cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [2/2] git commit: Moving crypto related OAuth2 utility classes to a subpackage to minimize the noise
Date Thu, 08 May 2014 11:46:09 GMT
Moving crypto related OAuth2 utility classes to a subpackage to minimize the noise


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0e463319
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0e463319
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0e463319

Branch: refs/heads/master
Commit: 0e46331980807ef10534d0079a3636fa41b835e1
Parents: 21bfb9a
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu May 8 12:45:50 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu May 8 12:45:50 2014 +0100

----------------------------------------------------------------------
 .../oauth2/grants/code/DigestCodeVerifier.java  |   6 +-
 .../oauth2/tokens/hawk/HawkAccessToken.java     |   2 +-
 .../tokens/hawk/HawkAccessTokenValidator.java   |   2 +-
 .../tokens/hawk/HawkAuthorizationScheme.java    |   2 +-
 .../oauth2/utils/EncryptionException.java       |  31 --
 .../security/oauth2/utils/EncryptionUtils.java  | 378 --------------
 .../cxf/rs/security/oauth2/utils/HmacUtils.java | 127 -----
 .../oauth2/utils/MessageDigestGenerator.java    |  76 ---
 .../oauth2/utils/ModelEncryptionSupport.java    | 493 -------------------
 .../rs/security/oauth2/utils/OAuthUtils.java    |   8 +-
 .../oauth2/utils/SecretKeyProperties.java       |  88 ----
 .../utils/crypto/EncryptionException.java       |  31 ++
 .../oauth2/utils/crypto/EncryptionUtils.java    | 392 +++++++++++++++
 .../security/oauth2/utils/crypto/HmacUtils.java | 128 +++++
 .../oauth2/utils/crypto/KeyProperties.java      |  88 ++++
 .../oauth2/utils/crypto/MessageDigestUtils.java |  80 +++
 .../utils/crypto/ModelEncryptionSupport.java    | 493 +++++++++++++++++++
 .../utils/CodeGrantEncryptingDataProvider.java  |  55 ---
 .../oauth2/utils/EncryptingDataProvider.java    | 148 ------
 .../oauth2/utils/EncryptionUtilsTest.java       | 273 ----------
 .../crypto/CodeGrantEncryptingDataProvider.java |  55 +++
 .../utils/crypto/EncryptingDataProvider.java    | 149 ++++++
 .../utils/crypto/EncryptionUtilsTest.java       | 273 ++++++++++
 23 files changed, 1699 insertions(+), 1679 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
index e663e86..60597c5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
@@ -19,13 +19,13 @@
 package org.apache.cxf.rs.security.oauth2.grants.code;
 
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.MessageDigestGenerator;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.MessageDigestUtils;
 
 public class DigestCodeVerifier implements CodeVerifierTransformer {
 
     public String transformCodeVerifier(String codeVerifier) {
-        MessageDigestGenerator mdg = new MessageDigestGenerator();
-        byte[] digest = mdg.createDigest(codeVerifier, MessageDigestGenerator.ALGO_SHA_256);
+        byte[] digest = MessageDigestUtils.createDigest(codeVerifier, 
+                                                        MessageDigestUtils.ALGO_SHA_256);
         int length = digest.length > 128 / 8 ? 128 / 8 : digest.length;
         
         return Base64UrlUtility.encodeChunk(digest, 0, length);

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
index 0745a18..2bcccfe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
@@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.utils.HmacUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
 
 //https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
 //->

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
index 6e127b7..82d5876 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
@@ -34,8 +34,8 @@ import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
-import org.apache.cxf.rs.security.oauth2.utils.HmacUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
 
 public class HawkAccessTokenValidator implements AccessTokenValidator {
     private OAuthDataProvider dataProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
index 55e09e5..02073e9 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
@@ -25,8 +25,8 @@ import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
 import org.apache.cxf.rs.security.oauth2.common.AccessToken;
-import org.apache.cxf.rs.security.oauth2.utils.HmacUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
 // https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
 // ->
 // https://github.com/hueniverse/hawk/blob/master/README.md

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionException.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionException.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionException.java
deleted file mode 100644
index 279b400..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionException.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.utils;
-
-public class EncryptionException extends RuntimeException {
-    private static final long serialVersionUID = -8231433265954055715L;
-
-    public EncryptionException(String message) {
-        super(message);
-    }
-    
-    public EncryptionException(Throwable t) {
-        super(t);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
deleted file mode 100644
index 89589be..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
+++ /dev/null
@@ -1,378 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth2.utils;
-
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.RSAPrivateKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.CompressionUtils;
-import org.apache.cxf.helpers.IOUtils;
-
-
-/**
- * Encryption helpers
- */
-public final class EncryptionUtils {
-    private EncryptionUtils() {
-    }
-    
-    public static String encodeSecretKey(SecretKey key) throws EncryptionException {
-        return encodeBytes(key.getEncoded());
-    }
-    
-    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
-        throws EncryptionException {
-        SecretKeyProperties props = new SecretKeyProperties(publicKey.getAlgorithm());
-        return encryptSecretKey(secretKey, publicKey, props);
-    }
-    
-    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
-        SecretKeyProperties props) throws EncryptionException {
-        byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(), 
-                                             publicKey,
-                                             props);
-        return encodeBytes(encryptedBytes);
-    }
-    
-    public static RSAPublicKey getRsaPublicKey(KeyFactory factory, 
-                                         String encodedModulus,
-                                         String encodedPublicExponent) {
-        try {
-            return getRSAPublicKey(factory, 
-                                Base64UrlUtility.decode(encodedModulus),
-                                Base64UrlUtility.decode(encodedPublicExponent));
-        } catch (Base64Exception ex) { 
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
-                                         byte[] modulusBytes,
-                                         byte[] publicExponentBytes) {
-        BigInteger modulus =  new BigInteger(1, modulusBytes);
-        BigInteger publicExponent =  new BigInteger(1, publicExponentBytes);
-        try {
-            return (RSAPublicKey)factory.generatePublic(
-                new RSAPublicKeySpec(modulus, publicExponent));
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static RSAPrivateKey getRSAPrivateKey(KeyFactory factory, 
-                                               String encodedModulus,
-                                               String encodedPrivateExponent) {
-        try {
-            return getRSAPrivateKey(factory, 
-                                   Base64UrlUtility.decode(encodedModulus),
-                                   Base64UrlUtility.decode(encodedPrivateExponent));
-        } catch (Base64Exception ex) { 
-            throw new EncryptionException(ex);
-        }
-    }
-      
-    public static RSAPrivateKey getRSAPrivateKey(KeyFactory factory,
-                                         byte[] modulusBytes,
-                                         byte[] privateExponentBytes) {
-        BigInteger modulus =  new BigInteger(1, modulusBytes);
-        BigInteger privateExponent =  new BigInteger(1, privateExponentBytes);
-        try {
-            return (RSAPrivateKey)factory.generatePrivate(
-                new RSAPrivateKeySpec(modulus, privateExponent));
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static SecretKey getSecretKey() throws Exception {
-        return getSecretKey("AES");
-    }
-    
-    public static SecretKey getSecretKey(String symEncAlgo) throws EncryptionException {
-        return getSecretKey(new SecretKeyProperties(symEncAlgo));
-    }
-    
-    public static SecretKey getSecretKey(SecretKeyProperties props) throws EncryptionException {
-        try {
-            KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
-            AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
-            SecureRandom random = props.getSecureRandom();
-            if (algoSpec != null) {
-                if (random != null) {
-                    keyGen.init(algoSpec, random);
-                } else {
-                    keyGen.init(algoSpec);
-                }
-            } else {
-                int keySize = props.getKeySize();
-                if (keySize == -1) {
-                    keySize = 128;
-                }
-                if (random != null) {
-                    keyGen.init(keySize, random);
-                } else {
-                    keyGen.init(keySize);
-                }
-            }
-            
-            return keyGen.generateKey();
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static String decryptSequence(String encodedToken, String encodedSecretKey)
-        throws EncryptionException {
-        return decryptSequence(encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
-    }
-    
-    public static String decryptSequence(String encodedData, String encodedSecretKey, 
-        SecretKeyProperties props) throws EncryptionException {
-        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptSequence(encodedData, key, props);
-    }
-    
-    public static String decryptSequence(String encodedData, Key secretKey) throws EncryptionException {
-        return decryptSequence(encodedData, secretKey, null);
-    }
-    
-    public static String decryptSequence(String encodedData, Key secretKey,
-        SecretKeyProperties props) throws EncryptionException {
-        byte[] encryptedBytes = decodeSequence(encodedData);
-        byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
-        try {
-            return new String(bytes, "UTF-8");
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static String encryptSequence(String sequence, Key secretKey) throws EncryptionException {
-        return encryptSequence(sequence, secretKey, null);
-    }
-    
-    public static String encryptSequence(String sequence, Key secretKey,
-        SecretKeyProperties keyProps) throws EncryptionException {
-        try {
-            byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
-            return encodeBytes(bytes);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static String encodeBytes(byte[] bytes) throws EncryptionException {
-        try {
-            return Base64UrlUtility.encode(bytes);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws EncryptionException {
-        return encryptBytes(bytes, secretKey, null);
-    }
-    
-    public static byte[] encryptBytes(byte[] bytes, Key secretKey,
-        SecretKeyProperties keyProps) throws EncryptionException {
-        return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
-    }
-    
-    public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws EncryptionException {
-        return decryptBytes(bytes, secretKey, null);
-    }
-    
-    public static byte[] decryptBytes(byte[] bytes, Key secretKey, 
-        SecretKeyProperties keyProps) throws EncryptionException {
-        return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
-    }
-    
-    public static byte[] wrapSecretKey(byte[] keyBytes, 
-                                       String keyAlgo,
-                                       Key wrapperKey,
-                                       String wrapperKeyAlgo)  throws EncryptionException {
-        return wrapSecretKey(new SecretKeySpec(keyBytes, keyAlgo), wrapperKey, 
-                             new SecretKeyProperties(wrapperKeyAlgo));
-    }
-    
-    public static byte[] wrapSecretKey(SecretKey secretKey,
-                                       Key wrapperKey,
-                                       SecretKeyProperties keyProps)  throws EncryptionException {
-        try {
-            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
-            return c.wrap(secretKey);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            String unwrapperKeyAlgo)  throws EncryptionException {
-        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
-                               new SecretKeyProperties(unwrapperKeyAlgo));
-    }
-    
-    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            SecretKeyProperties keyProps)  throws EncryptionException {
-        try {
-            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
-            return (SecretKey)c.unwrap(wrappedBytes, wrappedKeyAlgo, Cipher.SECRET_KEY);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    private static byte[] processBytes(byte[] bytes, 
-                                      Key secretKey, 
-                                      SecretKeyProperties keyProps, 
-                                      int mode)  throws EncryptionException {
-        boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
-        if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
-            bytes = CompressionUtils.deflate(bytes, false);
-        }
-        try {
-            Cipher c = initCipher(secretKey, keyProps, mode);
-            byte[] result = new byte[0];
-            int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
-            if (secretKey instanceof SecretKey && blockSize == -1) {
-                result = c.doFinal(bytes);
-            } else {
-                if (blockSize == -1) {
-                    blockSize = secretKey instanceof PublicKey ? 117 : 128;
-                }
-                int offset = 0;
-                for (; offset + blockSize < bytes.length; offset += blockSize) {
-                    result = addToResult(result, c.doFinal(bytes, offset, blockSize));
-                }
-                if (offset < bytes.length) {
-                    result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
-                }
-            }
-            if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
-                result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
-            }
-            return result;
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static Cipher initCipher(Key secretKey, SecretKeyProperties keyProps, int mode)  throws EncryptionException {
-        try {
-            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null 
-                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
-            Cipher c = Cipher.getInstance(algorithm);
-            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
-                c.init(mode, secretKey);
-            } else {
-                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
-                SecureRandom random = keyProps.getSecureRandom();
-                if (algoSpec == null) {
-                    c.init(mode, secretKey, random);
-                } else if (random == null) {
-                    c.init(mode, secretKey, algoSpec);
-                } else {
-                    c.init(mode, secretKey, algoSpec, random);
-                }
-            }
-            if (keyProps != null && keyProps.getAdditionalData() != null) {
-                // TODO: call updateAAD directly after switching to Java7
-                Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
-                m.invoke(c, new Object[]{keyProps.getAdditionalData()});
-            }
-            return c;
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    private static byte[] addToResult(byte[] prefix, byte[] suffix) {
-        byte[] result = new byte[prefix.length + suffix.length];
-        System.arraycopy(prefix, 0, result, 0, prefix.length);
-        System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
-        return result;
-    }
-    
-    public static SecretKey decodeSecretKey(String encodedSecretKey) throws EncryptionException {
-        return decodeSecretKey(encodedSecretKey, "AES");
-    }
-    
-    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) 
-        throws EncryptionException {
-        byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
-        return recreateSecretKey(secretKeyBytes, secretKeyAlgo);
-    }
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             PrivateKey privateKey) {
-        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
-    }
-    
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             String secretKeyAlgo,
-                                             PrivateKey privateKey)
-        throws EncryptionException {
-        SecretKeyProperties props = new SecretKeyProperties(privateKey.getAlgorithm());
-        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
-    }
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             String secretKeyAlgo,
-                                             SecretKeyProperties props,
-                                             PrivateKey privateKey) throws EncryptionException {
-        byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
-        byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
-        return recreateSecretKey(descryptedBytes, secretKeyAlgo);
-    }
-    
-    public static SecretKey recreateSecretKey(byte[] bytes, String algo) {
-        return new SecretKeySpec(bytes, algo);
-    }
-    
-    public static byte[] decodeSequence(String encodedSequence) throws EncryptionException {
-        try {
-            return Base64UrlUtility.decode(encodedSequence);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/HmacUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/HmacUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/HmacUtils.java
deleted file mode 100644
index 1e17027..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/HmacUtils.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.utils;
-
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-
-public final class HmacUtils {
-    
-    private HmacUtils() {
-        
-    }
-    
-    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
-        return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
-    }
-    
-    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
-        byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
-        return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
-    }
-    
-    public static Mac getMac(String macAlgoJavaName) {
-        return getMac(macAlgoJavaName, (String)null);
-    }
-    
-    public static Mac getMac(String macAlgoJavaName, String provider) {
-        try {
-            return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
-        } catch (NoSuchAlgorithmException e) {
-            throw new OAuthServiceException(e);
-        } catch (NoSuchProviderException e) {
-            throw new OAuthServiceException(e);
-        }
-    }
-    
-    public static Mac getMac(String macAlgoJavaName, Provider provider) {
-        try {
-            return Mac.getInstance(macAlgoJavaName, provider);
-        } catch (NoSuchAlgorithmException e) {
-            throw new OAuthServiceException(e);
-        }
-    }
-    
-    public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
-        Mac mac = getMac(macAlgoJavaName);
-        return computeHmac(key, mac, data);
-    }
-    
-    public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
-        Mac mac = getMac(macAlgoJavaName);
-        return computeHmac(key, mac, data);
-    }
-    
-    public static byte[] computeHmac(String key, Mac hmac, String data) {
-        try {
-            return computeHmac(key.getBytes("UTF-8"), hmac, data);
-        } catch (UnsupportedEncodingException e) {
-            throw new OAuthServiceException(e);
-        }
-    }
-    
-    public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
-        SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
-        return computeHmac(secretKey, hmac, data);
-    }
-    
-    public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
-        return computeHmac(secretKey, hmac, null, data);
-    }
-    
-    public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
-        try {
-            if (spec == null) {
-                hmac.init(secretKey);
-            } else {
-                hmac.init(secretKey, spec);
-            }
-            return hmac.doFinal(data.getBytes());
-        } catch (InvalidKeyException e) {
-            throw new OAuthServiceException(e);
-        } catch (InvalidAlgorithmParameterException e) {
-            throw new OAuthServiceException(e);
-        }
-    }
-    
-    public static String generateKey(String algo) {
-        try {
-            KeyGenerator keyGen = KeyGenerator.getInstance(algo);
-            return Base64Utility.encode(keyGen.generateKey().getEncoded());
-        } catch (NoSuchAlgorithmException e) {
-            throw new OAuthServiceException(e);
-        }
-    }
-    
-       
-       
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
deleted file mode 100644
index 15d4870..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestGenerator.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.utils;
-
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-
-/**
- * The utility Message Digest generator which can be used for generating
- * random values
- */
-public class MessageDigestGenerator {
-    public static final String ALGO_SHA_1 = "SHA-1";
-    public static final String ALGO_SHA_256 = "SHA-256";
-    public static final String ALGO_MD5 = "MD5";
-    
-    private String algorithm = ALGO_MD5;
-        
-    public String generate(byte[] input) throws OAuthServiceException {
-        if (input == null) {
-            throw new OAuthServiceException("You have to pass input to Token Generator");
-        }
-
-        try {
-            byte[] messageDigest = createDigest(input, algorithm);
-            StringBuffer hexString = new StringBuffer();
-            for (int i = 0; i < messageDigest.length; i++) {
-                hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
-            }
-
-            return hexString.toString();
-        } catch (NoSuchAlgorithmException e) {
-            throw new OAuthServiceException("server_error", e);
-        }
-    }
-
-    public byte[] createDigest(String input, String algo) {
-        try {
-            return createDigest(input.getBytes("UTF-8"), algo);
-        } catch (UnsupportedEncodingException e) {
-            throw new OAuthServiceException("server_error", e);
-        } catch (NoSuchAlgorithmException e) {
-            throw new OAuthServiceException("server_error", e);
-        }   
-    }
-    
-    public byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException { 
-        MessageDigest md = MessageDigest.getInstance(algo);
-        md.reset();
-        md.update(input);
-        return md.digest();
-    }
-    
-    public void setAlgorithm(String algo) {
-        this.algorithm = algo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
deleted file mode 100644
index f641ad9..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
+++ /dev/null
@@ -1,493 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth2.utils;
-
-import java.security.Key;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
-
-/**
- * Default Model Encryption helpers
- */
-public final class ModelEncryptionSupport {
-    private static final String SEP = "|";
-    private ModelEncryptionSupport() {
-    }
-    
-    public static String encryptClient(Client client, Key secretKey) throws EncryptionException {
-        return encryptClient(client, secretKey, null);
-    }
-     
-    public static String encryptClient(Client client, Key secretKey,
-                                       SecretKeyProperties props) throws EncryptionException {
-        String tokenSequence = tokenizeClient(client);
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
-    }
-    
-    public static String encryptAccessToken(ServerAccessToken token, Key secretKey) throws EncryptionException {
-        return encryptAccessToken(token, secretKey, null);
-    }
-    
-    public static String encryptAccessToken(ServerAccessToken token, Key secretKey,
-                                            SecretKeyProperties props) throws EncryptionException {
-        String tokenSequence = tokenizeServerToken(token);
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
-    }
-    
-    public static String encryptRefreshToken(RefreshToken token, Key secretKey) throws EncryptionException {
-        return encryptRefreshToken(token, secretKey, null);
-    }
-    
-    public static String encryptRefreshToken(RefreshToken token, Key secretKey,
-                                             SecretKeyProperties props) throws EncryptionException {
-        String tokenSequence = tokenizeRefreshToken(token);
-        
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
-    }
-    
-    public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey) 
-        throws EncryptionException {
-        return encryptCodeGrant(grant, secretKey, null);
-    }
-    
-    public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey,
-                                          SecretKeyProperties props) throws EncryptionException {
-        String tokenSequence = tokenizeCodeGrant(grant);
-        
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
-    }
-    
-    public static Client decryptClient(String encodedSequence, String encodedSecretKey) 
-        throws EncryptionException {
-        return decryptClient(encodedSequence, encodedSecretKey, new SecretKeyProperties("AES"));
-    }
-    
-    public static Client decryptClient(String encodedSequence, String encodedSecretKey,
-                                       SecretKeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptClient(encodedSequence, key, props);
-    }
-    
-    public static Client decryptClient(String encodedSequence, Key secretKey) throws EncryptionException {
-        return decryptClient(encodedSequence, secretKey, null);
-    }
-    
-    public static Client decryptClient(String encodedData, Key secretKey, 
-                                       SecretKeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
-        return recreateClient(decryptedSequence);
-    }
-    
-    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 String encodedSecretKey) throws EncryptionException {
-        return decryptAccessToken(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
-    }
-    
-    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 String encodedSecretKey,
-                                                 SecretKeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptAccessToken(provider, encodedToken, key, props);
-    }
-    
-    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 Key secretKey) throws EncryptionException {
-        return decryptAccessToken(provider, encodedToken, secretKey, null);
-    }
-    
-    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
-                                                 String encodedData, 
-                                                 Key secretKey, 
-                                                 SecretKeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
-        return recreateAccessToken(provider, encodedData, decryptedSequence);
-    }
-    
-    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
-                                                   String encodedToken, 
-                                                   String encodedSecretKey) throws EncryptionException {
-        return decryptRefreshToken(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
-    }
-    
-    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
-                                                  String encodedToken, 
-                                                  String encodedSecretKey,
-                                                  SecretKeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptRefreshToken(provider, encodedToken, key, props);
-    }
-    
-    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
-                                                   String encodedToken, 
-                                                   Key key) throws EncryptionException {
-        return decryptRefreshToken(provider, encodedToken, key, null);
-    }
-    
-    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
-                                                   String encodedData, 
-                                                   Key key, 
-                                                   SecretKeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key, props);
-        return recreateRefreshToken(provider, encodedData, decryptedSequence);
-    }
-    
-    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
-                                                   String encodedToken, 
-                                                   String encodedSecretKey) throws EncryptionException {
-        return decryptCodeGrant(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
-    }
-    
-    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
-                                                  String encodedToken, 
-                                                  String encodedSecretKey,
-                                                  SecretKeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptCodeGrant(provider, encodedToken, key, props);
-    }
-    
-    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
-                                                   String encodedToken, 
-                                                   Key key) throws EncryptionException {
-        return decryptCodeGrant(provider, encodedToken, key, null);
-    }
-    
-    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
-                                                   String encodedData, 
-                                                   Key key, 
-                                                   SecretKeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key, props);
-        return recreateCodeGrant(provider, decryptedSequence);
-    }
-    
-    public static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
-                                                  String newTokenKey,
-                                                  String decryptedSequence) throws EncryptionException {
-        return recreateAccessToken(provider, newTokenKey, getParts(decryptedSequence));
-    }
-    
-    public static RefreshToken recreateRefreshToken(OAuthDataProvider provider,
-                                                    String newTokenKey,
-                                                    String decryptedSequence) throws EncryptionException {
-        String[] parts = getParts(decryptedSequence);
-        ServerAccessToken token = recreateAccessToken(provider, newTokenKey, parts);
-        return new RefreshToken(token, 
-                                newTokenKey, 
-                                parseSimpleList(parts[parts.length - 1]));
-    }
-    
-    public static ServerAuthorizationCodeGrant recreateCodeGrant(OAuthDataProvider provider,
-        String decryptedSequence) throws EncryptionException {
-        return recreateCodeGrantInternal(provider, decryptedSequence);
-    }
-    
-    public static Client recreateClient(String sequence) throws EncryptionException {
-        return recreateClientInternal(sequence);
-    }
-    
-    private static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
-                                                  String newTokenKey,
-                                                  String[] parts) {
-        
-        
-        @SuppressWarnings("serial")
-        final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
-                                                                 parts[1],
-                                                                 newTokenKey == null ? parts[0] : newTokenKey,
-                                                                 Long.valueOf(parts[2]),
-                                                                 Long.valueOf(parts[3])) {
-        };  
-        
-        newToken.setRefreshToken(getStringPart(parts[5]));
-        newToken.setGrantType(getStringPart(parts[6]));
-        newToken.setAudience(getStringPart(parts[7]));
-        newToken.setParameters(parseSimpleMap(parts[8]));
-        
-        // Permissions
-        if (!parts[9].trim().isEmpty()) {
-            List<OAuthPermission> perms = new LinkedList<OAuthPermission>(); 
-            String[] allPermParts = parts[9].split("\\.");
-            for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
-                OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
-                perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
-                perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
-                perm.setUris(parseSimpleList(allPermParts[i + 4]));
-                perms.add(perm);
-            }
-            newToken.setScopes(perms);
-        }
-        //UserSubject:
-        newToken.setSubject(recreateUserSubject(parts[10]));
-                
-        return newToken;
-    }
-    
-    private static String tokenizeRefreshToken(RefreshToken token) {
-        String seq = tokenizeServerToken(token);
-        return seq + SEP + token.getAccessTokens().toString();
-    }
-    
-    private static String tokenizeServerToken(ServerAccessToken token) {
-        StringBuilder state = new StringBuilder();
-        // 0: key
-        state.append(tokenizeString(token.getTokenKey()));
-        // 1: type
-        state.append(SEP);
-        state.append(tokenizeString(token.getTokenType()));
-        // 2: expiresIn 
-        state.append(SEP);
-        state.append(token.getExpiresIn());
-        // 3: issuedAt
-        state.append(SEP);
-        state.append(token.getIssuedAt());
-        // 4: client id
-        state.append(SEP);
-        state.append(tokenizeString(token.getClient().getClientId()));
-        // 5: refresh token
-        state.append(SEP);
-        state.append(tokenizeString(token.getRefreshToken()));
-        // 6: grant type
-        state.append(SEP);
-        state.append(tokenizeString(token.getGrantType()));
-        // 7: audience
-        state.append(SEP);
-        state.append(tokenizeString(token.getAudience()));
-        // 8: other parameters
-        state.append(SEP);
-        // {key=value, key=value}
-        state.append(token.getParameters().toString());
-        // 9: permissions
-        state.append(SEP);
-        if (token.getScopes().isEmpty()) {
-            state.append(" ");
-        } else {
-            for (OAuthPermission p : token.getScopes()) {
-                // 9.1
-                state.append(tokenizeString(p.getPermission()));
-                state.append(".");
-                // 9.2
-                state.append(tokenizeString(p.getDescription()));
-                state.append(".");
-                // 9.3
-                state.append(p.isDefault());
-                state.append(".");
-                // 9.4
-                state.append(p.getHttpVerbs().toString());
-                state.append(".");
-                // 9.5
-                state.append(p.getUris().toString());
-            }
-        }
-        state.append(SEP);
-        // 10: user subject
-        tokenizeUserSubject(state, token.getSubject());
-        
-        return state.toString();
-    }
-    
-
-    private static Client recreateClientInternal(String sequence) {
-        String[] parts = getParts(sequence);
-        Client c = new Client(parts[0], 
-                              parts[1], 
-                              Boolean.valueOf(parts[2]), 
-                              getStringPart(parts[3]), getStringPart(parts[4]));
-        c.setApplicationDescription(getStringPart(parts[5]));
-        c.setApplicationLogoUri(getStringPart(parts[6]));
-        c.setAllowedGrantTypes(parseSimpleList(parts[7]));
-        c.setRegisteredScopes(parseSimpleList(parts[8]));
-        c.setRedirectUris(parseSimpleList(parts[9]));
-        c.setRegisteredAudiences(parseSimpleList(parts[10]));
-        c.setProperties(parseSimpleMap(parts[11]));
-        c.setSubject(recreateUserSubject(parts[12]));
-        return c; 
-    }
-    private static String tokenizeClient(Client client) {
-        StringBuilder state = new StringBuilder();
-        // 0: id
-        state.append(tokenizeString(client.getClientId()));
-        state.append(SEP);
-        // 1: secret
-        state.append(tokenizeString(client.getClientSecret()));
-        state.append(SEP);
-        // 2: confidentiality
-        state.append(client.isConfidential());
-        state.append(SEP);
-        // 3: app name
-        state.append(tokenizeString(client.getApplicationName()));
-        state.append(SEP);
-        // 4: app web URI
-        state.append(tokenizeString(client.getApplicationWebUri()));
-        state.append(SEP);
-        // 5: app description
-        state.append(tokenizeString(client.getApplicationDescription()));
-        state.append(SEP);
-        // 6: app logo URI
-        state.append(tokenizeString(client.getApplicationLogoUri()));
-        state.append(SEP);
-        // 7: grants
-        state.append(client.getAllowedGrantTypes().toString());
-        state.append(SEP);
-        // 8: redirect URIs
-        state.append(client.getRedirectUris().toString());
-        state.append(SEP);
-        // 9: registered scopes
-        state.append(client.getRegisteredScopes().toString());
-        state.append(SEP);
-        // 10: registered audiences
-        state.append(client.getRegisteredAudiences().toString());
-        state.append(SEP);
-        // 11: properties
-        state.append(client.getProperties().toString());
-        state.append(SEP);
-        // 12: subject
-        tokenizeUserSubject(state, client.getSubject());
-        
-        return state.toString();
-    }
-    private static ServerAuthorizationCodeGrant recreateCodeGrantInternal(OAuthDataProvider provider,
-                                                                          String sequence) {
-        String[] parts = getParts(sequence);
-        ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(provider.getClient(parts[0]),
-                                                                              parts[1],
-                                                                              Long.valueOf(parts[2]),
-                                                                              Long.valueOf(parts[3]));
-        grant.setRedirectUri(getStringPart(parts[4]));
-        grant.setAudience(getStringPart(parts[5]));
-        grant.setClientCodeVerifier(getStringPart(parts[6]));
-        grant.setApprovedScopes(parseSimpleList(parts[7]));
-        grant.setSubject(recreateUserSubject(parts[8]));
-        return grant; 
-    }
-    private static String tokenizeCodeGrant(ServerAuthorizationCodeGrant grant) {
-        StringBuilder state = new StringBuilder();
-        // 0: client id
-        state.append(grant.getClient().getClientId());
-        state.append(SEP);
-        // 1: code
-        state.append(tokenizeString(grant.getCode()));
-        state.append(SEP);
-        // 2: expiresIn
-        state.append(grant.getExpiresIn());
-        state.append(SEP);
-        // 3: issuedAt
-        state.append(grant.getIssuedAt());
-        state.append(SEP);
-        // 4: redirect URI
-        state.append(tokenizeString(grant.getRedirectUri()));
-        state.append(SEP);
-        // 5: audience
-        state.append(tokenizeString(grant.getAudience()));
-        state.append(SEP);
-        // 6: code verifier
-        state.append(tokenizeString(grant.getClientCodeVerifier()));
-        state.append(SEP);
-        // 7: approved scopes
-        state.append(grant.getApprovedScopes().toString());
-        state.append(SEP);
-        // 8: subject
-        tokenizeUserSubject(state, grant.getSubject());
-        
-        return state.toString();
-    }
-    
-    private static String getStringPart(String str) {
-        return " ".equals(str) ? null : str;
-    }
-    
-    private static String prepareSimpleString(String str) {
-        return str.trim().isEmpty() ? "" : str.substring(1, str.length() - 1);
-    }
-    
-    private static List<String> parseSimpleList(String listStr) {
-        String pureStringList = prepareSimpleString(listStr);
-        if (pureStringList.isEmpty()) {
-            return Collections.emptyList();
-        } else {
-            return Arrays.asList(pureStringList.split(","));
-        }
-    }
-    
-    private static Map<String, String> parseSimpleMap(String mapStr) {
-        Map<String, String> props = new HashMap<String, String>();
-        List<String> entries = parseSimpleList(mapStr);
-        for (String entry : entries) {
-            String[] pair = entry.split("=");
-            props.put(pair[0], pair[1]);
-        }
-        return props;
-    }
-    
-    private static String[] getParts(String sequence) {
-        return sequence.split("\\" + SEP);
-    }
-    
-    private static UserSubject recreateUserSubject(String sequence) {
-        UserSubject subject = null;
-        if (!sequence.trim().isEmpty()) {
-            String[] subjectParts = sequence.split("\\.");
-            subject = new UserSubject(getStringPart(subjectParts[0]), getStringPart(subjectParts[1]));
-            subject.setRoles(parseSimpleList(subjectParts[2]));
-            subject.setProperties(parseSimpleMap(subjectParts[3]));
-        }
-        return subject;
-        
-        
-    }
-    
-    private static void tokenizeUserSubject(StringBuilder state, UserSubject subject) {
-        if (subject != null) {
-            // 1
-            state.append(tokenizeString(subject.getLogin()));
-            state.append(".");
-            // 2
-            state.append(tokenizeString(subject.getId()));
-            state.append(".");
-            // 3
-            state.append(subject.getRoles().toString());
-            state.append(".");
-            // 4
-            state.append(subject.getProperties().toString());
-        } else {
-            state.append(" ");
-        }
-    }
-    
-    private static String tokenizeString(String str) {
-        return str != null ? str : " ";
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 03ec39e..09aa0d0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.MessageDigestUtils;
 import org.apache.cxf.security.LoginSecurityContext;
 import org.apache.cxf.security.SecurityContext;
 
@@ -112,11 +113,10 @@ public final class OAuthUtils {
     public static String generateRandomTokenKey(String digestAlgo) throws OAuthServiceException {
         try {
             byte[] bytes = UUID.randomUUID().toString().getBytes("UTF-8");
-            MessageDigestGenerator gen = new MessageDigestGenerator();
-            if (digestAlgo != null) {
-                gen.setAlgorithm(digestAlgo);
+            if (digestAlgo == null) {
+                digestAlgo = MessageDigestUtils.ALGO_MD5;
             }
-            return gen.generate(bytes);
+            return MessageDigestUtils.generate(bytes, digestAlgo);
         } catch (Exception ex) {
             throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, ex);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
deleted file mode 100644
index a1e2639..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.utils;
-
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-public class SecretKeyProperties {
-    private String keyAlgo;
-    private int keySize;
-    private int blockSize = -1;
-    private byte[] additionalData;
-    private SecureRandom secureRandom;
-    private AlgorithmParameterSpec algoSpec;
-    private boolean compressionSupported;
-    
-    public SecretKeyProperties() {
-    }
-    
-    public SecretKeyProperties(String keyAlgo) {
-        this(keyAlgo, -1);
-    }
-    public SecretKeyProperties(String keyAlgo, int keySize) {
-        this.keyAlgo = keyAlgo;
-        this.keySize = keySize;
-    }
-    public String getKeyAlgo() {
-        return keyAlgo;
-    }
-    public void setKeyAlgo(String keyAlgo) {
-        this.keyAlgo = keyAlgo;
-    }
-    public int getKeySize() {
-        return keySize;
-    }
-    public void setKeySize(int keySize) {
-        this.keySize = keySize;
-    }
-    public SecureRandom getSecureRandom() {
-        return secureRandom;
-    }
-    public void setSecureRandom(SecureRandom secureRandom) {
-        this.secureRandom = secureRandom;
-    }
-    public AlgorithmParameterSpec getAlgoSpec() {
-        return algoSpec;
-    }
-    public void setAlgoSpec(AlgorithmParameterSpec algoSpec) {
-        this.algoSpec = algoSpec;
-    }
-    public int getBlockSize() {
-        return blockSize;
-    }
-    public void setBlockSize(int blockSize) {
-        this.blockSize = blockSize;
-    }
-    public boolean isCompressionSupported() {
-        return compressionSupported;
-    }
-    public void setCompressionSupported(boolean compressionSupported) {
-        this.compressionSupported = compressionSupported;
-    }
-    public byte[] getAdditionalData() {
-        return additionalData;
-    }
-    public void setAdditionalData(byte[] additionalData) {
-        this.additionalData = additionalData;
-    }
-    
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java
new file mode 100644
index 0000000..d6b80ec
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.utils.crypto;
+
+public class EncryptionException extends RuntimeException {
+    private static final long serialVersionUID = -8231433265954055715L;
+
+    public EncryptionException(String message) {
+        super(message);
+    }
+    
+    public EncryptionException(Throwable t) {
+        super(t);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java
new file mode 100644
index 0000000..1371b99
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java
@@ -0,0 +1,392 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.utils.crypto;
+
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.CompressionUtils;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+
+
+/**
+ * Encryption helpers
+ */
+public final class EncryptionUtils {
+    private EncryptionUtils() {
+    }
+    
+    public static String encodeSecretKey(SecretKey key) throws EncryptionException {
+        return encodeBytes(key.getEncoded());
+    }
+    
+    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
+        throws EncryptionException {
+        KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
+        return encryptSecretKey(secretKey, publicKey, props);
+    }
+    
+    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
+        KeyProperties props) throws EncryptionException {
+        byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(), 
+                                             publicKey,
+                                             props);
+        return encodeBytes(encryptedBytes);
+    }
+    
+    public static RSAPublicKey getRsaPublicKey(String encodedModulus,
+                                               String encodedPublicExponent) {
+        try {
+            return getRSAPublicKey(Base64UrlUtility.decode(encodedModulus),
+                                   Base64UrlUtility.decode(encodedPublicExponent));
+        } catch (Exception ex) { 
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
+                                               byte[] publicExponentBytes) {
+        try {
+            return getRSAPublicKey(KeyFactory.getInstance("RSA"), 
+                                   modulusBytes,
+                                   publicExponentBytes);
+        } catch (Exception ex) { 
+            throw new EncryptionException(ex);
+        }         
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
+                                               byte[] modulusBytes,
+                                               byte[] publicExponentBytes) {
+        BigInteger modulus =  new BigInteger(1, modulusBytes);
+        BigInteger publicExponent =  new BigInteger(1, publicExponentBytes);
+        try {
+            return (RSAPublicKey)factory.generatePublic(
+                new RSAPublicKeySpec(modulus, publicExponent));
+        } catch (Exception ex) { 
+            throw new EncryptionException(ex);
+        }    
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+                                                 String encodedPrivateExponent) {
+        try {
+            return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus),
+                                    Base64UrlUtility.decode(encodedPrivateExponent));
+        } catch (Exception ex) { 
+            throw new EncryptionException(ex);
+        }
+    }
+     
+    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+                                                 byte[] privateExponentBytes) {
+        try {
+            return getRSAPrivateKey(KeyFactory.getInstance("RSA"), 
+                                   modulusBytes,
+                                   privateExponentBytes);
+        } catch (Exception ex) { 
+            throw new EncryptionException(ex);
+        }    
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(KeyFactory factory,
+                                         byte[] modulusBytes,
+                                         byte[] privateExponentBytes) {
+        BigInteger modulus =  new BigInteger(1, modulusBytes);
+        BigInteger privateExponent =  new BigInteger(1, privateExponentBytes);
+        try {
+            return (RSAPrivateKey)factory.generatePrivate(
+                new RSAPrivateKeySpec(modulus, privateExponent));
+        } catch (Exception ex) { 
+            throw new EncryptionException(ex);
+        }    
+    }
+    
+    public static SecretKey getSecretKey(String symEncAlgo) throws EncryptionException {
+        return getSecretKey(new KeyProperties(symEncAlgo));
+    }
+    
+    public static SecretKey getSecretKey(KeyProperties props) throws EncryptionException {
+        try {
+            KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
+            AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
+            SecureRandom random = props.getSecureRandom();
+            if (algoSpec != null) {
+                if (random != null) {
+                    keyGen.init(algoSpec, random);
+                } else {
+                    keyGen.init(algoSpec);
+                }
+            } else {
+                int keySize = props.getKeySize();
+                if (keySize == -1) {
+                    keySize = 128;
+                }
+                if (random != null) {
+                    keyGen.init(keySize, random);
+                } else {
+                    keyGen.init(keySize);
+                }
+            }
+            
+            return keyGen.generateKey();
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    public static String decryptSequence(String encodedToken, String encodedSecretKey)
+        throws EncryptionException {
+        return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
+    }
+    
+    public static String decryptSequence(String encodedData, String encodedSecretKey, 
+        KeyProperties props) throws EncryptionException {
+        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptSequence(encodedData, key, props);
+    }
+    
+    public static String decryptSequence(String encodedData, Key secretKey) throws EncryptionException {
+        return decryptSequence(encodedData, secretKey, null);
+    }
+    
+    public static String decryptSequence(String encodedData, Key secretKey,
+        KeyProperties props) throws EncryptionException {
+        byte[] encryptedBytes = decodeSequence(encodedData);
+        byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
+        try {
+            return new String(bytes, "UTF-8");
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    public static String encryptSequence(String sequence, Key secretKey) throws EncryptionException {
+        return encryptSequence(sequence, secretKey, null);
+    }
+    
+    public static String encryptSequence(String sequence, Key secretKey,
+        KeyProperties keyProps) throws EncryptionException {
+        try {
+            byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
+            return encodeBytes(bytes);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    public static String encodeBytes(byte[] bytes) throws EncryptionException {
+        try {
+            return Base64UrlUtility.encode(bytes);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws EncryptionException {
+        return encryptBytes(bytes, secretKey, null);
+    }
+    
+    public static byte[] encryptBytes(byte[] bytes, Key secretKey,
+        KeyProperties keyProps) throws EncryptionException {
+        return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
+    }
+    
+    public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws EncryptionException {
+        return decryptBytes(bytes, secretKey, null);
+    }
+    
+    public static byte[] decryptBytes(byte[] bytes, Key secretKey, 
+        KeyProperties keyProps) throws EncryptionException {
+        return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
+    }
+    
+    public static byte[] wrapSecretKey(byte[] keyBytes, 
+                                       String keyAlgo,
+                                       Key wrapperKey,
+                                       String wrapperKeyAlgo)  throws EncryptionException {
+        return wrapSecretKey(new SecretKeySpec(keyBytes, keyAlgo), wrapperKey, 
+                             new KeyProperties(wrapperKeyAlgo));
+    }
+    
+    public static byte[] wrapSecretKey(SecretKey secretKey,
+                                       Key wrapperKey,
+                                       KeyProperties keyProps)  throws EncryptionException {
+        try {
+            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
+            return c.wrap(secretKey);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }    
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            String unwrapperKeyAlgo)  throws EncryptionException {
+        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
+                               new KeyProperties(unwrapperKeyAlgo));
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            KeyProperties keyProps)  throws EncryptionException {
+        try {
+            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
+            return (SecretKey)c.unwrap(wrappedBytes, wrappedKeyAlgo, Cipher.SECRET_KEY);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }    
+    }
+    
+    private static byte[] processBytes(byte[] bytes, 
+                                      Key secretKey, 
+                                      KeyProperties keyProps, 
+                                      int mode)  throws EncryptionException {
+        boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
+        if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
+            bytes = CompressionUtils.deflate(bytes, false);
+        }
+        try {
+            Cipher c = initCipher(secretKey, keyProps, mode);
+            byte[] result = new byte[0];
+            int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
+            if (secretKey instanceof SecretKey && blockSize == -1) {
+                result = c.doFinal(bytes);
+            } else {
+                if (blockSize == -1) {
+                    blockSize = secretKey instanceof PublicKey ? 117 : 128;
+                }
+                int offset = 0;
+                for (; offset + blockSize < bytes.length; offset += blockSize) {
+                    result = addToResult(result, c.doFinal(bytes, offset, blockSize));
+                }
+                if (offset < bytes.length) {
+                    result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
+                }
+            }
+            if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
+                result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
+            }
+            return result;
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode)  throws EncryptionException {
+        try {
+            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null 
+                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
+            Cipher c = Cipher.getInstance(algorithm);
+            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
+                c.init(mode, secretKey);
+            } else {
+                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
+                SecureRandom random = keyProps.getSecureRandom();
+                if (algoSpec == null) {
+                    c.init(mode, secretKey, random);
+                } else if (random == null) {
+                    c.init(mode, secretKey, algoSpec);
+                } else {
+                    c.init(mode, secretKey, algoSpec, random);
+                }
+            }
+            if (keyProps != null && keyProps.getAdditionalData() != null) {
+                // TODO: call updateAAD directly after switching to Java7
+                Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
+                m.invoke(c, new Object[]{keyProps.getAdditionalData()});
+            }
+            return c;
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+    private static byte[] addToResult(byte[] prefix, byte[] suffix) {
+        byte[] result = new byte[prefix.length + suffix.length];
+        System.arraycopy(prefix, 0, result, 0, prefix.length);
+        System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
+        return result;
+    }
+    
+    public static SecretKey decodeSecretKey(String encodedSecretKey) throws EncryptionException {
+        return decodeSecretKey(encodedSecretKey, "AES");
+    }
+    
+    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) 
+        throws EncryptionException {
+        byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
+        return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
+    }
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             PrivateKey privateKey) {
+        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
+    }
+    
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             PrivateKey privateKey)
+        throws EncryptionException {
+        KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
+        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
+    }
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             KeyProperties props,
+                                             PrivateKey privateKey) throws EncryptionException {
+        byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
+        byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
+        return createSecretKeySpec(descryptedBytes, secretKeyAlgo);
+    }
+    
+    public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
+        return new SecretKeySpec(bytes, algo);
+    }
+    
+    public static byte[] decodeSequence(String encodedSequence) throws EncryptionException {
+        try {
+            return Base64UrlUtility.decode(encodedSequence);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/0e463319/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java
new file mode 100644
index 0000000..2395a6e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.utils.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+
+public final class HmacUtils {
+    
+    private HmacUtils() {
+        
+    }
+    
+    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
+        return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
+    }
+    
+    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
+        byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
+        return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
+    }
+    
+    public static Mac getMac(String macAlgoJavaName) {
+        return getMac(macAlgoJavaName, (String)null);
+    }
+    
+    public static Mac getMac(String macAlgoJavaName, String provider) {
+        try {
+            return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
+        } catch (NoSuchAlgorithmException e) {
+            throw new OAuthServiceException(e);
+        } catch (NoSuchProviderException e) {
+            throw new OAuthServiceException(e);
+        }
+    }
+    
+    public static Mac getMac(String macAlgoJavaName, Provider provider) {
+        try {
+            return Mac.getInstance(macAlgoJavaName, provider);
+        } catch (NoSuchAlgorithmException e) {
+            throw new OAuthServiceException(e);
+        }
+    }
+    
+    public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
+        Mac mac = getMac(macAlgoJavaName);
+        return computeHmac(key, mac, data);
+    }
+    
+    public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
+        Mac mac = getMac(macAlgoJavaName);
+        return computeHmac(key, mac, data);
+    }
+    
+    public static byte[] computeHmac(String key, Mac hmac, String data) {
+        try {
+            return computeHmac(key.getBytes("UTF-8"), hmac, data);
+        } catch (UnsupportedEncodingException e) {
+            throw new OAuthServiceException(e);
+        }
+    }
+    
+    public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
+        SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
+        return computeHmac(secretKey, hmac, data);
+    }
+    
+    public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
+        return computeHmac(secretKey, hmac, null, data);
+    }
+    
+    public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
+        try {
+            if (spec == null) {
+                hmac.init(secretKey);
+            } else {
+                hmac.init(secretKey, spec);
+            }
+            return hmac.doFinal(data.getBytes());
+        } catch (InvalidKeyException e) {
+            throw new OAuthServiceException(e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new OAuthServiceException(e);
+        }
+    }
+    
+    public static String generateKey(String algo) {
+        try {
+            KeyGenerator keyGen = KeyGenerator.getInstance(algo);
+            return Base64Utility.encode(keyGen.generateKey().getEncoded());
+        } catch (NoSuchAlgorithmException e) {
+            throw new OAuthServiceException(e);
+        }
+    }
+    
+       
+       
+}


Mime
View raw message