cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [04/10] Changing the oauth2-jwt source folder to oauth2-jose
Date Fri, 19 Sep 2014 14:47:49 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 220763a..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128GCMKW.getJwtName(),
-                      Algorithm.A192GCMKW.getJwtName(),
-                      Algorithm.A256GCMKW.getJwtName()));
-    public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
-        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
-    }
-    public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.AES_ALGO_JAVA),
-             keyAlgoJwt);
-    }
-    public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
-        super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS);
-    }
-    
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        byte[] wrappedKeyAndTag = super.getEncryptedContentEncryptionKey(headers, cek);
-        byte[] wrappedKey = new byte[wrappedKeyAndTag.length - 128 / 8]; 
-        System.arraycopy(wrappedKeyAndTag, 0, wrappedKey, 0, wrappedKeyAndTag.length - 128 / 8);
-        String encodedTag = Base64UrlUtility.encodeChunk(wrappedKeyAndTag, 
-                                                         wrappedKeyAndTag.length - 128 / 8, 128 / 8);
-        headers.setHeader("tag", encodedTag);
-        return wrappedKey;
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        byte[] iv = CryptoUtils.generateSecureRandomBytes(96 / 8);
-        String encodedIv = Base64UrlUtility.encode(iv);
-        headers.setHeader("iv", encodedIv);
-        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 14c273f..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public AesWrapKeyDecryptionAlgorithm(String encodedKey) {    
-        this(CryptoUtils.decodeSequence(encodedKey));
-    }
-    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA));
-    }
-    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey) {    
-        super(secretKey, true);
-    }
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index a0b01b9..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128KW.getJwtName(),
-                      Algorithm.A192KW.getJwtName(),
-                      Algorithm.A256KW.getJwtName()));
-    public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
-        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
-    }
-    public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)),
-             keyAlgoJwt);
-    }
-    public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
-        super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
-    }
-    
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
deleted file mode 100644
index 897e68c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-public interface AuthenticationTagProducer {
-    void update(byte[] cipher, int off, int len);
-    byte[] getTag();
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java
deleted file mode 100644
index eaf6f61..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-interface ContentDecryptionAlgorithm extends ContentEncryptionCipherProperties {
-    byte[] getEncryptedSequence(byte[] cipher, byte[] authTag);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
deleted file mode 100644
index 07b370e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
-    String getAlgorithm();
-    byte[] getInitVector();
-    byte[] getContentEncryptionKey(JweHeaders headers);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
deleted file mode 100644
index 54da6fd..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-
-public interface ContentEncryptionCipherProperties {
-    byte[] getAdditionalAuthenticationData(String headersJson);
-    AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
deleted file mode 100644
index c1803c6..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-
-public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
-    private byte[] contentDecryptionKey;
-    public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) {    
-        this(contentDecryptionKey.getEncoded());
-    }
-    public DirectKeyDecryptionAlgorithm(byte[] contentDecryptionKey) {    
-        this.contentDecryptionKey = contentDecryptionKey;
-    }
-    @Override
-    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] encryptedCEK = consumer.getEncryptedContentEncryptionKey();
-        if (encryptedCEK != null && encryptedCEK.length > 0) {
-            throw new SecurityException();
-        }
-        return contentDecryptionKey;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
deleted file mode 100644
index 6714c3c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        if (headers.getKeyEncryptionAlgorithm() != null) {
-            throw new SecurityException();
-        }
-        return new byte[0];
-    }
-
-    @Override
-    public String getAlgorithm() {
-        return null;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
deleted file mode 100644
index 0f1611e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersReader;
-
-public class DirectKeyJweDecryption extends AbstractJweDecryption {
-    public DirectKeyJweDecryption(Key contentDecryptionKey) {    
-        this(contentDecryptionKey, null);
-    }
-    public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props) {    
-        this(contentDecryptionKey, props, null);
-    }
-    public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props, 
-                                  JwtHeadersReader reader) {    
-        this(contentDecryptionKey, props, reader,
-             new AesGcmContentDecryptionAlgorithm());
-    }
-    public DirectKeyJweDecryption(Key contentDecryptionKey, 
-                                  JweCryptoProperties props, 
-                                  JwtHeadersReader reader,
-                                  ContentDecryptionAlgorithm cipherProps) {    
-        super(props, reader, new DirectKeyDecryptionAlgorithm(contentDecryptionKey),
-              cipherProps);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
deleted file mode 100644
index fdd8658..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class DirectKeyJweEncryption extends AbstractJweEncryption {
-    public DirectKeyJweEncryption(SecretKey cek, byte[] iv) {
-        this(new JweHeaders(Algorithm.toJwtName(cek.getAlgorithm(),
-                                                cek.getEncoded().length * 8)), cek.getEncoded(), iv);
-    }
-    public DirectKeyJweEncryption(JweHeaders headers, byte[] cek, byte[] iv) {
-        this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv, headers.getContentEncryptionAlgorithm()));
-    }
-    public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo) {
-        super(headers, ceAlgo, new DirectKeyEncryptionAlgorithm());
-    }
-    protected byte[] getProvidedContentEncryptionKey() {
-        return validateCek(super.getProvidedContentEncryptionKey());
-    }
-    private static byte[] validateCek(byte[] cek) {
-        if (cek == null) {
-            // to prevent the cek from being auto-generated which 
-            // does not make sense for the direct key case
-            throw new NullPointerException("CEK must not be null");
-        }
-        return cek;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
deleted file mode 100644
index 5cfe012..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersReader;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-
-public class JweCompactConsumer {
-    private String headersJson;
-    private byte[] encryptedCEK;
-    private byte[] initVector;
-    private byte[] encryptedContent;
-    private byte[] authTag;
-    private JweHeaders jweHeaders;
-    public JweCompactConsumer(String jweContent) {
-        this(jweContent, new JwtTokenReaderWriter());
-    }
-    public JweCompactConsumer(String jweContent, JwtHeadersReader reader) {
-        String[] parts = jweContent.split("\\.");
-        if (parts.length != 5) {
-            throw new SecurityException("5 JWE parts are expected");
-        }
-        try {
-            headersJson = new String(Base64UrlUtility.decode(parts[0]));
-            encryptedCEK = Base64UrlUtility.decode(parts[1]);
-            initVector = Base64UrlUtility.decode(parts[2]);
-            
-            encryptedContent = Base64UrlUtility.decode(parts[3]);
-            authTag = Base64UrlUtility.decode(parts[4]);
-            jweHeaders = new JweHeaders(reader.fromJsonHeaders(headersJson).asMap());
-        } catch (Base64Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public void enforceJweCryptoProperties(JweCryptoProperties props) {
-        if (props != null) { 
-            //TODO
-        }
-    }
-    
-    public String getDecodedJsonHeaders() {
-        return headersJson;
-    }
-    
-    public JweHeaders getJweHeaders() {
-        return jweHeaders;
-    }
-    
-    public byte[] getEncryptedContentEncryptionKey() {
-        return encryptedCEK;
-    }
-    
-    public byte[] getContentDecryptionCipherInitVector() {
-        return initVector;
-    }
-    
-    public byte[] getContentEncryptionCipherAAD() {
-        return JweHeaders.toCipherAdditionalAuthData(headersJson);
-    }
-    
-    public byte[] getEncryptionAuthenticationTag() {
-        return authTag;
-    }
-    
-    public byte[] getEncryptedContent() {
-        return encryptedContent;
-    }
-    
-    public byte[] getEncryptedContentWithAuthTag() {
-        return getCipherWithAuthTag(encryptedContent, authTag);
-    }
-    
-    public static byte[] getCipherWithAuthTag(byte[] cipher, byte[] authTag) {
-        byte[] encryptedContentWithTag = new byte[cipher.length + authTag.length];
-        System.arraycopy(cipher, 0, encryptedContentWithTag, 0, cipher.length);
-        System.arraycopy(authTag, 0, encryptedContentWithTag, cipher.length, authTag.length);  
-        return encryptedContentWithTag;
-    }
-    
-    public byte[] getDecryptedContent(JweDecryptionProvider decryption) {
-        return decryption.decrypt(this);
-    }
-    public String getDecryptedContentText(JweDecryptionProvider decryption) {
-        try {
-            return new String(getDecryptedContent(decryption), "UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
deleted file mode 100644
index ca0cda8..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
+++ /dev/null
@@ -1,155 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-
-public class JweCompactProducer {
-    private StringBuilder jweContentBuilder;
-    private String encodedEncryptedContent;
-    private String encodedAuthTag;
-    public JweCompactProducer(JweHeaders headers,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentNoTag,
-                       byte[] authenticationTag) {    
-        this(headers, null, encryptedContentEncryptionKey, 
-             cipherInitVector, encryptedContentNoTag, authenticationTag);
-    }
-    
-    public JweCompactProducer(JweHeaders headers,
-                       JwtHeadersWriter writer,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentNoTag,
-                       byte[] authenticationTag) {
-        this(getHeadersJson(headers, writer),
-             encryptedContentEncryptionKey,
-             cipherInitVector,
-             encryptedContentNoTag,
-             authenticationTag);
-    }
-    public JweCompactProducer(String headersJson,
-                              byte[] encryptedContentEncryptionKey,
-                              byte[] cipherInitVector,
-                              byte[] encryptedContentNoTag,
-                              byte[] authenticationTag) {
-        jweContentBuilder = startJweContent(new StringBuilder(), headersJson, 
-                                  encryptedContentEncryptionKey, cipherInitVector);
-        this.encodedEncryptedContent = Base64UrlUtility.encode(encryptedContentNoTag);
-        this.encodedAuthTag = Base64UrlUtility.encode(authenticationTag);
-       
-    }
-    
-    public JweCompactProducer(JweHeaders headers,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentWithTag,
-                       int authTagLengthBits) {    
-        this(headers, null, encryptedContentEncryptionKey, 
-             cipherInitVector, encryptedContentWithTag, authTagLengthBits);
-    }
-    public JweCompactProducer(JweHeaders headers,
-                       JwtHeadersWriter writer,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentWithTag,
-                       int authTagLengthBits) {
-        jweContentBuilder = startJweContent(new StringBuilder(), headers, writer,
-                                   encryptedContentEncryptionKey, cipherInitVector);
-        this.encodedEncryptedContent = Base64UrlUtility.encodeChunk(
-            encryptedContentWithTag, 
-            0, 
-            encryptedContentWithTag.length - authTagLengthBits / 8);
-        this.encodedAuthTag = Base64UrlUtility.encodeChunk(
-            encryptedContentWithTag, 
-            encryptedContentWithTag.length - authTagLengthBits / 8, 
-            authTagLengthBits / 8);
-        
-    }
-    public static String startJweContent(JweHeaders headers,
-                                                JwtHeadersWriter writer, 
-                                                byte[] encryptedContentEncryptionKey,
-                                                byte[] cipherInitVector) {
-        return startJweContent(new StringBuilder(), 
-                               headers, writer, encryptedContentEncryptionKey, cipherInitVector).toString();       
-    }
-    public static StringBuilder startJweContent(StringBuilder sb,
-                                        JweHeaders headers,
-                                        JwtHeadersWriter writer, 
-                                        byte[] encryptedContentEncryptionKey,
-                                        byte[] cipherInitVector) {
-        return startJweContent(sb, 
-                               getHeadersJson(headers, writer), 
-                               encryptedContentEncryptionKey, 
-                               cipherInitVector);
-    }
-    private static String getHeadersJson(JweHeaders headers,
-                                         JwtHeadersWriter writer) {
-        writer = writer == null ? new JwtTokenReaderWriter() : writer;
-        return writer.headersToJson(headers);
-        
-    }
-    public static StringBuilder startJweContent(StringBuilder sb,
-                                                String headersJson,
-                                                byte[] encryptedContentEncryptionKey,
-                                                byte[] cipherInitVector) {
-        String encodedHeaders = Base64UrlUtility.encode(headersJson);
-        String encodedContentEncryptionKey = Base64UrlUtility.encode(encryptedContentEncryptionKey);
-        String encodedInitVector = Base64UrlUtility.encode(cipherInitVector);
-        sb.append(encodedHeaders)
-            .append('.')
-            .append(encodedContentEncryptionKey == null ? "" : encodedContentEncryptionKey)
-            .append('.')
-            .append(encodedInitVector == null ? "" : encodedInitVector)
-            .append('.');
-        return sb;
-    }
-    
-    public static void startJweContent(OutputStream os,
-                                       JweHeaders headers,
-                                       JwtHeadersWriter writer, 
-                                       byte[] encryptedContentEncryptionKey,
-                                       byte[] cipherInitVector) throws IOException {
-        writer = writer == null ? new JwtTokenReaderWriter() : writer;
-        byte[] jsonBytes = writer.headersToJson(headers).getBytes("UTF-8");
-        Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os);
-        byte[] dotBytes = new byte[]{'.'};
-        os.write(dotBytes);
-        Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0, 
-                                         encryptedContentEncryptionKey.length, os);
-        os.write(dotBytes);
-        Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os);
-        os.write(dotBytes);         
-    }
-    
-    public String getJweContent() {
-        return jweContentBuilder.append(encodedEncryptedContent)
-                 .append('.')
-                 .append(encodedAuthTag)
-                 .toString();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCryptoProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCryptoProperties.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCryptoProperties.java
deleted file mode 100644
index 54150e4..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCryptoProperties.java
+++ /dev/null
@@ -1,22 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-public class JweCryptoProperties {
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java
deleted file mode 100644
index f3cf255..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-
-public class JweDecryptionOutput {
-    private JweHeaders headers;
-    private byte[] content;
-    public JweDecryptionOutput(JweHeaders headers, byte[] content) {
-        this.headers = headers;
-        this.content = content;
-    }
-    public JweHeaders getHeaders() {
-        return headers;
-    }
-    public byte[] getContent() {
-        return content;
-    }
-    public String getContentText() {
-        try {
-            return new String(getContent(), "UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
deleted file mode 100644
index d20401b..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface JweDecryptionProvider {
-    JweDecryptionOutput decrypt(String jweContent);
-    byte[] decrypt(JweCompactConsumer consumer);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
deleted file mode 100644
index 5b9afee..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface JweEncryptionProvider {
-    String encrypt(byte[] jweContent, String contentType);
-    JweEncryptionState createJweEncryptionState(String contentType);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java
deleted file mode 100644
index 0732250..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.Cipher;
-
-public class JweEncryptionState {
-    private Cipher cipher;
-    private JweHeaders headers;
-    private byte[] contentEncryptionKey;
-    private byte[] iv;
-    private boolean compressionSupported;
-    private AuthenticationTagProducer authTagProducer;
-    
-    public JweEncryptionState(Cipher cipher, 
-                              JweHeaders headers, 
-                              byte[] contentEncryptionKey, 
-                              byte[] iv, 
-                              AuthenticationTagProducer authTagProducer,
-                              boolean compressionSupported) {
-        this.cipher = cipher;
-        this.headers = headers;
-        this.contentEncryptionKey = contentEncryptionKey;
-        this.iv = iv;
-        this.authTagProducer = authTagProducer;
-        this.compressionSupported = compressionSupported;
-    }
-    public Cipher getCipher() {
-        return cipher;
-    }
-    public JweHeaders getHeaders() {
-        return headers;
-    }
-    public byte[] getContentEncryptionKey() {
-        return contentEncryptionKey;
-    }
-    public byte[] getIv() {
-        return iv;
-    }
-    public boolean isCompressionSupported() {
-        return compressionSupported;
-    }
-    public AuthenticationTagProducer getAuthTagProducer() {
-        return authTagProducer;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java
deleted file mode 100644
index 7fe91d6..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-
-
-
-public class JweHeaders extends JwtHeaders {
-    
-    public JweHeaders() {
-    }
-    
-    public JweHeaders(Map<String, Object> values) {
-        super(values);
-    }
-    public JweHeaders(String keyEncAlgo, String ctEncAlgo) {
-        this(keyEncAlgo, ctEncAlgo, false);
-    }
-    public JweHeaders(String ctEncAlgo) {
-        this(null, ctEncAlgo, false);
-    }
-    public JweHeaders(String ctEncAlgo, boolean deflate) {
-        this(null, ctEncAlgo, deflate);
-    }
-    public JweHeaders(String keyEncAlgo, String ctEncAlgo, boolean deflate) {
-        init(keyEncAlgo, ctEncAlgo, deflate);
-    }
-    private void init(String keyEncAlgo, String ctEncAlgo, boolean deflate) {
-        if (keyEncAlgo != null) {
-            setKeyEncryptionAlgorithm(keyEncAlgo);    
-        }
-        setContentEncryptionAlgorithm(ctEncAlgo);
-        if (deflate) {
-            setZipAlgorithm(JwtConstants.DEFLATE_ZIP_ALGORITHM);
-        }
-    }
-    
-    public void setKeyEncryptionAlgorithm(String type) {
-        super.setAlgorithm(type);
-    }
-    
-    public String getKeyEncryptionAlgorithm() {
-        return super.getAlgorithm();
-    }
-    
-    public void setContentEncryptionAlgorithm(String type) {
-        setHeader(JwtConstants.JWE_HEADER_CONTENT_ENC_ALGORITHM, type);
-    }
-    
-    public String getContentEncryptionAlgorithm() {
-        return (String)getHeader(JwtConstants.JWE_HEADER_CONTENT_ENC_ALGORITHM);
-    }
-    
-    public void setZipAlgorithm(String type) {
-        setHeader(JwtConstants.JWE_HEADER_ZIP_ALGORITHM, type);
-    }
-    
-    public String getZipAlgorithm() {
-        return (String)getHeader(JwtConstants.JWE_HEADER_ZIP_ALGORITHM);
-    }
-    
-    @Override
-    public JwtHeaders setHeader(String name, Object value) {
-        return (JwtHeaders)super.setHeader(name, value);
-    }
-    public byte[] toCipherAdditionalAuthData(JwtHeadersWriter writer) { 
-        return toCipherAdditionalAuthData(writer.headersToJson(this));
-    }
-    public static byte[] toCipherAdditionalAuthData(String headersJson) { 
-        try {
-            String base64UrlHeadersInJson = Base64UrlUtility.encode(headersJson.getBytes("UTF-8"));
-            return base64UrlHeadersInJson.getBytes("US-ASCII");
-        } catch (UnsupportedEncodingException ex) {
-            throw new RuntimeException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
deleted file mode 100644
index 5abe38c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.nio.ByteBuffer;
-
-import javax.crypto.Cipher;
-
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-public class JweOutputStream extends FilterOutputStream {
-    private Cipher encryptingCipher;
-    private int blockSize;
-    private AuthenticationTagProducer authTagProducer;
-    private byte[] lastRawDataChunk;
-    private byte[] lastEncryptedDataChunk;
-    private boolean flushed;
-    public JweOutputStream(OutputStream out, 
-                           Cipher encryptingCipher, 
-                           AuthenticationTagProducer authTagProducer) {
-        super(out);
-        this.encryptingCipher = encryptingCipher;
-        this.blockSize = encryptingCipher.getBlockSize(); 
-        this.authTagProducer = authTagProducer;
-    }
-
-    @Override
-    public void write(int value) throws IOException {
-        byte[] bytes = ByteBuffer.allocate(Integer.SIZE / 8).putInt(value).array();
-        write(bytes, 0, bytes.length);
-    }
-    
-    @Override
-    public void write(byte b[], int off, int len) throws IOException {
-        if (lastRawDataChunk != null) {
-            int remaining = blockSize - lastRawDataChunk.length;
-            int lenToCopy = remaining < len ? remaining : len;
-            lastRawDataChunk = newArray(lastRawDataChunk, 0, lastRawDataChunk.length, b, off, lenToCopy);
-            off = off + lenToCopy;
-            len -= lenToCopy;
-            if (lastRawDataChunk.length < blockSize) {
-                return;
-            } else {
-                encryptAndWrite(lastRawDataChunk, 0, lastRawDataChunk.length);
-                lastRawDataChunk = null;
-            }
-        } 
-        int offset = 0;
-        int chunkSize = blockSize > len ? blockSize : blockSize * (len / blockSize);
-        for (; offset + chunkSize <= len; offset += chunkSize, off += chunkSize) {
-            encryptAndWrite(b, off, chunkSize);
-        }
-        if (offset < len) {
-            lastRawDataChunk = newArray(b, off, len - offset);
-        }
-        
-    }
-    
-    private void encryptAndWrite(byte[] chunk, int off, int len) throws IOException {
-        byte[] encrypted = encryptingCipher.update(chunk, off, len);
-        if (authTagProducer != null) {
-            authTagProducer.update(encrypted, 0, encrypted.length);
-        }
-        encodeAndWrite(encrypted, 0, encrypted.length, false);
-    }
-    private void encodeAndWrite(byte[] encryptedChunk, int off, int len, boolean finalWrite) throws IOException {
-        byte[] theChunk = lastEncryptedDataChunk;
-        int lenToEncode = len;
-        if (theChunk != null) {
-            theChunk = newArray(theChunk, 0, theChunk.length, encryptedChunk, off, len);
-            lenToEncode = theChunk.length;
-            off = 0;
-        } else {
-            theChunk = encryptedChunk;
-        }
-        int rem = finalWrite ? 0 : lenToEncode % 3; 
-        Base64UrlUtility.encodeAndStream(theChunk, off, lenToEncode - rem, out);
-        
-        if (rem > 0) {
-            lastEncryptedDataChunk = newArray(theChunk, lenToEncode - rem, rem);
-        } else {
-            lastEncryptedDataChunk = null;
-        }
-    }
-    
-    @Override
-    public void flush() throws IOException {
-        if (flushed) {
-            return;
-        }
-        try {
-            byte[] finalBytes = lastRawDataChunk == null 
-                ? encryptingCipher.doFinal()
-                : encryptingCipher.doFinal(lastRawDataChunk, 0, lastRawDataChunk.length);
-            final int authTagLengthBits = 128;
-            if (authTagProducer != null) {
-                authTagProducer.update(finalBytes, 0, finalBytes.length);
-                encodeAndWrite(finalBytes, 0, finalBytes.length, true);
-            } else {
-                encodeAndWrite(finalBytes, 0, finalBytes.length - authTagLengthBits / 8, true);
-            }
-            out.write(new byte[]{'.'});
-            
-            if (authTagProducer == null) {
-                encodeAndWrite(finalBytes, finalBytes.length - authTagLengthBits / 8, authTagLengthBits / 8, true);
-            } else {
-                byte[] authTag = authTagProducer.getTag();
-                encodeAndWrite(authTag, 0, authTagLengthBits / 8, true);
-            }
-        } catch (Exception ex) {
-            throw new SecurityException();
-        }
-        flushed = true;
-    }
-    private byte[] newArray(byte[] src, int srcPos, int srcLen) {
-        byte[] buf = new byte[srcLen];
-        System.arraycopy(src, srcPos, buf, 0, srcLen);
-        return buf;
-    }
-    private byte[] newArray(byte[] src, int srcPos, int srcLen, byte[] src2, int srcPos2, int srcLen2) {
-        byte[] buf = new byte[srcLen + srcLen2];
-        System.arraycopy(src, srcPos, buf, 0, srcLen);
-        System.arraycopy(src2, srcPos2, buf, srcLen, srcLen2);
-        return buf;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
deleted file mode 100644
index c3aa6d4..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-
-public final class JweUtils {
-    private JweUtils() {
-        
-    }
-    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) {
-        return getKeyEncryptionAlgorithm(jwk, null);
-    }
-    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
-        String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        KeyEncryptionAlgorithm keyEncryptionProvider = null;
-        if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jwk), 
-                                                                      keyEncryptionAlgo);
-        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesKeyWrap(keyEncryptionAlgo)) {
-                keyEncryptionProvider = new AesWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-            } else if (Algorithm.isAesGcmKeyWrap(keyEncryptionAlgo)) {
-                keyEncryptionProvider = new AesGcmWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-            }
-        } else {
-            // TODO: support elliptic curve keys
-        }
-        return keyEncryptionProvider;
-    }
-    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk) {
-        KeyDecryptionAlgorithm keyDecryptionProvider = null;
-        if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk));
-        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesKeyWrap(jwk.getAlgorithm())) {
-                keyDecryptionProvider = new AesWrapKeyDecryptionAlgorithm(key);
-            } else if (Algorithm.isAesGcmKeyWrap(jwk.getAlgorithm())) {
-                keyDecryptionProvider = new AesGcmWrapKeyDecryptionAlgorithm(key);
-            } 
-        } else {
-            // TODO: support elliptic curve keys
-        }
-        return keyDecryptionProvider;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
deleted file mode 100644
index 9932ab2..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface KeyDecryptionAlgorithm {
-    byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
deleted file mode 100644
index 3885291..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface KeyEncryptionAlgorithm {
-    String getAlgorithm();
-    byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index ac66535..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
-    private byte[] password;
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) {    
-        this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password));
-    }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) {    
-        this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password));
-    }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) {    
-        this.password = password;
-    }
-    @Override
-    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] saltInput = getDecodedBytes(consumer, "p2s");
-        int pbesCount = consumer.getJweHeaders().getIntegerHeader("p2c");
-        String keyAlgoJwt = consumer.getJweHeaders().getAlgorithm();
-        int keySize = PbesHmacAesWrapKeyEncryptionAlgorithm.getKeySize(keyAlgoJwt);
-        byte[] derivedKey = PbesHmacAesWrapKeyEncryptionAlgorithm
-            .createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
-        KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey);
-        return aesWrap.getDecryptedContentEncryptionKey(consumer);
-    }    
-    private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {
-        try {
-            Object headerValue = consumer.getJweHeaders().getHeader(headerName);
-            return Base64UrlUtility.decode(headerValue.toString());
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 377e186..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.Charset;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.PBES2_HS256_A128KW.getJwtName(),
-                      Algorithm.PBES2_HS384_A192KW.getJwtName(),
-                      Algorithm.PBES2_HS512_A256KW.getJwtName()));
-    private static final Map<String, Integer> PBES_HMAC_MAP;
-    private static final Map<String, String> PBES_AES_MAP;
-    private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
-    static {
-        PBES_HMAC_MAP = new HashMap<String, Integer>();
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 256);
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 384);
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 512);
-        
-        PBES_AES_MAP = new HashMap<String, String>();
-        PBES_AES_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), Algorithm.A128KW.getJwtName());
-        PBES_AES_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), Algorithm.A192KW.getJwtName());
-        PBES_AES_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), Algorithm.A256KW.getJwtName());
-        
-        DERIVED_KEY_SIZE_MAP = new HashMap<String, Integer>();
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 16);
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 24);
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 32);
-    }
-    
-    
-    private byte[] password;
-    private int pbesCount;
-    private String keyAlgoJwt;
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, String keyAlgoJwt) {
-        this(stringToBytes(password), keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt) {
-        this(stringToBytes(password), pbesCount, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, String keyAlgoJwt) {
-        this(password, 4096, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt) {
-        this(charsToBytes(password), pbesCount, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, String keyAlgoJwt) {
-        this(password, 4096, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt) {
-        this.password = password;
-        this.keyAlgoJwt = validateKeyAlgorithm(keyAlgoJwt);
-        this.pbesCount = validatePbesCount(pbesCount);
-    }
-    
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        int keySize = getKeySize(keyAlgoJwt);
-        byte[] saltInput = CryptoUtils.generateSecureRandomBytes(keySize);
-        byte[] derivedKey = createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
-        
-        headers.setHeader("p2s", Base64UrlUtility.encode(saltInput));
-        headers.setIntegerHeader("p2c", pbesCount);
-        
-        final String aesAlgoJwt = PBES_AES_MAP.get(keyAlgoJwt);
-        KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, aesAlgoJwt) {
-            protected void checkAlgorithms(JweHeaders headers) {
-                // complete
-            }
-            protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-                return Algorithm.AES_WRAP_ALGO_JAVA;
-            }
-        };
-        return aesWrap.getEncryptedContentEncryptionKey(headers, cek);
-        
-        
-    }
-    static int getKeySize(String keyAlgoJwt) {
-        return DERIVED_KEY_SIZE_MAP.get(keyAlgoJwt);
-    }
-    static byte[] createDerivedKey(String keyAlgoJwt, int keySize,
-                                   byte[] password, byte[] saltInput, int pbesCount) {
-        byte[] saltValue = createSaltValue(keyAlgoJwt, saltInput);
-        Digest digest = null;
-        int macSigSize = PBES_HMAC_MAP.get(keyAlgoJwt);
-        if (macSigSize == 256) { 
-            digest = new SHA256Digest();
-        } else if (macSigSize == 384) {
-            digest = new SHA384Digest();
-        } else {
-            digest = new SHA512Digest();
-        }
-        PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(digest);
-        gen.init(password, saltValue, pbesCount);
-        return ((KeyParameter) gen.generateDerivedParameters(keySize * 8)).getKey();
-    }
-    
-    
-    private static byte[] createSaltValue(String keyAlgoJwt, byte[] saltInput) {
-        byte[] algoBytes = stringToBytes(keyAlgoJwt);
-        byte[] saltValue = new byte[algoBytes.length + 1 + saltInput.length];
-        System.arraycopy(algoBytes, 0, saltValue, 0, algoBytes.length);
-        saltValue[algoBytes.length] = 0;
-        System.arraycopy(saltInput, 0, saltValue, algoBytes.length + 1, saltInput.length);
-        return saltValue;
-    }
-    static String validateKeyAlgorithm(String algo) {
-        if (!SUPPORTED_ALGORITHMS.contains(algo)) {
-            throw new SecurityException();
-        }
-        return algo;
-    }
-    static int validatePbesCount(int count) {
-        if (count < 1000) {
-            throw new SecurityException();
-        }
-        return count;
-    }    
-    
-    static byte[] stringToBytes(String str) {
-        try {
-            return str.getBytes("UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    static byte[] charsToBytes(char[] chars) {
-        ByteBuffer bb = Charset.forName("UTF-8").encode(CharBuffer.wrap(chars));
-        byte[] b = new byte[bb.remaining()];
-        bb.get(b);
-        return b;
-    }
-    @Override
-    public String getAlgorithm() {
-        return keyAlgoJwt;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
deleted file mode 100644
index c0e2f28..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPrivateKey;
-
-public class RSAOaepKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {    
-        this(privateKey, true);
-    }
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, boolean unwrap) {    
-        super(privateKey, unwrap);
-    }
-    protected int getKeyCipherBlockSize() {
-        return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
deleted file mode 100644
index b658e36..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.RSA_OAEP.getJwtName(),
-                      Algorithm.RSA_OAEP_256.getJwtName()));
-    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
-        this(publicKey, jweAlgo, true);
-    }
-    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
-        super(publicKey, jweAlgo, wrap, SUPPORTED_ALGORITHMS);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
deleted file mode 100644
index 789e8cd..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
-
-public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
-    private Key cekDecryptionKey;
-    private boolean unwrap;
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey) {    
-        this(cekDecryptionKey, true);
-    }
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, boolean unwrap) {    
-        this.cekDecryptionKey = cekDecryptionKey;
-        this.unwrap = unwrap;
-    }
-    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm(consumer));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(consumer); 
-        if (spec != null) {
-            keyProps.setAlgoSpec(spec);
-        }
-        if (!unwrap) {
-            keyProps.setBlockSize(getKeyCipherBlockSize());
-            return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(consumer), 
-                                            getCekDecryptionKey(), keyProps);
-        } else {
-            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(consumer), 
-                                               getContentEncryptionAlgorithm(consumer), 
-                                               getCekDecryptionKey(), 
-                                               keyProps).getEncoded();
-        }
-    }
-    
-    protected Key getCekDecryptionKey() {
-        return cekDecryptionKey;
-    }
-    protected int getKeyCipherBlockSize() {
-        return -1;
-    }
-    protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
-        return Algorithm.toJavaName(consumer.getJweHeaders().getKeyEncryptionAlgorithm());
-    }
-    protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
-        return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweCompactConsumer consumer) {
-        return null;
-    }
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        return consumer.getEncryptedContentEncryptionKey();
-    }
-}


Mime
View raw message