cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Renaming EncryptionUtils to CryptoUtils and adding few sign helper methods
Date Thu, 08 May 2014 13:17:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 0e4633198 -> f8c17ef0a


Renaming EncryptionUtils to CryptoUtils and adding few sign helper methods


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f8c17ef0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f8c17ef0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f8c17ef0

Branch: refs/heads/master
Commit: f8c17ef0a99195ea18c54c8718fa3f1d5e7cb41c
Parents: 0e46331
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu May 8 14:17:03 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu May 8 14:17:03 2014 +0100

----------------------------------------------------------------------
 .../oauth2/utils/crypto/CryptoUtils.java        | 435 +++++++++++++++++++
 .../utils/crypto/EncryptionException.java       |  31 --
 .../oauth2/utils/crypto/EncryptionUtils.java    | 392 -----------------
 .../utils/crypto/ModelEncryptionSupport.java    |  80 ++--
 .../oauth2/utils/crypto/CryptoUtilsTest.java    | 273 ++++++++++++
 .../utils/crypto/EncryptingDataProvider.java    |   2 +-
 .../utils/crypto/EncryptionUtilsTest.java       | 273 ------------
 7 files changed, 749 insertions(+), 737 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
new file mode 100644
index 0000000..877bf2b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -0,0 +1,435 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.utils.crypto;
+
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.CompressionUtils;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+
+
+/**
+ * Encryption helpers
+ */
+public final class CryptoUtils {
+    private CryptoUtils() {
+    }
+    
+    public static String encodeSecretKey(SecretKey key) throws SecurityException {
+        return encodeBytes(key.getEncoded());
+    }
+    
+    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
+        throws SecurityException {
+        KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
+        return encryptSecretKey(secretKey, publicKey, props);
+    }
+    
+    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
+        KeyProperties props) throws SecurityException {
+        byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(), 
+                                             publicKey,
+                                             props);
+        return encodeBytes(encryptedBytes);
+    }
+    
+    public static RSAPublicKey getRsaPublicKey(String encodedModulus,
+                                               String encodedPublicExponent) {
+        try {
+            return getRSAPublicKey(Base64UrlUtility.decode(encodedModulus),
+                                   Base64UrlUtility.decode(encodedPublicExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
+                                               byte[] publicExponentBytes) {
+        try {
+            return getRSAPublicKey(KeyFactory.getInstance("RSA"), 
+                                   modulusBytes,
+                                   publicExponentBytes);
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }         
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
+                                               byte[] modulusBytes,
+                                               byte[] publicExponentBytes) {
+        BigInteger modulus =  new BigInteger(1, modulusBytes);
+        BigInteger publicExponent =  new BigInteger(1, publicExponentBytes);
+        try {
+            return (RSAPublicKey)factory.generatePublic(
+                new RSAPublicKeySpec(modulus, publicExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+                                                 String encodedPrivateExponent) {
+        try {
+            return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus),
+                                    Base64UrlUtility.decode(encodedPrivateExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+     
+    public byte[] signData(byte[] data, PrivateKey key, String signAlgo) {
+        return signData(data, key, signAlgo, null, null);
+    }
+    
+    public byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random,
+                           AlgorithmParameterSpec params) {
+        try {
+            Signature s = Signature.getInstance(signAlgo);
+            if (random == null) {
+                s.initSign(key);
+            } else {
+                s.initSign(key, random);
+            }
+            if (params != null) {
+                s.setParameter(params);
+            }
+            s.update(data);
+            return s.sign();
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public void verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) {
+        verifySignature(data, signature, key, signAlgo, null);
+    }
+    
+    public void verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo, 
+                                AlgorithmParameterSpec params) {
+        try {
+            Signature s = Signature.getInstance(signAlgo);
+            s.initVerify(key);
+            if (params != null) {
+                s.setParameter(params);
+            }
+            s.update(data);
+            s.verify(signature);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+                                                 byte[] privateExponentBytes) {
+        try {
+            return getRSAPrivateKey(KeyFactory.getInstance("RSA"), 
+                                   modulusBytes,
+                                   privateExponentBytes);
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(KeyFactory factory,
+                                         byte[] modulusBytes,
+                                         byte[] privateExponentBytes) {
+        BigInteger modulus =  new BigInteger(1, modulusBytes);
+        BigInteger privateExponent =  new BigInteger(1, privateExponentBytes);
+        try {
+            return (RSAPrivateKey)factory.generatePrivate(
+                new RSAPrivateKeySpec(modulus, privateExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException {
+        return getSecretKey(new KeyProperties(symEncAlgo));
+    }
+    
+    public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
+        try {
+            KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
+            AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
+            SecureRandom random = props.getSecureRandom();
+            if (algoSpec != null) {
+                if (random != null) {
+                    keyGen.init(algoSpec, random);
+                } else {
+                    keyGen.init(algoSpec);
+                }
+            } else {
+                int keySize = props.getKeySize();
+                if (keySize == -1) {
+                    keySize = 128;
+                }
+                if (random != null) {
+                    keyGen.init(keySize, random);
+                } else {
+                    keyGen.init(keySize);
+                }
+            }
+            
+            return keyGen.generateKey();
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static String decryptSequence(String encodedToken, String encodedSecretKey)
+        throws SecurityException {
+        return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
+    }
+    
+    public static String decryptSequence(String encodedData, String encodedSecretKey, 
+        KeyProperties props) throws SecurityException {
+        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptSequence(encodedData, key, props);
+    }
+    
+    public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException {
+        return decryptSequence(encodedData, secretKey, null);
+    }
+    
+    public static String decryptSequence(String encodedData, Key secretKey,
+        KeyProperties props) throws SecurityException {
+        byte[] encryptedBytes = decodeSequence(encodedData);
+        byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
+        try {
+            return new String(bytes, "UTF-8");
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static String encryptSequence(String sequence, Key secretKey) throws SecurityException {
+        return encryptSequence(sequence, secretKey, null);
+    }
+    
+    public static String encryptSequence(String sequence, Key secretKey,
+        KeyProperties keyProps) throws SecurityException {
+        try {
+            byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
+            return encodeBytes(bytes);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static String encodeBytes(byte[] bytes) throws SecurityException {
+        try {
+            return Base64UrlUtility.encode(bytes);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+        return encryptBytes(bytes, secretKey, null);
+    }
+    
+    public static byte[] encryptBytes(byte[] bytes, Key secretKey,
+        KeyProperties keyProps) throws SecurityException {
+        return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
+    }
+    
+    public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+        return decryptBytes(bytes, secretKey, null);
+    }
+    
+    public static byte[] decryptBytes(byte[] bytes, Key secretKey, 
+        KeyProperties keyProps) throws SecurityException {
+        return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
+    }
+    
+    public static byte[] wrapSecretKey(byte[] keyBytes, 
+                                       String keyAlgo,
+                                       Key wrapperKey,
+                                       String wrapperKeyAlgo)  throws SecurityException {
+        return wrapSecretKey(new SecretKeySpec(keyBytes, keyAlgo), wrapperKey, 
+                             new KeyProperties(wrapperKeyAlgo));
+    }
+    
+    public static byte[] wrapSecretKey(SecretKey secretKey,
+                                       Key wrapperKey,
+                                       KeyProperties keyProps)  throws SecurityException {
+        try {
+            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
+            return c.wrap(secretKey);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            String unwrapperKeyAlgo)  throws SecurityException {
+        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
+                               new KeyProperties(unwrapperKeyAlgo));
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            KeyProperties keyProps)  throws SecurityException {
+        try {
+            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
+            return (SecretKey)c.unwrap(wrappedBytes, wrappedKeyAlgo, Cipher.SECRET_KEY);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    private static byte[] processBytes(byte[] bytes, 
+                                      Key secretKey, 
+                                      KeyProperties keyProps, 
+                                      int mode)  throws SecurityException {
+        boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
+        if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
+            bytes = CompressionUtils.deflate(bytes, false);
+        }
+        try {
+            Cipher c = initCipher(secretKey, keyProps, mode);
+            byte[] result = new byte[0];
+            int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
+            if (secretKey instanceof SecretKey && blockSize == -1) {
+                result = c.doFinal(bytes);
+            } else {
+                if (blockSize == -1) {
+                    blockSize = secretKey instanceof PublicKey ? 117 : 128;
+                }
+                int offset = 0;
+                for (; offset + blockSize < bytes.length; offset += blockSize) {
+                    result = addToResult(result, c.doFinal(bytes, offset, blockSize));
+                }
+                if (offset < bytes.length) {
+                    result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
+                }
+            }
+            if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
+                result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
+            }
+            return result;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode)  throws SecurityException {
+        try {
+            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null 
+                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
+            Cipher c = Cipher.getInstance(algorithm);
+            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
+                c.init(mode, secretKey);
+            } else {
+                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
+                SecureRandom random = keyProps.getSecureRandom();
+                if (algoSpec == null) {
+                    c.init(mode, secretKey, random);
+                } else if (random == null) {
+                    c.init(mode, secretKey, algoSpec);
+                } else {
+                    c.init(mode, secretKey, algoSpec, random);
+                }
+            }
+            if (keyProps != null && keyProps.getAdditionalData() != null) {
+                // TODO: call updateAAD directly after switching to Java7
+                Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
+                m.invoke(c, new Object[]{keyProps.getAdditionalData()});
+            }
+            return c;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    private static byte[] addToResult(byte[] prefix, byte[] suffix) {
+        byte[] result = new byte[prefix.length + suffix.length];
+        System.arraycopy(prefix, 0, result, 0, prefix.length);
+        System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
+        return result;
+    }
+    
+    public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException {
+        return decodeSecretKey(encodedSecretKey, "AES");
+    }
+    
+    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) 
+        throws SecurityException {
+        byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
+        return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
+    }
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             PrivateKey privateKey) {
+        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
+    }
+    
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             PrivateKey privateKey)
+        throws SecurityException {
+        KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
+        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
+    }
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             KeyProperties props,
+                                             PrivateKey privateKey) throws SecurityException {
+        byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
+        byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
+        return createSecretKeySpec(descryptedBytes, secretKeyAlgo);
+    }
+    
+    public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
+        return new SecretKeySpec(bytes, algo);
+    }
+    
+    public static byte[] decodeSequence(String encodedSequence) throws SecurityException {
+        try {
+            return Base64UrlUtility.decode(encodedSequence);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java
deleted file mode 100644
index d6b80ec..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionException.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.utils.crypto;
-
-public class EncryptionException extends RuntimeException {
-    private static final long serialVersionUID = -8231433265954055715L;
-
-    public EncryptionException(String message) {
-        super(message);
-    }
-    
-    public EncryptionException(Throwable t) {
-        super(t);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java
deleted file mode 100644
index 1371b99..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtils.java
+++ /dev/null
@@ -1,392 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth2.utils.crypto;
-
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.RSAPrivateKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.util.CompressionUtils;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-
-/**
- * Encryption helpers
- */
-public final class EncryptionUtils {
-    private EncryptionUtils() {
-    }
-    
-    public static String encodeSecretKey(SecretKey key) throws EncryptionException {
-        return encodeBytes(key.getEncoded());
-    }
-    
-    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
-        throws EncryptionException {
-        KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
-        return encryptSecretKey(secretKey, publicKey, props);
-    }
-    
-    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
-        KeyProperties props) throws EncryptionException {
-        byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(), 
-                                             publicKey,
-                                             props);
-        return encodeBytes(encryptedBytes);
-    }
-    
-    public static RSAPublicKey getRsaPublicKey(String encodedModulus,
-                                               String encodedPublicExponent) {
-        try {
-            return getRSAPublicKey(Base64UrlUtility.decode(encodedModulus),
-                                   Base64UrlUtility.decode(encodedPublicExponent));
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
-                                               byte[] publicExponentBytes) {
-        try {
-            return getRSAPublicKey(KeyFactory.getInstance("RSA"), 
-                                   modulusBytes,
-                                   publicExponentBytes);
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }         
-    }
-    
-    public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
-                                               byte[] modulusBytes,
-                                               byte[] publicExponentBytes) {
-        BigInteger modulus =  new BigInteger(1, modulusBytes);
-        BigInteger publicExponent =  new BigInteger(1, publicExponentBytes);
-        try {
-            return (RSAPublicKey)factory.generatePublic(
-                new RSAPublicKeySpec(modulus, publicExponent));
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
-                                                 String encodedPrivateExponent) {
-        try {
-            return getRSAPrivateKey(Base64UrlUtility.decode(encodedModulus),
-                                    Base64UrlUtility.decode(encodedPrivateExponent));
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }
-    }
-     
-    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
-                                                 byte[] privateExponentBytes) {
-        try {
-            return getRSAPrivateKey(KeyFactory.getInstance("RSA"), 
-                                   modulusBytes,
-                                   privateExponentBytes);
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static RSAPrivateKey getRSAPrivateKey(KeyFactory factory,
-                                         byte[] modulusBytes,
-                                         byte[] privateExponentBytes) {
-        BigInteger modulus =  new BigInteger(1, modulusBytes);
-        BigInteger privateExponent =  new BigInteger(1, privateExponentBytes);
-        try {
-            return (RSAPrivateKey)factory.generatePrivate(
-                new RSAPrivateKeySpec(modulus, privateExponent));
-        } catch (Exception ex) { 
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static SecretKey getSecretKey(String symEncAlgo) throws EncryptionException {
-        return getSecretKey(new KeyProperties(symEncAlgo));
-    }
-    
-    public static SecretKey getSecretKey(KeyProperties props) throws EncryptionException {
-        try {
-            KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
-            AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
-            SecureRandom random = props.getSecureRandom();
-            if (algoSpec != null) {
-                if (random != null) {
-                    keyGen.init(algoSpec, random);
-                } else {
-                    keyGen.init(algoSpec);
-                }
-            } else {
-                int keySize = props.getKeySize();
-                if (keySize == -1) {
-                    keySize = 128;
-                }
-                if (random != null) {
-                    keyGen.init(keySize, random);
-                } else {
-                    keyGen.init(keySize);
-                }
-            }
-            
-            return keyGen.generateKey();
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static String decryptSequence(String encodedToken, String encodedSecretKey)
-        throws EncryptionException {
-        return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
-    }
-    
-    public static String decryptSequence(String encodedData, String encodedSecretKey, 
-        KeyProperties props) throws EncryptionException {
-        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptSequence(encodedData, key, props);
-    }
-    
-    public static String decryptSequence(String encodedData, Key secretKey) throws EncryptionException {
-        return decryptSequence(encodedData, secretKey, null);
-    }
-    
-    public static String decryptSequence(String encodedData, Key secretKey,
-        KeyProperties props) throws EncryptionException {
-        byte[] encryptedBytes = decodeSequence(encodedData);
-        byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
-        try {
-            return new String(bytes, "UTF-8");
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static String encryptSequence(String sequence, Key secretKey) throws EncryptionException {
-        return encryptSequence(sequence, secretKey, null);
-    }
-    
-    public static String encryptSequence(String sequence, Key secretKey,
-        KeyProperties keyProps) throws EncryptionException {
-        try {
-            byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
-            return encodeBytes(bytes);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static String encodeBytes(byte[] bytes) throws EncryptionException {
-        try {
-            return Base64UrlUtility.encode(bytes);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws EncryptionException {
-        return encryptBytes(bytes, secretKey, null);
-    }
-    
-    public static byte[] encryptBytes(byte[] bytes, Key secretKey,
-        KeyProperties keyProps) throws EncryptionException {
-        return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
-    }
-    
-    public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws EncryptionException {
-        return decryptBytes(bytes, secretKey, null);
-    }
-    
-    public static byte[] decryptBytes(byte[] bytes, Key secretKey, 
-        KeyProperties keyProps) throws EncryptionException {
-        return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
-    }
-    
-    public static byte[] wrapSecretKey(byte[] keyBytes, 
-                                       String keyAlgo,
-                                       Key wrapperKey,
-                                       String wrapperKeyAlgo)  throws EncryptionException {
-        return wrapSecretKey(new SecretKeySpec(keyBytes, keyAlgo), wrapperKey, 
-                             new KeyProperties(wrapperKeyAlgo));
-    }
-    
-    public static byte[] wrapSecretKey(SecretKey secretKey,
-                                       Key wrapperKey,
-                                       KeyProperties keyProps)  throws EncryptionException {
-        try {
-            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
-            return c.wrap(secretKey);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            String unwrapperKeyAlgo)  throws EncryptionException {
-        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
-                               new KeyProperties(unwrapperKeyAlgo));
-    }
-    
-    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            KeyProperties keyProps)  throws EncryptionException {
-        try {
-            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
-            return (SecretKey)c.unwrap(wrappedBytes, wrappedKeyAlgo, Cipher.SECRET_KEY);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }    
-    }
-    
-    private static byte[] processBytes(byte[] bytes, 
-                                      Key secretKey, 
-                                      KeyProperties keyProps, 
-                                      int mode)  throws EncryptionException {
-        boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
-        if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
-            bytes = CompressionUtils.deflate(bytes, false);
-        }
-        try {
-            Cipher c = initCipher(secretKey, keyProps, mode);
-            byte[] result = new byte[0];
-            int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
-            if (secretKey instanceof SecretKey && blockSize == -1) {
-                result = c.doFinal(bytes);
-            } else {
-                if (blockSize == -1) {
-                    blockSize = secretKey instanceof PublicKey ? 117 : 128;
-                }
-                int offset = 0;
-                for (; offset + blockSize < bytes.length; offset += blockSize) {
-                    result = addToResult(result, c.doFinal(bytes, offset, blockSize));
-                }
-                if (offset < bytes.length) {
-                    result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
-                }
-            }
-            if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
-                result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
-            }
-            return result;
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode)  throws EncryptionException {
-        try {
-            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null 
-                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
-            Cipher c = Cipher.getInstance(algorithm);
-            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
-                c.init(mode, secretKey);
-            } else {
-                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
-                SecureRandom random = keyProps.getSecureRandom();
-                if (algoSpec == null) {
-                    c.init(mode, secretKey, random);
-                } else if (random == null) {
-                    c.init(mode, secretKey, algoSpec);
-                } else {
-                    c.init(mode, secretKey, algoSpec, random);
-                }
-            }
-            if (keyProps != null && keyProps.getAdditionalData() != null) {
-                // TODO: call updateAAD directly after switching to Java7
-                Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
-                m.invoke(c, new Object[]{keyProps.getAdditionalData()});
-            }
-            return c;
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-    private static byte[] addToResult(byte[] prefix, byte[] suffix) {
-        byte[] result = new byte[prefix.length + suffix.length];
-        System.arraycopy(prefix, 0, result, 0, prefix.length);
-        System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
-        return result;
-    }
-    
-    public static SecretKey decodeSecretKey(String encodedSecretKey) throws EncryptionException {
-        return decodeSecretKey(encodedSecretKey, "AES");
-    }
-    
-    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) 
-        throws EncryptionException {
-        byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
-        return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
-    }
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             PrivateKey privateKey) {
-        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
-    }
-    
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             String secretKeyAlgo,
-                                             PrivateKey privateKey)
-        throws EncryptionException {
-        KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
-        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
-    }
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             String secretKeyAlgo,
-                                             KeyProperties props,
-                                             PrivateKey privateKey) throws EncryptionException {
-        byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
-        byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
-        return createSecretKeySpec(descryptedBytes, secretKeyAlgo);
-    }
-    
-    public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
-        return new SecretKeySpec(bytes, algo);
-    }
-    
-    public static byte[] decodeSequence(String encodedSequence) throws EncryptionException {
-        try {
-            return Base64UrlUtility.decode(encodedSequence);
-        } catch (Exception ex) {
-            throw new EncryptionException(ex);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index c19de17..ba761e4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -46,163 +46,163 @@ public final class ModelEncryptionSupport {
     private ModelEncryptionSupport() {
     }
     
-    public static String encryptClient(Client client, Key secretKey) throws EncryptionException {
+    public static String encryptClient(Client client, Key secretKey) throws SecurityException {
         return encryptClient(client, secretKey, null);
     }
      
     public static String encryptClient(Client client, Key secretKey,
-                                       KeyProperties props) throws EncryptionException {
+                                       KeyProperties props) throws SecurityException {
         String tokenSequence = tokenizeClient(client);
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+        return CryptoUtils.encryptSequence(tokenSequence, secretKey, props);
     }
     
-    public static String encryptAccessToken(ServerAccessToken token, Key secretKey) throws EncryptionException {
+    public static String encryptAccessToken(ServerAccessToken token, Key secretKey) throws SecurityException {
         return encryptAccessToken(token, secretKey, null);
     }
     
     public static String encryptAccessToken(ServerAccessToken token, Key secretKey,
-                                            KeyProperties props) throws EncryptionException {
+                                            KeyProperties props) throws SecurityException {
         String tokenSequence = tokenizeServerToken(token);
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+        return CryptoUtils.encryptSequence(tokenSequence, secretKey, props);
     }
     
-    public static String encryptRefreshToken(RefreshToken token, Key secretKey) throws EncryptionException {
+    public static String encryptRefreshToken(RefreshToken token, Key secretKey) throws SecurityException {
         return encryptRefreshToken(token, secretKey, null);
     }
     
     public static String encryptRefreshToken(RefreshToken token, Key secretKey,
-                                             KeyProperties props) throws EncryptionException {
+                                             KeyProperties props) throws SecurityException {
         String tokenSequence = tokenizeRefreshToken(token);
         
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+        return CryptoUtils.encryptSequence(tokenSequence, secretKey, props);
     }
     
     public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey) 
-        throws EncryptionException {
+        throws SecurityException {
         return encryptCodeGrant(grant, secretKey, null);
     }
     
     public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey,
-                                          KeyProperties props) throws EncryptionException {
+                                          KeyProperties props) throws SecurityException {
         String tokenSequence = tokenizeCodeGrant(grant);
         
-        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+        return CryptoUtils.encryptSequence(tokenSequence, secretKey, props);
     }
     
     public static Client decryptClient(String encodedSequence, String encodedSecretKey) 
-        throws EncryptionException {
+        throws SecurityException {
         return decryptClient(encodedSequence, encodedSecretKey, new KeyProperties("AES"));
     }
     
     public static Client decryptClient(String encodedSequence, String encodedSecretKey,
-                                       KeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+                                       KeyProperties props) throws SecurityException {
+        SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
         return decryptClient(encodedSequence, key, props);
     }
     
-    public static Client decryptClient(String encodedSequence, Key secretKey) throws EncryptionException {
+    public static Client decryptClient(String encodedSequence, Key secretKey) throws SecurityException {
         return decryptClient(encodedSequence, secretKey, null);
     }
     
     public static Client decryptClient(String encodedData, Key secretKey, 
-                                       KeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
+                                       KeyProperties props) throws SecurityException {
+        String decryptedSequence = CryptoUtils.decryptSequence(encodedData, secretKey, props);
         return recreateClient(decryptedSequence);
     }
     
     public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                                  String encodedToken, 
-                                                 String encodedSecretKey) throws EncryptionException {
+                                                 String encodedSecretKey) throws SecurityException {
         return decryptAccessToken(provider, encodedToken, encodedSecretKey, new KeyProperties("AES"));
     }
     
     public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                                  String encodedToken, 
                                                  String encodedSecretKey,
-                                                 KeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+                                                 KeyProperties props) throws SecurityException {
+        SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
         return decryptAccessToken(provider, encodedToken, key, props);
     }
     
     public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                                  String encodedToken, 
-                                                 Key secretKey) throws EncryptionException {
+                                                 Key secretKey) throws SecurityException {
         return decryptAccessToken(provider, encodedToken, secretKey, null);
     }
     
     public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                                  String encodedData, 
                                                  Key secretKey, 
-                                                 KeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
+                                                 KeyProperties props) throws SecurityException {
+        String decryptedSequence = CryptoUtils.decryptSequence(encodedData, secretKey, props);
         return recreateAccessToken(provider, encodedData, decryptedSequence);
     }
     
     public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
                                                    String encodedToken, 
-                                                   String encodedSecretKey) throws EncryptionException {
+                                                   String encodedSecretKey) throws SecurityException {
         return decryptRefreshToken(provider, encodedToken, encodedSecretKey, new KeyProperties("AES"));
     }
     
     public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
                                                   String encodedToken, 
                                                   String encodedSecretKey,
-                                                  KeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+                                                  KeyProperties props) throws SecurityException {
+        SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
         return decryptRefreshToken(provider, encodedToken, key, props);
     }
     
     public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
                                                    String encodedToken, 
-                                                   Key key) throws EncryptionException {
+                                                   Key key) throws SecurityException {
         return decryptRefreshToken(provider, encodedToken, key, null);
     }
     
     public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
                                                    String encodedData, 
                                                    Key key, 
-                                                   KeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key, props);
+                                                   KeyProperties props) throws SecurityException {
+        String decryptedSequence = CryptoUtils.decryptSequence(encodedData, key, props);
         return recreateRefreshToken(provider, encodedData, decryptedSequence);
     }
     
     public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
                                                    String encodedToken, 
-                                                   String encodedSecretKey) throws EncryptionException {
+                                                   String encodedSecretKey) throws SecurityException {
         return decryptCodeGrant(provider, encodedToken, encodedSecretKey, new KeyProperties("AES"));
     }
     
     public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
                                                   String encodedToken, 
                                                   String encodedSecretKey,
-                                                  KeyProperties props) throws EncryptionException {
-        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+                                                  KeyProperties props) throws SecurityException {
+        SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
         return decryptCodeGrant(provider, encodedToken, key, props);
     }
     
     public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
                                                    String encodedToken, 
-                                                   Key key) throws EncryptionException {
+                                                   Key key) throws SecurityException {
         return decryptCodeGrant(provider, encodedToken, key, null);
     }
     
     public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
                                                    String encodedData, 
                                                    Key key, 
-                                                   KeyProperties props) throws EncryptionException {
-        String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key, props);
+                                                   KeyProperties props) throws SecurityException {
+        String decryptedSequence = CryptoUtils.decryptSequence(encodedData, key, props);
         return recreateCodeGrant(provider, decryptedSequence);
     }
     
     public static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
                                                   String newTokenKey,
-                                                  String decryptedSequence) throws EncryptionException {
+                                                  String decryptedSequence) throws SecurityException {
         return recreateAccessToken(provider, newTokenKey, getParts(decryptedSequence));
     }
     
     public static RefreshToken recreateRefreshToken(OAuthDataProvider provider,
                                                     String newTokenKey,
-                                                    String decryptedSequence) throws EncryptionException {
+                                                    String decryptedSequence) throws SecurityException {
         String[] parts = getParts(decryptedSequence);
         ServerAccessToken token = recreateAccessToken(provider, newTokenKey, parts);
         return new RefreshToken(token, 
@@ -211,11 +211,11 @@ public final class ModelEncryptionSupport {
     }
     
     public static ServerAuthorizationCodeGrant recreateCodeGrant(OAuthDataProvider provider,
-        String decryptedSequence) throws EncryptionException {
+        String decryptedSequence) throws SecurityException {
         return recreateCodeGrantInternal(provider, decryptedSequence);
     }
     
-    public static Client recreateClient(String sequence) throws EncryptionException {
+    public static Client recreateClient(String sequence) throws SecurityException {
         return recreateClientInternal(sequence);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
new file mode 100644
index 0000000..159a524
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
@@ -0,0 +1,273 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.utils.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.lang.annotation.Annotation;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.Collections;
+import java.util.List;
+
+import javax.crypto.SecretKey;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.provider.json.JSONProvider;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class CryptoUtilsTest extends Assert {
+    
+    private CodeGrantEncryptingDataProvider p;
+    
+    @Before
+    public void setUp() throws Exception {
+        p = new CodeGrantEncryptingDataProvider();
+    }
+    
+    @After
+    public void tearDown() {
+        p = null;
+    }
+    
+    @Test
+    public void testEncryptDecryptToken() throws Exception {
+        AccessTokenRegistration atr = prepareTokenRegistration();
+        
+        // encrypt
+        ServerAccessToken token = p.createAccessToken(atr);
+        ServerAccessToken token2 = p.getAccessToken(token.getTokenKey());
+        
+        // compare tokens
+        compareAccessTokens(token, token2);
+    }
+    
+    @Test
+    public void testEncryptDecryptCodeGrant() throws Exception {
+        AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); 
+        codeReg.setAudience("http://bar");
+        codeReg.setClient(p.getClient("1"));
+        ServerAuthorizationCodeGrant grant = p.createCodeGrant(codeReg);
+        ServerAuthorizationCodeGrant grant2 = p.removeCodeGrant(grant.getCode());
+        assertEquals("http://bar", grant2.getAudience());
+        assertEquals("1", grant2.getClient().getClientId());
+    }
+    
+    @Test
+    public void testBearerTokenCertAndSecretKey() throws Exception {
+        AccessTokenRegistration atr = prepareTokenRegistration();
+        BearerAccessToken token = p.createAccessTokenInternal(atr);
+        
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+        KeyPair keyPair = kpg.generateKeyPair();
+        PublicKey publicKey = keyPair.getPublic();
+        PrivateKey privateKey = keyPair.getPrivate();
+        
+        SecretKey secretKey = CryptoUtils.getSecretKey("AES");
+        String encryptedSecretKey = CryptoUtils.encryptSecretKey(secretKey, publicKey);
+        
+        String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, secretKey);
+        token.setTokenKey(encryptedToken);
+        SecretKey decryptedSecretKey = CryptoUtils.decryptSecretKey(encryptedSecretKey, privateKey);
+        ServerAccessToken token2 = ModelEncryptionSupport.decryptAccessToken(p, encryptedToken, decryptedSecretKey);
+        // compare tokens
+        compareAccessTokens(token, token2);
+    }
+    
+    @Test
+    public void testBearerTokenJSON() throws Exception {
+        AccessTokenRegistration atr = prepareTokenRegistration();
+        
+        BearerAccessToken token = p.createAccessTokenInternal(atr);
+        JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
+        jsonp.setMarshallAsJaxbElement(true);
+        jsonp.setUnmarshallAsJaxbElement(true);
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+                      new MetadataMap<String, Object>(), bos);
+        
+        String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
+        String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
+        ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, 
+                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
+                                                  new MetadataMap<String, String>(), 
+                                                  new ByteArrayInputStream(decrypted.getBytes()));
+        
+        // compare tokens
+        compareAccessTokens(token, token2);
+    }
+    
+    @Test
+    public void testBearerTokenJSONCertificate() throws Exception {
+        
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+        KeyPair keyPair = kpg.generateKeyPair();
+        PublicKey publicKey = keyPair.getPublic();
+        PrivateKey privateKey = keyPair.getPrivate();
+        
+        AccessTokenRegistration atr = prepareTokenRegistration();
+        
+        BearerAccessToken token = p.createAccessTokenInternal(atr);
+        JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
+        jsonp.setMarshallAsJaxbElement(true);
+        jsonp.setUnmarshallAsJaxbElement(true);
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+                      new MetadataMap<String, Object>(), bos);
+        
+        KeyProperties props1 = new KeyProperties(publicKey.getAlgorithm());
+        String encrypted = CryptoUtils.encryptSequence(bos.toString(), publicKey, props1);
+        KeyProperties props2 = new KeyProperties(privateKey.getAlgorithm());
+        String decrypted = CryptoUtils.decryptSequence(encrypted, privateKey, props2);
+        ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, 
+                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
+                                                  new MetadataMap<String, String>(), 
+                                                  new ByteArrayInputStream(decrypted.getBytes()));
+        
+        // compare tokens
+        compareAccessTokens(token, token2);
+    }
+    
+    @Test
+    public void testClientJSON() throws Exception {
+        Client c = new Client("client", "secret", true);
+        c.setSubject(new UserSubject("subject", "id"));
+        JSONProvider<Client> jsonp = new JSONProvider<Client>();
+        jsonp.setMarshallAsJaxbElement(true);
+        jsonp.setUnmarshallAsJaxbElement(true);
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        jsonp.writeTo(c, Client.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+                      new MetadataMap<String, Object>(), bos);
+        String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
+        String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
+        Client c2 = jsonp.readFrom(Client.class, Client.class, 
+                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
+                                                  new MetadataMap<String, String>(), 
+                                                  new ByteArrayInputStream(decrypted.getBytes()));
+        
+        assertEquals(c.getClientId(), c2.getClientId());
+        assertEquals(c.getClientSecret(), c2.getClientSecret());
+        assertTrue(c2.isConfidential());
+        assertEquals("subject", c2.getSubject().getLogin());
+        assertEquals("id", c2.getSubject().getId());
+    }
+    
+    @Test
+    public void testCodeGrantJSON() throws Exception {
+        Client c = new Client("client", "secret", true);
+        ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(c, "code", 1, 2); 
+        JSONProvider<ServerAuthorizationCodeGrant> jsonp = new JSONProvider<ServerAuthorizationCodeGrant>();
+        jsonp.setMarshallAsJaxbElement(true);
+        jsonp.setUnmarshallAsJaxbElement(true);
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        jsonp.writeTo(grant, ServerAuthorizationCodeGrant.class, new Annotation[]{}, 
+                      MediaType.APPLICATION_JSON_TYPE,
+                      new MetadataMap<String, Object>(), bos);
+        
+        String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
+        String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
+        ServerAuthorizationCodeGrant grant2 = jsonp.readFrom(ServerAuthorizationCodeGrant.class,
+                                                             Client.class, 
+                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
+                                                  new MetadataMap<String, String>(), 
+                                                  new ByteArrayInputStream(decrypted.getBytes()));
+        assertEquals("code", grant2.getCode());
+        assertEquals(1, grant2.getExpiresIn());
+        assertEquals(2, grant2.getIssuedAt());
+    }
+    
+    private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
+        assertEquals(token.getTokenKey(), token2.getTokenKey());
+        assertEquals(token.getTokenType(), token2.getTokenType());
+        assertEquals(token.getIssuedAt(), token2.getIssuedAt());
+        assertEquals(token.getExpiresIn(), token2.getExpiresIn());
+        Client regClient1 = token.getClient();
+        Client regClient2 = token2.getClient();
+        assertEquals(regClient1.getClientId(), regClient2.getClientId());
+        assertNull(regClient2.getApplicationDescription());
+        UserSubject endUser1 = token.getSubject();
+        UserSubject endUser2 = token2.getSubject();
+        assertEquals(endUser1.getLogin(), endUser2.getLogin());
+        assertEquals(endUser1.getId(), endUser2.getId());
+        assertEquals(endUser1.getRoles(), endUser2.getRoles());
+        
+        assertEquals(token.getRefreshToken(), token2.getRefreshToken());
+        assertEquals(token.getAudience(), token2.getAudience());
+        assertEquals(token.getGrantType(), token2.getGrantType());
+        assertEquals(token.getParameters(), token2.getParameters());
+        
+        List<OAuthPermission> permissions = token.getScopes();
+        List<OAuthPermission> permissions2 = token2.getScopes();
+        assertEquals(1, permissions.size());
+        assertEquals(1, permissions2.size());
+        OAuthPermission perm1 = permissions.get(0);
+        OAuthPermission perm2 = permissions2.get(0);
+        assertEquals(perm1.getPermission(), perm2.getPermission());
+        assertEquals(perm1.getDescription(), perm2.getDescription());
+        
+        RefreshToken refreshToken = 
+            ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key);
+        assertEquals(1200L, refreshToken.getExpiresIn());
+    }
+    
+    private AccessTokenRegistration prepareTokenRegistration() {
+        AccessTokenRegistration atr = new AccessTokenRegistration();
+        Client regClient = p.getClient("1");
+        atr.setClient(regClient);
+        atr.setGrantType("code");
+        atr.setAudience("http://localhost");
+        UserSubject endUser = new UserSubject("Barry", "BarryId");
+        atr.setSubject(endUser);
+        endUser.setRoles(Collections.singletonList("role1"));
+        return atr;
+    }
+    
+// TODO: remove once the wiki documentation is updated
+//  KeyStore keyStore = loadKeyStore(); 
+//  Certificate cert = keyStore.getCertificate("alice");
+//  PublicKey publicKey = cert.getPublicKey();
+//  KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
+//      keyStore.getEntry("alice", new KeyStore.PasswordProtection(
+//           new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}));
+//  PrivateKey privateKey = pkEntry.getPrivateKey();
+    
+    
+//    private KeyStore loadKeyStore() throws Exception {
+//        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+//        InputStream is = this.getClass().getResourceAsStream("alice.jks");
+//        ks.load(is, new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'});
+//        return ks;
+//    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
index bf0b7f7..4b3c44f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
@@ -46,7 +46,7 @@ public class EncryptingDataProvider implements OAuthDataProvider {
     private Map<String, String> refreshTokens = new HashMap<String, String>();
     
     public EncryptingDataProvider() throws Exception {
-        key = EncryptionUtils.getSecretKey("AES");
+        key = CryptoUtils.getSecretKey("AES");
         String encryptedClient = ModelEncryptionSupport.encryptClient(new Client("1", "2", true), key);
         clients = Collections.singletonMap("1", encryptedClient);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f8c17ef0/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtilsTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtilsTest.java
deleted file mode 100644
index 19c20ae..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptionUtilsTest.java
+++ /dev/null
@@ -1,273 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.utils.crypto;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.lang.annotation.Annotation;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.Collections;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-import javax.ws.rs.core.MediaType;
-
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.jaxrs.provider.json.JSONProvider;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
-import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
-import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-public class EncryptionUtilsTest extends Assert {
-    
-    private CodeGrantEncryptingDataProvider p;
-    
-    @Before
-    public void setUp() throws Exception {
-        p = new CodeGrantEncryptingDataProvider();
-    }
-    
-    @After
-    public void tearDown() {
-        p = null;
-    }
-    
-    @Test
-    public void testEncryptDecryptToken() throws Exception {
-        AccessTokenRegistration atr = prepareTokenRegistration();
-        
-        // encrypt
-        ServerAccessToken token = p.createAccessToken(atr);
-        ServerAccessToken token2 = p.getAccessToken(token.getTokenKey());
-        
-        // compare tokens
-        compareAccessTokens(token, token2);
-    }
-    
-    @Test
-    public void testEncryptDecryptCodeGrant() throws Exception {
-        AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); 
-        codeReg.setAudience("http://bar");
-        codeReg.setClient(p.getClient("1"));
-        ServerAuthorizationCodeGrant grant = p.createCodeGrant(codeReg);
-        ServerAuthorizationCodeGrant grant2 = p.removeCodeGrant(grant.getCode());
-        assertEquals("http://bar", grant2.getAudience());
-        assertEquals("1", grant2.getClient().getClientId());
-    }
-    
-    @Test
-    public void testBearerTokenCertAndSecretKey() throws Exception {
-        AccessTokenRegistration atr = prepareTokenRegistration();
-        BearerAccessToken token = p.createAccessTokenInternal(atr);
-        
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
-        KeyPair keyPair = kpg.generateKeyPair();
-        PublicKey publicKey = keyPair.getPublic();
-        PrivateKey privateKey = keyPair.getPrivate();
-        
-        SecretKey secretKey = EncryptionUtils.getSecretKey("AES");
-        String encryptedSecretKey = EncryptionUtils.encryptSecretKey(secretKey, publicKey);
-        
-        String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, secretKey);
-        token.setTokenKey(encryptedToken);
-        SecretKey decryptedSecretKey = EncryptionUtils.decryptSecretKey(encryptedSecretKey, privateKey);
-        ServerAccessToken token2 = ModelEncryptionSupport.decryptAccessToken(p, encryptedToken, decryptedSecretKey);
-        // compare tokens
-        compareAccessTokens(token, token2);
-    }
-    
-    @Test
-    public void testBearerTokenJSON() throws Exception {
-        AccessTokenRegistration atr = prepareTokenRegistration();
-        
-        BearerAccessToken token = p.createAccessTokenInternal(atr);
-        JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
-        jsonp.setMarshallAsJaxbElement(true);
-        jsonp.setUnmarshallAsJaxbElement(true);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
-                      new MetadataMap<String, Object>(), bos);
-        
-        String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key);
-        String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key);
-        ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, 
-                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
-                                                  new MetadataMap<String, String>(), 
-                                                  new ByteArrayInputStream(decrypted.getBytes()));
-        
-        // compare tokens
-        compareAccessTokens(token, token2);
-    }
-    
-    @Test
-    public void testBearerTokenJSONCertificate() throws Exception {
-        
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
-        KeyPair keyPair = kpg.generateKeyPair();
-        PublicKey publicKey = keyPair.getPublic();
-        PrivateKey privateKey = keyPair.getPrivate();
-        
-        AccessTokenRegistration atr = prepareTokenRegistration();
-        
-        BearerAccessToken token = p.createAccessTokenInternal(atr);
-        JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
-        jsonp.setMarshallAsJaxbElement(true);
-        jsonp.setUnmarshallAsJaxbElement(true);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
-                      new MetadataMap<String, Object>(), bos);
-        
-        KeyProperties props1 = new KeyProperties(publicKey.getAlgorithm());
-        String encrypted = EncryptionUtils.encryptSequence(bos.toString(), publicKey, props1);
-        KeyProperties props2 = new KeyProperties(privateKey.getAlgorithm());
-        String decrypted = EncryptionUtils.decryptSequence(encrypted, privateKey, props2);
-        ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, 
-                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
-                                                  new MetadataMap<String, String>(), 
-                                                  new ByteArrayInputStream(decrypted.getBytes()));
-        
-        // compare tokens
-        compareAccessTokens(token, token2);
-    }
-    
-    @Test
-    public void testClientJSON() throws Exception {
-        Client c = new Client("client", "secret", true);
-        c.setSubject(new UserSubject("subject", "id"));
-        JSONProvider<Client> jsonp = new JSONProvider<Client>();
-        jsonp.setMarshallAsJaxbElement(true);
-        jsonp.setUnmarshallAsJaxbElement(true);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        jsonp.writeTo(c, Client.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
-                      new MetadataMap<String, Object>(), bos);
-        String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key);
-        String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key);
-        Client c2 = jsonp.readFrom(Client.class, Client.class, 
-                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
-                                                  new MetadataMap<String, String>(), 
-                                                  new ByteArrayInputStream(decrypted.getBytes()));
-        
-        assertEquals(c.getClientId(), c2.getClientId());
-        assertEquals(c.getClientSecret(), c2.getClientSecret());
-        assertTrue(c2.isConfidential());
-        assertEquals("subject", c2.getSubject().getLogin());
-        assertEquals("id", c2.getSubject().getId());
-    }
-    
-    @Test
-    public void testCodeGrantJSON() throws Exception {
-        Client c = new Client("client", "secret", true);
-        ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(c, "code", 1, 2); 
-        JSONProvider<ServerAuthorizationCodeGrant> jsonp = new JSONProvider<ServerAuthorizationCodeGrant>();
-        jsonp.setMarshallAsJaxbElement(true);
-        jsonp.setUnmarshallAsJaxbElement(true);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        jsonp.writeTo(grant, ServerAuthorizationCodeGrant.class, new Annotation[]{}, 
-                      MediaType.APPLICATION_JSON_TYPE,
-                      new MetadataMap<String, Object>(), bos);
-        
-        String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key);
-        String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key);
-        ServerAuthorizationCodeGrant grant2 = jsonp.readFrom(ServerAuthorizationCodeGrant.class,
-                                                             Client.class, 
-                                                  new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, 
-                                                  new MetadataMap<String, String>(), 
-                                                  new ByteArrayInputStream(decrypted.getBytes()));
-        assertEquals("code", grant2.getCode());
-        assertEquals(1, grant2.getExpiresIn());
-        assertEquals(2, grant2.getIssuedAt());
-    }
-    
-    private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
-        assertEquals(token.getTokenKey(), token2.getTokenKey());
-        assertEquals(token.getTokenType(), token2.getTokenType());
-        assertEquals(token.getIssuedAt(), token2.getIssuedAt());
-        assertEquals(token.getExpiresIn(), token2.getExpiresIn());
-        Client regClient1 = token.getClient();
-        Client regClient2 = token2.getClient();
-        assertEquals(regClient1.getClientId(), regClient2.getClientId());
-        assertNull(regClient2.getApplicationDescription());
-        UserSubject endUser1 = token.getSubject();
-        UserSubject endUser2 = token2.getSubject();
-        assertEquals(endUser1.getLogin(), endUser2.getLogin());
-        assertEquals(endUser1.getId(), endUser2.getId());
-        assertEquals(endUser1.getRoles(), endUser2.getRoles());
-        
-        assertEquals(token.getRefreshToken(), token2.getRefreshToken());
-        assertEquals(token.getAudience(), token2.getAudience());
-        assertEquals(token.getGrantType(), token2.getGrantType());
-        assertEquals(token.getParameters(), token2.getParameters());
-        
-        List<OAuthPermission> permissions = token.getScopes();
-        List<OAuthPermission> permissions2 = token2.getScopes();
-        assertEquals(1, permissions.size());
-        assertEquals(1, permissions2.size());
-        OAuthPermission perm1 = permissions.get(0);
-        OAuthPermission perm2 = permissions2.get(0);
-        assertEquals(perm1.getPermission(), perm2.getPermission());
-        assertEquals(perm1.getDescription(), perm2.getDescription());
-        
-        RefreshToken refreshToken = 
-            ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key);
-        assertEquals(1200L, refreshToken.getExpiresIn());
-    }
-    
-    private AccessTokenRegistration prepareTokenRegistration() {
-        AccessTokenRegistration atr = new AccessTokenRegistration();
-        Client regClient = p.getClient("1");
-        atr.setClient(regClient);
-        atr.setGrantType("code");
-        atr.setAudience("http://localhost");
-        UserSubject endUser = new UserSubject("Barry", "BarryId");
-        atr.setSubject(endUser);
-        endUser.setRoles(Collections.singletonList("role1"));
-        return atr;
-    }
-    
-// TODO: remove once the wiki documentation is updated
-//  KeyStore keyStore = loadKeyStore(); 
-//  Certificate cert = keyStore.getCertificate("alice");
-//  PublicKey publicKey = cert.getPublicKey();
-//  KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
-//      keyStore.getEntry("alice", new KeyStore.PasswordProtection(
-//           new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}));
-//  PrivateKey privateKey = pkEntry.getPrivateKey();
-    
-    
-//    private KeyStore loadKeyStore() throws Exception {
-//        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-//        InputStream is = this.getClass().getResourceAsStream("alice.jks");
-//        ks.load(is, new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'});
-//        return ks;
-//    }
-}


Mime
View raw message