cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [05/10] Changing the oauth2-jwt source folder to oauth2-jose
Date Fri, 19 Sep 2014 14:49:14 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
deleted file mode 100644
index 9d5fc9c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Properties;
-import java.util.zip.DeflaterOutputStream;
-
-import javax.annotation.Priority;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.ext.WriterInterceptor;
-import javax.ws.rs.ext.WriterInterceptorContext;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
-import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState;
-import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
-import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweEncryption;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-@Priority(Priorities.JWE_WRITE_PRIORITY)
-public class JweWriterInterceptor implements WriterInterceptor {
-    private static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
-    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
-    private JweEncryptionProvider encryptionProvider;
-    private boolean contentTypeRequired = true;
-    private boolean useJweOutputStream;
-    private JwtHeadersWriter writer = new JwtTokenReaderWriter();
-    @Override
-    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
-        
-        //ctx.setMediaType(JAXRSUtils.toMediaType(JwtConstants.MEDIA_TYPE_JOSE_JSON));
-        
-        OutputStream actualOs = ctx.getOutputStream();
-        
-        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
-        
-        String ctString = null;
-        if (contentTypeRequired) {
-            MediaType mt = ctx.getMediaType();
-            if (mt != null) {
-                if ("application".equals(mt.getType())) {
-                    ctString = mt.getSubtype();
-                } else {
-                    ctString = JAXRSUtils.mediaTypeToString(mt);
-                }
-            }
-        }
-        
-        
-        if (useJweOutputStream) {
-            JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(ctString);
-            try {
-                JweCompactProducer.startJweContent(actualOs,
-                                                   encryption.getHeaders(), 
-                                                   writer, 
-                                                   encryption.getContentEncryptionKey(), 
-                                                   encryption.getIv());
-            } catch (IOException ex) {
-                throw new SecurityException(ex);
-            }
-            OutputStream jweStream = new JweOutputStream(actualOs, encryption.getCipher(), 
-                                                         encryption.getAuthTagProducer());
-            if (encryption.isCompressionSupported()) {
-                jweStream = new DeflaterOutputStream(jweStream);
-            }
-            
-            ctx.setOutputStream(jweStream);
-            ctx.proceed();
-            jweStream.flush();
-        } else {
-            CachedOutputStream cos = new CachedOutputStream(); 
-            ctx.setOutputStream(cos);
-            ctx.proceed();
-            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), ctString);
-            IOUtils.copy(new ByteArrayInputStream(jweContent.getBytes("UTF-8")), actualOs);
-            actualOs.flush();
-        }
-    }
-    
-    protected JweEncryptionProvider getInitializedEncryptionProvider() {
-        if (encryptionProvider != null) {
-            return encryptionProvider;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            KeyEncryptionAlgorithm keyEncryptionProvider = null;
-            String keyEncryptionAlgo = null;
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-                keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
-                keyEncryptionProvider = JweUtils.getKeyEncryptionAlgorithm(jwk, keyEncryptionAlgo);
-                
-            } else {
-                keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(
-                    (RSAPublicKey)CryptoUtils.loadPublicKey(m, props), 
-                    getKeyEncryptionAlgo(props, keyEncryptionAlgo));
-            }
-            if (keyEncryptionProvider == null) {
-                throw new SecurityException();
-            }
-            
-            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
-            JweHeaders headers = new JweHeaders(getKeyEncryptionAlgo(props, keyEncryptionAlgo), 
-                                                contentEncryptionAlgo);
-            String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
-            if (compression != null) {
-                headers.setZipAlgorithm(compression);
-            }
-            boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo);
-            if (isAesHmac) { 
-                return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider);
-            } else {
-                return new WrappedKeyJweEncryption(headers, 
-                                                   keyEncryptionProvider,
-                                                   new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgo));
-            }
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    private String getKeyEncryptionAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : algo;
-    }
-    public void setUseJweOutputStream(boolean useJweOutputStream) {
-        this.useJweOutputStream = useJweOutputStream;
-    }
-
-    public void setWriter(JwtHeadersWriter writer) {
-        this.writer = writer;
-    }
-
-    public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
-        this.encryptionProvider = encryptionProvider;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
deleted file mode 100644
index aeaa742..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientResponseContext;
-import javax.ws.rs.client.ClientResponseFilter;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
-
-@Priority(Priorities.JWS_CLIENT_READ_PRIORITY)
-public class JwsClientResponseFilter extends AbstractJwsReaderProvider implements ClientResponseFilter {
-    @Override
-    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()), 
-                                                      getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
-        byte[] bytes = p.getDecodedJwsPayloadBytes();
-        res.setEntityStream(new ByteArrayInputStream(bytes));
-        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JwtUtils.checkContentType(p.getJwtHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            res.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
deleted file mode 100644
index d80aa38..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
-
-@PreMatching
-@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
-public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter {
-    @Override
-    public void filter(ContainerRequestContext context) throws IOException {
-        
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()), 
-                                                      getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
-        byte[] bytes = p.getDecodedJwsPayloadBytes();
-        context.setEntityStream(new ByteArrayInputStream(bytes));
-        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        
-        String ct = JwtUtils.checkContentType(p.getJwtHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            context.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java
deleted file mode 100644
index 831d114..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyReader;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-
-public class JwsJwtMessageBodyReader extends AbstractJwsReaderProvider 
-    implements MessageBodyReader<JwtToken> {
-    
-    @Override
-    public boolean isReadable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return cls == JwtToken.class;
-    }
-
-    @Override
-    public JwtToken readFrom(Class<JwtToken> cls, Type t, Annotation[] anns, MediaType mt,
-                             MultivaluedMap<String, String> headers, InputStream is) throws IOException,
-        WebApplicationException {
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsJwtCompactConsumer p = new JwsJwtCompactConsumer(IOUtils.readStringFromStream(is), 
-                                                      getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
-        return p.getJwtToken();
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java
deleted file mode 100644
index 17b11f5..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyWriter;
-
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-
-public class JwsJwtMessageBodyWriter  extends AbstractJwsWriterProvider 
-    implements MessageBodyWriter<JwtToken> {
-    
-    @Override
-    public long getSize(JwtToken token, Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return -1;
-    }
-
-    @Override
-    public boolean isWriteable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return cls == JwtToken.class;
-    }
-
-    @Override
-    public void writeTo(JwtToken token, Class<?> cls, Type type, Annotation[] anns, MediaType mt,
-                        MultivaluedMap<String, Object> headers, OutputStream os) throws IOException,
-        WebApplicationException {
-        JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
-        JwtHeaders jwtHeaders = new JwtHeaders();
-        JwsSignatureProvider sigProvider = getInitializedSigProvider(jwtHeaders);
-        jwtHeaders.setContentType(JwtConstants.TYPE_JWT);
-        writeJws(p, sigProvider, os);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
deleted file mode 100644
index c99ec15..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.annotation.Priority;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.ext.WriterInterceptor;
-import javax.ws.rs.ext.WriterInterceptorContext;
-
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsOutputStream;
-import org.apache.cxf.rs.security.jose.jws.JwsSignature;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlOutputStream;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-
-@Priority(Priorities.JWS_WRITE_PRIORITY)
-public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor {
-    private boolean contentTypeRequired = true;
-    private boolean useJwsOutputStream;
-    private JwtHeadersWriter writer = new JwtTokenReaderWriter();
-    @Override
-    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
-        //ctx.setMediaType(JAXRSUtils.toMediaType(JwtConstants.MEDIA_TYPE_JOSE_JSON));
-        JwtHeaders headers = new JwtHeaders();
-        JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
-        setContentTypeIfNeeded(headers, ctx);
-        
-        OutputStream actualOs = ctx.getOutputStream();
-        if (useJwsOutputStream) {
-            JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
-            JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature);
-            byte[] headerBytes = writer.headersToJson(headers).getBytes("UTF-8");
-            Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
-            jwsStream.write(new byte[]{'.'});
-                        
-            Base64UrlOutputStream base64Stream = new Base64UrlOutputStream(jwsStream);
-            ctx.setOutputStream(base64Stream);
-            ctx.proceed();
-            base64Stream.flush();
-            jwsStream.flush();
-        } else {
-            CachedOutputStream cos = new CachedOutputStream(); 
-            ctx.setOutputStream(cos);
-            ctx.proceed();
-            JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), "UTF-8"));
-            writeJws(p, sigProvider, actualOs);
-        }
-    }
-    
-    public void setContentTypeRequired(boolean contentTypeRequired) {
-        this.contentTypeRequired = contentTypeRequired;
-    }
-    
-    public void setUseJwsOutputStream(boolean useJwsOutputStream) {
-        this.useJwsOutputStream = useJwsOutputStream;
-    }
-    public void setWriter(JwtHeadersWriter writer) {
-        this.writer = writer;
-    }
-    private void setContentTypeIfNeeded(JwtHeaders headers, WriterInterceptorContext ctx) {    
-        if (contentTypeRequired) {
-            MediaType mt = ctx.getMediaType();
-            if (mt != null) {
-                if ("application".equals(mt.getType())) {
-                    headers.setContentType(mt.getSubtype());
-                } else {
-                    headers.setContentType(JAXRSUtils.mediaTypeToString(mt));
-                }
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
deleted file mode 100644
index fc48ebc..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-public final class Priorities {
-    public static final int JWE_SERVER_READ_PRIORITY = 1000;
-    public static final int JWE_WRITE_PRIORITY = 1000;
-    public static final int JWE_CLIENT_READ_PRIORITY = 1001;
-    public static final int JWS_SERVER_READ_PRIORITY = 1001;
-    public static final int JWS_WRITE_PRIORITY = 1001;
-    public static final int JWS_CLIENT_READ_PRIORITY = 1000;
-    private Priorities() {
-        
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
deleted file mode 100644
index 800bd1a..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ /dev/null
@@ -1,209 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-
-
-
-
-public enum Algorithm {
-    // Signature
-    HmacSHA256(JwtConstants.HMAC_SHA_256_ALGO, 256),
-    HmacSHA384(JwtConstants.HMAC_SHA_384_ALGO, 384),
-    HmacSHA512(JwtConstants.HMAC_SHA_512_ALGO, 512),
-    
-    SHA256withRSA(JwtConstants.RS_SHA_256_ALGO, 256),
-    SHA384withRSA(JwtConstants.RS_SHA_384_ALGO, 384),
-    SHA512withRSA(JwtConstants.RS_SHA_512_ALGO, 512),
-    
-    SHA256withECDSA(JwtConstants.ES_SHA_256_ALGO, 256),
-    SHA384withECDSA(JwtConstants.ES_SHA_384_ALGO, 384),
-    SHA512withECDSA(JwtConstants.ES_SHA_512_ALGO, 512),
-    
-    // Key Encryption
-    RSA_OAEP(JwtConstants.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
-    RSA_OAEP_256(JwtConstants.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
-    RSA_1_5(JwtConstants.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
-    A128KW(JwtConstants.A128KW_ALGO, "AESWrap", 128),
-    A192KW(JwtConstants.A192KW_ALGO, "AESWrap", 192),
-    A256KW(JwtConstants.A256KW_ALGO, "AESWrap", 256),
-    A128GCMKW(JwtConstants.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCMKW(JwtConstants.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCMKW(JwtConstants.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
-    PBES2_HS256_A128KW(JwtConstants.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
-    PBES2_HS384_A192KW(JwtConstants.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
-    PBES2_HS512_A256KW(JwtConstants.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
-    
-    // Content Encryption
-    A128GCM(JwtConstants.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCM(JwtConstants.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCM(JwtConstants.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
-    A128CBC_HS256(JwtConstants.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
-    A192CBC_HS384(JwtConstants.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
-    A256CBC_HS512(JwtConstants.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
-    
-    public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
-    public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
-    public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
-    public static final String RS_SHA_256_JAVA = "SHA256withRSA";
-    public static final String RS_SHA_384_JAVA = "SHA384withRSA";
-    public static final String RS_SHA_512_JAVA = "SHA512withRSA";
-    public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
-    public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
-    public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
-    public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
-    public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
-    public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
-    public static final String AES_ALGO_JAVA = "AES";
-    public static final String AES_WRAP_ALGO_JAVA = "AESWrap";
-    public static final String AES_GCM_ALGO_JAVA = "AES/GCM/NoPadding";
-    public static final String AES_CBC_ALGO_JAVA = "AES/CBC/PKCS7Padding";
-    
-    private static final Map<String, String> JAVA_TO_JWT_NAMES;
-    private static final Map<String, String> JWT_TO_JAVA_NAMES;
-    static {
-        JAVA_TO_JWT_NAMES = new HashMap<String, String>();
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_256_JAVA, JwtConstants.HMAC_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_384_JAVA, JwtConstants.HMAC_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_512_JAVA, JwtConstants.HMAC_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_256_JAVA, JwtConstants.RS_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JwtConstants.RS_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JwtConstants.RS_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_256_JAVA, JwtConstants.ES_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_384_JAVA, JwtConstants.ES_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_512_JAVA, JwtConstants.ES_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JwtConstants.RSA_OAEP_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JwtConstants.RSA_OAEP_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JwtConstants.RSA_1_5_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JwtConstants.A256GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JwtConstants.A192GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JwtConstants.A128GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JwtConstants.A128KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JwtConstants.A192KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JwtConstants.A256KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JwtConstants.A128CBC_HS256_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JwtConstants.A192CBC_HS384_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JwtConstants.A256CBC_HS512_ALGO);
-        JWT_TO_JAVA_NAMES = new HashMap<String, String>();
-        JWT_TO_JAVA_NAMES.put(JwtConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_256_ALGO, RS_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.ES_SHA_256_ALGO, ES_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.ES_SHA_384_ALGO, ES_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.ES_SHA_512_ALGO, ES_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A256GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A192GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A128GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JwtConstants.PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-    }
-    private final String jwtName;
-    private final String javaName;
-    private final int keySizeBits;
-    
-    private Algorithm(String jwtName, int keySizeBits) {
-        this(jwtName, null, keySizeBits);
-    }
-    private Algorithm(String jwtName, String javaName, int keySizeBits) {
-        this.jwtName = jwtName;
-        this.javaName = javaName;
-        this.keySizeBits = keySizeBits;
-    }
-
-    public String getJwtName() {
-        return jwtName;
-    }
-
-    public String getJavaName() {
-        return javaName == null ? name() : javaName;
-    }
-    
-    public String getJavaAlgoName() {
-        return stripAlgoProperties(getJavaName());
-    }
-
-    public int getKeySizeBits() {
-        return keySizeBits;
-    }
-    
-    public static String toJwtName(String javaName, int keyBitSize) {
-        //TODO: perhaps a key should be a name+keysize pair
-        String name = JAVA_TO_JWT_NAMES.get(javaName);
-        if (name == null && javaName.startsWith(AES_ALGO_JAVA)) {
-            name = "A" + keyBitSize + "GCM";
-        } 
-        return name;
-    }
-    public static String toJavaName(String jwtName) {    
-        return JWT_TO_JAVA_NAMES.get(jwtName);
-    }
-    public static String toJavaAlgoNameOnly(String jwtName) {    
-        return stripAlgoProperties(toJavaName(jwtName));
-    }
-    public static String stripAlgoProperties(String javaName) {    
-        if (javaName != null) {
-            int index = javaName.indexOf('/');
-            if (index != -1) {
-                javaName = javaName.substring(0, index);
-            }
-        }
-        return javaName;
-    }
-    public static boolean isAesKeyWrap(String algo) {
-        return JwtConstants.A128KW_ALGO.equals(algo)
-               || JwtConstants.A192KW_ALGO.equals(algo)
-               || JwtConstants.A256KW_ALGO.equals(algo);
-    }
-    public static boolean isAesGcmKeyWrap(String algo) {
-        return JwtConstants.A128GCM_ALGO.equals(algo)
-               || JwtConstants.A192GCMKW_ALGO.equals(algo)
-               || JwtConstants.A256GCMKW_ALGO.equals(algo);
-    }
-    public static boolean isHmacSign(String algo) {
-        return JwtConstants.HMAC_SHA_256_ALGO.equals(algo)
-            || JwtConstants.HMAC_SHA_384_ALGO.equals(algo)
-            || JwtConstants.HMAC_SHA_512_ALGO.equals(algo); 
-    }
-    public static boolean isAesCbcHmac(String algo) {
-        return JwtConstants.A128CBC_HS256_ALGO.equals(algo)
-            || JwtConstants.A192CBC_HS384_ALGO.equals(algo)
-            || JwtConstants.A256CBC_HS512_ALGO.equals(algo); 
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
deleted file mode 100644
index adf6d59..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.concurrent.atomic.AtomicInteger;
-
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentEncryptionAlgorithm {
-    private static final int DEFAULT_IV_SIZE = 128;
-    private byte[] cek;
-    private byte[] iv;
-    private AtomicInteger providedIvUsageCount;
-    private String algorithm;
-    
-    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
-        this.cek = cek;
-        this.iv = iv;
-        if (iv != null && iv.length > 0) {
-            providedIvUsageCount = new AtomicInteger();
-        }    
-        this.algorithm = algo;
-    }
-    @Override
-    public String getAlgorithm() { 
-        return algorithm;
-    }
-    public byte[] getContentEncryptionKey(JweHeaders headers) {
-        return cek;
-    }
-    public byte[] getInitVector() {
-        if (iv == null) {
-            return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8);
-        } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1) {
-            throw new SecurityException();
-        } else {
-            return iv;
-        }
-    }
-    protected int getIvSize() { 
-        return DEFAULT_IV_SIZE;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
deleted file mode 100644
index 291b8cb..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
-    private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
-    
-    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
-    }
-    public byte[] getAdditionalAuthenticationData(String headersJson) {
-        return JweHeaders.toCipherAdditionalAuthData(headersJson);
-    }
-    protected int getAuthTagLen() {
-        return authTagLen;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
deleted file mode 100644
index e2e1ac7..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersReader;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
-
-public abstract class AbstractJweDecryption implements JweDecryptionProvider {
-    private JweCryptoProperties props;
-    private KeyDecryptionAlgorithm keyDecryptionAlgo;
-    private ContentDecryptionAlgorithm contentDecryptionAlgo;
-    private JwtHeadersReader reader = new JwtTokenReaderWriter();
-    protected AbstractJweDecryption(JweCryptoProperties props, 
-                                    JwtHeadersReader theReader,
-                                    KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                    ContentDecryptionAlgorithm contentDecryptionAlgo) {
-        this.props = props;
-        if (theReader != null) {
-            reader = theReader;
-        }
-        this.keyDecryptionAlgo = keyDecryptionAlgo;
-        this.contentDecryptionAlgo = contentDecryptionAlgo;
-    }
-    
-    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
-        return this.keyDecryptionAlgo.getDecryptedContentEncryptionKey(consumer);
-    }
-    
-    public JweDecryptionOutput decrypt(String content) {
-        JweCompactConsumer consumer = new JweCompactConsumer(content, reader);
-        return doDecrypt(consumer);
-    }
-    public byte[] decrypt(JweCompactConsumer consumer) {
-        return doDecrypt(consumer).getContent();
-    }
-    
-    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer) {
-        consumer.enforceJweCryptoProperties(props);
-        byte[] cek = getContentEncryptionKey(consumer);
-        return doDecrypt(consumer, cek);
-    }
-    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer, byte[] cek) {
-        KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(consumer));
-        keyProperties.setAdditionalData(getContentEncryptionCipherAAD(consumer));
-        AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(consumer);
-        keyProperties.setAlgoSpec(spec);
-        boolean compressionSupported = 
-            JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(consumer.getJweHeaders().getZipAlgorithm());
-        keyProperties.setCompressionSupported(compressionSupported);
-        byte[] actualCek = getActualCek(cek, consumer.getJweHeaders().getContentEncryptionAlgorithm());
-        Key secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
-        byte[] bytes = 
-            CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(consumer), secretKey, keyProperties);
-        return new JweDecryptionOutput(consumer.getJweHeaders(), bytes);
-    }
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        return consumer.getEncryptedContentEncryptionKey();
-    }
-    protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweCompactConsumer consumer) {
-        return contentDecryptionAlgo.getAlgorithmParameterSpec(getContentEncryptionCipherInitVector(consumer));
-    }
-    protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
-        return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
-    }
-    protected byte[] getContentEncryptionCipherAAD(JweCompactConsumer consumer) {
-        return contentDecryptionAlgo.getAdditionalAuthenticationData(consumer.getDecodedJsonHeaders());
-    }
-    protected byte[] getEncryptedContentWithAuthTag(JweCompactConsumer consumer) {
-        return contentDecryptionAlgo.getEncryptedSequence(consumer.getEncryptedContent(), 
-                                                          getEncryptionAuthenticationTag(consumer));
-    }
-    protected byte[] getContentEncryptionCipherInitVector(JweCompactConsumer consumer) { 
-        return consumer.getContentDecryptionCipherInitVector();
-    }
-    protected byte[] getEncryptionAuthenticationTag(JweCompactConsumer consumer) {
-        return consumer.getEncryptionAuthenticationTag();
-    }
-    protected int getEncryptionAuthenticationTagLenBits(JweCompactConsumer consumer) {
-        return getEncryptionAuthenticationTag(consumer).length * 8;
-    }
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
deleted file mode 100644
index 747d996..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
-
-public abstract class AbstractJweEncryption implements JweEncryptionProvider {
-    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private JweHeaders headers;
-    private JwtHeadersWriter writer;
-    private ContentEncryptionAlgorithm contentEncryptionAlgo;
-    private KeyEncryptionAlgorithm keyEncryptionAlgo;
-    
-    protected AbstractJweEncryption(JweHeaders headers, 
-                                    ContentEncryptionAlgorithm contentEncryptionAlgo,
-                                    KeyEncryptionAlgorithm keyEncryptionAlgo) {
-        this(headers, contentEncryptionAlgo, keyEncryptionAlgo, null);
-    }
-    protected AbstractJweEncryption(JweHeaders headers, 
-                                    ContentEncryptionAlgorithm contentEncryptionAlgo, 
-                                    KeyEncryptionAlgorithm keyEncryptionAlgo,
-                                    JwtHeadersWriter writer) {
-        this.headers = headers;
-        this.writer = writer;
-        if (this.writer == null) {
-            this.writer = new JwtTokenReaderWriter();
-        }
-        this.keyEncryptionAlgo = keyEncryptionAlgo;
-        this.contentEncryptionAlgo = contentEncryptionAlgo;
-    }
-    
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return contentEncryptionAlgo.getAlgorithmParameterSpec(theIv);
-    }
-    
-    protected byte[] getContentEncryptionKey() {
-        byte[] cek = getProvidedContentEncryptionKey();
-        if (cek == null) {
-            String algoJava = getContentEncryptionAlgoJava();
-            String algoJwt = getContentEncryptionAlgoJwt();
-            cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava), 
-                                           getCekSize(algoJwt)).getEncoded();
-        }
-        return cek;
-    }
-   
-    protected int getCekSize(String algoJwt) {
-        return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
-    }
-    
-    protected byte[] getProvidedContentEncryptionKey() {
-        return contentEncryptionAlgo.getContentEncryptionKey(headers);
-    }
-    
-    protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
-        return keyEncryptionAlgo.getEncryptedContentEncryptionKey(headers, theCek);
-    }
-    
-    protected String getContentEncryptionAlgoJwt() {
-        return headers.getContentEncryptionAlgorithm();
-    }
-    protected String getContentEncryptionAlgoJava() {
-        return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
-    }
-    protected byte[] getAAD(JweHeaders theHeaders) {
-        return contentEncryptionAlgo.getAdditionalAuthenticationData(writer.headersToJson(theHeaders));
-    }
-    public String encrypt(byte[] content, String contentType) {
-        JweEncryptionInternal state = getInternalState(contentType);
-        
-        byte[] cipher = CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
-        
-        
-        JweCompactProducer producer = getJweCompactProducer(state, cipher);
-        return producer.getJweContent();
-    }
-    
-    protected JweCompactProducer getJweCompactProducer(JweEncryptionInternal state, byte[] cipher) {
-        return new JweCompactProducer(state.theHeaders, 
-                                      getJwtHeadersWriter(),                
-                                      state.jweContentEncryptionKey,
-                                      state.theIv,
-                                      cipher,
-                                      DEFAULT_AUTH_TAG_LENGTH);
-    }
-    
-    protected JwtHeadersWriter getJwtHeadersWriter() {
-        return writer;
-    }
-    protected JweHeaders getJweHeaders() {
-        return headers;
-    }
-    @Override
-    public JweEncryptionState createJweEncryptionState(String contentType) {
-        JweEncryptionInternal state = getInternalState(contentType);
-        Cipher c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
-                                          Cipher.ENCRYPT_MODE);
-        return new JweEncryptionState(c, 
-                                      state.theHeaders, 
-                                      state.jweContentEncryptionKey, 
-                                      state.theIv,
-                                      getAuthenticationTagProducer(state),
-                                      state.keyProps.isCompressionSupported());
-    }
-    protected AuthenticationTagProducer getAuthenticationTagProducer(JweEncryptionInternal state) {
-        return null;
-    }
-    protected SecretKey createCekSecretKey(JweEncryptionInternal state) {
-        return CryptoUtils.createSecretKeySpec(getActualCek(state.secretKey, this.getContentEncryptionAlgoJwt()), 
-                                               state.keyProps.getKeyAlgo());
-    }
-    
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    
-    private JweEncryptionInternal getInternalState(String contentType) {
-        byte[] theCek = getContentEncryptionKey();
-        String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
-        KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
-        keyProps.setCompressionSupported(compressionRequired(headers));
-        
-        byte[] theIv = contentEncryptionAlgo.getInitVector();
-        AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
-        keyProps.setAlgoSpec(specParams);
-        byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek);
-        
-        JweHeaders theHeaders = headers;
-        if (contentType != null) {
-            theHeaders = new JweHeaders(theHeaders.asMap());
-            theHeaders.setContentType(contentType);
-        }
-        byte[] additionalEncryptionParam = getAAD(theHeaders);
-        keyProps.setAdditionalData(additionalEncryptionParam);
-        
-        
-        JweEncryptionInternal state = new JweEncryptionInternal();
-        state.theHeaders = theHeaders;
-        state.jweContentEncryptionKey = jweContentEncryptionKey;
-        state.keyProps = keyProps;
-        state.secretKey = theCek; 
-        state.theIv = theIv;
-        return state;
-    }
-    private boolean compressionRequired(JweHeaders theHeaders) {
-        return JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm());
-    }
-    protected KeyEncryptionAlgorithm getKeyEncryptionAlgo() {
-        return keyEncryptionAlgo;
-    }
-    protected static class JweEncryptionInternal {
-        JweHeaders theHeaders;
-        byte[] jweContentEncryptionKey;
-        byte[] theIv;
-        KeyProperties keyProps;
-        byte[] secretKey;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 6e831a9..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
-
-public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    private Key keyEncryptionKey;
-    private boolean wrap;
-    private String algorithm;
-    private Set<String> supportedAlgorithms;
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
-        this(key, null, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
-        this(key, null, wrap, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) {
-        this(key, jweAlgo, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, boolean wrap, 
-                                                 Set<String> supportedAlgorithms) {
-        this.keyEncryptionKey = key;
-        this.algorithm = jweAlgo;
-        this.wrap = wrap;
-        this.supportedAlgorithms = supportedAlgorithms;
-    }
-    @Override
-    public String getAlgorithm() {
-        return algorithm;
-    }
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        checkAlgorithms(headers);
-        KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); 
-        if (spec != null) {
-            secretKeyProperties.setAlgoSpec(spec);
-        }
-        if (!wrap) {
-            return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties);
-        } else {
-            return CryptoUtils.wrapSecretKey(cek, 
-                                             getContentEncryptionAlgoJava(headers),
-                                             keyEncryptionKey, 
-                                             secretKeyProperties);
-        }
-    }
-    protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm());
-    }
-    protected String getContentEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        return null;
-    }
-    protected String checkAlgorithm(String algo) {
-        if (algo != null && !supportedAlgorithms.contains(algo)) {
-            throw new SecurityException();
-        }
-        return algo;
-    }
-    protected void checkAlgorithms(JweHeaders headers) {
-        String providedAlgo = headers.getKeyEncryptionAlgorithm();
-        if ((providedAlgo == null && algorithm == null)
-            || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm))) {
-            throw new SecurityException();
-        }
-        if (providedAlgo != null) {
-            checkAlgorithm(providedAlgo);
-        } else if (algorithm != null) {
-            headers.setKeyEncryptionAlgorithm(algorithm);
-            checkAlgorithm(algorithm);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
deleted file mode 100644
index 518b006..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersReader;
-
-public class AesCbcHmacJweDecryption extends AbstractJweDecryption {
-    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo) {
-        this(keyDecryptionAlgo, null, null);
-    }
-    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                   JweCryptoProperties props, 
-                                   JwtHeadersReader reader) {
-        super(props, reader, keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm());
-    }
-    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer, byte[] cek) {
-        validateAuthenticationTag(consumer, cek);
-        return super.doDecrypt(consumer, cek);
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return AesCbcHmacJweEncryption.doGetActualCek(theCek, algoJwt);
-    }
-    protected void validateAuthenticationTag(JweCompactConsumer consumer, byte[] theCek) {
-        byte[] actualAuthTag = consumer.getEncryptionAuthenticationTag();
-        
-        final AesCbcHmacJweEncryption.MacState macState = 
-            AesCbcHmacJweEncryption.getInitializedMacState(theCek, 
-                                                           consumer.getContentDecryptionCipherInitVector(),
-                                                           consumer.getJweHeaders(),
-                                                           consumer.getDecodedJsonHeaders());
-        macState.mac.update(consumer.getEncryptedContent());
-        byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
-        if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
-            throw new SecurityException();
-        }
-        
-    }
-    private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-        implements ContentDecryptionAlgorithm {
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson) {
-            return null;
-        }
-        @Override
-        public byte[] getEncryptedSequence(byte[] cipher, byte[] authTag) {
-            return cipher;
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
deleted file mode 100644
index 5e3eaa5..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.nio.ByteBuffer;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import javax.crypto.Mac;
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
-
-public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
-    private static final Set<String> SUPPORTED_CEK_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128CBC_HS256.getJwtName(),
-                      Algorithm.A192CBC_HS384.getJwtName(),
-                      Algorithm.A256CBC_HS512.getJwtName()));
-    private static final Map<String, String> AES_HMAC_MAP;
-    private static final Map<String, Integer> AES_CEK_SIZE_MAP;
-    static {
-        AES_HMAC_MAP = new HashMap<String, String>();
-        AES_HMAC_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), Algorithm.HMAC_SHA_256_JAVA);
-        AES_HMAC_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), Algorithm.HMAC_SHA_384_JAVA);
-        AES_HMAC_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), Algorithm.HMAC_SHA_512_JAVA);
-        
-        AES_CEK_SIZE_MAP = new HashMap<String, Integer>();
-        AES_CEK_SIZE_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), 32);
-        AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48);
-        AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64);
-    }
-    public AesCbcHmacJweEncryption(String cekAlgoJwt, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), cekAlgoJwt), null, null, 
-             keyEncryptionAlgorithm);
-    }
-    public AesCbcHmacJweEncryption(JweHeaders headers, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(headers, null, null, keyEncryptionAlgorithm);
-    }
-    public AesCbcHmacJweEncryption(JweHeaders headers, byte[] cek, 
-                                   byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(headers, cek, iv, keyEncryptionAlgorithm, null);
-    }
-    public AesCbcHmacJweEncryption(JweHeaders headers, 
-                                   byte[] cek, 
-                                   byte[] iv, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                                   JwtHeadersWriter writer) {
-        super(headers, 
-              new AesCbcContentEncryptionAlgorithm(cek, iv, 
-                                                   validateCekAlgorithm(headers.getContentEncryptionAlgorithm())),
-              keyEncryptionAlgorithm, writer);
-        
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return doGetActualCek(theCek, algoJwt);
-    }
-    @Override
-    protected int getCekSize(String algoJwt) {
-        return getFullCekKeySize(algoJwt) * 8;
-    }
-    protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
-        int size = getFullCekKeySize(algoJwt) / 2;
-        byte[] actualCek = new byte[size];
-        System.arraycopy(theCek, size, actualCek, 0, size);
-        return actualCek;
-    }
-    
-    protected static int getFullCekKeySize(String algoJwt) {
-        return AES_CEK_SIZE_MAP.get(algoJwt);
-    }
-    
-    protected JweCompactProducer getJweCompactProducer(JweEncryptionInternal state, byte[] cipher) {
-        final MacState macState = getInitializedMacState(state);
-        macState.mac.update(cipher);
-        byte[] authTag = signAndGetTag(macState);
-        return new JweCompactProducer(macState.headersJson,
-                                      state.jweContentEncryptionKey,
-                                      state.theIv,
-                                      cipher,
-                                      authTag);
-    }
-    
-    protected static byte[] signAndGetTag(MacState macState) {
-        macState.mac.update(macState.al);
-        byte[] sig = macState.mac.doFinal();
-        
-        int authTagLen = DEFAULT_AUTH_TAG_LENGTH / 8;
-        byte[] authTag = new byte[authTagLen];
-        System.arraycopy(sig, 0, authTag, 0, authTagLen);
-        return authTag;
-    }
-    private MacState getInitializedMacState(final JweEncryptionInternal state) {
-        String headersJson = getJwtHeadersWriter().headersToJson(state.theHeaders);
-        return getInitializedMacState(state.secretKey, state.theIv, state.theHeaders, headersJson);
-    }
-    protected static MacState getInitializedMacState(byte[] secretKey,
-                                                     byte[] theIv,
-                                                     JweHeaders theHeaders, 
-                                                     String headersJson) {
-        String algoJwt = theHeaders.getContentEncryptionAlgorithm();
-        int size = getFullCekKeySize(algoJwt) / 2;
-        byte[] macKey = new byte[size];
-        System.arraycopy(secretKey, 0, macKey, 0, size);
-        
-        String hmacAlgoJava = AES_HMAC_MAP.get(algoJwt);
-        Mac mac = HmacUtils.getInitializedMac(macKey, hmacAlgoJava, null);
-        
-        
-        byte[] aad = JweHeaders.toCipherAdditionalAuthData(headersJson);
-        ByteBuffer buf = ByteBuffer.allocate(8);
-        final byte[] al = buf.putInt(0).putInt(aad.length * 8).array();
-        
-        mac.update(aad);
-        mac.update(theIv);
-        MacState macState = new MacState();
-        macState.mac = mac;
-        macState.al = al;
-        macState.headersJson = headersJson;
-        return macState;
-    }
-    
-    protected AuthenticationTagProducer getAuthenticationTagProducer(final JweEncryptionInternal state) {
-        final MacState macState = getInitializedMacState(state);
-        
-        
-        return new AuthenticationTagProducer() {
-
-            @Override
-            public void update(byte[] cipher, int off, int len) {
-                macState.mac.update(cipher, off, len);
-            }
-
-            @Override
-            public byte[] getTag() {
-                return signAndGetTag(macState);
-            }
-            
-        };
-    }
-    
-    protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
-        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(getJweHeaders(), theCek);
-    }
-    
-    private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
-            super(cek, iv, algo);    
-        }
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson) {
-            return null;
-        }
-    }
-    
-    protected static class MacState {
-        protected Mac mac;
-        private byte[] al;
-        private String headersJson;
-    }
-    
-    private static String validateCekAlgorithm(String cekAlgo) {
-        if (!SUPPORTED_CEK_ALGORITHMS.contains(cekAlgo)) {
-            throw new SecurityException();
-        }
-        return cekAlgo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
deleted file mode 100644
index 05d77ea..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentDecryptionAlgorithm {
-
-    @Override
-    public byte[] getEncryptedSequence(byte[] cipher, byte[] authTag) {
-        return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
deleted file mode 100644
index fd028c1..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-
-public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128GCM.getJwtName(),
-                      Algorithm.A192GCM.getJwtName(),
-                      Algorithm.A256GCM.getJwtName()));
-    private static final int DEFAULT_IV_SIZE = 96;
-    public AesGcmContentEncryptionAlgorithm(String algo) {
-        this((byte[])null, null, algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo) {
-        this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) { 
-        this(key.getEncoded(), iv, algo);    
-    }
-    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
-        super(cek, iv, checkAlgorithm(algo));    
-    }
-    protected int getIvSize() { 
-        return DEFAULT_IV_SIZE;
-    }
-    private static String checkAlgorithm(String algo) {
-        if (SUPPORTED_ALGORITHMS.contains(algo)) {       
-            return algo;
-        }
-        throw new SecurityException();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e5f5a13/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 0b2c824..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-
-public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {    
-        this(CryptoUtils.decodeSequence(encodedKey));
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_ALGO_JAVA));
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) {    
-        super(secretKey, true);
-    }
-    @Override
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] encryptedCekKey = super.getEncryptedContentEncryptionKey(consumer);
-        byte[] tag = getDecodedBytes(consumer, "tag");
-        return JweCompactConsumer.getCipherWithAuthTag(encryptedCekKey, tag);
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweCompactConsumer consumer) {
-        byte[] iv = getDecodedBytes(consumer, "iv");
-        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
-    }
-    private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {
-        try {
-            Object ivHeader = consumer.getJweHeaders().getHeader(headerName);
-            return Base64UrlUtility.decode(ivHeader.toString());
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}


Mime
View raw message