cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5944] Updating JwsSignatureProvider interface
Date Fri, 19 Sep 2014 09:16:42 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 6ce2f6a37 -> 5fe1ba253


[CXF-5944] Updating JwsSignatureProvider interface


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5fe1ba25
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5fe1ba25
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5fe1ba25

Branch: refs/heads/master
Commit: 5fe1ba253cca62a4737b8f48a12e11606c3b8c3f
Parents: 6ce2f6a
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Sep 19 10:15:59 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Sep 19 10:15:59 2014 +0100

----------------------------------------------------------------------
 .../jose/jaxrs/AbstractJwsWriterProvider.java   |  2 +-
 .../jose/jws/AbstractJwsSignatureProvider.java  | 19 +++---
 .../jose/jws/EcDsaJwsSignatureProvider.java     | 13 ++--
 .../jose/jws/HmacJwsSignatureProvider.java      | 26 +++-----
 .../jose/jws/HmacJwsSignatureVerifier.java      | 62 ++++++++++++++++++++
 .../security/jose/jws/JwsSignatureProvider.java |  1 +
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 11 ++--
 .../jws/PrivateKeyJwsSignatureProvider.java     | 17 +++---
 .../jose/jws/JwsCompactReaderWriterTest.java    | 12 ++--
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     |  4 +-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |  2 +-
 11 files changed, 114 insertions(+), 55 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
index 701e058..d2fc2ae 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
@@ -71,7 +71,7 @@ public class AbstractJwsWriterProvider {
                 rsaSignatureAlgo = getSignatureAlgo(props, null);
                 RSAPrivateKey pk = (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, 
                                                               CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
-                theSigProvider = new PrivateKeyJwsSignatureProvider(pk);
+                theSigProvider = new PrivateKeyJwsSignatureProvider(pk, rsaSignatureAlgo);
             }
             if (theSigProvider == null) {
                 throw new SecurityException();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
index 04516a3..4be56f6 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
@@ -24,10 +24,11 @@ import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
 
 public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider {
     private Set<String> supportedAlgorithms;
-    private String defaultJwtAlgorithm;
+    private String algorithm;
     
-    protected AbstractJwsSignatureProvider(Set<String> supportedAlgorithms) {
+    protected AbstractJwsSignatureProvider(Set<String> supportedAlgorithms, String
algo) {
         this.supportedAlgorithms = supportedAlgorithms;
+        this.algorithm = algo;
     }
     
     protected JwtHeaders prepareHeaders(JwtHeaders headers) {
@@ -38,11 +39,15 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid
         if (algo != null) {
             checkAlgorithm(algo);
         } else {
-            headers.setAlgorithm(defaultJwtAlgorithm);
+            checkAlgorithm(algorithm);
+            headers.setAlgorithm(algorithm);
         }
         return headers;
     }
-    
+    @Override
+    public String getAlgorithm() {
+        return algorithm;    
+    }
     @Override
     public JwsSignature createJwsSignature(JwtHeaders headers) {
         return doCreateJwsSignature(prepareHeaders(headers));
@@ -50,13 +55,11 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid
     
     protected abstract JwsSignature doCreateJwsSignature(JwtHeaders headers);
     
-    public void setDefaultJwtAlgorithm(String algo) {
-        this.defaultJwtAlgorithm = algo;
-    }
-    protected void checkAlgorithm(String algo) {
+    protected String checkAlgorithm(String algo) {
         if (algo == null || !supportedAlgorithms.contains(algo)) {
             throw new SecurityException();
         }
+        return algo;
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
index f1547b5..e52edec 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
@@ -33,13 +33,14 @@ public class EcDsaJwsSignatureProvider extends PrivateKeyJwsSignatureProvider
{
                       Algorithm.SHA384withECDSA.getJwtName(),
                       Algorithm.SHA512withECDSA.getJwtName())); 
     
-    public EcDsaJwsSignatureProvider(ECPrivateKey key) {
-        this(key, null);
+    public EcDsaJwsSignatureProvider(ECPrivateKey key, String algo) {
+        this(key, null, algo);
     }
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec) {
-        this(key, null, spec);
+    public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, String
algo) {
+        this(key, null, spec, algo);
     }
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec
spec) {
-        super(key, random, spec, SUPPORTED_ALGORITHMS);
+    public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec
spec, 
+                                     String algo) {
+        super(key, random, spec, SUPPORTED_ALGORITHMS, algo);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
index 38ed06a..c1fcc46 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
@@ -31,7 +31,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
 
-public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider implements JwsSignatureVerifier
{
+public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
     private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
         Arrays.asList(Algorithm.HmacSHA256.getJwtName(),
                       Algorithm.HmacSHA384.getJwtName(),
@@ -39,16 +39,16 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider
imple
     private byte[] key;
     private AlgorithmParameterSpec hmacSpec;
     
-    public HmacJwsSignatureProvider(byte[] key) {
-        this(key, null);
+    public HmacJwsSignatureProvider(byte[] key, String algo) {
+        this(key, null, algo);
     }
-    public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec) {
-        super(SUPPORTED_ALGORITHMS);
+    public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, String algo)
{
+        super(SUPPORTED_ALGORITHMS, algo);
         this.key = key;
         this.hmacSpec = spec;
     }
-    public HmacJwsSignatureProvider(String encodedKey) {
-        super(SUPPORTED_ALGORITHMS);
+    public HmacJwsSignatureProvider(String encodedKey, String algo) {
+        super(SUPPORTED_ALGORITHMS, algo);
         try {
             this.key = Base64UrlUtility.decode(encodedKey);
         } catch (Base64Exception ex) {
@@ -56,18 +56,6 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider
imple
         }
     }
     
-    @Override
-    public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) {
-        byte[] expected = computeMac(headers, unsignedText);
-        return Arrays.equals(expected, signature);
-    }
-    
-    private byte[] computeMac(JwtHeaders headers, String text) {
-        return HmacUtils.computeHmac(key, 
-                                     Algorithm.toJavaName(headers.getAlgorithm()),
-                                     hmacSpec,
-                                     text);
-    }
     protected JwsSignature doCreateJwsSignature(JwtHeaders headers) {
         final Mac mac = HmacUtils.getInitializedMac(key, Algorithm.toJavaName(headers.getAlgorithm()),
                                                     hmacSpec);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
new file mode 100644
index 0000000..fed7e1f
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
+
+public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
+    private byte[] key;
+    private AlgorithmParameterSpec hmacSpec;
+    
+    public HmacJwsSignatureVerifier(byte[] key) {
+        this(key, null);
+    }
+    public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec) {
+        this.key = key;
+        this.hmacSpec = spec;
+    }
+    public HmacJwsSignatureVerifier(String encodedKey) {
+        try {
+            this.key = Base64UrlUtility.decode(encodedKey);
+        } catch (Base64Exception ex) {
+            throw new SecurityException();
+        }
+    }
+    
+    @Override
+    public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) {
+        byte[] expected = computeMac(headers, unsignedText);
+        return Arrays.equals(expected, signature);
+    }
+    
+    private byte[] computeMac(JwtHeaders headers, String text) {
+        return HmacUtils.computeHmac(key, 
+                                     Algorithm.toJavaName(headers.getAlgorithm()),
+                                     hmacSpec,
+                                     text);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
index ea40029..a4d12bf 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
@@ -21,5 +21,6 @@ package org.apache.cxf.rs.security.jose.jws;
 import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
 
 public interface JwsSignatureProvider {
+    String getAlgorithm();
     JwsSignature createJwsSignature(JwtHeaders headers);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index a8b81c0..20b2672 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -33,13 +33,16 @@ public final class JwsUtils {
         String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         JwsSignatureProvider theSigProvider = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk));
+            theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
+                                                                rsaSignatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 
             && Algorithm.isHmacSign(rsaSignatureAlgo)) {
             theSigProvider = 
-                new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
+                new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
+                                             rsaSignatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-            theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk));
+            theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk),
+                                                           rsaSignatureAlgo);
         }
         return theSigProvider;
     }
@@ -51,7 +54,7 @@ public final class JwsUtils {
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 
             && Algorithm.isHmacSign(rsaSignatureAlgo)) {
             theVerifier = 
-                new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
+                new HmacJwsSignatureVerifier((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
             theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk));
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
index 840256e..bbd92aa 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
@@ -40,21 +40,22 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider
     private SecureRandom random; 
     private AlgorithmParameterSpec signatureSpec;
     
-    public PrivateKeyJwsSignatureProvider(PrivateKey key) {
-        this(key, null);
+    public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) {
+        this(key, null, algo);
     }
-    public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec) {
-        this(key, null, spec);
+    public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String
algo) {
+        this(key, null, spec, algo);
     }
     public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, 
-                                          AlgorithmParameterSpec spec) {
-        this(key, random, spec, SUPPORTED_ALGORITHMS);
+                                          AlgorithmParameterSpec spec, String algo) {
+        this(key, random, spec, SUPPORTED_ALGORITHMS, algo);
     }
     protected PrivateKeyJwsSignatureProvider(PrivateKey key, 
                                              SecureRandom random, 
                                              AlgorithmParameterSpec spec,
-                                             Set<String> supportedAlgorithms) {
-        super(supportedAlgorithms);
+                                             Set<String> supportedAlgorithms,
+                                             String algo) {
+        super(supportedAlgorithms, algo);
         this.key = key;
         this.random = random;
         this.signatureSpec = spec;

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 3397e7e..5a08733 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -94,7 +94,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     public void testWriteJwsSignedByMacSpecExample() throws Exception {
         JwtHeaders headers = new JwtHeaders(Algorithm.HmacSHA256.getJwtName());
         JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
+        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()));
         
         assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedJws());
         
@@ -125,7 +125,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     @Test
     public void testReadJwsSignedByMacSpecExample() throws Exception {
         JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
-        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
+        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
         JwtToken token = jws.getJwtToken();
         JwtHeaders headers = token.getHeaders();
         assertEquals(JwtConstants.TYPE_JWT, headers.getType());
@@ -163,7 +163,7 @@ public class JwsCompactReaderWriterTest extends Assert {
         
         JwtToken token = new JwtToken(headers, claims);
         JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
-        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
+        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName()));
         
         assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
     }
@@ -171,7 +171,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     @Test
     public void testReadJwsWithJwkSignedByMac() throws Exception {
         JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC);
-        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
+        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY)));
         JwtToken token = jws.getJwtToken();
         JwtHeaders headers = token.getHeaders();
         assertEquals(JwtConstants.TYPE_JWT, headers.getType());
@@ -199,7 +199,7 @@ public class JwsCompactReaderWriterTest extends Assert {
         headers.setAlgorithm(Algorithm.SHA256withRSA.getJwtName());
         JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
         PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
-        jws.signWith(new PrivateKeyJwsSignatureProvider(key));
+        jws.signWith(new PrivateKeyJwsSignatureProvider(key, Algorithm.SHA256withRSA.getJwtName()));
         
         assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws());
     }
@@ -211,7 +211,7 @@ public class JwsCompactReaderWriterTest extends Assert {
         JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
         ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256,
                                                               EC_PRIVATE_KEY_ENCODED);
-        jws.signWith(new EcDsaJwsSignatureProvider(privateKey));
+        jws.signWith(new EcDsaJwsSignatureProvider(privateKey, Algorithm.SHA256withECDSA.getJwtName()));
         String signedJws = jws.getSignedEncodedJws();
         
         ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256,

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 12fe555..721ef90 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -161,8 +161,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
     @Test
     public void testJweRsaJwsHMac() throws Exception {
         String address = "https://localhost:" + PORT + "/jwejwshmac";
-        HmacJwsSignatureProvider hmacProvider = new HmacJwsSignatureProvider(ENCODED_MAC_KEY);
-        hmacProvider.setDefaultJwtAlgorithm(Algorithm.HmacSHA256.getJwtName());
+        HmacJwsSignatureProvider hmacProvider = 
+            new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName());
         doTestJweJwsRsa(address, hmacProvider);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fe1ba25/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index e93cb09..02ecc81 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -72,7 +72,7 @@ under the License.
         <property name="encryptionProvider" ref="aesCbcHmacEncryption"/>
     </bean>
     
-    <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider">
+    <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier">
         <constructor-arg value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/>
     </bean>
     <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter">


Mime
View raw message