsjs 2.2.0 to 2.2.1
+    - readJWSJS fix for wrong initialization as #336
+
 * Changes from 8.0.5 to 8.0.6 (2018-Feb-10)
   - src/x509 1.1.18 to 1.1.19
     - fix getSubjectAltName for IP addr of PR #317

src/jws-3.3.js

@@ -1,9 +1,9 @@
-/* jws-3.3.10 (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+/* jws-3.3.11 (c) 2013-2018 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 /*
  * jws.js - JSON Web Signature(JWS) and JSON Web Token(JWT) Class
  *
- * Copyright (c) 2010-2017 Kenji Urushima ([email protected])
+ * Copyright (c) 2010-2018 Kenji Urushima ([email protected])
  *
  * This software is licensed under the terms of the MIT License.
  * https://kjur.github.io/jsrsasign/license/
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name jws-3.3.js
  * @author Kenji Urushima [email protected]
- * @version jsrsasign 8.0.3 jws 3.3.10 (2017-Jul-11)
+ * @version jsrsasign 8.0.3 jws 3.3.11 (2018-Mar-11)
  * @since jsjws 1.0, jsrsasign 4.8.0
  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  */
@@ -330,7 +330,7 @@ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) {
  * @param {String} sJWS string of JWS signature to verify
  * @param {Object} key string of public key, certificate or key object to verify
  * @param {String} acceptAlgs array of algorithm name strings (OPTION)
- * @return {Boolean} true if the signature is valid otherwise false
+ * @return {Boolean} true if the signature is valid otherwise false including no signature case or without head and payload
  * @since jws 3.0.0
  * @see <a href="https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html">jsrsasign KJUR.crypto.Signature method</a>
  * @see <a href="https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Mac.html">jsrsasign KJUR.crypto.Mac method</a>
@@ -403,6 +403,8 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) {
     if (typeof RSAKey !== undefined) _RSAKey = RSAKey;
 
     var a = sJWS.split(".");
+    if (a.length !== 3) return false;
+
     var uHeader = a[0];
     var uPayload = a[1];
     var uSignatureInput = uHeader + "." + uPayload;

src/jwsjs-2.0.js

@@ -1,9 +1,9 @@
-/* jwsjs-2.2.0 (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+/* jwsjs-2.2.1 (c) 2010-2018 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 /*
  * jwsjs.js - JSON Web Signature JSON Serialization (JWSJS) Class
  *
- * Copyright (c) 2010-2017 Kenji Urushima ([email protected])
+ * Copyright (c) 2010-2018 Kenji Urushima ([email protected])
  *
  * This software is licensed under the terms of the MIT License.
  * https://kjur.github.io/jsrsasign/license/
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name jwsjs-2.0.js
  * @author Kenji Urushima [email protected]
- * @version jsrsasign 8.0.0 jwsjs 2.2.0 (2017-Jun-25)
+ * @version jsrsasign 8.0.0 jwsjs 2.2.1 (2018-Mar-24)
  * @since jsjws 1.2, jsrsasign 4.8.0
  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  */
@@ -261,7 +261,7 @@ KJUR.jws.JWSJS = function() {
 		    throw "malformed signatures";
 		}
 		if (spJWSJS.signatures.length > 0) {
-		    this.signatures = spJWSJS.signatures;
+		    this.aSignatures = spJWSJS.signatures;
 		} else {
 		    throw "malformed signatures";
 		}