cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/9] [CXF-5944] Changing packages and the module name based on the feedback from Luigi Lo Iacono
Date Wed, 17 Sep 2014 17:21:27 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 0885ab9c1 -> 707d938ab


http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
new file mode 100644
index 0000000..d4e460b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
@@ -0,0 +1,224 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwk;
+
+import java.io.InputStream;
+import java.security.Security;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JsonWebKeyTest extends Assert {
+    private static final String RSA_MODULUS_VALUE = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt"
+        + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf"
+        + "0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt"
+        + "-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw";
+    private static final String RSA_PUBLIC_EXP_VALUE = "AQAB";
+    private static final String RSA_PRIVATE_EXP_VALUE = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7d"
+        + "x5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ4"
+        + "6pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66"
+        + "jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q";
+    private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQ"
+        + "BQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9"
+        + "RzzOGVQzXvNEvn7O0nVbfs";
+    private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3"
+        + "vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfA"
+        + "ITAG9LUnADun4vIcb6yelxk";
+    private static final String RSA_FIRST_PRIME_CRT_VALUE = "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0o"
+        + "imYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUm"
+        + "s6rY3Ob8YeiKkTiBj0";
+    private static final String RSA_SECOND_PRIME_CRT_VALUE = "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6hu"
+        + "UUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvW"
+        + "rX-L18txXw494Q_cgk";
+    private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE = "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfm"
+        + "t0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKF"
+        + "YItdldUKGzO6Ia6zTKhAVRU";
+    private static final String RSA_KID_VALUE = "2011-04-29";
+    private static final String EC_CURVE_VALUE = JsonWebKey.EC_CURVE_P256;
+    private static final String EC_X_COORDINATE_VALUE = "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4";
+    private static final String EC_Y_COORDINATE_VALUE = "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM";
+    private static final String EC_PRIVATE_KEY_VALUE = "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE";
+    private static final String EC_KID_VALUE = "1";
+    private static final String AES_SECRET_VALUE = "GawgguFyGrWKav7AX4VKUg";
+    private static final String AES_KID_VALUE = "AesWrapKey";
+    private static final String HMAC_SECRET_VALUE = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3"
+        + "Yj0iPS4hcgUuTwjAzZr1Z9CAow";
+    private static final String HMAC_KID_VALUE = "HMACKey";
+    
+    @Test
+    public void testPublicSetAsList() throws Exception {
+        JsonWebKeys jwks = readKeySet("jwkPublicSet.txt");
+        List<JsonWebKey> keys = jwks.getKeys();
+        assertEquals(2, keys.size());
+        
+        JsonWebKey ecKey = keys.get(0);
+        assertEquals(6, ecKey.asMap().size());
+        validatePublicEcKey(ecKey);
+        JsonWebKey rsaKey = keys.get(1);
+        assertEquals(5, rsaKey.asMap().size());
+        validatePublicRsaKey(rsaKey);
+    }
+    
+    @Test
+    public void testPublicSetAsMap() throws Exception {
+        JsonWebKeys jwks = readKeySet("jwkPublicSet.txt");
+        Map<String, JsonWebKey> keysMap = jwks.getKeyIdMap();
+        assertEquals(2, keysMap.size());
+        
+        JsonWebKey rsaKey = keysMap.get(RSA_KID_VALUE);
+        assertEquals(5, rsaKey.asMap().size());
+        validatePublicRsaKey(rsaKey);
+        JsonWebKey ecKey = keysMap.get(EC_KID_VALUE);
+        assertEquals(6, ecKey.asMap().size());
+        validatePublicEcKey(ecKey);
+    }
+    
+    @Test
+    public void testPrivateSetAsList() throws Exception {
+        JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
+        validatePrivateSet(jwks);
+    }
+    private void validatePrivateSet(JsonWebKeys jwks) throws Exception {
+        List<JsonWebKey> keys = jwks.getKeys();
+        assertEquals(2, keys.size());
+        
+        JsonWebKey ecKey = keys.get(0);
+        assertEquals(7, ecKey.asMap().size());
+        validatePrivateEcKey(ecKey);
+        JsonWebKey rsaKey = keys.get(1);
+        assertEquals(11, rsaKey.asMap().size());
+        validatePrivateRsaKey(rsaKey);
+    }
+    @Test
+    public void testEncryptDecryptPrivateSet() throws Exception {
+        Security.addProvider(new BouncyCastleProvider());    
+        try {
+            JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
+            validatePrivateSet(jwks);
+            String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray());
+            JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
+            assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
+            assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
+            assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
+            assertNotNull(c.getJweHeaders().getHeader("p2s"));
+            assertNotNull(c.getJweHeaders().getHeader("p2c"));
+            jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray());
+            validatePrivateSet(jwks);
+        } finally {
+            Security.removeProvider(BouncyCastleProvider.class.getName());
+        }
+    }
+    @Test
+    public void testEncryptDecryptPrivateKey() throws Exception {
+        final String key = "{\"kty\":\"oct\","
+            + "\"alg\":\"A128KW\","
+            + "\"k\":\"GawgguFyGrWKav7AX4VKUg\","
+            + "\"kid\":\"AesWrapKey\"}";
+        Security.addProvider(new BouncyCastleProvider());    
+        try {
+            JsonWebKey jwk = readKey(key);
+            validateSecretAesKey(jwk);
+            String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray());
+            JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
+            assertEquals("jwk+json", c.getJweHeaders().getContentType());
+            assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
+            assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
+            assertNotNull(c.getJweHeaders().getHeader("p2s"));
+            assertNotNull(c.getJweHeaders().getHeader("p2c"));
+            jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray());
+            validateSecretAesKey(jwk);
+        } finally {
+            Security.removeProvider(BouncyCastleProvider.class.getName());
+        }
+    }
+    
+    @Test
+    public void testSecretSetAsList() throws Exception {
+        JsonWebKeys jwks = readKeySet("jwkSecretSet.txt");
+        List<JsonWebKey> keys = jwks.getKeys();
+        assertEquals(2, keys.size());
+        JsonWebKey aesKey = keys.get(0);
+        assertEquals(4, aesKey.asMap().size());
+        validateSecretAesKey(aesKey);
+        JsonWebKey hmacKey = keys.get(1);
+        assertEquals(4, hmacKey.asMap().size());
+        validateSecretHmacKey(hmacKey);
+    }
+    
+    private void validateSecretAesKey(JsonWebKey key) {
+        assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
+        assertEquals(AES_KID_VALUE, key.getKid());
+        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
+        assertEquals(JwtConstants.A128KW_ALGO, key.getAlgorithm());
+    }
+    private void validateSecretHmacKey(JsonWebKey key) {
+        assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
+        assertEquals(HMAC_KID_VALUE, key.getKid());
+        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
+        assertEquals(JwtConstants.HMAC_SHA_256_ALGO, key.getAlgorithm());
+    }
+    
+    private void validatePublicRsaKey(JsonWebKey key) {
+        assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));
+        assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
+        assertEquals(RSA_KID_VALUE, key.getKid());
+        assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType());
+        assertEquals(JwtConstants.RS_SHA_256_ALGO, key.getAlgorithm());
+    }
+    private void validatePrivateRsaKey(JsonWebKey key) {
+        validatePublicRsaKey(key);
+        assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP));
+        assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR));
+        assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR));
+        assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT));
+        assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT));
+        assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT));
+    }
+    private void validatePublicEcKey(JsonWebKey key) {
+        assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE));
+        assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE));
+        assertEquals(EC_KID_VALUE, key.getKid());
+        assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType());
+        assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE));
+        assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse());
+    }
+    private void validatePrivateEcKey(JsonWebKey key) {
+        validatePublicEcKey(key);
+        assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY));
+    }
+
+    public JsonWebKeys readKeySet(String fileName) throws Exception {
+        InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName);
+        String s = IOUtils.readStringFromStream(is);
+        JwkReaderWriter reader = new DefaultJwkReaderWriter();
+        return reader.jsonToJwkSet(s);
+    }
+    public JsonWebKey readKey(String key) throws Exception {
+        JwkReaderWriter reader = new DefaultJwkReaderWriter();
+        return reader.jsonToJwk(key);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt
new file mode 100644
index 0000000..cb30c04
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt
@@ -0,0 +1,23 @@
+{"keys":
+       [
+         {"kty":"EC",
+          "crv":"P-256",
+          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
+          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
+          "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
+          "use":"enc",
+          "kid":"1"},
+
+         {"kty":"RSA",
+          "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
+          "e":"AQAB",
+          "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q",
+          "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs",
+          "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk",
+          "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",
+          "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",
+          "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
+          "alg":"RS256",
+          "kid":"2011-04-29"}
+       ]
+     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt
new file mode 100644
index 0000000..5a4a839
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt
@@ -0,0 +1,17 @@
+{"keys":
+       [
+         {"kty":"EC",
+          "crv":"P-256",
+          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
+          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
+          "use":"enc",
+          "kid":"1"},
+
+         {"kty":"RSA",
+          "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
+          "e":"AQAB",
+          "alg":"RS256",
+          "kid":"2011-04-29"}
+          
+       ]
+     }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
new file mode 100644
index 0000000..6520c75
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkSecretSet.txt
@@ -0,0 +1,13 @@
+{"keys":
+       [
+         {"kty":"oct",
+          "alg":"A128KW",
+          "k":"GawgguFyGrWKav7AX4VKUg",
+          "kid":"AesWrapKey"},
+
+         {"kty":"oct",
+          "alg":"HS256",
+          "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
+          "kid":"HMACKey"}
+       ]
+     }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
new file mode 100644
index 0000000..3397e7e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -0,0 +1,256 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+import java.security.PrivateKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
+import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwsCompactReaderWriterTest extends Assert {
+    
+    public static final String ENCODED_TOKEN_SIGNED_BY_MAC = 
+        "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"
+        + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+        + ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
+    
+    
+    private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
+        + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
+    
+    private static final String ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC = 
+        "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIU"
+        + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19"
+        + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+        + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8";
+    
+    private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx"
+        + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs"
+        + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH"
+        + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV"
+        + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8"
+        + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ";
+    private static final String RSA_PUBLIC_EXPONENT_ENCODED = "AQAB";
+    private static final String RSA_PRIVATE_EXPONENT_ENCODED = 
+        "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I"
+        + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0"
+        + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn"
+        + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT"
+        + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh"
+        + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ";
+    private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY =
+        "eyJhbGciOiJSUzI1NiJ9"
+        + "."
+        + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+        + "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+        + "."
+        + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7"
+        + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4"
+        + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K"
+        + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv"
+        + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB"
+        + "p0igcN_IoypGlUPQGe77Rw";
+     
+    private static final String EC_PRIVATE_KEY_ENCODED = 
+        "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI";
+    private static final String EC_X_POINT_ENCODED = 
+        "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU";
+    private static final String EC_Y_POINT_ENCODED = 
+        "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0";
+    @Test
+    public void testWriteJwsSignedByMacSpecExample() throws Exception {
+        JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
+        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
+        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
+        
+        assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());
+        
+    }
+    
+    @Test
+    public void testWriteReadJwsUnsigned() throws Exception {
+        JwtHeaders headers = new JwtHeaders(JwtConstants.PLAIN_TEXT_ALGO);
+        
+        JwtClaims claims = new JwtClaims();
+        claims.setIssuer("https://jwt-idp.example.com");
+        claims.setSubject("mailto:mike@example.com");
+        claims.setAudience("https://jwt-rp.example.net");
+        claims.setNotBefore(1300815780L);
+        claims.setExpiryTime(1300819380L);
+        claims.setClaim("http://claims.example.com/member", true);
+        
+        JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims);
+        String signed = writer.getSignedEncodedJws();
+        
+        JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed);
+        assertEquals(0, reader.getDecodedSignature().length);
+        
+        JwtToken token = reader.getJwtToken();
+        assertEquals(new JwtToken(headers, claims), token);
+    }
+
+    @Test
+    public void testReadJwsSignedByMacSpecExample() throws Exception {
+        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
+        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
+        JwtToken token = jws.getJwtToken();
+        JwtHeaders headers = token.getHeaders();
+        assertEquals(JwtConstants.TYPE_JWT, headers.getType());
+        assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm());
+        validateSpecClaim(token.getClaims());
+    }
+    
+    @Test
+    public void testWriteJwsWithJwkSignedByMac() throws Exception {
+        JsonWebKey key = new JsonWebKey();
+        key.setKeyType(JsonWebKey.KEY_TYPE_OCTET);
+        key.setKeyOperation(Arrays.asList(
+            new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY}));
+        doTestWriteJwsWithJwkSignedByMac(key);
+    }
+    
+    @Test
+    public void testWriteJwsWithJwkAsMapSignedByMac() throws Exception {
+        Map<String, Object> map = new LinkedHashMap<String, Object>();
+        map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET);
+        map.put(JsonWebKey.KEY_OPERATIONS,
+                new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY});
+        doTestWriteJwsWithJwkSignedByMac(map);
+    }
+    
+    private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
+        JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
+        
+        headers.setHeader(JwtConstants.HEADER_JSON_WEB_KEY, jsonWebKey);
+        
+        JwtClaims claims = new JwtClaims();
+        claims.setIssuer("joe");
+        claims.setExpiryTime(1300819380L);
+        claims.setClaim("http://example.com/is_root", Boolean.TRUE);
+        
+        JwtToken token = new JwtToken(headers, claims);
+        JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
+        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
+        
+        assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
+    }
+    
+    @Test
+    public void testReadJwsWithJwkSignedByMac() throws Exception {
+        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC);
+        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
+        JwtToken token = jws.getJwtToken();
+        JwtHeaders headers = token.getHeaders();
+        assertEquals(JwtConstants.TYPE_JWT, headers.getType());
+        assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm());
+        
+        JsonWebKey key = headers.getJsonWebKey();
+        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
+        List<String> keyOps = key.getKeyOperation();
+        assertEquals(2, keyOps.size());
+        assertEquals(JsonWebKey.KEY_OPER_SIGN, keyOps.get(0));
+        assertEquals(JsonWebKey.KEY_OPER_VERIFY, keyOps.get(1));
+        
+        validateSpecClaim(token.getClaims());
+    }
+    
+    private void validateSpecClaim(JwtClaims claims) {
+        assertEquals("joe", claims.getIssuer());
+        assertEquals(Long.valueOf(1300819380), claims.getExpiryTime());
+        assertEquals(Boolean.TRUE, claims.getClaim("http://example.com/is_root"));
+    }
+    
+    @Test
+    public void testWriteJwsSignedByPrivateKey() throws Exception {
+        JwtHeaders headers = new JwtHeaders();
+        headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName());
+        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
+        PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
+        jws.signWith(new PrivateKeyJwsSignatureProvider(key));
+        
+        assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws());
+    }
+    
+    @Test
+    public void testWriteReadJwsSignedByESPrivateKey() throws Exception {
+        JwtHeaders headers = new JwtHeaders();
+        headers.setAlgorithm(Algorithm.SHA256withECDSA.getJwtName());
+        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
+        ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256,
+                                                              EC_PRIVATE_KEY_ENCODED);
+        jws.signWith(new EcDsaJwsSignatureProvider(privateKey));
+        String signedJws = jws.getSignedEncodedJws();
+        
+        ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256,
+                                                           EC_X_POINT_ENCODED, 
+                                                           EC_Y_POINT_ENCODED);
+        JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws);
+        assertTrue(jwsConsumer.verifySignatureWith(new PublicKeyJwsSignatureVerifier(publicKey)));
+        JwtToken token = jwsConsumer.getJwtToken();
+        JwtHeaders headersReceived = token.getHeaders();
+        assertEquals(Algorithm.SHA256withECDSA.getJwtName(), headersReceived.getAlgorithm());
+        validateSpecClaim(token.getClaims());
+    }
+    
+    @Test
+    public void testReadJwsSignedByPrivateKey() throws Exception {
+        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY);
+        RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
+        assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key)));
+        JwtToken token = jws.getJwtToken();
+        JwtHeaders headers = token.getHeaders();
+        assertEquals(Algorithm.SHA256withRSA.getJwtName(), headers.getAlgorithm());
+        validateSpecClaim(token.getClaims());
+    }
+    
+    private JwsCompactProducer initSpecJwtTokenWriter(JwtHeaders headers) throws Exception {
+        
+        JwtClaims claims = new JwtClaims();
+        claims.setIssuer("joe");
+        claims.setExpiryTime(1300819380L);
+        claims.setClaim("http://example.com/is_root", Boolean.TRUE);
+        
+        JwtToken token = new JwtToken(headers, claims);
+        return new JwsJwtCompactProducer(token, getWriter());
+    }
+
+    
+    private JwtTokenWriter getWriter() {
+        JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter();
+        jsonWriter.setFormat(true);
+        return jsonWriter;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
deleted file mode 100644
index ef70a39..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.security.Security;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.oauth2.jws.JwsCompactReaderWriterTest;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class JweCompactReaderWriterTest extends Assert {
-    // A1 example
-    private static final byte[] CONTENT_ENCRYPTION_KEY_A1 = {
-        (byte)177, (byte)161, (byte)244, (byte)128, 84, (byte)143, (byte)225,
-        115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246,
-        (byte)138, 7, 110, 91, 112, 46, 34, 105, 47, 
-        (byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252};
-    private static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"
-           + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"
-           + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"
-           + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"
-           + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
-           + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw";
-    private static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
-    private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = 
-        "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
-        + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
-        + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"
-        + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"
-        + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"
-        + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ";
-    
-    private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219, 
-        (byte)233, 68, (byte)180, (byte)225, 77, (byte)219};
-    
-    // A3 example
-    private static final byte[] CONTENT_ENCRYPTION_KEY_A3 = {
-        4, (byte)211, 31, (byte)197, 84, (byte)157, (byte)252, (byte)254, 11, 100, 
-        (byte)157, (byte)250, 63, (byte)170, 106, (byte)206, 107, 124, (byte)212, 
-        45, 111, 107, 9, (byte)219, (byte)200, (byte)177, 0, (byte)240, (byte)143, 
-        (byte)156, 44, (byte)207};
-    private static final byte[] INIT_VECTOR_A3 = {
-        3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101};
-    private static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg";
-    private static final String JWE_OUTPUT_A3 = 
-        "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0" 
-        + ".6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ" 
-        + ".AxY8DCtDaGlsbGljb3RoZQ" 
-        + ".KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY" 
-        + ".U0m_YmjN04DJvceFICbCVQ";
-    
-    @BeforeClass
-    public static void registerBouncyCastleIfNeeded() throws Exception {
-        try {
-            // Java 8 apparently has it
-            Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
-        } catch (Throwable t) {
-            // Oracle Java 7
-            Security.addProvider(new BouncyCastleProvider());    
-        }
-    }
-    @AfterClass
-    public static void unregisterBouncyCastleIfNeeded() throws Exception {
-        Security.removeProvider(BouncyCastleProvider.class.getName());    
-    }
-    
-    @Test
-    public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception {
-        final String specPlainText = "Live long and prosper.";
-        JweHeaders headers = new JweHeaders();
-        headers.setAlgorithm(Algorithm.A128KW.getJwtName());
-        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
-        
-        byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
-        
-        AesWrapKeyEncryptionAlgorithm keyEncryption = 
-            new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
-                                                           CONTENT_ENCRYPTION_KEY_A3, 
-                                                           INIT_VECTOR_A3,
-                                                           keyEncryption);
-        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
-        assertEquals(JWE_OUTPUT_A3, jweContent);
-        
-        AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey);
-        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
-        String decryptedText = decryption.decrypt(jweContent).getContentText();
-        assertEquals(specPlainText, decryptedText);
-    }
-    @Test
-    public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception {
-        final String specPlainText = "Live long and prosper.";
-        JweHeaders headers = new JweHeaders();
-        headers.setAlgorithm(JwtConstants.A128GCMKW_ALGO);
-        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
-        
-        byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
-        
-        AesGcmWrapKeyEncryptionAlgorithm keyEncryption = 
-            new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JwtConstants.A128GCMKW_ALGO);
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
-                                                           CONTENT_ENCRYPTION_KEY_A3, 
-                                                           INIT_VECTOR_A3,
-                                                           keyEncryption);
-        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
-        
-        AesGcmWrapKeyDecryptionAlgorithm keyDecryption = new AesGcmWrapKeyDecryptionAlgorithm(cekEncryptionKey);
-        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
-        String decryptedText = decryption.decrypt(jweContent).getContentText();
-        assertEquals(specPlainText, decryptedText);
-    }
-    
-    @Test
-    public void testEncryptDecryptSpecExample() throws Exception {
-        final String specPlainText = "The true sign of intelligence is not knowledge but imagination.";
-        String jweContent = encryptContent(specPlainText, true);
-        
-        decrypt(jweContent, specPlainText, true);
-    }
-    
-    @Test
-    public void testDirectKeyEncryptDecrypt() throws Exception {
-        final String specPlainText = "The true sign of intelligence is not knowledge but imagination.";
-        SecretKey key = createSecretKey(true);
-        String jweContent = encryptContentDirect(key, specPlainText);
-        
-        decryptDirect(key, jweContent, specPlainText);
-    }
-    
-    @Test
-    public void testEncryptDecryptJwsToken() throws Exception {
-        String jweContent = encryptContent(JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false);
-        decrypt(jweContent, JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false);
-    }
-    
-    private String encryptContent(String content, boolean createIfException) throws Exception {
-        RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, 
-                                                             RSA_PUBLIC_EXPONENT_ENCODED_A1);
-        SecretKey key = createSecretKey(createIfException);
-        String jwtKeyName = null;
-        if (key == null) {
-            // the encryptor will generate it
-            jwtKeyName = Algorithm.A128GCM.getJwtName();
-        } else {
-            jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8);
-        }
-        JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(
-                                                        new JweHeaders(Algorithm.RSA_OAEP.getJwtName(), jwtKeyName),  
-                                                        key == null ? null : key.getEncoded(), 
-                                                        INIT_VECTOR_A1,
-                                                        new RSAOaepKeyEncryptionAlgorithm(publicKey, 
-                                                            Algorithm.RSA_OAEP.getJwtName()));
-        return encryptor.encrypt(content.getBytes("UTF-8"), null);
-    }
-    private String encryptContentDirect(SecretKey key, String content) throws Exception {
-        DirectKeyJweEncryption encryptor = new DirectKeyJweEncryption(key, INIT_VECTOR_A1);
-        return encryptor.encrypt(content.getBytes("UTF-8"), null);
-    }
-    private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception {
-        RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, 
-                                                                RSA_PRIVATE_EXPONENT_ENCODED_A1);
-        JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey));
-        String decryptedText = decryptor.decrypt(jweContent).getContentText();
-        assertEquals(decryptedText, plainContent);
-    }
-    private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception {
-        DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key);
-        String decryptedText = decryptor.decrypt(jweContent).getContentText();
-        assertEquals(decryptedText, plainContent);
-    }
-    private SecretKey createSecretKey(boolean createIfException) throws Exception {
-        SecretKey key = null;
-        if (Cipher.getMaxAllowedKeyLength("AES") > 128) { 
-            key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES");
-        } else if (createIfException) {
-            key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES");
-        }
-        return key;
-    }
-}
-

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JwePbeHmacAesWrapTest.java
deleted file mode 100644
index 704f37b..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JwePbeHmacAesWrapTest.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.security.Security;
-
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-public class JwePbeHmacAesWrapTest extends Assert {
-    @Before
-    public void registerBouncyCastleIfNeeded() throws Exception {
-        Security.addProvider(new BouncyCastleProvider());    
-    }
-    @After
-    public void unregisterBouncyCastleIfNeeded() throws Exception {
-        Security.removeProvider(BouncyCastleProvider.class.getName());    
-    }
-    @Test
-    public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception {
-        final String specPlainText = "Live long and prosper.";
-        JweHeaders headers = new JweHeaders();
-        headers.setAlgorithm(JwtConstants.PBES2_HS256_A128KW_ALGO);
-        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
-        final String password = "Thus from my lips, by yours, my sin is purged."; 
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO);
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, keyEncryption);
-        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
-        
-        PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
-        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
-        String decryptedText = decryption.decrypt(jweContent).getContentText();
-        assertEquals(specPlainText, decryptedText);
-        
-    }
-    @Test
-    public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception {
-        final String specPlainText = "Live long and prosper.";
-        JweHeaders headers = new JweHeaders();
-        headers.setAlgorithm(JwtConstants.PBES2_HS256_A128KW_ALGO);
-        headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName());
-        final String password = "Thus from my lips, by yours, my sin is purged."; 
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO);
-        JweEncryptionProvider encryption = 
-            new WrappedKeyJweEncryption(headers, keyEncryption);
-        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
-        PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
-        JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, null, null);
-        String decryptedText = decryption.decrypt(jweContent).getContentText();
-        assertEquals(specPlainText, decryptedText);
-        
-    }
-}
-

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKeyTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKeyTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKeyTest.java
deleted file mode 100644
index a2b5237..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/JsonWebKeyTest.java
+++ /dev/null
@@ -1,224 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwk;
-
-import java.io.InputStream;
-import java.security.Security;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.oauth2.jwe.JweCompactConsumer;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class JsonWebKeyTest extends Assert {
-    private static final String RSA_MODULUS_VALUE = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt"
-        + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf"
-        + "0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt"
-        + "-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw";
-    private static final String RSA_PUBLIC_EXP_VALUE = "AQAB";
-    private static final String RSA_PRIVATE_EXP_VALUE = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7d"
-        + "x5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ4"
-        + "6pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66"
-        + "jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q";
-    private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQ"
-        + "BQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9"
-        + "RzzOGVQzXvNEvn7O0nVbfs";
-    private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3"
-        + "vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfA"
-        + "ITAG9LUnADun4vIcb6yelxk";
-    private static final String RSA_FIRST_PRIME_CRT_VALUE = "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0o"
-        + "imYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUm"
-        + "s6rY3Ob8YeiKkTiBj0";
-    private static final String RSA_SECOND_PRIME_CRT_VALUE = "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6hu"
-        + "UUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvW"
-        + "rX-L18txXw494Q_cgk";
-    private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE = "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfm"
-        + "t0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKF"
-        + "YItdldUKGzO6Ia6zTKhAVRU";
-    private static final String RSA_KID_VALUE = "2011-04-29";
-    private static final String EC_CURVE_VALUE = JsonWebKey.EC_CURVE_P256;
-    private static final String EC_X_COORDINATE_VALUE = "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4";
-    private static final String EC_Y_COORDINATE_VALUE = "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM";
-    private static final String EC_PRIVATE_KEY_VALUE = "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE";
-    private static final String EC_KID_VALUE = "1";
-    private static final String AES_SECRET_VALUE = "GawgguFyGrWKav7AX4VKUg";
-    private static final String AES_KID_VALUE = "AesWrapKey";
-    private static final String HMAC_SECRET_VALUE = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3"
-        + "Yj0iPS4hcgUuTwjAzZr1Z9CAow";
-    private static final String HMAC_KID_VALUE = "HMACKey";
-    
-    @Test
-    public void testPublicSetAsList() throws Exception {
-        JsonWebKeys jwks = readKeySet("jwkPublicSet.txt");
-        List<JsonWebKey> keys = jwks.getKeys();
-        assertEquals(2, keys.size());
-        
-        JsonWebKey ecKey = keys.get(0);
-        assertEquals(6, ecKey.asMap().size());
-        validatePublicEcKey(ecKey);
-        JsonWebKey rsaKey = keys.get(1);
-        assertEquals(5, rsaKey.asMap().size());
-        validatePublicRsaKey(rsaKey);
-    }
-    
-    @Test
-    public void testPublicSetAsMap() throws Exception {
-        JsonWebKeys jwks = readKeySet("jwkPublicSet.txt");
-        Map<String, JsonWebKey> keysMap = jwks.getKeyIdMap();
-        assertEquals(2, keysMap.size());
-        
-        JsonWebKey rsaKey = keysMap.get(RSA_KID_VALUE);
-        assertEquals(5, rsaKey.asMap().size());
-        validatePublicRsaKey(rsaKey);
-        JsonWebKey ecKey = keysMap.get(EC_KID_VALUE);
-        assertEquals(6, ecKey.asMap().size());
-        validatePublicEcKey(ecKey);
-    }
-    
-    @Test
-    public void testPrivateSetAsList() throws Exception {
-        JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
-        validatePrivateSet(jwks);
-    }
-    private void validatePrivateSet(JsonWebKeys jwks) throws Exception {
-        List<JsonWebKey> keys = jwks.getKeys();
-        assertEquals(2, keys.size());
-        
-        JsonWebKey ecKey = keys.get(0);
-        assertEquals(7, ecKey.asMap().size());
-        validatePrivateEcKey(ecKey);
-        JsonWebKey rsaKey = keys.get(1);
-        assertEquals(11, rsaKey.asMap().size());
-        validatePrivateRsaKey(rsaKey);
-    }
-    @Test
-    public void testEncryptDecryptPrivateSet() throws Exception {
-        Security.addProvider(new BouncyCastleProvider());    
-        try {
-            JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
-            validatePrivateSet(jwks);
-            String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray());
-            JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
-            assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
-            assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
-            assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
-            assertNotNull(c.getJweHeaders().getHeader("p2s"));
-            assertNotNull(c.getJweHeaders().getHeader("p2c"));
-            jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray());
-            validatePrivateSet(jwks);
-        } finally {
-            Security.removeProvider(BouncyCastleProvider.class.getName());
-        }
-    }
-    @Test
-    public void testEncryptDecryptPrivateKey() throws Exception {
-        final String key = "{\"kty\":\"oct\","
-            + "\"alg\":\"A128KW\","
-            + "\"k\":\"GawgguFyGrWKav7AX4VKUg\","
-            + "\"kid\":\"AesWrapKey\"}";
-        Security.addProvider(new BouncyCastleProvider());    
-        try {
-            JsonWebKey jwk = readKey(key);
-            validateSecretAesKey(jwk);
-            String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray());
-            JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
-            assertEquals("jwk+json", c.getJweHeaders().getContentType());
-            assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
-            assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
-            assertNotNull(c.getJweHeaders().getHeader("p2s"));
-            assertNotNull(c.getJweHeaders().getHeader("p2c"));
-            jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray());
-            validateSecretAesKey(jwk);
-        } finally {
-            Security.removeProvider(BouncyCastleProvider.class.getName());
-        }
-    }
-    
-    @Test
-    public void testSecretSetAsList() throws Exception {
-        JsonWebKeys jwks = readKeySet("jwkSecretSet.txt");
-        List<JsonWebKey> keys = jwks.getKeys();
-        assertEquals(2, keys.size());
-        JsonWebKey aesKey = keys.get(0);
-        assertEquals(4, aesKey.asMap().size());
-        validateSecretAesKey(aesKey);
-        JsonWebKey hmacKey = keys.get(1);
-        assertEquals(4, hmacKey.asMap().size());
-        validateSecretHmacKey(hmacKey);
-    }
-    
-    private void validateSecretAesKey(JsonWebKey key) {
-        assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(AES_KID_VALUE, key.getKid());
-        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        assertEquals(JwtConstants.A128KW_ALGO, key.getAlgorithm());
-    }
-    private void validateSecretHmacKey(JsonWebKey key) {
-        assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(HMAC_KID_VALUE, key.getKid());
-        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        assertEquals(JwtConstants.HMAC_SHA_256_ALGO, key.getAlgorithm());
-    }
-    
-    private void validatePublicRsaKey(JsonWebKey key) {
-        assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));
-        assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
-        assertEquals(RSA_KID_VALUE, key.getKid());
-        assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType());
-        assertEquals(JwtConstants.RS_SHA_256_ALGO, key.getAlgorithm());
-    }
-    private void validatePrivateRsaKey(JsonWebKey key) {
-        validatePublicRsaKey(key);
-        assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP));
-        assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR));
-        assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR));
-        assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT));
-        assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT));
-        assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT));
-    }
-    private void validatePublicEcKey(JsonWebKey key) {
-        assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE));
-        assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE));
-        assertEquals(EC_KID_VALUE, key.getKid());
-        assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType());
-        assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE));
-        assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse());
-    }
-    private void validatePrivateEcKey(JsonWebKey key) {
-        validatePublicEcKey(key);
-        assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY));
-    }
-
-    public JsonWebKeys readKeySet(String fileName) throws Exception {
-        InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName);
-        String s = IOUtils.readStringFromStream(is);
-        JwkReaderWriter reader = new DefaultJwkReaderWriter();
-        return reader.jsonToJwkSet(s);
-    }
-    public JsonWebKey readKey(String key) throws Exception {
-        JwkReaderWriter reader = new DefaultJwkReaderWriter();
-        return reader.jsonToJwk(key);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPrivateSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPrivateSet.txt
deleted file mode 100644
index cb30c04..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPrivateSet.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-{"keys":
-       [
-         {"kty":"EC",
-          "crv":"P-256",
-          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
-          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
-          "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
-          "use":"enc",
-          "kid":"1"},
-
-         {"kty":"RSA",
-          "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
-          "e":"AQAB",
-          "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q",
-          "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs",
-          "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk",
-          "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",
-          "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",
-          "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
-          "alg":"RS256",
-          "kid":"2011-04-29"}
-       ]
-     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPublicSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPublicSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPublicSet.txt
deleted file mode 100644
index 5a4a839..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkPublicSet.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-{"keys":
-       [
-         {"kty":"EC",
-          "crv":"P-256",
-          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
-          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
-          "use":"enc",
-          "kid":"1"},
-
-         {"kty":"RSA",
-          "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
-          "e":"AQAB",
-          "alg":"RS256",
-          "kid":"2011-04-29"}
-          
-       ]
-     }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkSecretSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkSecretSet.txt b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkSecretSet.txt
deleted file mode 100644
index 6520c75..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwk/jwkSecretSet.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-{"keys":
-       [
-         {"kty":"oct",
-          "alg":"A128KW",
-          "k":"GawgguFyGrWKav7AX4VKUg",
-          "kid":"AesWrapKey"},
-
-         {"kty":"oct",
-          "alg":"HS256",
-          "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
-          "kid":"HMACKey"}
-       ]
-     }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
deleted file mode 100644
index bd31858..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
+++ /dev/null
@@ -1,256 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jws;
-
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtClaims;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtToken;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenWriter;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class JwsCompactReaderWriterTest extends Assert {
-    
-    public static final String ENCODED_TOKEN_SIGNED_BY_MAC = 
-        "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"
-        + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-        + ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
-    
-    
-    private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
-        + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
-    
-    private static final String ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC = 
-        "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIU"
-        + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19"
-        + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-        + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8";
-    
-    private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx"
-        + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs"
-        + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH"
-        + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV"
-        + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8"
-        + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ";
-    private static final String RSA_PUBLIC_EXPONENT_ENCODED = "AQAB";
-    private static final String RSA_PRIVATE_EXPONENT_ENCODED = 
-        "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I"
-        + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0"
-        + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn"
-        + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT"
-        + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh"
-        + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ";
-    private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY =
-        "eyJhbGciOiJSUzI1NiJ9"
-        + "."
-        + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
-        + "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
-        + "."
-        + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7"
-        + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4"
-        + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K"
-        + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv"
-        + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB"
-        + "p0igcN_IoypGlUPQGe77Rw";
-     
-    private static final String EC_PRIVATE_KEY_ENCODED = 
-        "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI";
-    private static final String EC_X_POINT_ENCODED = 
-        "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU";
-    private static final String EC_Y_POINT_ENCODED = 
-        "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0";
-    @Test
-    public void testWriteJwsSignedByMacSpecExample() throws Exception {
-        JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
-        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
-        
-        assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());
-        
-    }
-    
-    @Test
-    public void testWriteReadJwsUnsigned() throws Exception {
-        JwtHeaders headers = new JwtHeaders(JwtConstants.PLAIN_TEXT_ALGO);
-        
-        JwtClaims claims = new JwtClaims();
-        claims.setIssuer("https://jwt-idp.example.com");
-        claims.setSubject("mailto:mike@example.com");
-        claims.setAudience("https://jwt-rp.example.net");
-        claims.setNotBefore(1300815780L);
-        claims.setExpiryTime(1300819380L);
-        claims.setClaim("http://claims.example.com/member", true);
-        
-        JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims);
-        String signed = writer.getSignedEncodedJws();
-        
-        JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed);
-        assertEquals(0, reader.getDecodedSignature().length);
-        
-        JwtToken token = reader.getJwtToken();
-        assertEquals(new JwtToken(headers, claims), token);
-    }
-
-    @Test
-    public void testReadJwsSignedByMacSpecExample() throws Exception {
-        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
-        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
-        JwtToken token = jws.getJwtToken();
-        JwtHeaders headers = token.getHeaders();
-        assertEquals(JwtConstants.TYPE_JWT, headers.getType());
-        assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm());
-        validateSpecClaim(token.getClaims());
-    }
-    
-    @Test
-    public void testWriteJwsWithJwkSignedByMac() throws Exception {
-        JsonWebKey key = new JsonWebKey();
-        key.setKeyType(JsonWebKey.KEY_TYPE_OCTET);
-        key.setKeyOperation(Arrays.asList(
-            new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY}));
-        doTestWriteJwsWithJwkSignedByMac(key);
-    }
-    
-    @Test
-    public void testWriteJwsWithJwkAsMapSignedByMac() throws Exception {
-        Map<String, Object> map = new LinkedHashMap<String, Object>();
-        map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET);
-        map.put(JsonWebKey.KEY_OPERATIONS,
-                new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY});
-        doTestWriteJwsWithJwkSignedByMac(map);
-    }
-    
-    private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
-        JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
-        
-        headers.setHeader(JwtConstants.HEADER_JSON_WEB_KEY, jsonWebKey);
-        
-        JwtClaims claims = new JwtClaims();
-        claims.setIssuer("joe");
-        claims.setExpiryTime(1300819380L);
-        claims.setClaim("http://example.com/is_root", Boolean.TRUE);
-        
-        JwtToken token = new JwtToken(headers, claims);
-        JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
-        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
-        
-        assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
-    }
-    
-    @Test
-    public void testReadJwsWithJwkSignedByMac() throws Exception {
-        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC);
-        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
-        JwtToken token = jws.getJwtToken();
-        JwtHeaders headers = token.getHeaders();
-        assertEquals(JwtConstants.TYPE_JWT, headers.getType());
-        assertEquals(Algorithm.HmacSHA256.getJwtName(), headers.getAlgorithm());
-        
-        JsonWebKey key = headers.getJsonWebKey();
-        assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        List<String> keyOps = key.getKeyOperation();
-        assertEquals(2, keyOps.size());
-        assertEquals(JsonWebKey.KEY_OPER_SIGN, keyOps.get(0));
-        assertEquals(JsonWebKey.KEY_OPER_VERIFY, keyOps.get(1));
-        
-        validateSpecClaim(token.getClaims());
-    }
-    
-    private void validateSpecClaim(JwtClaims claims) {
-        assertEquals("joe", claims.getIssuer());
-        assertEquals(Long.valueOf(1300819380), claims.getExpiryTime());
-        assertEquals(Boolean.TRUE, claims.getClaim("http://example.com/is_root"));
-    }
-    
-    @Test
-    public void testWriteJwsSignedByPrivateKey() throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName());
-        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
-        jws.signWith(new PrivateKeyJwsSignatureProvider(key));
-        
-        assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws());
-    }
-    
-    @Test
-    public void testWriteReadJwsSignedByESPrivateKey() throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setAlgorithm(Algorithm.SHA256withECDSA.getJwtName());
-        JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256,
-                                                              EC_PRIVATE_KEY_ENCODED);
-        jws.signWith(new EcDsaJwsSignatureProvider(privateKey));
-        String signedJws = jws.getSignedEncodedJws();
-        
-        ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256,
-                                                           EC_X_POINT_ENCODED, 
-                                                           EC_Y_POINT_ENCODED);
-        JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws);
-        assertTrue(jwsConsumer.verifySignatureWith(new PublicKeyJwsSignatureVerifier(publicKey)));
-        JwtToken token = jwsConsumer.getJwtToken();
-        JwtHeaders headersReceived = token.getHeaders();
-        assertEquals(Algorithm.SHA256withECDSA.getJwtName(), headersReceived.getAlgorithm());
-        validateSpecClaim(token.getClaims());
-    }
-    
-    @Test
-    public void testReadJwsSignedByPrivateKey() throws Exception {
-        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY);
-        RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
-        assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key)));
-        JwtToken token = jws.getJwtToken();
-        JwtHeaders headers = token.getHeaders();
-        assertEquals(Algorithm.SHA256withRSA.getJwtName(), headers.getAlgorithm());
-        validateSpecClaim(token.getClaims());
-    }
-    
-    private JwsCompactProducer initSpecJwtTokenWriter(JwtHeaders headers) throws Exception {
-        
-        JwtClaims claims = new JwtClaims();
-        claims.setIssuer("joe");
-        claims.setExpiryTime(1300819380L);
-        claims.setClaim("http://example.com/is_root", Boolean.TRUE);
-        
-        JwtToken token = new JwtToken(headers, claims);
-        return new JwsJwtCompactProducer(token, getWriter());
-    }
-
-    
-    private JwtTokenWriter getWriter() {
-        JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter();
-        jsonWriter.setFormat(true);
-        return jsonWriter;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/systests/rs-security/pom.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml
index 37eeda0..6a70173 100644
--- a/systests/rs-security/pom.xml
+++ b/systests/rs-security/pom.xml
@@ -78,7 +78,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-security-oauth2-jwt</artifactId>
+            <artifactId>cxf-rt-rs-security-oauth2-jose</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index db5f04f..f4709d9 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -30,17 +30,17 @@ import javax.crypto.Cipher;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
-import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption;
-import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption;
-import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweClientResponseFilter;
-import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor;
-import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsClientResponseFilter;
-import org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
+import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
+import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 0da9b3f..874b082 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -46,41 +46,41 @@ under the License.
         </httpj:engine>
     </httpj:engine-factory>
     <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
-    <bean id="jweInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter"/>
-    <bean id="jweOutFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor"/>
+    <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
+    <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/>
     
-    <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm">
+    <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm">
         <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/>
         <constructor-arg value="A128KW"/>
     </bean>
-    <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption">
+    <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption">
         <constructor-arg value="A128KW"/>
         <constructor-arg value="A128CBC-HS256"/>
         <constructor-arg ref="aesWrapEncryptionAlgo"/>
     </bean>
     
-    <bean id="aesWrapDecryptionAlgo" class="org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm">
+    <bean id="aesWrapDecryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm">
         <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/>
     </bean>
-    <bean id="aesCbcHmacDecryption" class="org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption">
+    <bean id="aesCbcHmacDecryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption">
         <constructor-arg ref="aesWrapDecryptionAlgo"/>
     </bean>
     
-    <bean id="jweInAesCbcHmacFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweContainerRequestFilter">
+    <bean id="jweInAesCbcHmacFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter">
         <property name="decryptionProvider" ref="aesCbcHmacDecryption"/>
     </bean>
-    <bean id="jweOutAesCbcHmacFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JweWriterInterceptor">
+    <bean id="jweOutAesCbcHmacFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor">
         <property name="encryptionProvider" ref="aesCbcHmacEncryption"/>
     </bean>
     
-    <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider">
+    <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider">
         <constructor-arg value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/>
     </bean>
-    <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsContainerRequestFilter">
+    <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter">
        <property name="signatureVerifier" ref="hmacSigVerifier"/>
     </bean>
-    <bean id="jwsInFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsContainerRequestFilter"/>
-    <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.oauth2.jwt.jaxrs.JwsWriterInterceptor"/>
+    <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
+    <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor"/>
     <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"/>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsa">
         <jaxrs:serviceBeans>


Mime
View raw message