cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] Initial end to end JweJws test
Date Tue, 17 Jun 2014 14:34:23 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 35aa01ca9 -> 6f8d4adf3


[CXF-5311] Initial end to end JweJws test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6f8d4adf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6f8d4adf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6f8d4adf

Branch: refs/heads/master
Commit: 6f8d4adf33c36671eb1c4a4a64a93122ddfc94fb
Parents: 35aa01c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jun 17 15:34:04 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jun 17 15:34:04 2014 +0100

----------------------------------------------------------------------
 .../apache/cxf/jaxrs/utils/ResourceUtils.java   |   8 ++
 rt/rs/security/oauth-parent/oauth2-jwt/pom.xml  |   1 +
 .../oauth2/jwe/AbstractJweEncryptor.java        |  15 ++-
 .../jws/AbstractJwsSignatureProvider.java       |   3 +-
 .../oauth2/jws/HmacJwsSignatureProvider.java    |   4 +-
 .../jws/PrivateKeyJwsSignatureProvider.java     |   2 +-
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  |  39 ++++---
 .../jwt/jaxrs/AbstractJwsReaderProvider.java    |  30 +++--
 .../jwt/jaxrs/AbstractJwsWriterProvider.java    |  37 +++++--
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  |  32 ++++--
 .../security/oauth2/jwt/jaxrs/Priorities.java   |   4 +-
 .../oauth2/utils/crypto/CryptoUtils.java        | 107 ++++++++++++------
 systests/rs-security/pom.xml                    |  11 ++
 .../jaxrs/security/jwt/BookServerJwt.java       |  57 ++++++++++
 .../systest/jaxrs/security/jwt/BookStore.java   |  44 ++++++++
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     | 109 +++++++++++++++++++
 .../jwt/PrivateKeyPasswordProviderImpl.java     |  33 ++++++
 .../cxf/systest/jaxrs/security/jwt/client.xml   |  38 +++++++
 .../cxf/systest/jaxrs/security/jwt/server.xml   |  72 ++++++++++++
 .../systest/jaxrs/security/alice.rs.properties  |  22 ++++
 .../systest/jaxrs/security/bob.rs.properties    |  24 ++++
 21 files changed, 605 insertions(+), 87 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ResourceUtils.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ResourceUtils.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ResourceUtils.java
index ff1ff3c..90aac02 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ResourceUtils.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ResourceUtils.java
@@ -36,6 +36,7 @@ import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 import java.util.ResourceBundle;
 import java.util.Set;
 import java.util.logging.Logger;
@@ -504,6 +505,13 @@ public final class ResourceUtils {
         return null;
     }
     
+    public static Properties loadProperties(String propertiesLocation, Bus bus) throws Exception {
+        Properties props = new Properties();
+        InputStream is = getResourceStream(propertiesLocation, bus);
+        props.load(is);
+        return props;
+    }
+    
     public static List<UserResource> getUserResources(String loc) {
         return getUserResources(loc, BusFactory.getThreadDefaultBus());
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/pom.xml
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/pom.xml b/rt/rs/security/oauth-parent/oauth2-jwt/pom.xml
index 6a675d5..fb3ca89 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/pom.xml
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/pom.xml
@@ -40,6 +40,7 @@
          <groupId>org.bouncycastle</groupId>
          <artifactId>bcprov-ext-jdk15on</artifactId>
          <version>1.50</version>
+         <scope>test</scope>
         </dependency>
         <!--test dependencies-->
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
index 798ae61..495483e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
@@ -91,10 +91,16 @@ public abstract class AbstractJweEncryptor implements JweEncryptor {
         return headers;
     }
     public String encrypt(byte[] content, String contentType) {
+        JweHeaders theHeaders = headers;
+        if (contentType != null) {
+            theHeaders = new JweHeaders(theHeaders.asMap());
+            theHeaders.setContentType(contentType);
+        }
+        
         byte[] theCek = getContentEncryptionKey();
-        String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
+        String contentEncryptionAlgoJavaName = Algorithm.toJavaName(theHeaders.getContentEncryptionAlgorithm());
         KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
-        byte[] additionalEncryptionParam = headers.toCipherAdditionalAuthData(writer);
+        byte[] additionalEncryptionParam = theHeaders.toCipherAdditionalAuthData(writer);
         keyProps.setAdditionalData(additionalEncryptionParam);
         
         byte[] theIv = getContentEncryptionCipherInitVector();
@@ -107,10 +113,7 @@ public abstract class AbstractJweEncryptor implements JweEncryptor {
             keyProps);
         
         byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek);
-        if (contentType != null) {
-            headers.setContentType(contentType);
-        }
-        JweCompactProducer producer = new JweCompactProducer(headers, 
+        JweCompactProducer producer = new JweCompactProducer(theHeaders, 
                                              jweContentEncryptionKey,
                                              theIv,
                                              cipherText,

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
index 5a5dd71..83563be 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
@@ -26,9 +26,8 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid
     private Set<String> supportedAlgorithms;
     private String defaultJwtAlgorithm;
     
-    public AbstractJwsSignatureProvider(Set<String> supportedAlgorithms, String algo) {
+    public AbstractJwsSignatureProvider(Set<String> supportedAlgorithms) {
         this.supportedAlgorithms = supportedAlgorithms;
-        this.defaultJwtAlgorithm = algo;
     }
     @Override
     public void prepareHeaders(JwtHeaders headers) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
index 642d908..ed4c00f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
@@ -36,11 +36,11 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider imple
     private byte[] key;
     
     public HmacJwsSignatureProvider(byte[] key) {
-        super(SUPPORTED_ALGORITHMS, Algorithm.HmacSHA256.getJwtName());
+        super(SUPPORTED_ALGORITHMS);
         this.key = key;
     }
     public HmacJwsSignatureProvider(String encodedKey) {
-        super(SUPPORTED_ALGORITHMS, Algorithm.HmacSHA256.getJwtName());
+        super(SUPPORTED_ALGORITHMS);
         try {
             this.key = Base64UrlUtility.decode(encodedKey);
         } catch (Base64Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
index 64de375..cbfd21e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
@@ -45,7 +45,7 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider
         this(key, null, spec);
     }
     public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, AlgorithmParameterSpec spec) {
-        super(SUPPORTED_ALGORITHMS, Algorithm.SHA256withRSA.getJwtName());
+        super(SUPPORTED_ALGORITHMS);
         this.key = key;
         this.random = random;
         this.signatureSpec = spec;

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 20d1281..50bbeab 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -20,12 +20,14 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.KeyStore;
 import java.security.PrivateKey;
+import java.util.Properties;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
 import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
@@ -36,17 +38,13 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
 
 public class AbstractJweDecryptingFilter {
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs-security.encryption.properties";
-    private static final String RSSEC_KEY_PSWD_PROVIDER = "org.apache.rs.security.crypto.private.provider";
+    private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
     
     private JweDecryptor decryptor;
     private JweCryptoProperties cryptoProperties;
     private String defaultMediaType;
     protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
         JweDecryptor theDecryptor = getInitializedDecryptor();
-        if (theDecryptor == null) {
-            throw new SecurityException();
-        }
         JweDecryptionOutput out = theDecryptor.decrypt(new String(IOUtils.readBytesFromStream(is), "UTF-8"));
         validateHeaders(out.getHeaders());
         return out;
@@ -64,16 +62,31 @@ public class AbstractJweDecryptingFilter {
         } 
         Message m = JAXRSUtils.getCurrentMessage();
         if (m == null) {
-            return null;
+            throw new SecurityException();
         }
-        String propLoc = (String)m.getContextualProperty(RSSEC_ENCRYPTION_PROPS);
+        String propLoc = (String)m.getContextualProperty(RSSEC_ENCRYPTION_IN_PROPS);
         if (propLoc == null) {
-            return null;
+            throw new SecurityException();
+        }
+        try {
+            Bus bus = m.getExchange().getBus();
+            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            PrivateKey pk = null;
+            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+            if (keyStore == null) {
+                keyStore = CryptoUtils.loadKeyStore(props, bus);
+                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+            }
+            PrivateKeyPasswordProvider cb = 
+                (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
+            pk = CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
+            
+            return new WrappedKeyJweDecryptor(pk, cryptoProperties);
+        } catch (SecurityException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
         }
-        PrivateKeyPasswordProvider cb = (PrivateKeyPasswordProvider)m.getContextualProperty(RSSEC_KEY_PSWD_PROVIDER);
-        Bus bus = (Bus)m.getExchange().get(Endpoint.class).get(Bus.class.getName());
-        PrivateKey pk = CryptoUtils.loadPrivateKey(propLoc, bus, cb);
-        return new WrappedKeyJweDecryptor(pk, cryptoProperties);
     }
 
     public void setCryptoProperties(JweCryptoProperties cryptoProperties) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
index a911ac9..0889f18 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
@@ -18,11 +18,13 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 
+import java.security.KeyStore;
 import java.security.PublicKey;
+import java.util.Properties;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProperties;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
@@ -30,7 +32,7 @@ import org.apache.cxf.rs.security.oauth2.jws.PublicKeyJwsSignatureVerifier;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AbstractJwsReaderProvider {
-    private static final String RSSEC_SIGNATURE_PROPS = "rs-security.signature.properties";
+    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.in.properties";
     
     private JwsSignatureVerifier sigVerifier;
     private JwsSignatureProperties sigProperties;
@@ -54,16 +56,28 @@ public class AbstractJwsReaderProvider {
         } 
         Message m = JAXRSUtils.getCurrentMessage();
         if (m == null) {
-            return null;
+            throw new SecurityException();
         }
         String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_PROPS);
         if (propLoc == null) {
-            return null;
+            throw new SecurityException();
+        }
+        Bus bus = m.getExchange().getBus();
+        try {
+            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            PublicKey pk = null;
+            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+            if (keyStore == null) {
+                keyStore = CryptoUtils.loadKeyStore(props, bus);
+                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+            }
+            pk = CryptoUtils.loadPublicKey(keyStore, props);
+            return new PublicKeyJwsSignatureVerifier(pk);
+        } catch (SecurityException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
         }
-        
-        Bus bus = (Bus)m.getExchange().get(Endpoint.class).get(Bus.class.getName());
-        PublicKey pk = CryptoUtils.loadPublicKey(propLoc, bus);
-        return new PublicKeyJwsSignatureVerifier(pk);
     }
 
     public String getDefaultMediaType() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
index b67d472..be6f8ae 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
@@ -21,12 +21,14 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.security.KeyStore;
 import java.security.PrivateKey;
+import java.util.Properties;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
@@ -35,8 +37,8 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
 
 public class AbstractJwsWriterProvider {
-    private static final String RSSEC_SIGNATURE_PROPS = "rs-security.signature.properties";
-    private static final String RSSEC_KEY_PSWD_PROVIDER = "org.apache.rs.security.crypto.private.provider";
+    private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
+    private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
     
     private JwsSignatureProvider sigProvider;
     
@@ -53,18 +55,33 @@ public class AbstractJwsWriterProvider {
         if (m == null) {
             throw new SecurityException();
         }
-        String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_PROPS);
+        String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_OUT_PROPS);
         if (propLoc == null) {
             throw new SecurityException();
         }
-        
-        PrivateKeyPasswordProvider cb = (PrivateKeyPasswordProvider)m.getContextualProperty(RSSEC_KEY_PSWD_PROVIDER);
-        Bus bus = (Bus)m.getExchange().get(Endpoint.class).get(Bus.class.getName());
-        PrivateKey pk = CryptoUtils.loadPrivateKey(propLoc, bus, cb);
-        return new PrivateKeyJwsSignatureProvider(pk);
+        try {
+            Bus bus = m.getExchange().getBus();
+            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            PrivateKey pk = null;
+            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+            if (keyStore == null) {
+                keyStore = CryptoUtils.loadKeyStore(props, bus);
+                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+            }
+            PrivateKeyPasswordProvider cb = 
+                (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
+            pk = CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
+            PrivateKeyJwsSignatureProvider provider = new PrivateKeyJwsSignatureProvider(pk);
+            provider.setDefaultJwtAlgorithm(props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP));
+            return provider;
+        } catch (SecurityException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
     }
     
-    public void writeJws(JwsCompactProducer p, OutputStream os) throws IOException {
+    protected void writeJws(JwsCompactProducer p, OutputStream os) throws IOException {
         JwsSignatureProvider theSigProvider = getInitializedSigProvider();
         p.signWith(theSigProvider);
         IOUtils.copy(new ByteArrayInputStream(p.getSignedEncodedJws().getBytes("UTF-8")), os);

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index ee30d9d..1bb79b6 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -21,7 +21,9 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.security.KeyStore;
 import java.security.PublicKey;
+import java.util.Properties;
 
 import javax.annotation.Priority;
 import javax.ws.rs.WebApplicationException;
@@ -30,10 +32,10 @@ import javax.ws.rs.ext.WriterInterceptor;
 import javax.ws.rs.ext.WriterInterceptorContext;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptor;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
@@ -43,7 +45,8 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 @Priority(Priorities.JWE_WRITE_PRIORITY)
 public class JweWriterInterceptor implements WriterInterceptor {
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs-security.encryption.properties";
+    private static final String JSON_WEB_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
+    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
     private JweEncryptor encryptor;
     private boolean contentTypeRequired = true;
     
@@ -75,15 +78,28 @@ public class JweWriterInterceptor implements WriterInterceptor {
         if (m == null) {
             throw new SecurityException();
         }
-        String propLoc = (String)m.getContextualProperty(RSSEC_ENCRYPTION_PROPS);
+        String propLoc = (String)m.getContextualProperty(JSON_WEB_ENCRYPTION_OUT_PROPS);
         if (propLoc == null) {
             throw new SecurityException();
         }
-        Bus bus = (Bus)m.getExchange().get(Endpoint.class).get(Bus.class.getName());
-        PublicKey pk = CryptoUtils.loadPublicKey(propLoc, bus);
-        return new WrappedKeyJweEncryptor(new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
-                                                         Algorithm.A256GCM.getJwtName()), 
-                                          pk);
+        Bus bus = m.getExchange().getBus();
+        try {
+            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            PublicKey pk = null;
+            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+            if (keyStore == null) {
+                keyStore = CryptoUtils.loadKeyStore(props, bus);
+                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+            }
+            pk = CryptoUtils.loadPublicKey(keyStore, props);
+            return new WrappedKeyJweEncryptor(new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
+                                                             props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP)), 
+                                              pk);
+        } catch (SecurityException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
index 49096b8..42b2523 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
@@ -20,10 +20,10 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 
 public final class Priorities {
     public static final int JWE_SERVER_READ_PRIORITY = 1000;
-    public static final int JWE_WRITE_PRIORITY = 1001;
+    public static final int JWE_WRITE_PRIORITY = 1000;
     public static final int JWE_CLIENT_READ_PRIORITY = 1001;
     public static final int JWS_SERVER_READ_PRIORITY = 1001;
-    public static final int JWS_WRITE_PRIORITY = 1000;
+    public static final int JWS_WRITE_PRIORITY = 1001;
     public static final int JWS_CLIENT_READ_PRIORITY = 1000;
     private Priorities() {
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index 5f934fe..ca17056 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -58,11 +58,12 @@ import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
  * Encryption helpers
  */
 public final class CryptoUtils {
-    private static final String RSSEC_KEY_STORE_TYPE = "org.apache.rs.security.crypto.keystore.type";
-    private static final String RSSEC_KEY_STORE_PSWD = "org.apache.rs.security.crypto.keystore.password";
-    private static final String RSSEC_KEY_PSWD = "org.apache.rs.security.crypto.private.password";
-    private static final String RSSEC_KEY_STORE_ALIAS = "org.apache.rs.security.crypto.keystore.alias";
-    private static final String RSSEC_KEY_STORE_FILE = "org.apache.rs.security.crypto.keystore.file";
+    public static final String RSSEC_KEY_STORE_TYPE = "rs.security.crypto.keystore.type";
+    public static final String RSSEC_KEY_STORE_PSWD = "rs.security.crypto.keystore.password";
+    public static final String RSSEC_KEY_PSWD = "rs.security.crypto.key.password";
+    public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.crypto.keystore.alias";
+    public static final String RSSEC_KEY_STORE_FILE = "rs.security.crypto.keystore.file";
+    public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.crypto.key.password.provider";
         
     private static final Logger LOG = LogUtils.getL7dLogger(CryptoUtils.class);
     
@@ -128,19 +129,38 @@ public final class CryptoUtils {
         }    
     }
     
-    public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias) {
-        return loadCertificate(storeLocation, storePassword, alias, null);    
-    }
     public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
                                               String storeType) {
         try {
             KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+            return loadCertificate(keyStore, alias);
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static Certificate loadCertificate(KeyStore keyStore, String alias) {
+        try {
             return keyStore.getCertificate(alias);
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }
     }
-    
+    public static Certificate loadCertificate(KeyStore keyStore, Properties props) {
+        try {
+            return loadCertificate(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static Certificate loadCertificate(Properties props, Bus bus) {
+        try {
+            KeyStore keyStore = loadKeyStore(props, bus);
+            String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
+            return loadCertificate(keyStore, alias);
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
     public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
                                           String storeType) {
         try {
@@ -149,51 +169,49 @@ public final class CryptoUtils {
             throw new SecurityException(ex);
         }
     }
-    public static Certificate loadCertificate(String propertiesLocation, Bus bus) {
+    public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
         try {
-            Properties props = loadProperties(propertiesLocation, bus);
-            String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
-            String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
-            String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
-            String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
-            InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
-            return loadCertificate(is, keyStorePswd.toCharArray(), alias, keyStoreType);
+            return loadCertificate(keyStore, alias).getPublicKey();
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static PublicKey loadPublicKey(KeyStore keyStore, Properties props) {
+        try {
+            return loadCertificate(keyStore, props).getPublicKey();
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static PublicKey loadPublicKey(Properties props, Bus bus) {
+        try {
+            return loadCertificate(props, bus).getPublicKey();
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }    
     }
-    public static PublicKey loadPublicKey(String propertiesLocation, Bus bus) {
+    public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider provider) {
         try {
-            return loadCertificate(propertiesLocation, bus).getPublicKey();
+            KeyStore keyStore = loadKeyStore(props, bus);
+            return loadPrivateKey(keyStore, props, bus, provider);
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }    
     }
-    public static PrivateKey loadPrivateKey(String propertiesLocation, Bus bus, 
+    public static PrivateKey loadPrivateKey(KeyStore keyStore, 
+                                            Properties props, 
+                                            Bus bus, 
                                             PrivateKeyPasswordProvider provider) {
         try {
-            
-            Properties props = loadProperties(propertiesLocation, bus);
-            String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
-            String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
-            String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
             String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
             String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
-            InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
             char[] keyPswdChars = provider != null ? provider.getPassword(props) 
                 : keyPswd != null ? keyPswd.toCharArray() : null;    
-            return loadPrivateKey(is, keyStorePswd.toCharArray(), keyPswdChars, alias, keyStoreType);
+            return loadPrivateKey(keyStore, keyPswdChars, alias);
         } catch (Exception ex) { 
             throw new SecurityException(ex);
         }    
     }
-    private static Properties loadProperties(String propertiesLocation, Bus bus) throws Exception {
-        Properties props = new Properties();
-        InputStream is = ResourceUtils.getResourceStream(propertiesLocation, bus);
-        props.load(is);
-        return props;
-    }
-    
     public static PrivateKey loadPrivateKey(InputStream storeLocation, 
                                             char[] storePassword, 
                                             char[] keyPassword, 
@@ -209,8 +227,27 @@ public final class CryptoUtils {
         }
     }
     
+    public static PrivateKey loadPrivateKey(KeyStore keyStore,
+                                            char[] keyPassword, 
+                                            String alias) {
+        try {
+            KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
+                keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
+            return pkEntry.getPrivateKey();
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static KeyStore loadKeyStore(Properties props, Bus bus) throws Exception {
+        String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
+        String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
+        String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
+        InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
+        return loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
+    }
     
-    private static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) 
+    public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) 
         throws Exception {
         KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
         ks.load(storeLocation, storePassword);

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/pom.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml
index 8caac32..b55de93 100644
--- a/systests/rs-security/pom.xml
+++ b/systests/rs-security/pom.xml
@@ -78,6 +78,17 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-oauth2-jwt</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+         <groupId>org.bouncycastle</groupId>
+         <artifactId>bcprov-ext-jdk15on</artifactId>
+         <version>1.50</version>
+         <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-transports-http</artifactId>
             <version>${project.version}</version>
         </dependency>

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java
new file mode 100644
index 0000000..20a0346
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jwt;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+    
+public class BookServerJwt extends AbstractBusTestServerBase {
+    public static final String PORT = TestUtil.getPortNumber("jaxrs-jwt");
+    private static final String SERVER_CONFIG_FILE =
+        "org/apache/cxf/systest/jaxrs/security/jwt/server.xml";
+    
+    protected void run() {
+        SpringBusFactory bf = new SpringBusFactory();
+        Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+        BusFactory.setDefaultBus(springBus);
+        setBus(springBus);
+        
+        try {
+            new BookServerJwt();
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }        
+    }
+
+    public static void main(String[] args) {
+        try {
+            BookServerJwt s = new BookServerJwt();
+            s.start();
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            System.exit(-1);
+        } finally {
+            System.out.println("done!");
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java
new file mode 100644
index 0000000..0bc010e
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jwt;
+
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+
+@Path("/bookstore")
+public class BookStore {
+    
+    public BookStore() {
+    }
+    
+    @POST
+    @Path("/books")
+    @Produces("text/plain")
+    @Consumes("text/plain")
+    public String echoText(String text) {
+        return text;
+    }
+    
+}
+
+

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
new file mode 100644
index 0000000..616c8f4
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -0,0 +1,109 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jwt;
+
+import java.net.URL;
+import java.security.Security;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Properties;
+
+import javax.crypto.Cipher;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweClientResponseFilter;
+import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor;
+import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsClientResponseFilter;
+import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
+    public static final String PORT = BookServerJwt.PORT;
+    private static final String CLIENT_JWEJWS_PROPERTIES =
+        "org/apache/cxf/systest/jaxrs/security/bob.rs.properties";
+    private static final String SERVER_JWEJWS_PROPERTIES =
+        "org/apache/cxf/systest/jaxrs/security/alice.rs.properties";
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue("server did not launch correctly", 
+                   launchServer(BookServerJwt.class, true));
+        registerBouncyCastleIfNeeded();
+    }
+    
+    private static void registerBouncyCastleIfNeeded() throws Exception {
+        try {
+            // Java 8 apparently has it
+            Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
+        } catch (Throwable t) {
+            // Oracle Java 7
+            Security.addProvider(new BouncyCastleProvider());    
+        }
+    }
+    @AfterClass
+    public static void unregisterBouncyCastleIfNeeded() throws Exception {
+        Security.removeProvider(BouncyCastleProvider.class.getName());    
+    }
+    
+    @Test
+    public void testJweJwsRsa() throws Exception {
+        String address = "https://localhost:" + PORT + "/jwejws";
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<Object>();
+        providers.add(new JweWriterInterceptor());
+        providers.add(new JweClientResponseFilter());
+        providers.add(new JwsWriterInterceptor());
+        providers.add(new JwsClientResponseFilter());
+        bean.setProviders(providers);
+        bean.getProperties(true).put("rs.security.encryption.out.properties", SERVER_JWEJWS_PROPERTIES);
+        bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
+        bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
+        bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
+        bean.getProperties(true).put("rs.security.crypto.key.password.provider", 
+                                     new PrivateKeyPasswordProviderImpl());
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
+    
+    private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
+
+        @Override
+        public char[] getPassword(Properties storeProperties) {
+            return "password".toCharArray();
+        }
+        
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
new file mode 100644
index 0000000..c34912c
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.jwt;
+
+import java.util.Properties;
+
+import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
+
+public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
+
+    @Override
+    public char[] getPassword(Properties storeProperties) {
+        return "password".toCharArray();
+    }
+    
+}
+

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml
new file mode 100644
index 0000000..13eaea1
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation="           http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd           http://cxf.apache.org/jaxws                           http://cxf.apache.org/schemas/jaxws.xsd           http://cxf.apache.org/transports/http/configuration   http://cxf.apache.org/schemas/configuration/http-conf.xsd           http://cxf.apache.org/configuration/security          http://cxf.apache.org/schemas/configuration/security.xsd           http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd           http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
 cy.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <http:conduit name="https://localhost.*">
+        <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:keyManagers keyPassword="password">
+                <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+            </sec:keyManagers>
+            <sec:trustManagers>
+                <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
new file mode 100644
index 0000000..8633bad
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation="         http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://www.springframework.org/schema/beans                 http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/transports/http/configuration         http://cxf.apache.org/schemas/configuration/http-conf.xsd         http://cxf.apache.org/transports/http-jetty/configuration   http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security    
             http://cxf.apache.org/schemas/configuration/security.xsd         ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <httpj:engine-factory id="port-9095-tls-config">
+        <httpj:engine port="${testutil.ports.jaxrs-jwt}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+                </sec:trustManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
+    <bean id="jweInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter"/>
+    <bean id="jweOutFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor"/>
+    <bean id="jwsInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsContainerRequestFilter"/>
+    <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsWriterInterceptor"/>
+    <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"/>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejws">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jweInFilter"/>
+            <ref bean="jweOutFilter"/>
+            <ref bean="jwsInFilter"/>
+            <ref bean="jwsOutFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+            <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+            <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+            <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+            <entry key="rs.security.crypto.key.password.provider" value-ref="keyPasswordProvider"/>
+        </jaxrs:properties>
+    </jaxrs:server>
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
new file mode 100644
index 0000000..cbcd33f
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
@@ -0,0 +1,22 @@
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+rs.security.crypto.keystore.type=jks
+rs.security.crypto.keystore.password=password
+rs.security.crypto.keystore.alias=alice
+rs.security.crypto.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
+rs.security.jwe.content.encryption.algorithm=A128GCM
+rs.security.jws.content.signature.algorithm=RS256

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f8d4adf/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
new file mode 100644
index 0000000..bbc12fb
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
@@ -0,0 +1,24 @@
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+rs.security.crypto.keystore.type=jks
+rs.security.crypto.keystore.password=password
+rs.security.crypto.keystore.alias=bob
+rs.security.crypto.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/bob.jks
+rs.security.jwe.content.encryption.algorithm=A128GCM
+rs.security.jws.content.signature.algorithm=RS256


Mime
View raw message