cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [2/9] [CXF-5944] Changing packages and the module name based on the feedback from Luigi Lo Iacono
Date Wed, 17 Sep 2014 17:21:28 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/Constants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/Constants.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/Constants.java
deleted file mode 100644
index c7630b2..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/Constants.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.grant;
-
-public final class Constants {
-    public static final String JWT_BEARER_GRANT = "urn:ietf:params:oauth:grant-type:jwt-bearer";
-    public static final String CLIENT_GRANT_ASSERTION_PARAM = "assertion";
-    
-    public static final String CLIENT_AUTH_ASSERTION_PARAM = "client_assertion";
-    public static final String CLIENT_AUTH_ASSERTION_TYPE = "client_assertion_type";
-    public static final String CLIENT_AUTH_JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
-   
-    
-    private Constants() {
-        
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerClientCredentialsGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerClientCredentialsGrant.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerClientCredentialsGrant.java
deleted file mode 100644
index de6b0a4..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerClientCredentialsGrant.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.grant;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
-public class JwtBearerClientCredentialsGrant extends AbstractJwtBearerGrant {
-    
-    private static final long serialVersionUID = 4801583498206813025L;
-
-    public JwtBearerClientCredentialsGrant(String assertion, boolean encoded, String scope) {
-        super(OAuthConstants.CLIENT_CREDENTIALS_GRANT, assertion, encoded, scope);
-    }
-    
-    public MultivaluedMap<String, String> toMap() {
-        MultivaluedMap<String, String> map = initMap();
-        map.putSingle(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_JWT_BEARER);
-        map.putSingle(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodeAssertion());
-        addScope(map);
-        return map;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrant.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrant.java
deleted file mode 100644
index 798e247..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrant.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.grant;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-public class JwtBearerGrant extends AbstractJwtBearerGrant {
-    private static final long serialVersionUID = -7296527609343431294L;
-
-    public JwtBearerGrant(String assertion) {
-        this(assertion, false);
-    }
-    
-    public JwtBearerGrant(String assertion, boolean encoded) {
-        this(assertion, false, null);
-    }
-    
-    public JwtBearerGrant(String assertion, String scope) {
-        this(assertion, false, scope);
-    }
-    
-    public JwtBearerGrant(String assertion, boolean encoded, String scope) {
-        super(Constants.JWT_BEARER_GRANT, assertion, encoded, scope);
-    }
-    
-    public MultivaluedMap<String, String> toMap() {
-        MultivaluedMap<String, String> map = initMap();
-        map.putSingle(Constants.CLIENT_GRANT_ASSERTION_PARAM, encodeAssertion());
-        addScope(map);
-        return map;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrantHandler.java
deleted file mode 100644
index 69c9848..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtBearerGrantHandler.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.grant;
-
-import java.util.Arrays;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.jaxrs.utils.HttpUtils;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtToken;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReader;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
-
-/**
- * The "JWT Bearer" grant handler
- */
-public class JwtBearerGrantHandler extends AbstractJwtHandler {
-    private static final String ENCODED_JWT_BEARER_GRANT;
-    static {
-        //  AccessTokenService may be configured with the form provider
-        // which will not decode by default - so listing both the actual 
-        // and encoded grant type value will help
-        ENCODED_JWT_BEARER_GRANT = HttpUtils.urlEncode(Constants.JWT_BEARER_GRANT, "UTF-8");
-    }
-    private JwtTokenReader jwtReader;
-    public JwtBearerGrantHandler() {
-        super(Arrays.asList(Constants.JWT_BEARER_GRANT, ENCODED_JWT_BEARER_GRANT));
-    }
-
-    @Override
-    public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
-        throws OAuthServiceException {
-        String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM);
-        if (assertion == null) {
-            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
-        }
-        try {
-            JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
-            JwtToken jwtToken = jwsReader.getJwtToken();
-            super.validateSignature(jwtToken.getHeaders(),
-                                    jwsReader.getUnsignedEncodedPayload(), 
-                                    jwsReader.getDecodedSignature());
-            
-                   
-            super.validateClaims(client, jwtToken.getClaims());
-            UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject());
-            
-            return doCreateAccessToken(client, 
-                                       grantSubject,
-                                       Constants.JWT_BEARER_GRANT,
-                                       OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
-        } catch (OAuthServiceException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
-        }    
-        
-    }
-
-    protected JwsJwtCompactConsumer getJwsReader(String assertion) {
-        return new JwsJwtCompactConsumer(assertion, jwtReader);
-    }
-    
-    public void setJwtReader(JwtTokenReader tokenReader) {
-        this.jwtReader = tokenReader;
-    }
-
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtUserSubject.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtUserSubject.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtUserSubject.java
deleted file mode 100644
index fae1140..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/grant/JwtUserSubject.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.grant;
-
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtToken;
-
-public class JwtUserSubject extends UserSubject {
-    private static final long serialVersionUID = -1135272749329239037L;
-    private JwtToken token;
-    public JwtUserSubject(String user, JwtToken token) {
-        super(user);
-        this.token = token;
-    }
-    public JwtToken getToken() {
-        return token;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
deleted file mode 100644
index e3356a7..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.Properties;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweDecryption;
-import org.apache.cxf.rs.security.oauth2.jwe.AesGcmWrapKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
-import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
-import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
-import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryption;
-import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AbstractJweDecryptingFilter {
-    private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
-    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";    
-    private JweDecryptionProvider decryption;
-    private JweCryptoProperties cryptoProperties;
-    private String defaultMediaType;
-    protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
-        JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider();
-        JweDecryptionOutput out = theDecryptor.decrypt(new String(IOUtils.readBytesFromStream(is), "UTF-8"));
-        validateHeaders(out.getHeaders());
-        return out;
-    }
-
-    protected void validateHeaders(JweHeaders headers) {
-        // complete
-    }
-    public void setDecryptionProvider(JweDecryptionProvider decryptor) {
-        this.decryption = decryptor;
-    }
-    protected JweDecryptionProvider getInitializedDecryptionProvider() {
-        if (decryption != null) {
-            return decryption;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            WrappedKeyDecryptionAlgorithm keyDecryptionProvider = null;
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
-                //TODO: Private JWK sets can be JWE encrypted
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-                if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-                    keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(jwk.toRSAPrivateKey());
-                } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-                    SecretKey key = jwk.toSecretKey();
-                    if (Algorithm.isAesKeyWrap(jwk.getAlgorithm())) {
-                        keyDecryptionProvider = new AesWrapKeyDecryptionAlgorithm(key);
-                    } else if (Algorithm.isAesGcmKeyWrap(jwk.getAlgorithm())) {
-                        keyDecryptionProvider = new AesGcmWrapKeyDecryptionAlgorithm(key);
-                    } 
-                } else {
-                    // TODO: support elliptic curve keys
-                }
-            } else {
-                keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(
-                    (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
-            }
-            if (keyDecryptionProvider == null) {
-                throw new SecurityException();
-            }
-            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
-            boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo);
-            if (isAesHmac) { 
-                return new AesCbcHmacJweDecryption(keyDecryptionProvider);
-            } else {
-                return new WrappedKeyJweDecryption(keyDecryptionProvider, cryptoProperties, null);
-            }
-            
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-        
-    }
-
-    public void setCryptoProperties(JweCryptoProperties cryptoProperties) {
-        this.cryptoProperties = cryptoProperties;
-    }
-
-    public String getDefaultMediaType() {
-        return defaultMediaType;
-    }
-
-    public void setDefaultMediaType(String defaultMediaType) {
-        this.defaultMediaType = defaultMediaType;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
deleted file mode 100644
index 27f0f4e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Properties;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils;
-import org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProperties;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.oauth2.jws.PublicKeyJwsSignatureVerifier;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AbstractJwsReaderProvider {
-    private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
-    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    
-    private JwsSignatureVerifier sigVerifier;
-    private JwsSignatureProperties sigProperties;
-    private String defaultMediaType;
-    
-    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
-        this.sigVerifier = signatureVerifier;
-    }
-
-    public void setSignatureProperties(JwsSignatureProperties signatureProperties) {
-        this.sigProperties = signatureProperties;
-    }
-    
-    public JwsSignatureProperties getSigProperties() {
-        return sigProperties;
-    }
-    
-    protected JwsSignatureVerifier getInitializedSigVerifier() {
-        if (sigVerifier != null) {
-            return sigVerifier;    
-        } 
-        
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            JwsSignatureVerifier theVerifier = null;
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
-                if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-                    theVerifier = new PublicKeyJwsSignatureVerifier(jwk.toRSAPublicKey());
-                } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 
-                    && Algorithm.isHmacSign(jwk.getAlgorithm())) {
-                    theVerifier = 
-                        new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-                } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-                    theVerifier = new PublicKeyJwsSignatureVerifier(jwk.toECPublicKey());
-                }
-                
-            } else {
-                theVerifier = new PublicKeyJwsSignatureVerifier(
-                                  (RSAPublicKey)CryptoUtils.loadPublicKey(m, props));
-            }
-            return theVerifier;
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-
-    public String getDefaultMediaType() {
-        return defaultMediaType;
-    }
-
-    public void setDefaultMediaType(String defaultMediaType) {
-        this.defaultMediaType = defaultMediaType;
-    }
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
deleted file mode 100644
index 2c89957..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.Properties;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils;
-import org.apache.cxf.rs.security.oauth2.jws.EcDsaJwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jws.HmacJwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jws.PrivateKeyJwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AbstractJwsWriterProvider {
-    private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
-    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
-    
-    private JwsSignatureProvider sigProvider;
-    
-    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
-        this.sigProvider = signatureProvider;
-    }
-    
-    protected JwsSignatureProvider getInitializedSigProvider(JwtHeaders headers) {
-        if (sigProvider != null) {
-            return sigProvider;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        try {
-            Properties props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
-            JwsSignatureProvider theSigProvider = null; 
-            String rsaSignatureAlgo = null;
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
-                //TODO: Private JWK sets can be JWE encrypted
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
-                rsaSignatureAlgo = jwk.getAlgorithm();
-                if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-                    theSigProvider = new PrivateKeyJwsSignatureProvider(jwk.toRSAPrivateKey());
-                } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 
-                    && Algorithm.isHmacSign(rsaSignatureAlgo)) {
-                    theSigProvider = 
-                        new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-                } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-                    theSigProvider = new EcDsaJwsSignatureProvider(jwk.toECPrivateKey());
-                }
-            } else {
-                RSAPrivateKey pk = (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, 
-                                                              CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
-                theSigProvider = new PrivateKeyJwsSignatureProvider(pk);
-            }
-            if (rsaSignatureAlgo == null) {
-                rsaSignatureAlgo = props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP);
-            }
-            headers.setAlgorithm(rsaSignatureAlgo);
-            if (theSigProvider == null) {
-                throw new SecurityException();
-            }
-            return theSigProvider;
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    protected void writeJws(JwsCompactProducer p, JwsSignatureProvider theSigProvider, OutputStream os) 
-        throws IOException {
-        p.signWith(theSigProvider);
-        IOUtils.copy(new ByteArrayInputStream(p.getSignedEncodedJws().getBytes("UTF-8")), os);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
deleted file mode 100644
index 53b9890..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientResponseContext;
-import javax.ws.rs.client.ClientResponseFilter;
-
-import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtUtils;
-
-@Priority(Priorities.JWE_CLIENT_READ_PRIORITY)
-public class JweClientResponseFilter extends AbstractJweDecryptingFilter implements ClientResponseFilter {
-    @Override
-    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
-        JweDecryptionOutput out = decrypt(res.getEntityStream());
-        byte[] bytes = out.getContent();
-        res.setEntityStream(new ByteArrayInputStream(bytes));
-        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JwtUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            res.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
deleted file mode 100644
index e12a251..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-
-import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtUtils;
-
-@PreMatching
-@Priority(Priorities.JWE_SERVER_READ_PRIORITY)
-public class JweContainerRequestFilter extends AbstractJweDecryptingFilter implements ContainerRequestFilter {
-    @Override
-    public void filter(ContainerRequestContext context) throws IOException {
-        JweDecryptionOutput out = decrypt(context.getEntityStream());
-        byte[] bytes = out.getContent();
-        context.setEntityStream(new ByteArrayInputStream(bytes));
-        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JwtUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            context.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
deleted file mode 100644
index e37f68c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ /dev/null
@@ -1,200 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Properties;
-import java.util.zip.DeflaterOutputStream;
-
-import javax.annotation.Priority;
-import javax.crypto.SecretKey;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.ext.WriterInterceptor;
-import javax.ws.rs.ext.WriterInterceptorContext;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.oauth2.jwe.AesCbcHmacJweEncryption;
-import org.apache.cxf.rs.security.oauth2.jwe.AesGcmWrapKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.AesWrapKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.JweCompactProducer;
-import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionState;
-import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
-import org.apache.cxf.rs.security.oauth2.jwe.JweOutputStream;
-import org.apache.cxf.rs.security.oauth2.jwe.KeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.RSAOaepKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryption;
-import org.apache.cxf.rs.security.oauth2.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.jwk.JwkUtils;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-@Priority(Priorities.JWE_WRITE_PRIORITY)
-public class JweWriterInterceptor implements WriterInterceptor {
-    private static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
-    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
-    private JweEncryptionProvider encryptionProvider;
-    private boolean contentTypeRequired = true;
-    private boolean useJweOutputStream;
-    private JwtHeadersWriter writer = new JwtTokenReaderWriter();
-    @Override
-    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
-        
-        //ctx.setMediaType(JAXRSUtils.toMediaType(JwtConstants.MEDIA_TYPE_JOSE_JSON));
-        
-        OutputStream actualOs = ctx.getOutputStream();
-        
-        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
-        
-        String ctString = null;
-        if (contentTypeRequired) {
-            MediaType mt = ctx.getMediaType();
-            if (mt != null) {
-                if ("application".equals(mt.getType())) {
-                    ctString = mt.getSubtype();
-                } else {
-                    ctString = JAXRSUtils.mediaTypeToString(mt);
-                }
-            }
-        }
-        
-        
-        if (useJweOutputStream) {
-            JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(ctString);
-            try {
-                JweCompactProducer.startJweContent(actualOs,
-                                                   encryption.getHeaders(), 
-                                                   writer, 
-                                                   encryption.getContentEncryptionKey(), 
-                                                   encryption.getIv());
-            } catch (IOException ex) {
-                throw new SecurityException(ex);
-            }
-            OutputStream jweStream = new JweOutputStream(actualOs, encryption.getCipher(), 
-                                                         encryption.getAuthTagProducer());
-            if (encryption.isCompressionSupported()) {
-                jweStream = new DeflaterOutputStream(jweStream);
-            }
-            
-            ctx.setOutputStream(jweStream);
-            ctx.proceed();
-            jweStream.flush();
-        } else {
-            CachedOutputStream cos = new CachedOutputStream(); 
-            ctx.setOutputStream(cos);
-            ctx.proceed();
-            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), ctString);
-            IOUtils.copy(new ByteArrayInputStream(jweContent.getBytes("UTF-8")), actualOs);
-            actualOs.flush();
-        }
-    }
-    
-    protected JweEncryptionProvider getInitializedEncryptionProvider() {
-        if (encryptionProvider != null) {
-            return encryptionProvider;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            KeyEncryptionAlgorithm keyEncryptionProvider = null;
-            String keyEncryptionAlgo = null;
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-                keyEncryptionAlgo = jwk.getAlgorithm();
-                // TODO: Put it into some factory code
-                if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-                    keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(jwk.toRSAPublicKey(),
-                                                getKeyEncryptionAlgo(props, keyEncryptionAlgo));
-                } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-                    SecretKey key = jwk.toSecretKey();
-                    if (Algorithm.isAesKeyWrap(keyEncryptionAlgo)) {
-                        keyEncryptionProvider = new AesWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-                    } else if (Algorithm.isAesGcmKeyWrap(keyEncryptionAlgo)) {
-                        keyEncryptionProvider = new AesGcmWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-                    }
-                } else {
-                    // TODO: support elliptic curve keys
-                }
-                
-            } else {
-                keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(
-                    (RSAPublicKey)CryptoUtils.loadPublicKey(m, props), 
-                    getKeyEncryptionAlgo(props, keyEncryptionAlgo));
-            }
-            if (keyEncryptionProvider == null) {
-                throw new SecurityException();
-            }
-            
-            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
-            JweHeaders headers = new JweHeaders(getKeyEncryptionAlgo(props, keyEncryptionAlgo), 
-                                                contentEncryptionAlgo);
-            String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
-            if (compression != null) {
-                headers.setZipAlgorithm(compression);
-            }
-            boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo);
-            if (isAesHmac) { 
-                return new AesCbcHmacJweEncryption(
-                    keyEncryptionAlgo, contentEncryptionAlgo, keyEncryptionProvider);
-            } else {
-                return new WrappedKeyJweEncryption(headers, keyEncryptionProvider);
-            }
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    private String getKeyEncryptionAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : algo;
-    }
-    public void setUseJweOutputStream(boolean useJweOutputStream) {
-        this.useJweOutputStream = useJweOutputStream;
-    }
-
-    public void setWriter(JwtHeadersWriter writer) {
-        this.writer = writer;
-    }
-
-    public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
-        this.encryptionProvider = encryptionProvider;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
deleted file mode 100644
index e5a872e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientResponseContext;
-import javax.ws.rs.client.ClientResponseFilter;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.oauth2.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtUtils;
-
-@Priority(Priorities.JWS_CLIENT_READ_PRIORITY)
-public class JwsClientResponseFilter extends AbstractJwsReaderProvider implements ClientResponseFilter {
-    @Override
-    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()), 
-                                                      getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
-        byte[] bytes = p.getDecodedJwsPayloadBytes();
-        res.setEntityStream(new ByteArrayInputStream(bytes));
-        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JwtUtils.checkContentType(p.getJwtHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            res.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
deleted file mode 100644
index d431cc1..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.oauth2.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtUtils;
-
-@PreMatching
-@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
-public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter {
-    @Override
-    public void filter(ContainerRequestContext context) throws IOException {
-        
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()), 
-                                                      getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
-        byte[] bytes = p.getDecodedJwsPayloadBytes();
-        context.setEntityStream(new ByteArrayInputStream(bytes));
-        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        
-        String ct = JwtUtils.checkContentType(p.getJwtHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            context.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyReader.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyReader.java
deleted file mode 100644
index 2d3a144..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyReader.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyReader;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.oauth2.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtToken;
-
-public class JwsJwtMessageBodyReader extends AbstractJwsReaderProvider 
-    implements MessageBodyReader<JwtToken> {
-    
-    @Override
-    public boolean isReadable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return cls == JwtToken.class;
-    }
-
-    @Override
-    public JwtToken readFrom(Class<JwtToken> cls, Type t, Annotation[] anns, MediaType mt,
-                             MultivaluedMap<String, String> headers, InputStream is) throws IOException,
-        WebApplicationException {
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsJwtCompactConsumer p = new JwsJwtCompactConsumer(IOUtils.readStringFromStream(is), 
-                                                      getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
-        return p.getJwtToken();
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyWriter.java
deleted file mode 100644
index 595b83c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsJwtMessageBodyWriter.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyWriter;
-
-import org.apache.cxf.rs.security.oauth2.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtToken;
-
-public class JwsJwtMessageBodyWriter  extends AbstractJwsWriterProvider 
-    implements MessageBodyWriter<JwtToken> {
-    
-    @Override
-    public long getSize(JwtToken token, Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return -1;
-    }
-
-    @Override
-    public boolean isWriteable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return cls == JwtToken.class;
-    }
-
-    @Override
-    public void writeTo(JwtToken token, Class<?> cls, Type type, Annotation[] anns, MediaType mt,
-                        MultivaluedMap<String, Object> headers, OutputStream os) throws IOException,
-        WebApplicationException {
-        JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
-        JwtHeaders jwtHeaders = new JwtHeaders();
-        JwsSignatureProvider sigProvider = getInitializedSigProvider(jwtHeaders);
-        jwtHeaders.setContentType(JwtConstants.TYPE_JWT);
-        writeJws(p, sigProvider, os);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
deleted file mode 100644
index fdbf56b..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.annotation.Priority;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.ext.WriterInterceptor;
-import javax.ws.rs.ext.WriterInterceptorContext;
-
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.oauth2.jws.JwsOutputStream;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignature;
-import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlOutputStream;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-@Priority(Priorities.JWS_WRITE_PRIORITY)
-public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor {
-    private boolean contentTypeRequired = true;
-    private boolean useJwsOutputStream;
-    private JwtHeadersWriter writer = new JwtTokenReaderWriter();
-    @Override
-    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
-        //ctx.setMediaType(JAXRSUtils.toMediaType(JwtConstants.MEDIA_TYPE_JOSE_JSON));
-        JwtHeaders headers = new JwtHeaders();
-        JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
-        setContentTypeIfNeeded(headers, ctx);
-        
-        OutputStream actualOs = ctx.getOutputStream();
-        if (useJwsOutputStream) {
-            JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
-            JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature);
-            byte[] headerBytes = writer.headersToJson(headers).getBytes("UTF-8");
-            Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
-            jwsStream.write(new byte[]{'.'});
-                        
-            Base64UrlOutputStream base64Stream = new Base64UrlOutputStream(jwsStream);
-            ctx.setOutputStream(base64Stream);
-            ctx.proceed();
-            base64Stream.flush();
-            jwsStream.flush();
-        } else {
-            CachedOutputStream cos = new CachedOutputStream(); 
-            ctx.setOutputStream(cos);
-            ctx.proceed();
-            JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), "UTF-8"));
-            writeJws(p, sigProvider, actualOs);
-        }
-    }
-    
-    public void setContentTypeRequired(boolean contentTypeRequired) {
-        this.contentTypeRequired = contentTypeRequired;
-    }
-    
-    public void setUseJwsOutputStream(boolean useJwsOutputStream) {
-        this.useJwsOutputStream = useJwsOutputStream;
-    }
-    public void setWriter(JwtHeadersWriter writer) {
-        this.writer = writer;
-    }
-    private void setContentTypeIfNeeded(JwtHeaders headers, WriterInterceptorContext ctx) {    
-        if (contentTypeRequired) {
-            MediaType mt = ctx.getMediaType();
-            if (mt != null) {
-                if ("application".equals(mt.getType())) {
-                    headers.setContentType(mt.getSubtype());
-                } else {
-                    headers.setContentType(JAXRSUtils.mediaTypeToString(mt));
-                }
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
deleted file mode 100644
index 42b2523..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/Priorities.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-
-public final class Priorities {
-    public static final int JWE_SERVER_READ_PRIORITY = 1000;
-    public static final int JWE_WRITE_PRIORITY = 1000;
-    public static final int JWE_CLIENT_READ_PRIORITY = 1001;
-    public static final int JWS_SERVER_READ_PRIORITY = 1001;
-    public static final int JWS_WRITE_PRIORITY = 1001;
-    public static final int JWS_CLIENT_READ_PRIORITY = 1000;
-    private Priorities() {
-        
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
new file mode 100644
index 0000000..554e5db
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -0,0 +1,210 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.Security;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JweCompactReaderWriterTest extends Assert {
+    // A1 example
+    private static final byte[] CONTENT_ENCRYPTION_KEY_A1 = {
+        (byte)177, (byte)161, (byte)244, (byte)128, 84, (byte)143, (byte)225,
+        115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246,
+        (byte)138, 7, 110, 91, 112, 46, 34, 105, 47, 
+        (byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252};
+    private static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"
+           + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"
+           + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"
+           + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"
+           + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
+           + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw";
+    private static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
+    private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = 
+        "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
+        + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
+        + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"
+        + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"
+        + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"
+        + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ";
+    
+    private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219, 
+        (byte)233, 68, (byte)180, (byte)225, 77, (byte)219};
+    
+    // A3 example
+    private static final byte[] CONTENT_ENCRYPTION_KEY_A3 = {
+        4, (byte)211, 31, (byte)197, 84, (byte)157, (byte)252, (byte)254, 11, 100, 
+        (byte)157, (byte)250, 63, (byte)170, 106, (byte)206, 107, 124, (byte)212, 
+        45, 111, 107, 9, (byte)219, (byte)200, (byte)177, 0, (byte)240, (byte)143, 
+        (byte)156, 44, (byte)207};
+    private static final byte[] INIT_VECTOR_A3 = {
+        3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101};
+    private static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg";
+    private static final String JWE_OUTPUT_A3 = 
+        "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0" 
+        + ".6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ" 
+        + ".AxY8DCtDaGlsbGljb3RoZQ" 
+        + ".KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY" 
+        + ".U0m_YmjN04DJvceFICbCVQ";
+    
+    @BeforeClass
+    public static void registerBouncyCastleIfNeeded() throws Exception {
+        try {
+            // Java 8 apparently has it
+            Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
+        } catch (Throwable t) {
+            // Oracle Java 7
+            Security.addProvider(new BouncyCastleProvider());    
+        }
+    }
+    @AfterClass
+    public static void unregisterBouncyCastleIfNeeded() throws Exception {
+        Security.removeProvider(BouncyCastleProvider.class.getName());    
+    }
+    
+    @Test
+    public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception {
+        final String specPlainText = "Live long and prosper.";
+        JweHeaders headers = new JweHeaders();
+        headers.setAlgorithm(Algorithm.A128KW.getJwtName());
+        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
+        
+        byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
+        
+        AesWrapKeyEncryptionAlgorithm keyEncryption = 
+            new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+                                                           CONTENT_ENCRYPTION_KEY_A3, 
+                                                           INIT_VECTOR_A3,
+                                                           keyEncryption);
+        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+        assertEquals(JWE_OUTPUT_A3, jweContent);
+        
+        AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey);
+        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
+        String decryptedText = decryption.decrypt(jweContent).getContentText();
+        assertEquals(specPlainText, decryptedText);
+    }
+    @Test
+    public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception {
+        final String specPlainText = "Live long and prosper.";
+        JweHeaders headers = new JweHeaders();
+        headers.setAlgorithm(JwtConstants.A128GCMKW_ALGO);
+        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
+        
+        byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
+        
+        AesGcmWrapKeyEncryptionAlgorithm keyEncryption = 
+            new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JwtConstants.A128GCMKW_ALGO);
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+                                                           CONTENT_ENCRYPTION_KEY_A3, 
+                                                           INIT_VECTOR_A3,
+                                                           keyEncryption);
+        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+        
+        AesGcmWrapKeyDecryptionAlgorithm keyDecryption = new AesGcmWrapKeyDecryptionAlgorithm(cekEncryptionKey);
+        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
+        String decryptedText = decryption.decrypt(jweContent).getContentText();
+        assertEquals(specPlainText, decryptedText);
+    }
+    
+    @Test
+    public void testEncryptDecryptSpecExample() throws Exception {
+        final String specPlainText = "The true sign of intelligence is not knowledge but imagination.";
+        String jweContent = encryptContent(specPlainText, true);
+        
+        decrypt(jweContent, specPlainText, true);
+    }
+    
+    @Test
+    public void testDirectKeyEncryptDecrypt() throws Exception {
+        final String specPlainText = "The true sign of intelligence is not knowledge but imagination.";
+        SecretKey key = createSecretKey(true);
+        String jweContent = encryptContentDirect(key, specPlainText);
+        
+        decryptDirect(key, jweContent, specPlainText);
+    }
+    
+    @Test
+    public void testEncryptDecryptJwsToken() throws Exception {
+        String jweContent = encryptContent(JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false);
+        decrypt(jweContent, JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false);
+    }
+    
+    private String encryptContent(String content, boolean createIfException) throws Exception {
+        RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, 
+                                                             RSA_PUBLIC_EXPONENT_ENCODED_A1);
+        SecretKey key = createSecretKey(createIfException);
+        String jwtKeyName = null;
+        if (key == null) {
+            // the encryptor will generate it
+            jwtKeyName = Algorithm.A128GCM.getJwtName();
+        } else {
+            jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8);
+        }
+        JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(
+                                                        new JweHeaders(Algorithm.RSA_OAEP.getJwtName(), jwtKeyName),  
+                                                        key == null ? null : key.getEncoded(), 
+                                                        INIT_VECTOR_A1,
+                                                        new RSAOaepKeyEncryptionAlgorithm(publicKey, 
+                                                            Algorithm.RSA_OAEP.getJwtName()));
+        return encryptor.encrypt(content.getBytes("UTF-8"), null);
+    }
+    private String encryptContentDirect(SecretKey key, String content) throws Exception {
+        DirectKeyJweEncryption encryptor = new DirectKeyJweEncryption(key, INIT_VECTOR_A1);
+        return encryptor.encrypt(content.getBytes("UTF-8"), null);
+    }
+    private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception {
+        RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, 
+                                                                RSA_PRIVATE_EXPONENT_ENCODED_A1);
+        JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey));
+        String decryptedText = decryptor.decrypt(jweContent).getContentText();
+        assertEquals(decryptedText, plainContent);
+    }
+    private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception {
+        DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key);
+        String decryptedText = decryptor.decrypt(jweContent).getContentText();
+        assertEquals(decryptedText, plainContent);
+    }
+    private SecretKey createSecretKey(boolean createIfException) throws Exception {
+        SecretKey key = null;
+        if (Cipher.getMaxAllowedKeyLength("AES") > 128) { 
+            key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES");
+        } else if (createIfException) {
+            key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES");
+        }
+        return key;
+    }
+}
+

http://git-wip-us.apache.org/repos/asf/cxf/blob/707d938a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
new file mode 100644
index 0000000..e914b9b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.Security;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class JwePbeHmacAesWrapTest extends Assert {
+    @Before
+    public void registerBouncyCastleIfNeeded() throws Exception {
+        Security.addProvider(new BouncyCastleProvider());    
+    }
+    @After
+    public void unregisterBouncyCastleIfNeeded() throws Exception {
+        Security.removeProvider(BouncyCastleProvider.class.getName());    
+    }
+    @Test
+    public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception {
+        final String specPlainText = "Live long and prosper.";
+        JweHeaders headers = new JweHeaders();
+        headers.setAlgorithm(JwtConstants.PBES2_HS256_A128KW_ALGO);
+        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
+        final String password = "Thus from my lips, by yours, my sin is purged."; 
+        KeyEncryptionAlgorithm keyEncryption = 
+            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO);
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, keyEncryption);
+        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+        
+        PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
+        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
+        String decryptedText = decryption.decrypt(jweContent).getContentText();
+        assertEquals(specPlainText, decryptedText);
+        
+    }
+    @Test
+    public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception {
+        final String specPlainText = "Live long and prosper.";
+        JweHeaders headers = new JweHeaders();
+        headers.setAlgorithm(JwtConstants.PBES2_HS256_A128KW_ALGO);
+        headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName());
+        final String password = "Thus from my lips, by yours, my sin is purged."; 
+        KeyEncryptionAlgorithm keyEncryption = 
+            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO);
+        JweEncryptionProvider encryption = 
+            new WrappedKeyJweEncryption(headers, keyEncryption);
+        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+        PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
+        JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, null, null);
+        String decryptedText = decryption.decrypt(jweContent).getContentText();
+        assertEquals(specPlainText, decryptedText);
+        
+    }
+}
+


Mime
View raw message