cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5902] Initial refactoring to get the utility AesCbcHmac decryption working
Date Mon, 11 Aug 2014 20:55:41 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 161e10bb2 -> 101beb08d


[CXF-5902] Initial refactoring to get the utility AesCbcHmac decryption working


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/101beb08
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/101beb08
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/101beb08

Branch: refs/heads/master
Commit: 101beb08da1f657b3deb64182264771997305925
Parents: 161e10b
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Aug 11 21:55:23 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Aug 11 21:55:23 2014 +0100

----------------------------------------------------------------------
 .../oauth2/jwe/AbstractJweDecryption.java       | 14 ++-
 .../oauth2/jwe/AbstractWrapKeyAlgorithm.java    | 95 -------------------
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 96 ++++++++++++++++++++
 .../oauth2/jwe/AesWrapKeyAlgorithm.java         | 45 ---------
 .../jwe/AesWrapKeyEncryptionAlgorithm.java      | 45 +++++++++
 .../security/oauth2/jwe/DirectKeyAlgorithm.java | 29 ------
 .../jwe/DirectKeyDecryptionAlgorithm.java       | 39 ++++++++
 .../jwe/DirectKeyEncryptionAlgorithm.java       | 29 ++++++
 .../oauth2/jwe/DirectKeyJweDecryption.java      | 13 +--
 .../oauth2/jwe/DirectKeyJweEncryption.java      |  2 +-
 .../oauth2/jwe/KeyDecryptionAlgorithm.java      | 24 +++++
 .../security/oauth2/jwe/RSAJweDecryption.java   |  6 +-
 .../security/oauth2/jwe/RSAJweEncryption.java   |  6 +-
 .../jwe/RSAOaepKeyDecryptionAlgorithm.java      | 33 +++++++
 .../oauth2/jwe/RSAOaepKeyEncryption.java        | 45 ---------
 .../jwe/RSAOaepKeyEncryptionAlgorithm.java      | 45 +++++++++
 .../jwe/WrappedKeyDecryptionAlgorithm.java      | 62 +++++++++++++
 .../oauth2/jwe/WrappedKeyJweDecryption.java     | 34 +------
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  |  4 +-
 .../oauth2/jwe/JweCompactReaderWriterTest.java  |  5 +-
 20 files changed, 401 insertions(+), 270 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
index 2cb23bf..e4ea003 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
@@ -30,15 +30,21 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
 
 public abstract class AbstractJweDecryption implements JweDecryption {
     private JweCryptoProperties props;
+    private KeyDecryptionAlgorithm keyDecryptionAlgo;
     private JwtHeadersReader reader = new JwtTokenReaderWriter();
-    protected AbstractJweDecryption(JweCryptoProperties props, JwtHeadersReader thereader) {
+    protected AbstractJweDecryption(JweCryptoProperties props, 
+                                    JwtHeadersReader theReader,
+                                    KeyDecryptionAlgorithm keyDecryptionAlgo) {
         this.props = props;
-        if (thereader != null) {
-            reader = thereader;
+        if (theReader != null) {
+            reader = theReader;
         }
+        this.keyDecryptionAlgo = keyDecryptionAlgo;
     }
     
-    protected abstract byte[] getContentEncryptionKey(JweCompactConsumer consumer);
+    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
+        return this.keyDecryptionAlgo.getDecryptedContentEncryptionKey(consumer);
+    }
     
     public JweDecryptionOutput decrypt(String content) {
         JweCompactConsumer consumer = new JweCompactConsumer(content, reader);

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyAlgorithm.java
deleted file mode 100644
index 024ac8f..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyAlgorithm.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
-
-public abstract class AbstractWrapKeyAlgorithm implements KeyEncryptionAlgorithm {
-    private Key keyEncryptionKey;
-    private boolean wrap;
-    private String algorithm;
-    private Set<String> supportedAlgorithms;
-    protected AbstractWrapKeyAlgorithm(Key key, Set<String> supportedAlgorithms) {
-        this(key, null, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
-        this(key, null, wrap, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) {
-        this(key, jweAlgo, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyAlgorithm(Key key, String jweAlgo, boolean wrap, Set<String> supportedAlgorithms) {
-        this.keyEncryptionKey = key;
-        this.algorithm = jweAlgo;
-        this.wrap = wrap;
-        this.supportedAlgorithms = supportedAlgorithms;
-    }
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        checkAlgorithms(headers, algorithm);
-        KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(); 
-        if (spec != null) {
-            secretKeyProperties.setAlgoSpec(spec);
-        }
-        if (!wrap) {
-            return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties);
-        } else {
-            return CryptoUtils.wrapSecretKey(cek, 
-                                             getContentEncryptionAlgoJava(headers),
-                                             keyEncryptionKey, 
-                                             secretKeyProperties);
-        }
-    }
-    protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm());
-    }
-    protected String getContentEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec() {
-        return null;
-    }
-    private static String checkAlgorithm(Set<String> supportedAlgorithms, String algo) {
-        if (algo != null && !supportedAlgorithms.contains(algo)) {
-            throw new SecurityException();
-        }
-        return algo;
-    }
-    private void checkAlgorithms(JweHeaders headers, String defaultAlgo) {
-        String providedAlgo = headers.getKeyEncryptionAlgorithm();
-        if ((providedAlgo == null && defaultAlgo == null)
-            || (providedAlgo != null && defaultAlgo != null && !providedAlgo.equals(defaultAlgo))) {
-            throw new SecurityException();
-        }
-        if (providedAlgo != null) {
-            checkAlgorithm(supportedAlgorithms, providedAlgo);
-        } else {
-            checkAlgorithms(headers, defaultAlgo);
-            headers.setKeyEncryptionAlgorithm(defaultAlgo);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..ada022c
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Set;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
+
+public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+    private Key keyEncryptionKey;
+    private boolean wrap;
+    private String algorithm;
+    private Set<String> supportedAlgorithms;
+    protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
+        this(key, null, true, supportedAlgorithms);
+    }
+    protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
+        this(key, null, wrap, supportedAlgorithms);
+    }
+    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) {
+        this(key, jweAlgo, true, supportedAlgorithms);
+    }
+    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, boolean wrap, 
+                                                 Set<String> supportedAlgorithms) {
+        this.keyEncryptionKey = key;
+        this.algorithm = jweAlgo;
+        this.wrap = wrap;
+        this.supportedAlgorithms = supportedAlgorithms;
+    }
+    @Override
+    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
+        checkAlgorithms(headers, algorithm);
+        KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
+        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(); 
+        if (spec != null) {
+            secretKeyProperties.setAlgoSpec(spec);
+        }
+        if (!wrap) {
+            return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties);
+        } else {
+            return CryptoUtils.wrapSecretKey(cek, 
+                                             getContentEncryptionAlgoJava(headers),
+                                             keyEncryptionKey, 
+                                             secretKeyProperties);
+        }
+    }
+    protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
+        return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm());
+    }
+    protected String getContentEncryptionAlgoJava(JweHeaders headers) {
+        return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
+    }
+    protected AlgorithmParameterSpec getAlgorithmParameterSpec() {
+        return null;
+    }
+    private static String checkAlgorithm(Set<String> supportedAlgorithms, String algo) {
+        if (algo != null && !supportedAlgorithms.contains(algo)) {
+            throw new SecurityException();
+        }
+        return algo;
+    }
+    private void checkAlgorithms(JweHeaders headers, String defaultAlgo) {
+        String providedAlgo = headers.getKeyEncryptionAlgorithm();
+        if ((providedAlgo == null && defaultAlgo == null)
+            || (providedAlgo != null && defaultAlgo != null && !providedAlgo.equals(defaultAlgo))) {
+            throw new SecurityException();
+        }
+        if (providedAlgo != null) {
+            checkAlgorithm(supportedAlgorithms, providedAlgo);
+        } else {
+            checkAlgorithms(headers, defaultAlgo);
+            headers.setKeyEncryptionAlgorithm(defaultAlgo);
+        }
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyAlgorithm.java
deleted file mode 100644
index 3f67d31..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyAlgorithm.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AesWrapKeyAlgorithm extends AbstractWrapKeyAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128KW.getJwtName(),
-                      Algorithm.A192KW.getJwtName(),
-                      Algorithm.A256KW.getJwtName()));
-    public AesWrapKeyAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)),
-             keyAlgoJwt);
-    }
-    public AesWrapKeyAlgorithm(SecretKey key, String keyAlgoJwt) {
-        super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
-    }
-    
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..daa7a87
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
+    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
+        Arrays.asList(Algorithm.A128KW.getJwtName(),
+                      Algorithm.A192KW.getJwtName(),
+                      Algorithm.A256KW.getJwtName()));
+    public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
+        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)),
+             keyAlgoJwt);
+    }
+    public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+        super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
+    }
+    
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyAlgorithm.java
deleted file mode 100644
index 5e9088e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyAlgorithm.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-
-public class DirectKeyAlgorithm implements KeyEncryptionAlgorithm {
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        if (headers.getKeyEncryptionAlgorithm() != null) {
-            throw new SecurityException();
-        }
-        return new byte[0];
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..99bd200
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyDecryptionAlgorithm.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.Key;
+
+public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
+    private byte[] contentDecryptionKey;
+    public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) {    
+        this(contentDecryptionKey.getEncoded());
+    }
+    public DirectKeyDecryptionAlgorithm(byte[] contentDecryptionKey) {    
+        this.contentDecryptionKey = contentDecryptionKey;
+    }
+    @Override
+    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
+        byte[] encryptedCEK = consumer.getEncryptedContentEncryptionKey();
+        if (encryptedCEK != null && encryptedCEK.length > 0) {
+            throw new SecurityException();
+        }
+        return contentDecryptionKey;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..942c52a
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyEncryptionAlgorithm.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+
+public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
+        if (headers.getKeyEncryptionAlgorithm() != null) {
+            throw new SecurityException();
+        }
+        return new byte[0];
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
index a096965..3ab3f31 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
@@ -23,7 +23,6 @@ import java.security.Key;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
 
 public class DirectKeyJweDecryption extends AbstractJweDecryption {
-    private byte[] contentDecryptionKey;
     public DirectKeyJweDecryption(Key contentDecryptionKey) {    
         this(contentDecryptionKey, null);
     }
@@ -32,15 +31,7 @@ public class DirectKeyJweDecryption extends AbstractJweDecryption {
     }
     public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props, 
                                   JwtHeadersReader reader) {    
-        super(props, reader);
-        this.contentDecryptionKey = contentDecryptionKey.getEncoded();
-    }
-    @Override
-    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] encryptedCEK = getEncryptedContentEncryptionKey(consumer);
-        if (encryptedCEK != null && encryptedCEK.length > 0) {
-            throw new SecurityException();
-        }
-        return contentDecryptionKey;
+        super(props, reader, new DirectKeyDecryptionAlgorithm(contentDecryptionKey));
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
index 53e54e6..a13bd39 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweEncryption.java
@@ -28,6 +28,6 @@ public class DirectKeyJweEncryption extends AbstractJweEncryption {
                                                 cek.getEncoded().length * 8)), cek.getEncoded(), iv);
     }
     public DirectKeyJweEncryption(JweHeaders headers, byte[] cek, byte[] iv) {
-        super(headers, new AesGcmContentEncryptionAlgorithm(cek, iv), new DirectKeyAlgorithm());
+        super(headers, new AesGcmContentEncryptionAlgorithm(cek, iv), new DirectKeyEncryptionAlgorithm());
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..ae0fa9e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/KeyDecryptionAlgorithm.java
@@ -0,0 +1,24 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+
+interface KeyDecryptionAlgorithm {
+    byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java
index 15b46ce..5a1e21a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java
@@ -31,10 +31,8 @@ public class RSAJweDecryption extends WrappedKeyJweDecryption {
     }
     public RSAJweDecryption(RSAPrivateKey privateKey, boolean unwrap,
                            JweCryptoProperties props) {    
-        super(privateKey, unwrap, props);
+        super(new RSAOaepKeyDecryptionAlgorithm(privateKey, unwrap), props, null);
     }
     
-    protected int getKeyCipherBlockSize() {
-        return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
-    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java
index 1010e3d..46723eb 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java
@@ -30,7 +30,7 @@ public class RSAJweEncryption extends WrappedKeyJweEncryption {
                             String contentEncryptionJwtAlgo) {
         super(new JweHeaders(keyEncryptionJwtAlgo,
                              contentEncryptionJwtAlgo), 
-              new RSAOaepKeyEncryption(publicKey, keyEncryptionJwtAlgo));
+              new RSAOaepKeyEncryptionAlgorithm(publicKey, keyEncryptionJwtAlgo));
     }
     public RSAJweEncryption(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[] iv) {
         this(publicKey, headers, cek, iv, true, null);
@@ -51,9 +51,9 @@ public class RSAJweEncryption extends WrappedKeyJweEncryption {
                             byte[] iv, 
                             boolean wrap,
                             JwtHeadersWriter writer) {
-        this(new RSAOaepKeyEncryption(publicKey, wrap), headers, cek, iv, writer);
+        this(new RSAOaepKeyEncryptionAlgorithm(publicKey, wrap), headers, cek, iv, writer);
     }
-    public RSAJweEncryption(RSAOaepKeyEncryption keyEncryptionAlgorithm, JweHeaders headers, byte[] cek, 
+    public RSAJweEncryption(RSAOaepKeyEncryptionAlgorithm keyEncryptionAlgorithm, JweHeaders headers, byte[] cek, 
                             byte[] iv, JwtHeadersWriter writer) {
         super(headers, cek, iv, keyEncryptionAlgorithm, writer);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..3ea8cd0
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyDecryptionAlgorithm.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.interfaces.RSAPrivateKey;
+
+public class RSAOaepKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
+    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {    
+        this(privateKey, true);
+    }
+    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, boolean unwrap) {    
+        super(privateKey, unwrap);
+    }
+    protected int getKeyCipherBlockSize() {
+        return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryption.java
deleted file mode 100644
index eea1851..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryption.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-
-public class RSAOaepKeyEncryption extends AbstractWrapKeyAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.RSA_OAEP.getJwtName(),
-                      Algorithm.RSA_OAEP_256.getJwtName()));
-    public RSAOaepKeyEncryption(RSAPublicKey publicKey) {
-        this(publicKey, null, true);
-    }
-    public RSAOaepKeyEncryption(RSAPublicKey publicKey, boolean wrap) {
-        this(publicKey, null, wrap);
-    }
-    public RSAOaepKeyEncryption(RSAPublicKey publicKey, String jweAlgo) {
-        this(publicKey, jweAlgo, true);
-    }
-    public RSAOaepKeyEncryption(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
-        super(publicKey, jweAlgo, wrap, SUPPORTED_ALGORITHMS);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..212e6d4
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+
+public class RSAOaepKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
+    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
+        Arrays.asList(Algorithm.RSA_OAEP.getJwtName(),
+                      Algorithm.RSA_OAEP_256.getJwtName()));
+    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey) {
+        this(publicKey, null, true);
+    }
+    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, boolean wrap) {
+        this(publicKey, null, wrap);
+    }
+    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
+        this(publicKey, jweAlgo, true);
+    }
+    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
+        super(publicKey, jweAlgo, wrap, SUPPORTED_ALGORITHMS);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..18979a0
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.Key;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
+
+public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
+    private Key cekDecryptionKey;
+    private boolean unwrap;
+    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey) {    
+        this(cekDecryptionKey, true);
+    }
+    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, boolean unwrap) {    
+        this.cekDecryptionKey = cekDecryptionKey;
+        this.unwrap = unwrap;
+    }
+    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
+        KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm(consumer));
+        if (!unwrap) {
+            keyProps.setBlockSize(getKeyCipherBlockSize());
+            return CryptoUtils.decryptBytes(consumer.getEncryptedContentEncryptionKey(), 
+                                            getCekDecryptionKey(), keyProps);
+        } else {
+            return CryptoUtils.unwrapSecretKey(consumer.getEncryptedContentEncryptionKey(), 
+                                               getContentEncryptionAlgorithm(consumer), 
+                                               getCekDecryptionKey(), 
+                                               keyProps).getEncoded();
+        }
+    }
+    protected Key getCekDecryptionKey() {
+        return cekDecryptionKey;
+    }
+    protected int getKeyCipherBlockSize() {
+        return -1;
+    }
+    protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
+        return Algorithm.toJavaName(consumer.getJweHeaders().getKeyEncryptionAlgorithm());
+    }
+    protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
+        return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
index b3fe9ac..962261e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
@@ -20,14 +20,9 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 
 import java.security.Key;
 
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
 
 public class WrappedKeyJweDecryption extends AbstractJweDecryption {
-    private Key cekDecryptionKey;
-    private boolean unwrap;
     public WrappedKeyJweDecryption(Key cekDecryptionKey) {    
         this(cekDecryptionKey, true);
     }
@@ -43,30 +38,11 @@ public class WrappedKeyJweDecryption extends AbstractJweDecryption {
     }
     public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap,
                                    JweCryptoProperties props, JwtHeadersReader reader) {    
-        super(props, reader);
-        this.cekDecryptionKey = cekDecryptionKey;
-        this.unwrap = unwrap;
+        this(new WrappedKeyDecryptionAlgorithm(cekDecryptionKey, unwrap),
+             props, reader);
     }
-    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
-        KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm(consumer));
-        if (!unwrap) {
-            keyProps.setBlockSize(getKeyCipherBlockSize());
-            return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(consumer), 
-                                            getCekDecryptionKey(), keyProps);
-        } else {
-            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(consumer), 
-                                               getContentEncryptionAlgorithm(consumer), 
-                                               getCekDecryptionKey(), 
-                                               keyProps).getEncoded();
-        }
-    }
-    protected Key getCekDecryptionKey() {
-        return cekDecryptionKey;
-    }
-    protected int getKeyCipherBlockSize() {
-        return -1;
-    }
-    protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
-        return Algorithm.toJavaName(consumer.getJweHeaders().getKeyEncryptionAlgorithm());
+    public WrappedKeyJweDecryption(WrappedKeyDecryptionAlgorithm keyDecryptionAlgo,
+                                   JweCryptoProperties props, JwtHeadersReader reader) {    
+        super(props, reader, keyDecryptionAlgo);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index 238c8a2..8dc5458 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -44,7 +44,7 @@ import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionState;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
 import org.apache.cxf.rs.security.oauth2.jwe.JweOutputStream;
-import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyEncryption;
+import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryption;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
@@ -130,7 +130,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
                 headers.setZipAlgorithm(compression);
             }
             
-            return new WrappedKeyJweEncryption(headers, new RSAOaepKeyEncryption((RSAPublicKey)pk));
+            return new WrappedKeyJweEncryption(headers, new RSAOaepKeyEncryptionAlgorithm((RSAPublicKey)pk));
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/101beb08/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
index 8265803..c5d2bce 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
@@ -99,8 +99,9 @@ public class JweCompactReaderWriterTest extends Assert {
         headers.setAlgorithm(Algorithm.A128KW.getJwtName());
         headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
         
-        AesWrapKeyAlgorithm keyEncryption = new AesWrapKeyAlgorithm(Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3), 
-                                                                    Algorithm.A128KW.getJwtName());
+        AesWrapKeyEncryptionAlgorithm keyEncryption = 
+            new AesWrapKeyEncryptionAlgorithm(Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3), 
+                                    Algorithm.A128KW.getJwtName());
         JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
                                                            CONTENT_ENCRYPTION_KEY_A3, 
                                                            INIT_VECTOR_A3,


Mime
View raw message