cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [04/10] [CXF-5944] Finalizing the current round of refactorings with introducing a dedicated rt rs security module, idea from Luigi Lo Iacono
Date Mon, 06 Oct 2014 17:25:57 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
deleted file mode 100644
index 4354bf3..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public abstract class AbstractJweEncryption implements JweEncryptionProvider {
-    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private JweHeaders headers;
-    private JoseHeadersWriter writer;
-    private ContentEncryptionAlgorithm contentEncryptionAlgo;
-    private KeyEncryptionAlgorithm keyEncryptionAlgo;
-    
-    protected AbstractJweEncryption(JweHeaders headers, 
-                                    ContentEncryptionAlgorithm contentEncryptionAlgo,
-                                    KeyEncryptionAlgorithm keyEncryptionAlgo) {
-        this(headers, contentEncryptionAlgo, keyEncryptionAlgo, null);
-    }
-    protected AbstractJweEncryption(JweHeaders headers, 
-                                    ContentEncryptionAlgorithm contentEncryptionAlgo, 
-                                    KeyEncryptionAlgorithm keyEncryptionAlgo,
-                                    JoseHeadersWriter writer) {
-        this.headers = headers;
-        this.writer = writer;
-        if (this.writer == null) {
-            this.writer = new JoseHeadersReaderWriter();
-        }
-        this.keyEncryptionAlgo = keyEncryptionAlgo;
-        this.contentEncryptionAlgo = contentEncryptionAlgo;
-    }
-    
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return contentEncryptionAlgo.getAlgorithmParameterSpec(theIv);
-    }
-    
-    protected byte[] getContentEncryptionKey() {
-        byte[] cek = getProvidedContentEncryptionKey();
-        if (cek == null) {
-            String algoJava = getContentEncryptionAlgoJava();
-            String algoJwt = getContentEncryptionAlgoJwt();
-            cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava), 
-                                           getCekSize(algoJwt)).getEncoded();
-        }
-        return cek;
-    }
-   
-    protected int getCekSize(String algoJwt) {
-        return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
-    }
-    
-    protected byte[] getProvidedContentEncryptionKey() {
-        return contentEncryptionAlgo.getContentEncryptionKey(headers);
-    }
-    
-    protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
-        return keyEncryptionAlgo.getEncryptedContentEncryptionKey(headers, theCek);
-    }
-    
-    protected String getContentEncryptionAlgoJwt() {
-        return headers.getContentEncryptionAlgorithm();
-    }
-    protected String getContentEncryptionAlgoJava() {
-        return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
-    }
-    protected byte[] getAAD(JweHeaders theHeaders) {
-        return contentEncryptionAlgo.getAdditionalAuthenticationData(writer.headersToJson(theHeaders));
-    }
-    public String encrypt(byte[] content, String contentType) {
-        JweEncryptionInternal state = getInternalState(contentType);
-        
-        byte[] cipher = CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
-        
-        
-        JweCompactProducer producer = getJweCompactProducer(state, cipher);
-        return producer.getJweContent();
-    }
-    
-    protected JweCompactProducer getJweCompactProducer(JweEncryptionInternal state, byte[] cipher) {
-        return new JweCompactProducer(state.theHeaders, 
-                                      getJwtHeadersWriter(),                
-                                      state.jweContentEncryptionKey,
-                                      state.theIv,
-                                      cipher,
-                                      DEFAULT_AUTH_TAG_LENGTH);
-    }
-    
-    protected JoseHeadersWriter getJwtHeadersWriter() {
-        return writer;
-    }
-    protected JweHeaders getJweHeaders() {
-        return headers;
-    }
-    @Override
-    public JweEncryptionState createJweEncryptionState(String contentType) {
-        JweEncryptionInternal state = getInternalState(contentType);
-        Cipher c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
-                                          Cipher.ENCRYPT_MODE);
-        return new JweEncryptionState(c, 
-                                      state.theHeaders, 
-                                      state.jweContentEncryptionKey, 
-                                      state.theIv,
-                                      getAuthenticationTagProducer(state),
-                                      state.keyProps.isCompressionSupported());
-    }
-    protected AuthenticationTagProducer getAuthenticationTagProducer(JweEncryptionInternal state) {
-        return null;
-    }
-    protected SecretKey createCekSecretKey(JweEncryptionInternal state) {
-        return CryptoUtils.createSecretKeySpec(getActualCek(state.secretKey, this.getContentEncryptionAlgoJwt()), 
-                                               state.keyProps.getKeyAlgo());
-    }
-    
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    
-    private JweEncryptionInternal getInternalState(String contentType) {
-        byte[] theCek = getContentEncryptionKey();
-        String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
-        KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
-        keyProps.setCompressionSupported(compressionRequired(headers));
-        
-        byte[] theIv = contentEncryptionAlgo.getInitVector();
-        AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
-        keyProps.setAlgoSpec(specParams);
-        byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek);
-        
-        JweHeaders theHeaders = headers;
-        if (contentType != null) {
-            theHeaders = new JweHeaders(theHeaders.asMap());
-            theHeaders.setContentType(contentType);
-        }
-        byte[] additionalEncryptionParam = getAAD(theHeaders);
-        keyProps.setAdditionalData(additionalEncryptionParam);
-        
-        
-        JweEncryptionInternal state = new JweEncryptionInternal();
-        state.theHeaders = theHeaders;
-        state.jweContentEncryptionKey = jweContentEncryptionKey;
-        state.keyProps = keyProps;
-        state.secretKey = theCek; 
-        state.theIv = theIv;
-        return state;
-    }
-    private boolean compressionRequired(JweHeaders theHeaders) {
-        return JoseConstants.DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm());
-    }
-    protected KeyEncryptionAlgorithm getKeyEncryptionAlgo() {
-        return keyEncryptionAlgo;
-    }
-    protected static class JweEncryptionInternal {
-        JweHeaders theHeaders;
-        byte[] jweContentEncryptionKey;
-        byte[] theIv;
-        KeyProperties keyProps;
-        byte[] secretKey;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index ed35eab..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Set;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    private Key keyEncryptionKey;
-    private boolean wrap;
-    private String algorithm;
-    private Set<String> supportedAlgorithms;
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
-        this(key, null, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
-        this(key, null, wrap, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) {
-        this(key, jweAlgo, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, boolean wrap, 
-                                                 Set<String> supportedAlgorithms) {
-        this.keyEncryptionKey = key;
-        this.algorithm = jweAlgo;
-        this.wrap = wrap;
-        this.supportedAlgorithms = supportedAlgorithms;
-    }
-    @Override
-    public String getAlgorithm() {
-        return algorithm;
-    }
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        checkAlgorithms(headers);
-        KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); 
-        if (spec != null) {
-            secretKeyProperties.setAlgoSpec(spec);
-        }
-        if (!wrap) {
-            return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties);
-        } else {
-            return CryptoUtils.wrapSecretKey(cek, 
-                                             getContentEncryptionAlgoJava(headers),
-                                             keyEncryptionKey, 
-                                             secretKeyProperties);
-        }
-    }
-    protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm());
-    }
-    protected String getContentEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        return null;
-    }
-    protected String checkAlgorithm(String algo) {
-        if (algo != null && !supportedAlgorithms.contains(algo)) {
-            throw new SecurityException();
-        }
-        return algo;
-    }
-    protected void checkAlgorithms(JweHeaders headers) {
-        String providedAlgo = headers.getKeyEncryptionAlgorithm();
-        if ((providedAlgo == null && algorithm == null)
-            || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm))) {
-            throw new SecurityException();
-        }
-        if (providedAlgo != null) {
-            checkAlgorithm(providedAlgo);
-        } else if (algorithm != null) {
-            headers.setKeyEncryptionAlgorithm(algorithm);
-            checkAlgorithm(algorithm);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
deleted file mode 100644
index bf110f3..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class AesCbcHmacJweDecryption extends AbstractJweDecryption {
-    private String supportedAlgo;
-    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo) {
-        this(keyDecryptionAlgo, null);
-    }
-    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo, String supportedAlgo) {
-        this(keyDecryptionAlgo, supportedAlgo, null);
-    }
-    public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                   String supportedAlgo,
-                                   JoseHeadersReader reader) {
-        super(reader, keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm());
-        this.supportedAlgo = null;
-    }
-    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer, byte[] cek) {
-        validateAuthenticationTag(consumer, cek);
-        return super.doDecrypt(consumer, cek);
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        validateCekAlgorithm(algoJwt);
-        return AesCbcHmacJweEncryption.doGetActualCek(theCek, algoJwt);
-    }
-    protected void validateAuthenticationTag(JweCompactConsumer consumer, byte[] theCek) {
-        byte[] actualAuthTag = consumer.getEncryptionAuthenticationTag();
-        
-        final AesCbcHmacJweEncryption.MacState macState = 
-            AesCbcHmacJweEncryption.getInitializedMacState(theCek, 
-                                                           consumer.getContentDecryptionCipherInitVector(),
-                                                           consumer.getJweHeaders(),
-                                                           consumer.getDecodedJsonHeaders());
-        macState.mac.update(consumer.getEncryptedContent());
-        byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
-        if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
-            throw new SecurityException();
-        }
-        
-    }
-    private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-        implements ContentDecryptionAlgorithm {
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson) {
-            return null;
-        }
-        @Override
-        public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
-            return cipher;
-        }
-    }
-    private String validateCekAlgorithm(String cekAlgo) {
-        if (!Algorithm.isAesCbcHmac(cekAlgo) 
-            || supportedAlgo != null && !supportedAlgo.equals(cekAlgo)) {
-            throw new SecurityException();
-        }
-        return cekAlgo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
deleted file mode 100644
index ab0220c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ /dev/null
@@ -1,188 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.nio.ByteBuffer;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Mac;
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
-    private static final Map<String, String> AES_HMAC_MAP;
-    private static final Map<String, Integer> AES_CEK_SIZE_MAP;
-    static {
-        AES_HMAC_MAP = new HashMap<String, String>();
-        AES_HMAC_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), Algorithm.HMAC_SHA_256_JAVA);
-        AES_HMAC_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), Algorithm.HMAC_SHA_384_JAVA);
-        AES_HMAC_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), Algorithm.HMAC_SHA_512_JAVA);
-        
-        AES_CEK_SIZE_MAP = new HashMap<String, Integer>();
-        AES_CEK_SIZE_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), 32);
-        AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48);
-        AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64);
-    }
-    public AesCbcHmacJweEncryption(String cekAlgoJwt, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), cekAlgoJwt), null, null, 
-             keyEncryptionAlgorithm);
-    }
-    public AesCbcHmacJweEncryption(JweHeaders headers, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(headers, null, null, keyEncryptionAlgorithm);
-    }
-    public AesCbcHmacJweEncryption(JweHeaders headers, byte[] cek, 
-                                   byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(headers, cek, iv, keyEncryptionAlgorithm, null);
-    }
-    public AesCbcHmacJweEncryption(JweHeaders headers, 
-                                   byte[] cek, 
-                                   byte[] iv, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                                   JoseHeadersWriter writer) {
-        super(headers, 
-              new AesCbcContentEncryptionAlgorithm(cek, iv, 
-                                                   validateCekAlgorithm(headers.getContentEncryptionAlgorithm())),
-              keyEncryptionAlgorithm, writer);
-        
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return doGetActualCek(theCek, algoJwt);
-    }
-    @Override
-    protected int getCekSize(String algoJwt) {
-        return getFullCekKeySize(algoJwt) * 8;
-    }
-    protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
-        int size = getFullCekKeySize(algoJwt) / 2;
-        byte[] actualCek = new byte[size];
-        System.arraycopy(theCek, size, actualCek, 0, size);
-        return actualCek;
-    }
-    
-    protected static int getFullCekKeySize(String algoJwt) {
-        return AES_CEK_SIZE_MAP.get(algoJwt);
-    }
-    
-    protected JweCompactProducer getJweCompactProducer(JweEncryptionInternal state, byte[] cipher) {
-        final MacState macState = getInitializedMacState(state);
-        macState.mac.update(cipher);
-        byte[] authTag = signAndGetTag(macState);
-        return new JweCompactProducer(macState.headersJson,
-                                      state.jweContentEncryptionKey,
-                                      state.theIv,
-                                      cipher,
-                                      authTag);
-    }
-    
-    protected static byte[] signAndGetTag(MacState macState) {
-        macState.mac.update(macState.al);
-        byte[] sig = macState.mac.doFinal();
-        
-        int authTagLen = DEFAULT_AUTH_TAG_LENGTH / 8;
-        byte[] authTag = new byte[authTagLen];
-        System.arraycopy(sig, 0, authTag, 0, authTagLen);
-        return authTag;
-    }
-    private MacState getInitializedMacState(final JweEncryptionInternal state) {
-        String headersJson = getJwtHeadersWriter().headersToJson(state.theHeaders);
-        return getInitializedMacState(state.secretKey, state.theIv, state.theHeaders, headersJson);
-    }
-    protected static MacState getInitializedMacState(byte[] secretKey,
-                                                     byte[] theIv,
-                                                     JweHeaders theHeaders, 
-                                                     String headersJson) {
-        String algoJwt = theHeaders.getContentEncryptionAlgorithm();
-        int size = getFullCekKeySize(algoJwt) / 2;
-        byte[] macKey = new byte[size];
-        System.arraycopy(secretKey, 0, macKey, 0, size);
-        
-        String hmacAlgoJava = AES_HMAC_MAP.get(algoJwt);
-        Mac mac = HmacUtils.getInitializedMac(macKey, hmacAlgoJava, null);
-        
-        
-        byte[] aad = JweHeaders.toCipherAdditionalAuthData(headersJson);
-        ByteBuffer buf = ByteBuffer.allocate(8);
-        final byte[] al = buf.putInt(0).putInt(aad.length * 8).array();
-        
-        mac.update(aad);
-        mac.update(theIv);
-        MacState macState = new MacState();
-        macState.mac = mac;
-        macState.al = al;
-        macState.headersJson = headersJson;
-        return macState;
-    }
-    
-    protected AuthenticationTagProducer getAuthenticationTagProducer(final JweEncryptionInternal state) {
-        final MacState macState = getInitializedMacState(state);
-        
-        
-        return new AuthenticationTagProducer() {
-
-            @Override
-            public void update(byte[] cipher, int off, int len) {
-                macState.mac.update(cipher, off, len);
-            }
-
-            @Override
-            public byte[] getTag() {
-                return signAndGetTag(macState);
-            }
-        };
-    }
-    
-    protected byte[] getEncryptedContentEncryptionKey(byte[] theCek) {
-        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(getJweHeaders(), theCek);
-    }
-    
-    private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
-            super(cek, iv, algo);    
-        }
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson) {
-            return null;
-        }
-    }
-    
-    protected static class MacState {
-        protected Mac mac;
-        private byte[] al;
-        private String headersJson;
-    }
-    
-    private static String validateCekAlgorithm(String cekAlgo) {
-        if (!Algorithm.isAesCbcHmac(cekAlgo)) {
-            throw new SecurityException();
-        }
-        return cekAlgo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
deleted file mode 100644
index 70b3a00..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-
-
-public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentDecryptionAlgorithm {
-    private String supportedAlgo; 
-    public AesGcmContentDecryptionAlgorithm() {
-        this(null);
-    }
-    public AesGcmContentDecryptionAlgorithm(String supportedAlgo) {
-        this.supportedAlgo = supportedAlgo;
-    }
-
-    @Override
-    public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
-        String algo = headers.getContentEncryptionAlgorithm();
-        if (!Algorithm.isAesGcm(algo)
-            || supportedAlgo != null && !supportedAlgo.equals(algo)) {
-            throw new SecurityException();
-        }
-        return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
deleted file mode 100644
index bcd0fb3..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-
-public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-    private static final int DEFAULT_IV_SIZE = 96;
-    public AesGcmContentEncryptionAlgorithm(String algo) {
-        this((byte[])null, null, algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo) {
-        this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) { 
-        this(key.getEncoded(), iv, algo);    
-    }
-    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
-        super(cek, iv, checkAlgorithm(algo));    
-    }
-    protected int getIvSize() { 
-        return DEFAULT_IV_SIZE;
-    }
-    private static String checkAlgorithm(String algo) {
-        if (Algorithm.isAesGcm(algo)) {       
-            return algo;
-        }
-        throw new SecurityException();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 0043ec2..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {    
-        this(encodedKey, null);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) {    
-        this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
-        this(secretKey, null);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_ALGO_JAVA), supportedAlgo);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) {    
-        this(secretKey, null);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) {    
-        super(secretKey, supportedAlgo);
-    }
-    @Override
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] encryptedCekKey = super.getEncryptedContentEncryptionKey(consumer);
-        byte[] tag = getDecodedBytes(consumer, "tag");
-        return JweCompactConsumer.getCipherWithAuthTag(encryptedCekKey, tag);
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweCompactConsumer consumer) {
-        byte[] iv = getDecodedBytes(consumer, "iv");
-        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
-    }
-    private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {
-        try {
-            Object ivHeader = consumer.getJweHeaders().getHeader(headerName);
-            return Base64UrlUtility.decode(ivHeader.toString());
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isAesGcmKeyWrap(keyAlgo)) {
-            throw new SecurityException();
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index e230470..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128GCMKW.getJwtName(),
-                      Algorithm.A192GCMKW.getJwtName(),
-                      Algorithm.A256GCMKW.getJwtName()));
-    public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
-        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
-    }
-    public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.AES_ALGO_JAVA),
-             keyAlgoJwt);
-    }
-    public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
-        super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS);
-    }
-    
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        byte[] wrappedKeyAndTag = super.getEncryptedContentEncryptionKey(headers, cek);
-        byte[] wrappedKey = new byte[wrappedKeyAndTag.length - 128 / 8]; 
-        System.arraycopy(wrappedKeyAndTag, 0, wrappedKey, 0, wrappedKeyAndTag.length - 128 / 8);
-        String encodedTag = Base64UrlUtility.encodeChunk(wrappedKeyAndTag, 
-                                                         wrappedKeyAndTag.length - 128 / 8, 128 / 8);
-        headers.setHeader("tag", encodedTag);
-        return wrappedKey;
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        byte[] iv = CryptoUtils.generateSecureRandomBytes(96 / 8);
-        String encodedIv = Base64UrlUtility.encode(iv);
-        headers.setHeader("iv", encodedIv);
-        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 3ba6919..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public AesWrapKeyDecryptionAlgorithm(String encodedKey) {    
-        this(encodedKey, null);
-    }
-    public AesWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) {    
-        this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
-    }
-    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
-        this(secretKey, null);
-    }
-    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA), supportedAlgo);
-    }
-    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey) {
-        this(secretKey, null);
-    }
-    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) {    
-        super(secretKey, supportedAlgo);
-    }
-    @Override
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isAesKeyWrap(keyAlgo)) {
-            throw new SecurityException();
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index a8b5899..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128KW.getJwtName(),
-                      Algorithm.A192KW.getJwtName(),
-                      Algorithm.A256KW.getJwtName()));
-    public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
-        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
-    }
-    public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)),
-             keyAlgoJwt);
-    }
-    public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
-        super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
-    }
-    
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
deleted file mode 100644
index 897e68c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-public interface AuthenticationTagProducer {
-    void update(byte[] cipher, int off, int len);
-    byte[] getTag();
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java
deleted file mode 100644
index ccf7ce7..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionAlgorithm.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface ContentDecryptionAlgorithm extends ContentEncryptionCipherProperties {
-    byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
deleted file mode 100644
index 07b370e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
-    String getAlgorithm();
-    byte[] getInitVector();
-    byte[] getContentEncryptionKey(JweHeaders headers);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
deleted file mode 100644
index 54da6fd..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-
-public interface ContentEncryptionCipherProperties {
-    byte[] getAdditionalAuthenticationData(String headersJson);
-    AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
deleted file mode 100644
index c1803c6..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-
-public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
-    private byte[] contentDecryptionKey;
-    public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) {    
-        this(contentDecryptionKey.getEncoded());
-    }
-    public DirectKeyDecryptionAlgorithm(byte[] contentDecryptionKey) {    
-        this.contentDecryptionKey = contentDecryptionKey;
-    }
-    @Override
-    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] encryptedCEK = consumer.getEncryptedContentEncryptionKey();
-        if (encryptedCEK != null && encryptedCEK.length > 0) {
-            throw new SecurityException();
-        }
-        return contentDecryptionKey;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
deleted file mode 100644
index 6714c3c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        if (headers.getKeyEncryptionAlgorithm() != null) {
-            throw new SecurityException();
-        }
-        return new byte[0];
-    }
-
-    @Override
-    public String getAlgorithm() {
-        return null;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
deleted file mode 100644
index 6c822ea..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-
-public class DirectKeyJweDecryption extends AbstractJweDecryption {
-    public DirectKeyJweDecryption(Key contentDecryptionKey, 
-                                  ContentDecryptionAlgorithm cipherProps) {
-        this(contentDecryptionKey, null, cipherProps);
-    }
-    public DirectKeyJweDecryption(Key contentDecryptionKey, 
-                                  JoseHeadersReader reader,
-                                  ContentDecryptionAlgorithm cipherProps) {    
-        super(reader, 
-              new DirectKeyDecryptionAlgorithm(contentDecryptionKey),
-              cipherProps);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
deleted file mode 100644
index b343cf4..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public class DirectKeyJweEncryption extends AbstractJweEncryption {
-    
-    public DirectKeyJweEncryption(ContentEncryptionAlgorithm ceAlgo) {
-        this(new JweHeaders(ceAlgo.getAlgorithm()), ceAlgo);
-    }
-    public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo) {
-        super(headers, ceAlgo, new DirectKeyEncryptionAlgorithm());
-    }
-    protected byte[] getProvidedContentEncryptionKey() {
-        return validateCek(super.getProvidedContentEncryptionKey());
-    }
-    private static byte[] validateCek(byte[] cek) {
-        if (cek == null) {
-            // to prevent the cek from being auto-generated which 
-            // does not make sense for the direct key case
-            throw new NullPointerException("CEK must not be null");
-        }
-        return cek;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
deleted file mode 100644
index 7794102..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-
-
-public class JweCompactConsumer {
-    private String headersJson;
-    private byte[] encryptedCEK;
-    private byte[] initVector;
-    private byte[] encryptedContent;
-    private byte[] authTag;
-    private JweHeaders jweHeaders;
-    public JweCompactConsumer(String jweContent) {
-        this(jweContent, new JoseHeadersReaderWriter());
-    }
-    public JweCompactConsumer(String jweContent, JoseHeadersReader reader) {
-        String[] parts = jweContent.split("\\.");
-        if (parts.length != 5) {
-            throw new SecurityException("5 JWE parts are expected");
-        }
-        try {
-            headersJson = new String(Base64UrlUtility.decode(parts[0]));
-            encryptedCEK = Base64UrlUtility.decode(parts[1]);
-            initVector = Base64UrlUtility.decode(parts[2]);
-            
-            encryptedContent = Base64UrlUtility.decode(parts[3]);
-            authTag = Base64UrlUtility.decode(parts[4]);
-            JoseHeaders joseHeaders = reader.fromJsonHeaders(headersJson);
-            if (joseHeaders.getHeaderUpdateCount() != null) { 
-                throw new SecurityException();
-            }
-            jweHeaders = new JweHeaders(joseHeaders);
-            
-        } catch (Base64Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public String getDecodedJsonHeaders() {
-        return headersJson;
-    }
-    
-    public JweHeaders getJweHeaders() {
-        return jweHeaders;
-    }
-    
-    public byte[] getEncryptedContentEncryptionKey() {
-        return encryptedCEK;
-    }
-    
-    public byte[] getContentDecryptionCipherInitVector() {
-        return initVector;
-    }
-    
-    public byte[] getContentEncryptionCipherAAD() {
-        return JweHeaders.toCipherAdditionalAuthData(headersJson);
-    }
-    
-    public byte[] getEncryptionAuthenticationTag() {
-        return authTag;
-    }
-    
-    public byte[] getEncryptedContent() {
-        return encryptedContent;
-    }
-    
-    public byte[] getEncryptedContentWithAuthTag() {
-        return getCipherWithAuthTag(encryptedContent, authTag);
-    }
-    
-    public static byte[] getCipherWithAuthTag(byte[] cipher, byte[] authTag) {
-        byte[] encryptedContentWithTag = new byte[cipher.length + authTag.length];
-        System.arraycopy(cipher, 0, encryptedContentWithTag, 0, cipher.length);
-        System.arraycopy(authTag, 0, encryptedContentWithTag, cipher.length, authTag.length);  
-        return encryptedContentWithTag;
-    }
-    
-    public byte[] getDecryptedContent(JweDecryptionProvider decryption) {
-        return decryption.decrypt(this);
-    }
-    public String getDecryptedContentText(JweDecryptionProvider decryption) {
-        try {
-            return new String(getDecryptedContent(decryption), "UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
deleted file mode 100644
index 176081b..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
+++ /dev/null
@@ -1,156 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-
-
-public class JweCompactProducer {
-    private StringBuilder jweContentBuilder;
-    private String encodedEncryptedContent;
-    private String encodedAuthTag;
-    public JweCompactProducer(JweHeaders headers,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentNoTag,
-                       byte[] authenticationTag) {    
-        this(headers, null, encryptedContentEncryptionKey, 
-             cipherInitVector, encryptedContentNoTag, authenticationTag);
-    }
-    
-    public JweCompactProducer(JweHeaders headers,
-                       JoseHeadersWriter writer,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentNoTag,
-                       byte[] authenticationTag) {
-        this(getHeadersJson(headers, writer),
-             encryptedContentEncryptionKey,
-             cipherInitVector,
-             encryptedContentNoTag,
-             authenticationTag);
-    }
-    public JweCompactProducer(String headersJson,
-                              byte[] encryptedContentEncryptionKey,
-                              byte[] cipherInitVector,
-                              byte[] encryptedContentNoTag,
-                              byte[] authenticationTag) {
-        jweContentBuilder = startJweContent(new StringBuilder(), headersJson, 
-                                  encryptedContentEncryptionKey, cipherInitVector);
-        this.encodedEncryptedContent = Base64UrlUtility.encode(encryptedContentNoTag);
-        this.encodedAuthTag = Base64UrlUtility.encode(authenticationTag);
-       
-    }
-    
-    public JweCompactProducer(JweHeaders headers,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentWithTag,
-                       int authTagLengthBits) {    
-        this(headers, null, encryptedContentEncryptionKey, 
-             cipherInitVector, encryptedContentWithTag, authTagLengthBits);
-    }
-    public JweCompactProducer(JweHeaders headers,
-                       JoseHeadersWriter writer,
-                       byte[] encryptedContentEncryptionKey,
-                       byte[] cipherInitVector,
-                       byte[] encryptedContentWithTag,
-                       int authTagLengthBits) {
-        jweContentBuilder = startJweContent(new StringBuilder(), headers, writer,
-                                   encryptedContentEncryptionKey, cipherInitVector);
-        this.encodedEncryptedContent = Base64UrlUtility.encodeChunk(
-            encryptedContentWithTag, 
-            0, 
-            encryptedContentWithTag.length - authTagLengthBits / 8);
-        this.encodedAuthTag = Base64UrlUtility.encodeChunk(
-            encryptedContentWithTag, 
-            encryptedContentWithTag.length - authTagLengthBits / 8, 
-            authTagLengthBits / 8);
-        
-    }
-    public static String startJweContent(JweHeaders headers,
-                                                JoseHeadersWriter writer, 
-                                                byte[] encryptedContentEncryptionKey,
-                                                byte[] cipherInitVector) {
-        return startJweContent(new StringBuilder(), 
-                               headers, writer, encryptedContentEncryptionKey, cipherInitVector).toString();       
-    }
-    public static StringBuilder startJweContent(StringBuilder sb,
-                                        JweHeaders headers,
-                                        JoseHeadersWriter writer, 
-                                        byte[] encryptedContentEncryptionKey,
-                                        byte[] cipherInitVector) {
-        return startJweContent(sb, 
-                               getHeadersJson(headers, writer), 
-                               encryptedContentEncryptionKey, 
-                               cipherInitVector);
-    }
-    private static String getHeadersJson(JweHeaders headers,
-                                         JoseHeadersWriter writer) {
-        writer = writer == null ? new JoseHeadersReaderWriter() : writer;
-        return writer.headersToJson(headers);
-        
-    }
-    public static StringBuilder startJweContent(StringBuilder sb,
-                                                String headersJson,
-                                                byte[] encryptedContentEncryptionKey,
-                                                byte[] cipherInitVector) {
-        String encodedHeaders = Base64UrlUtility.encode(headersJson);
-        String encodedContentEncryptionKey = Base64UrlUtility.encode(encryptedContentEncryptionKey);
-        String encodedInitVector = Base64UrlUtility.encode(cipherInitVector);
-        sb.append(encodedHeaders)
-            .append('.')
-            .append(encodedContentEncryptionKey == null ? "" : encodedContentEncryptionKey)
-            .append('.')
-            .append(encodedInitVector == null ? "" : encodedInitVector)
-            .append('.');
-        return sb;
-    }
-    
-    public static void startJweContent(OutputStream os,
-                                       JweHeaders headers,
-                                       JoseHeadersWriter writer, 
-                                       byte[] encryptedContentEncryptionKey,
-                                       byte[] cipherInitVector) throws IOException {
-        writer = writer == null ? new JwtTokenReaderWriter() : writer;
-        byte[] jsonBytes = writer.headersToJson(headers).getBytes("UTF-8");
-        Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os);
-        byte[] dotBytes = new byte[]{'.'};
-        os.write(dotBytes);
-        Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0, 
-                                         encryptedContentEncryptionKey.length, os);
-        os.write(dotBytes);
-        Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os);
-        os.write(dotBytes);         
-    }
-    
-    public String getJweContent() {
-        return jweContentBuilder.append(encodedEncryptedContent)
-                 .append('.')
-                 .append(encodedAuthTag)
-                 .toString();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java
deleted file mode 100644
index f3cf255..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionOutput.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-
-public class JweDecryptionOutput {
-    private JweHeaders headers;
-    private byte[] content;
-    public JweDecryptionOutput(JweHeaders headers, byte[] content) {
-        this.headers = headers;
-        this.content = content;
-    }
-    public JweHeaders getHeaders() {
-        return headers;
-    }
-    public byte[] getContent() {
-        return content;
-    }
-    public String getContentText() {
-        try {
-            return new String(getContent(), "UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
deleted file mode 100644
index d20401b..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface JweDecryptionProvider {
-    JweDecryptionOutput decrypt(String jweContent);
-    byte[] decrypt(JweCompactConsumer consumer);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
deleted file mode 100644
index 5b9afee..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface JweEncryptionProvider {
-    String encrypt(byte[] jweContent, String contentType);
-    JweEncryptionState createJweEncryptionState(String contentType);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java
deleted file mode 100644
index 0732250..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionState.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.Cipher;
-
-public class JweEncryptionState {
-    private Cipher cipher;
-    private JweHeaders headers;
-    private byte[] contentEncryptionKey;
-    private byte[] iv;
-    private boolean compressionSupported;
-    private AuthenticationTagProducer authTagProducer;
-    
-    public JweEncryptionState(Cipher cipher, 
-                              JweHeaders headers, 
-                              byte[] contentEncryptionKey, 
-                              byte[] iv, 
-                              AuthenticationTagProducer authTagProducer,
-                              boolean compressionSupported) {
-        this.cipher = cipher;
-        this.headers = headers;
-        this.contentEncryptionKey = contentEncryptionKey;
-        this.iv = iv;
-        this.authTagProducer = authTagProducer;
-        this.compressionSupported = compressionSupported;
-    }
-    public Cipher getCipher() {
-        return cipher;
-    }
-    public JweHeaders getHeaders() {
-        return headers;
-    }
-    public byte[] getContentEncryptionKey() {
-        return contentEncryptionKey;
-    }
-    public byte[] getIv() {
-        return iv;
-    }
-    public boolean isCompressionSupported() {
-        return compressionSupported;
-    }
-    public AuthenticationTagProducer getAuthTagProducer() {
-        return authTagProducer;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java
deleted file mode 100644
index f0e6d37..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Map;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-
-
-
-
-public class JweHeaders extends JoseHeaders {
-    
-    public JweHeaders() {
-    }
-    
-    public JweHeaders(JoseHeaders headers) {
-        super(headers.asMap());
-    }
-    
-    public JweHeaders(Map<String, Object> values) {
-        super(values);
-    }
-    public JweHeaders(String keyEncAlgo, String ctEncAlgo) {
-        this(keyEncAlgo, ctEncAlgo, false);
-    }
-    public JweHeaders(String ctEncAlgo) {
-        this(null, ctEncAlgo, false);
-    }
-    public JweHeaders(String ctEncAlgo, boolean deflate) {
-        this(null, ctEncAlgo, deflate);
-    }
-    public JweHeaders(String keyEncAlgo, String ctEncAlgo, boolean deflate) {
-        init(keyEncAlgo, ctEncAlgo, deflate);
-    }
-    private void init(String keyEncAlgo, String ctEncAlgo, boolean deflate) {
-        if (keyEncAlgo != null) {
-            setKeyEncryptionAlgorithm(keyEncAlgo);    
-        }
-        setContentEncryptionAlgorithm(ctEncAlgo);
-        if (deflate) {
-            setZipAlgorithm(JoseConstants.DEFLATE_ZIP_ALGORITHM);
-        }
-    }
-    
-    public void setKeyEncryptionAlgorithm(String type) {
-        super.setAlgorithm(type);
-    }
-    
-    public String getKeyEncryptionAlgorithm() {
-        return super.getAlgorithm();
-    }
-    
-    public void setContentEncryptionAlgorithm(String type) {
-        setHeader(JoseConstants.JWE_HEADER_CONTENT_ENC_ALGORITHM, type);
-    }
-    
-    public String getContentEncryptionAlgorithm() {
-        return (String)getHeader(JoseConstants.JWE_HEADER_CONTENT_ENC_ALGORITHM);
-    }
-    
-    public void setZipAlgorithm(String type) {
-        setHeader(JoseConstants.JWE_HEADER_ZIP_ALGORITHM, type);
-    }
-    
-    public String getZipAlgorithm() {
-        return (String)getHeader(JoseConstants.JWE_HEADER_ZIP_ALGORITHM);
-    }
-    
-    @Override
-    public JoseHeaders setHeader(String name, Object value) {
-        return (JoseHeaders)super.setHeader(name, value);
-    }
-    public byte[] toCipherAdditionalAuthData(JoseHeadersWriter writer) { 
-        return toCipherAdditionalAuthData(writer.headersToJson(this));
-    }
-    public static byte[] toCipherAdditionalAuthData(String headersJson) { 
-        try {
-            String base64UrlHeadersInJson = Base64UrlUtility.encode(headersJson.getBytes("UTF-8"));
-            return base64UrlHeadersInJson.getBytes("US-ASCII");
-        } catch (UnsupportedEncodingException ex) {
-            throw new RuntimeException(ex);
-        }
-    }
-}


Mime
View raw message