@appzung/react-native-code-push 5.7.1

package/ios/CodePush/JWT/Core/Coding/JWTCoding+VersionOne.h

@@ -0,0 +1,119 @@
+//
+//  JWTCoding+VersionOne.h
+//  JWT
+//
+//  Created by Lobanov Dmitry on 27.11.16.
+//  Copyright © 2016 JWTIO. All rights reserved.
+//
+
+#import <JWTCoding.h>
+
+@protocol JWTAlgorithm;
+@class JWTClaimsSet;
+
+@interface JWT (VersionOne)
+#pragma mark - Encode
++ (NSString *)encodeClaimsSet:(JWTClaimsSet *)theClaimsSet withSecret:(NSString *)theSecret;
++ (NSString *)encodeClaimsSet:(JWTClaimsSet *)theClaimsSet withSecret:(NSString *)theSecret algorithm:(id<JWTAlgorithm>)theAlgorithm;
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret;
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret algorithm:(id<JWTAlgorithm>)theAlgorithm;
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret withHeaders:(NSDictionary *)theHeaders algorithm:(id<JWTAlgorithm>)theAlgorithm;
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret withHeaders:(NSDictionary *)theHeaders algorithm:(id<JWTAlgorithm>)theAlgorithm withError:(NSError * __autoreleasing *)theError;
+
+//Will be deprecated in later releases
+#pragma mark - Decode
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theTrustedClaimsSet The JWTClaimsSet to use for verifying the JWT values
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @param theAlgorithmName The name of the algorithm to use for verifying the signature. Required, unless skipping verification
+ @param theForcedOption BOOL indicating if verifying the JWT signature should be skipped. Should only be used for debugging
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName withForcedOption:(BOOL)theForcedOption;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theTrustedClaimsSet The JWTClaimsSet to use for verifying the JWT values
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @param theAlgorithmName The name of the algorithm to use for verifying the signature. Required.
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload.
+
+ Uses the JWTAlgorithmHS512 for decoding
+
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theTrustedClaimsSet The JWTClaimsSet to use for verifying the JWT values
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @param theForcedOption BOOL indicating if verifying the JWT signature should be skipped. Should only be used for debugging
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedOption:(BOOL)theForcedOption;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @param theAlgorithmName The name of the algorithm to use for verifying the signature. Required, unless skipping verification
+ @param skipVerification BOOL indicating if verifying the JWT signature should be skipped. Should only be used for debugging
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName skipVerification:(BOOL)skipVerification;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @param theAlgorithmName The name of the algorithm to use for verifying the signature. Required.
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload
+
+ Uses the JWTAlgorithmHS512 for decoding
+
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @param theForcedOption BOOL indicating if verifying the JWT signature should be skipped.
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedOption:(BOOL)theForcedOption;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload.
+ Uses the JWTAlgorithmHS512 for decoding
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @param theError Error pointer, if there is an error decoding the message, upon return contains an NSError object that describes the problem.
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError * __autoreleasing *)theError;
+
+/**
+ Decodes a JWT and returns the decoded Header and Payload.
+ Uses the JWTAlgorithmHS512 for decoding
+ @param theMessage The encoded JWT
+ @param theSecret The verification key to use for validating the JWT signature
+ @return A dictionary containing the header and payload dictionaries. Keyed to "header" and "payload", respectively. Or nil if an error occurs.
+ */
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret;
+
+@end

package/ios/CodePush/JWT/Core/Coding/JWTCoding+VersionOne.m

@@ -0,0 +1,307 @@
+//
+//  JWTCoding+VersionOne.m
+//  JWT
+//
+//  Created by Lobanov Dmitry on 27.11.16.
+//  Copyright © 2016 JWTIO. All rights reserved.
+//
+
+#import "JWTCoding+VersionOne.h"
+#import "JWTBase64Coder.h"
+
+#import "JWTRSAlgorithm.h"
+
+#import "JWTAlgorithmFactory.h"
+#import "JWTAlgorithmHSBase.h"
+
+#import "JWTAlgorithmDataHolder.h"
+
+#import "JWTClaimsSetSerializer.h"
+#import "JWTClaimsSetVerifier.h"
+
+#import "JWTErrorDescription.h"
+
+@implementation JWT (VersionOne)
+#pragma mark - Private Methods
++ (NSString *)encodeSegment:(id)theSegment withError:(NSError **)error
+{
+    NSData *encodedSegmentData = nil;
+    
+    if (theSegment) {
+        encodedSegmentData = [NSJSONSerialization dataWithJSONObject:theSegment options:0 error:error];
+    }
+    else {
+        // error!
+        NSError *generatedError = [JWTErrorDescription errorWithCode:JWTInvalidSegmentSerializationError];
+        if (error) {
+            *error = generatedError;
+        }
+        NSLog(@"%@ Could not encode segment: %@", self.class, generatedError.localizedDescription);
+        return nil;
+    }
+    
+    NSString *encodedSegment = nil;
+    
+    if (encodedSegmentData) {
+        encodedSegment = [JWTBase64Coder base64UrlEncodedStringWithData:encodedSegmentData];//[encodedSegmentData base64UrlEncodedString];
+    }
+    
+    return encodedSegment;
+}
+
++ (NSString *)encodeSegment:(id)theSegment;
+{
+    NSError *error;
+    return [self encodeSegment:theSegment withError:&error];
+}
+
+#pragma mark - Public Methods
+
++ (NSString *)encodeClaimsSet:(JWTClaimsSet *)theClaimsSet withSecret:(NSString *)theSecret;
+{
+    return [self encodeClaimsSet:theClaimsSet withSecret:theSecret algorithm:[JWTAlgorithmFactory algorithmByName:JWTAlgorithmNameHS512]];
+}
+
++ (NSString *)encodeClaimsSet:(JWTClaimsSet *)theClaimsSet withSecret:(NSString *)theSecret algorithm:(id<JWTAlgorithm>)theAlgorithm;
+{
+    NSDictionary *payload = [JWTClaimsSetSerializer dictionaryWithClaimsSet:theClaimsSet];
+    return [self encodePayload:payload withSecret:theSecret algorithm:theAlgorithm];
+}
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret;
+{
+    return [self encodePayload:thePayload withSecret:theSecret algorithm:[JWTAlgorithmFactory algorithmByName:JWTAlgorithmNameHS512]];
+}
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret algorithm:(id<JWTAlgorithm>)theAlgorithm;
+{
+    return [self encodePayload:thePayload withSecret:theSecret withHeaders:nil algorithm:theAlgorithm];
+}
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret withHeaders:(NSDictionary *)theHeaders algorithm:(id<JWTAlgorithm>)theAlgorithm;
+{
+    
+    NSError *error = nil;
+    NSString *encodedString = [self encodePayload:thePayload withSecret:theSecret withHeaders:theHeaders algorithm:theAlgorithm withError:&error];
+    
+    if (error) {
+        // do something
+    }
+    
+    return encodedString;
+}
+
++ (NSString *)encodePayload:(NSDictionary *)thePayload withSecret:(NSString *)theSecret withHeaders:(NSDictionary *)theHeaders algorithm:(id<JWTAlgorithm>)theAlgorithm withError:(NSError * __autoreleasing *)theError;
+{
+    
+    NSDictionary *header = @{@"typ": @"JWT", @"alg": theAlgorithm.name};
+    NSMutableDictionary *allHeaders = [header mutableCopy];
+    
+    if (theHeaders.allKeys.count) {
+        [allHeaders addEntriesFromDictionary:theHeaders];
+    }
+    
+    NSString *headerSegment = [self encodeSegment:[allHeaders copy] withError:theError];
+    
+    if (!headerSegment) {
+        // encode header segment error
+        if (theError) {
+            *theError = [JWTErrorDescription errorWithCode:JWTEncodingHeaderError];
+        }
+        return nil;
+    }
+    
+    NSString *payloadSegment = [self encodeSegment:thePayload withError:theError];
+    
+    if (!payloadSegment) {
+        // encode payment segment error
+        if (theError) {
+            *theError = [JWTErrorDescription errorWithCode:JWTEncodingPayloadError];
+        }
+        return nil;
+    }
+    
+    if (!theAlgorithm) {
+        // error
+        *theError = [JWTErrorDescription errorWithCode:JWTUnsupportedAlgorithmError];
+        return nil;
+    }
+    
+    NSString *signingInput = [@[headerSegment, payloadSegment] componentsJoinedByString:@"."];
+    NSData *signedOutputData = [theAlgorithm encodePayload:signingInput withSecret:theSecret];
+    NSString *signedOutput = [JWTBase64Coder base64UrlEncodedStringWithData:signedOutputData];
+    
+    return [@[headerSegment, payloadSegment, signedOutput] componentsJoinedByString:@"."];
+}
+
+#pragma mark - Decode
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withTrustedClaimsSet:theTrustedClaimsSet withError:theError withForcedAlgorithmByName:theAlgorithmName withForcedOption:NO];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedOption:(BOOL)theForcedOption
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withTrustedClaimsSet:theTrustedClaimsSet withError:theError withForcedAlgorithmByName:JWTAlgorithmNameHS512 withForcedOption:theForcedOption];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName withForcedOption:(BOOL)theForcedOption
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withTrustedClaimsSet:theTrustedClaimsSet withError:theError withForcedAlgorithmByName:theAlgorithmName withForcedOption:theForcedOption withAlgorithmWhiteList:nil];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withTrustedClaimsSet:(JWTClaimsSet *)theTrustedClaimsSet withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName withForcedOption:(BOOL)theForcedOption withAlgorithmWhiteList:(NSSet *)theWhitelist
+{
+    NSDictionary *dictionary = [self decodeMessage:theMessage withSecret:theSecret withError:theError withForcedAlgorithmByName:theAlgorithmName skipVerification:theForcedOption whitelist:theWhitelist];
+    
+    if (*theError) {
+        // do something
+        return dictionary;
+    }
+    
+    if (theTrustedClaimsSet) {
+        BOOL claimVerified = [JWTClaimsSetVerifier verifyClaimsSet:[JWTClaimsSetSerializer claimsSetWithDictionary:dictionary[@"payload"]] withTrustedClaimsSet:theTrustedClaimsSet];
+        if (claimVerified) {
+            return dictionary;
+        }
+        else {
+            *theError = [JWTErrorDescription errorWithCode:JWTClaimsSetVerificationFailed];
+            return nil;
+        }
+    }
+    
+    return dictionary;
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedOption:(BOOL)theForcedOption;
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withError:theError withForcedAlgorithmByName:JWTAlgorithmNameHS512 skipVerification:theForcedOption];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName;
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withError:theError withForcedAlgorithmByName:theAlgorithmName skipVerification:NO];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName skipVerification:(BOOL)skipVerification
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withError:theError withForcedAlgorithmByName:theAlgorithmName skipVerification:skipVerification whitelist:nil];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError *__autoreleasing *)theError withForcedAlgorithmByName:(NSString *)theAlgorithmName skipVerification:(BOOL)skipVerification whitelist:(NSSet *)theWhitelist
+{
+    NSArray *parts = [theMessage componentsSeparatedByString:@"."];
+    
+    if (parts.count < 3) {
+        // generate error?
+        if (theError) {
+            *theError = [JWTErrorDescription errorWithCode:JWTInvalidFormatError];
+        }
+        return nil;
+    }
+    
+    NSString *headerPart = parts[0];
+    NSString *payloadPart = parts[1];
+    NSString *signedPart = parts[2];
+    
+    // decode headerPart
+    NSError *jsonError = nil;
+    NSData *headerData = [JWTBase64Coder dataWithBase64UrlEncodedString:headerPart];
+    id headerJSON = [NSJSONSerialization JSONObjectWithData:headerData
+                                                    options:0
+                                                      error:&jsonError];
+    if (jsonError) {
+        *theError = [JWTErrorDescription errorWithCode:JWTDecodingHeaderError];
+        return nil;
+    }
+    NSDictionary *header = (NSDictionary *)headerJSON;
+    if (!header) {
+        *theError = [JWTErrorDescription errorWithCode:JWTNoHeaderError];
+        return nil;
+    }
+    
+    if (!skipVerification) {
+        // find algorithm
+        
+        //It is insecure to trust the header's value for the algorithm, since
+        //the signature hasn't been verified yet, so an algorithm must be provided
+        if (!theAlgorithmName) {
+            *theError = [JWTErrorDescription errorWithCode:JWTUnspecifiedAlgorithmError];
+            return nil;
+        }
+        
+        NSString *headerAlgorithmName = header[@"alg"];
+        
+        //If the algorithm in the header doesn't match what's expected, verification fails
+        if (![theAlgorithmName isEqualToString:headerAlgorithmName]) {
+            *theError = [JWTErrorDescription errorWithCode:JWTUnsupportedAlgorithmError];
+            return nil;
+        }
+        
+        //If a whitelist is passed in, ensure the chosen algorithm is allowed
+        if (theWhitelist) {
+            if (![theWhitelist containsObject:theAlgorithmName]) {
+                *theError = [JWTErrorDescription errorWithCode:JWTUnsupportedAlgorithmError];
+                return nil;
+            }
+        }
+        
+        id<JWTAlgorithm> algorithm = [JWTAlgorithmFactory algorithmByName:theAlgorithmName];
+        
+        if (!algorithm) {
+            *theError = [JWTErrorDescription errorWithCode:JWTUnsupportedAlgorithmError];
+            return nil;
+        }
+        
+        // Verify the signed part
+        NSString *signingInput = [@[headerPart, payloadPart] componentsJoinedByString:@"."];
+        BOOL signatureValid = [algorithm verifySignedInput:signingInput withSignature:signedPart verificationKey:theSecret];
+        
+        if (!signatureValid) {
+            *theError = [JWTErrorDescription errorWithCode:JWTInvalidSignatureError];
+            return nil;
+        }
+    }
+    
+    // and decode payload
+    jsonError = nil;
+    NSData *payloadData = [JWTBase64Coder dataWithBase64UrlEncodedString:payloadPart];
+    id payloadJSON = [NSJSONSerialization JSONObjectWithData:payloadData
+                                                     options:0
+                                                       error:&jsonError];
+    if (jsonError) {
+        *theError = [JWTErrorDescription errorWithCode:JWTDecodingPayloadError];
+        return nil;
+    }
+    NSDictionary *payload = (NSDictionary *)payloadJSON;
+    
+    if (!payload) {
+        *theError = [JWTErrorDescription errorWithCode:JWTNoPayloadError];
+        return nil;
+    }
+    
+    NSDictionary *result = @{
+                             @"header" : header,
+                             @"payload" : payload
+                             };
+    
+    return result;
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret withError:(NSError * __autoreleasing *)theError;
+{
+    return [self decodeMessage:theMessage withSecret:theSecret withError:theError withForcedAlgorithmByName:JWTAlgorithmNameHS512];
+}
+
++ (NSDictionary *)decodeMessage:(NSString *)theMessage withSecret:(NSString *)theSecret;
+{
+    NSError *error = nil;
+    NSDictionary *dictionary = [self decodeMessage:theMessage withSecret:theSecret withError:&error];
+    if (error) {
+        // do something
+    }
+    return dictionary;
+}
+
+@end

package/ios/CodePush/JWT/Core/Coding/JWTCoding+VersionThree.h

@@ -0,0 +1,94 @@
+//
+//  JWTCoding+VersionThree.h
+//  JWT
+//
+//  Created by Lobanov Dmitry on 27.11.16.
+//  Copyright © 2016 JWTIO. All rights reserved.
+//
+
+#import <JWTCoding.h>
+
+// encode and decode options
+@protocol JWTAlgorithm;
+@class JWTClaimsSet;
+@class JWTCodingBuilder;
+@class JWTEncodingBuilder;
+@class JWTDecodingBuilder;
+@class JWTAlgorithmDataHolderChain;
+@protocol JWTAlgorithmDataHolderProtocol;
+@class JWTCodingResultType;
+
+@interface JWT (VersionThree)
++ (JWTEncodingBuilder *)encodeWithHolders:(NSArray *)holders;
++ (JWTEncodingBuilder *)encodeWithChain:(JWTAlgorithmDataHolderChain *)chain;
++ (JWTDecodingBuilder *)decodeWithHolders:(NSArray *)holders;
++ (JWTDecodingBuilder *)decodeWithChain:(JWTAlgorithmDataHolderChain *)chain;
+@end
+
+@interface JWTCodingBuilder : NSObject
+#pragma mark - Create
+// each element should conform to JWTAlgorithmDataHolderProtocol
++ (instancetype)createWithHolders:(NSArray *)holders;
++ (instancetype)createWithChain:(JWTAlgorithmDataHolderChain *)chain;
++ (instancetype)createWithEmptyChain;
+
+#pragma mark - Internal
+@property (nonatomic, readonly) JWTAlgorithmDataHolderChain *internalChain;
+@property (copy, nonatomic, readonly) NSNumber *internalOptions;
+
+#pragma mark - Fluent
+@property (copy, nonatomic, readonly) JWTCodingBuilder *(^chain)(JWTAlgorithmDataHolderChain *chain);
+@property (copy, nonatomic, readonly) JWTCodingBuilder *(^constructChain)(JWTAlgorithmDataHolderChain *(^block)());
+@property (copy, nonatomic, readonly) JWTCodingBuilder *(^modifyChain)(JWTAlgorithmDataHolderChain *(^block)(JWTAlgorithmDataHolderChain * chain));
+@property (copy, nonatomic, readonly) JWTCodingBuilder *(^options)(NSNumber *options);
+@property (copy, nonatomic, readonly) JWTCodingBuilder *(^addHolder)(id<JWTAlgorithmDataHolderProtocol> holder);
+//@property (copy, nonatomic, readonly) JWTCodingBuilder *(^constructHolder)(id<JWTAlgorithmDataHolderProtocol>(^block)(id<JWTAlgorithmDataHolderProtocol> holder));
+@end
+
+@interface JWTCodingBuilder (Sugar)
+- (instancetype)and;
+- (instancetype)with;
+@end
+
+@interface JWTCodingBuilder (Coding)
+@property (nonatomic, readonly) JWTCodingResultType *result;
+@end
+
+@interface JWTEncodingBuilder : JWTCodingBuilder
+#pragma mark - Create
++ (instancetype)encodePayload:(NSDictionary *)payload;
++ (instancetype)encodeClaimsSet:(JWTClaimsSet *)claimsSet;
+
+#pragma mark - Internal
+@property (copy, nonatomic, readonly) NSDictionary *internalPayload;
+@property (copy, nonatomic, readonly) NSDictionary *internalHeaders;
+@property (nonatomic, readonly) JWTClaimsSet *internalClaimsSet;
+
+#pragma mark - Fluent
+@property (copy, nonatomic, readonly) JWTEncodingBuilder *(^payload)(NSDictionary *payload);
+@property (copy, nonatomic, readonly) JWTEncodingBuilder *(^headers)(NSDictionary *headers);
+@property (copy, nonatomic, readonly) JWTEncodingBuilder *(^claimsSet)(JWTClaimsSet *claimsSet);
+
+@end
+
+@interface JWTEncodingBuilder (Coding)
+@property (nonatomic, readonly) JWTCodingResultType *encode;
+@end
+
+@interface JWTDecodingBuilder : JWTCodingBuilder
+#pragma mark - Create
++ (instancetype)decodeMessage:(NSString *)message;
+
+#pragma mark - Internal
+@property (copy, nonatomic, readonly) NSString *internalMessage;
+@property (nonatomic, readonly) JWTClaimsSet *internalClaimsSet;
+
+#pragma mark - Fluent
+@property (copy, nonatomic, readonly) JWTDecodingBuilder *(^message)(NSString *message);
+@property (copy, nonatomic, readonly) JWTDecodingBuilder *(^claimsSet)(JWTClaimsSet *claimsSet);
+
+@end
+
+@interface JWTDecodingBuilder (Coding)
+@property (nonatomic, readonly) JWTCodingResultType *decode;
+@end