cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [03/10] [CXF-5944] Finalizing the current round of refactorings with introducing a dedicated rt rs security module, idea from Luigi Lo Iacono
Date Mon, 06 Oct 2014 17:25:56 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
deleted file mode 100644
index c6462f1..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.nio.ByteBuffer;
-
-import javax.crypto.Cipher;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-
-public class JweOutputStream extends FilterOutputStream {
-    private Cipher encryptingCipher;
-    private int blockSize;
-    private AuthenticationTagProducer authTagProducer;
-    private byte[] lastRawDataChunk;
-    private byte[] lastEncryptedDataChunk;
-    private boolean flushed;
-    public JweOutputStream(OutputStream out, 
-                           Cipher encryptingCipher, 
-                           AuthenticationTagProducer authTagProducer) {
-        super(out);
-        this.encryptingCipher = encryptingCipher;
-        this.blockSize = encryptingCipher.getBlockSize(); 
-        this.authTagProducer = authTagProducer;
-    }
-
-    @Override
-    public void write(int value) throws IOException {
-        byte[] bytes = ByteBuffer.allocate(Integer.SIZE / 8).putInt(value).array();
-        write(bytes, 0, bytes.length);
-    }
-    
-    @Override
-    public void write(byte b[], int off, int len) throws IOException {
-        if (lastRawDataChunk != null) {
-            int remaining = blockSize - lastRawDataChunk.length;
-            int lenToCopy = remaining < len ? remaining : len;
-            lastRawDataChunk = newArray(lastRawDataChunk, 0, lastRawDataChunk.length, b, off, lenToCopy);
-            off = off + lenToCopy;
-            len -= lenToCopy;
-            if (lastRawDataChunk.length < blockSize) {
-                return;
-            } else {
-                encryptAndWrite(lastRawDataChunk, 0, lastRawDataChunk.length);
-                lastRawDataChunk = null;
-            }
-        } 
-        int offset = 0;
-        int chunkSize = blockSize > len ? blockSize : blockSize * (len / blockSize);
-        for (; offset + chunkSize <= len; offset += chunkSize, off += chunkSize) {
-            encryptAndWrite(b, off, chunkSize);
-        }
-        if (offset < len) {
-            lastRawDataChunk = newArray(b, off, len - offset);
-        }
-        
-    }
-    
-    private void encryptAndWrite(byte[] chunk, int off, int len) throws IOException {
-        byte[] encrypted = encryptingCipher.update(chunk, off, len);
-        if (authTagProducer != null) {
-            authTagProducer.update(encrypted, 0, encrypted.length);
-        }
-        encodeAndWrite(encrypted, 0, encrypted.length, false);
-    }
-    private void encodeAndWrite(byte[] encryptedChunk, int off, int len, boolean finalWrite) throws IOException {
-        byte[] theChunk = lastEncryptedDataChunk;
-        int lenToEncode = len;
-        if (theChunk != null) {
-            theChunk = newArray(theChunk, 0, theChunk.length, encryptedChunk, off, len);
-            lenToEncode = theChunk.length;
-            off = 0;
-        } else {
-            theChunk = encryptedChunk;
-        }
-        int rem = finalWrite ? 0 : lenToEncode % 3; 
-        Base64UrlUtility.encodeAndStream(theChunk, off, lenToEncode - rem, out);
-        
-        if (rem > 0) {
-            lastEncryptedDataChunk = newArray(theChunk, lenToEncode - rem, rem);
-        } else {
-            lastEncryptedDataChunk = null;
-        }
-    }
-    
-    @Override
-    public void flush() throws IOException {
-        if (flushed) {
-            return;
-        }
-        try {
-            byte[] finalBytes = lastRawDataChunk == null 
-                ? encryptingCipher.doFinal()
-                : encryptingCipher.doFinal(lastRawDataChunk, 0, lastRawDataChunk.length);
-            final int authTagLengthBits = 128;
-            if (authTagProducer != null) {
-                authTagProducer.update(finalBytes, 0, finalBytes.length);
-                encodeAndWrite(finalBytes, 0, finalBytes.length, true);
-            } else {
-                encodeAndWrite(finalBytes, 0, finalBytes.length - authTagLengthBits / 8, true);
-            }
-            out.write(new byte[]{'.'});
-            
-            if (authTagProducer == null) {
-                encodeAndWrite(finalBytes, finalBytes.length - authTagLengthBits / 8, authTagLengthBits / 8, true);
-            } else {
-                byte[] authTag = authTagProducer.getTag();
-                encodeAndWrite(authTag, 0, authTagLengthBits / 8, true);
-            }
-        } catch (Exception ex) {
-            throw new SecurityException();
-        }
-        flushed = true;
-    }
-    private byte[] newArray(byte[] src, int srcPos, int srcLen) {
-        byte[] buf = new byte[srcLen];
-        System.arraycopy(src, srcPos, buf, 0, srcLen);
-        return buf;
-    }
-    private byte[] newArray(byte[] src, int srcPos, int srcLen, byte[] src2, int srcPos2, int srcLen2) {
-        byte[] buf = new byte[srcLen + srcLen2];
-        System.arraycopy(src, srcPos, buf, 0, srcLen);
-        System.arraycopy(src2, srcPos2, buf, srcLen, srcLen2);
-        return buf;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
deleted file mode 100644
index 483ff52..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-
-public final class JweUtils {
-    private JweUtils() {
-        
-    }
-    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) {
-        return getKeyEncryptionAlgorithm(jwk, null);
-    }
-    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
-        String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        KeyEncryptionAlgorithm keyEncryptionProvider = null;
-        if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jwk), 
-                                                                      keyEncryptionAlgo);
-        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesKeyWrap(keyEncryptionAlgo)) {
-                keyEncryptionProvider = new AesWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-            } else if (Algorithm.isAesGcmKeyWrap(keyEncryptionAlgo)) {
-                keyEncryptionProvider = new AesGcmWrapKeyEncryptionAlgorithm(key, keyEncryptionAlgo);
-            }
-        } else {
-            // TODO: support elliptic curve keys
-        }
-        return keyEncryptionProvider;
-    }
-    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk) {
-        return getKeyDecryptionAlgorithm(jwk, null);
-    }
-    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
-        String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        KeyDecryptionAlgorithm keyDecryptionProvider = null;
-        if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk), 
-                                                                      keyEncryptionAlgo);
-        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesKeyWrap(jwk.getAlgorithm())) {
-                keyDecryptionProvider = new AesWrapKeyDecryptionAlgorithm(key, keyEncryptionAlgo);
-            } else if (Algorithm.isAesGcmKeyWrap(jwk.getAlgorithm())) {
-                keyDecryptionProvider = new AesGcmWrapKeyDecryptionAlgorithm(key, keyEncryptionAlgo);
-            } 
-        } else {
-            // TODO: support elliptic curve keys
-        }
-        return keyDecryptionProvider;
-    }
-    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk) {
-        return getContentEncryptionAlgorithm(jwk, null);
-    }
-    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
-        String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        ContentEncryptionAlgorithm contentEncryptionProvider = null;
-        if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            SecretKey key = JwkUtils.toSecretKey(jwk);
-            if (Algorithm.isAesGcm(ctEncryptionAlgo)) {
-                contentEncryptionProvider = new AesGcmContentEncryptionAlgorithm(key, null, ctEncryptionAlgo);
-            }
-        }
-        return contentEncryptionProvider;
-    }
-    public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk) {
-        return getContentDecryptionSecretKey(jwk, null);
-    }
-    public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk, String defaultAlgorithm) {
-        String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && Algorithm.isAesGcm(ctEncryptionAlgo)) {
-            return JwkUtils.toSecretKey(jwk);
-        }
-        return null;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
deleted file mode 100644
index 9932ab2..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface KeyDecryptionAlgorithm {
-    byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
deleted file mode 100644
index 3885291..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface KeyEncryptionAlgorithm {
-    String getAlgorithm();
-    byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index d338cdd..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-
-public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
-    private byte[] password;
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) {    
-        this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password));
-    }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) {    
-        this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password));
-    }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) {    
-        this.password = password;
-    }
-    @Override
-    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        byte[] saltInput = getDecodedBytes(consumer, "p2s");
-        int pbesCount = consumer.getJweHeaders().getIntegerHeader("p2c");
-        String keyAlgoJwt = consumer.getJweHeaders().getAlgorithm();
-        int keySize = PbesHmacAesWrapKeyEncryptionAlgorithm.getKeySize(keyAlgoJwt);
-        byte[] derivedKey = PbesHmacAesWrapKeyEncryptionAlgorithm
-            .createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
-        KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey);
-        return aesWrap.getDecryptedContentEncryptionKey(consumer);
-    }    
-    private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {
-        try {
-            Object headerValue = consumer.getJweHeaders().getHeader(headerName);
-            return Base64UrlUtility.decode(headerValue.toString());
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 4697cad..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.io.UnsupportedEncodingException;
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.Charset;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-
-public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.PBES2_HS256_A128KW.getJwtName(),
-                      Algorithm.PBES2_HS384_A192KW.getJwtName(),
-                      Algorithm.PBES2_HS512_A256KW.getJwtName()));
-    private static final Map<String, Integer> PBES_HMAC_MAP;
-    private static final Map<String, String> PBES_AES_MAP;
-    private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
-    static {
-        PBES_HMAC_MAP = new HashMap<String, Integer>();
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 256);
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 384);
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 512);
-        
-        PBES_AES_MAP = new HashMap<String, String>();
-        PBES_AES_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), Algorithm.A128KW.getJwtName());
-        PBES_AES_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), Algorithm.A192KW.getJwtName());
-        PBES_AES_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), Algorithm.A256KW.getJwtName());
-        
-        DERIVED_KEY_SIZE_MAP = new HashMap<String, Integer>();
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 16);
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 24);
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 32);
-    }
-    
-    
-    private byte[] password;
-    private int pbesCount;
-    private String keyAlgoJwt;
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, String keyAlgoJwt) {
-        this(stringToBytes(password), keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt) {
-        this(stringToBytes(password), pbesCount, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, String keyAlgoJwt) {
-        this(password, 4096, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt) {
-        this(charsToBytes(password), pbesCount, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, String keyAlgoJwt) {
-        this(password, 4096, keyAlgoJwt);
-    }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt) {
-        this.password = password;
-        this.keyAlgoJwt = validateKeyAlgorithm(keyAlgoJwt);
-        this.pbesCount = validatePbesCount(pbesCount);
-    }
-    
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        int keySize = getKeySize(keyAlgoJwt);
-        byte[] saltInput = CryptoUtils.generateSecureRandomBytes(keySize);
-        byte[] derivedKey = createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
-        
-        headers.setHeader("p2s", Base64UrlUtility.encode(saltInput));
-        headers.setIntegerHeader("p2c", pbesCount);
-        
-        final String aesAlgoJwt = PBES_AES_MAP.get(keyAlgoJwt);
-        KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, aesAlgoJwt) {
-            protected void checkAlgorithms(JweHeaders headers) {
-                // complete
-            }
-            protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-                return Algorithm.AES_WRAP_ALGO_JAVA;
-            }
-        };
-        return aesWrap.getEncryptedContentEncryptionKey(headers, cek);
-        
-        
-    }
-    static int getKeySize(String keyAlgoJwt) {
-        return DERIVED_KEY_SIZE_MAP.get(keyAlgoJwt);
-    }
-    static byte[] createDerivedKey(String keyAlgoJwt, int keySize,
-                                   byte[] password, byte[] saltInput, int pbesCount) {
-        byte[] saltValue = createSaltValue(keyAlgoJwt, saltInput);
-        Digest digest = null;
-        int macSigSize = PBES_HMAC_MAP.get(keyAlgoJwt);
-        if (macSigSize == 256) { 
-            digest = new SHA256Digest();
-        } else if (macSigSize == 384) {
-            digest = new SHA384Digest();
-        } else {
-            digest = new SHA512Digest();
-        }
-        PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(digest);
-        gen.init(password, saltValue, pbesCount);
-        return ((KeyParameter) gen.generateDerivedParameters(keySize * 8)).getKey();
-    }
-    
-    
-    private static byte[] createSaltValue(String keyAlgoJwt, byte[] saltInput) {
-        byte[] algoBytes = stringToBytes(keyAlgoJwt);
-        byte[] saltValue = new byte[algoBytes.length + 1 + saltInput.length];
-        System.arraycopy(algoBytes, 0, saltValue, 0, algoBytes.length);
-        saltValue[algoBytes.length] = 0;
-        System.arraycopy(saltInput, 0, saltValue, algoBytes.length + 1, saltInput.length);
-        return saltValue;
-    }
-    static String validateKeyAlgorithm(String algo) {
-        if (!SUPPORTED_ALGORITHMS.contains(algo)) {
-            throw new SecurityException();
-        }
-        return algo;
-    }
-    static int validatePbesCount(int count) {
-        if (count < 1000) {
-            throw new SecurityException();
-        }
-        return count;
-    }    
-    
-    static byte[] stringToBytes(String str) {
-        try {
-            return str.getBytes("UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    static byte[] charsToBytes(char[] chars) {
-        ByteBuffer bb = Charset.forName("UTF-8").encode(CharBuffer.wrap(chars));
-        byte[] b = new byte[bb.remaining()];
-        bb.get(b);
-        return b;
-    }
-    @Override
-    public String getAlgorithm() {
-        return keyAlgoJwt;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
deleted file mode 100644
index a0ea63d..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPrivateKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {    
-        this(privateKey, null);
-    }
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo) {    
-        this(privateKey, supportedAlgo, true);
-    }
-    public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo, boolean unwrap) {    
-        super(privateKey, supportedAlgo, unwrap);
-    }
-    protected int getKeyCipherBlockSize() {
-        return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
-    }
-    @Override
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isRsaOaep(keyAlgo)) {
-            throw new SecurityException();
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
deleted file mode 100644
index b658e36..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.RSA_OAEP.getJwtName(),
-                      Algorithm.RSA_OAEP_256.getJwtName()));
-    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
-        this(publicKey, jweAlgo, true);
-    }
-    public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
-        super(publicKey, jweAlgo, wrap, SUPPORTED_ALGORITHMS);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
deleted file mode 100644
index 8af2c63..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
-    private Key cekDecryptionKey;
-    private boolean unwrap;
-    private String supportedAlgo;
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey) {    
-        this(cekDecryptionKey, null);
-    }
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo) {    
-        this(cekDecryptionKey, supportedAlgo, true);
-    }
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo, boolean unwrap) {    
-        this.cekDecryptionKey = cekDecryptionKey;
-        this.supportedAlgo = supportedAlgo;
-        this.unwrap = unwrap;
-    }
-    public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm(consumer));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(consumer); 
-        if (spec != null) {
-            keyProps.setAlgoSpec(spec);
-        }
-        if (!unwrap) {
-            keyProps.setBlockSize(getKeyCipherBlockSize());
-            return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(consumer), 
-                                            getCekDecryptionKey(), keyProps);
-        } else {
-            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(consumer), 
-                                               getContentEncryptionAlgorithm(consumer), 
-                                               getCekDecryptionKey(), 
-                                               keyProps).getEncoded();
-        }
-    }
-    
-    protected Key getCekDecryptionKey() {
-        return cekDecryptionKey;
-    }
-    protected int getKeyCipherBlockSize() {
-        return -1;
-    }
-    protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
-        String keyAlgo = consumer.getJweHeaders().getKeyEncryptionAlgorithm();
-        return Algorithm.toJavaName(keyAlgo);
-    }
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        if (keyAlgo == null || supportedAlgo != null && supportedAlgo.equals(keyAlgo)) {
-            throw new SecurityException();
-        }
-    }
-    protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
-        return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweCompactConsumer consumer) {
-        return null;
-    }
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        return consumer.getEncryptedContentEncryptionKey();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java
deleted file mode 100644
index c74e880..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-
-public class WrappedKeyJweDecryption extends AbstractJweDecryption {
-    
-    public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                   ContentDecryptionAlgorithm contentDecryptionAlgo) {    
-        this(keyDecryptionAlgo, null, contentDecryptionAlgo);
-    }
-    public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                   JoseHeadersReader reader,
-                                   ContentDecryptionAlgorithm cipherProps) {    
-        super(reader, keyDecryptionAlgo, cipherProps);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
deleted file mode 100644
index 446a675..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-
-public class WrappedKeyJweEncryption extends AbstractJweEncryption {
-    public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                                   ContentEncryptionAlgorithm contentEncryptionAlgo) {
-        this(keyEncryptionAlgorithm, contentEncryptionAlgo, null);
-    }
-    public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                                   ContentEncryptionAlgorithm contentEncryptionAlgo,
-                                   JoseHeadersWriter writer) {
-        this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), contentEncryptionAlgo.getAlgorithm()), 
-             keyEncryptionAlgorithm, contentEncryptionAlgo, writer);
-    }
-    public WrappedKeyJweEncryption(JweHeaders headers, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                                   ContentEncryptionAlgorithm contentEncryptionAlgo) {
-        this(headers, keyEncryptionAlgorithm, contentEncryptionAlgo, null);
-    }
-    public WrappedKeyJweEncryption(JweHeaders headers, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                                   ContentEncryptionAlgorithm contentEncryptionAlgo,
-                                   JoseHeadersWriter writer) {
-        super(headers, contentEncryptionAlgo, keyEncryptionAlgorithm, writer);
-    }
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java
deleted file mode 100644
index fa4f8ba..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwk;
-
-import org.apache.cxf.rs.security.jose.AbstractJoseObjectReaderWriter;
-
-
-
-
-public class DefaultJwkReaderWriter extends AbstractJoseObjectReaderWriter
-    implements JwkReaderWriter {
-    @Override
-    public String jwkSetToJson(JsonWebKeys jwks) {
-        return toJson(jwks);
-    }
-    @Override
-    public JsonWebKeys jsonToJwkSet(String jwksJson) {
-        JsonWebKeys jwks = new JsonWebKeys();
-        fromJsonInternal(jwks, jwksJson);
-        return jwks;
-    }
-    @Override
-    public String jwkToJson(JsonWebKey jwk) {
-        return toJson(jwk);
-    }
-    @Override
-    public JsonWebKey jsonToJwk(String jwkJson) {
-        JsonWebKey jwk = new JsonWebKey();
-        fromJsonInternal(jwk, jwkJson);
-        return jwk;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
deleted file mode 100644
index ef594e6..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java
+++ /dev/null
@@ -1,160 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwk;
-
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.rs.security.jose.AbstractJoseObject;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-
-
-public class JsonWebKey extends AbstractJoseObject {
-    
-    public static final String KEY_TYPE = "kty";
-    public static final String PUBLIC_KEY_USE = "use";
-    public static final String KEY_OPERATIONS = "key_ops";
-    public static final String KEY_ALGO = JoseConstants.HEADER_ALGORITHM;
-    public static final String KEY_ID = JoseConstants.HEADER_KEY_ID;
-    public static final String X509_URL = JoseConstants.HEADER_X509_URL;
-    public static final String X509_CHAIN = JoseConstants.HEADER_X509_CHAIN;
-    public static final String X509_THUMBPRINT = JoseConstants.HEADER_X509_THUMBPRINT;
-    public static final String X509_THUMBPRINT_SHA256 = JoseConstants.HEADER_X509_THUMBPRINT_SHA256;
-    
-    public static final String KEY_TYPE_RSA = "RSA";
-    public static final String RSA_MODULUS = "n";
-    public static final String RSA_PUBLIC_EXP = "e";
-    public static final String RSA_PRIVATE_EXP = "d";
-    public static final String RSA_FIRST_PRIME_FACTOR = "p";
-    public static final String RSA_SECOND_PRIME_FACTOR = "q";
-    public static final String RSA_FIRST_PRIME_CRT = "dp";
-    public static final String RSA_SECOND_PRIME_CRT = "dq";
-    public static final String RSA_FIRST_CRT_COEFFICIENT = "qi";
-        
-    public static final String KEY_TYPE_OCTET = "oct";
-    public static final String OCTET_KEY_VALUE = "k";
-    
-    public static final String KEY_TYPE_ELLIPTIC = "EC";
-    public static final String EC_CURVE = "crv";
-    public static final String EC_CURVE_P256 = "P-256";
-    public static final String EC_CURVE_P384 = "P-384";
-    public static final String EC_CURVE_P512 = "P-512";
-    public static final String EC_X_COORDINATE = "x";
-    public static final String EC_Y_COORDINATE = "y";
-    public static final String EC_PRIVATE_KEY = "d";
-    
-    public static final String PUBLIC_KEY_USE_SIGN = "sig";
-    public static final String PUBLIC_KEY_USE_ENCRYPT = "enc";
-    
-    public static final String KEY_OPER_SIGN = "sign";
-    public static final String KEY_OPER_VERIFY = "verify";
-    public static final String KEY_OPER_ENCRYPT = "encrypt";
-    public static final String KEY_OPER_DECRYPT = "decrypt";
-    
-    public JsonWebKey() {
-        
-    }
-    
-    public JsonWebKey(Map<String, Object> values) {
-        super(values);
-    }
-    
-    public void setKeyType(String keyType) {
-        super.setValue(KEY_TYPE, keyType);
-    }
-
-    public String getKeyType() {
-        return (String)super.getValue(KEY_TYPE);
-    }
-
-    public void setPublicKeyUse(String use) {
-        super.setValue(PUBLIC_KEY_USE, use);
-    }
-    
-    public String getPublicKeyUse() {
-        return (String)super.getValue(PUBLIC_KEY_USE);
-    }
-
-    public void setKeyOperation(List<String> keyOperation) {
-        super.setValue(KEY_OPERATIONS, keyOperation);
-    }
-
-    public List<String> getKeyOperation() {
-        return CastUtils.cast((List<?>)super.getValue(KEY_OPERATIONS));
-    }
-    
-    public void setAlgorithm(String algorithm) {
-        super.setValue(KEY_ALGO, algorithm);
-    }
-
-    public String getAlgorithm() {
-        return (String)super.getValue(KEY_ALGO);
-    }
-    
-    public void setKid(String kid) {
-        super.setValue(KEY_ID, kid);
-    }
-
-    public String getKid() {
-        return (String)super.getValue(KEY_ID);
-    }
-    
-    public void setX509Url(String x509Url) {
-        super.setValue(X509_URL, x509Url);
-    }
-    
-    public String getX509Url() {
-        return (String)super.getValue(X509_URL);
-    }
-
-    public void setX509Chain(String x509Chain) {
-        super.setValue(X509_CHAIN, x509Chain);
-    }
-
-    public String getX509Chain() {
-        return (String)super.getValue(X509_CHAIN);
-    }
-    
-    public void setX509Thumbprint(String x509Thumbprint) {
-        super.setValue(X509_THUMBPRINT, x509Thumbprint);
-    }
-    
-    public String getX509Thumbprint() {
-        return (String)super.getValue(X509_THUMBPRINT);
-    }
-    
-    public void setX509ThumbprintSHA256(String x509Thumbprint) {
-        super.setValue(X509_THUMBPRINT_SHA256, x509Thumbprint);
-    }
-    
-    public String getX509ThumbprintSHA256() {
-        return (String)super.getValue(X509_THUMBPRINT_SHA256);
-    }
-    
-    public JsonWebKey setProperty(String name, Object value) {
-        super.setValue(name, value);
-        return this;
-    }
-    
-    public Object getProperty(String name) {
-        return super.getValue(name);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
deleted file mode 100644
index c614622..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwk;
-
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.rs.security.jose.AbstractJoseObject;
-
-public class JsonWebKeys extends AbstractJoseObject {
-    public static final String KEYS_PROPERTY = "keys";
-    public List<JsonWebKey> getKeys() {
-        List<?> list = (List<?>)super.getValue(KEYS_PROPERTY);
-        if (list != null && !list.isEmpty()) {
-            Object first = list.get(0);
-            if (first instanceof JsonWebKey) {
-                return CastUtils.cast(list);
-            } else {
-                List<JsonWebKey> keys = new LinkedList<JsonWebKey>();
-                List<Map<String, Object>> listOfMaps = 
-                    CastUtils.cast((List<?>)super.getValue(KEYS_PROPERTY));
-                for (Map<String, Object> map : listOfMaps) {
-                    keys.add(new JsonWebKey(map));
-                }
-                return keys;
-            }
-        } else {
-            return null;
-        }
-    }
-
-    public void setKeys(List<JsonWebKey> keys) {
-        super.setValue(KEYS_PROPERTY, keys);
-    }
-    
-    public Map<String, JsonWebKey> getKeyIdMap() {
-        List<JsonWebKey> keys = getKeys();
-        if (keys == null) {
-            return Collections.emptyMap();
-        }
-        Map<String, JsonWebKey> map = new LinkedHashMap<String, JsonWebKey>();
-        for (JsonWebKey key : keys) {
-            String kid = key.getKid();
-            if (kid != null) {
-                map.put(kid, key);
-            }
-        }
-        return map;
-    }
-    public JsonWebKey getKey(String kid) {
-        return getKeyIdMap().get(kid);
-    }
-    public Map<String, List<JsonWebKey>> getKeyTypeMap() {
-        return getKeyPropertyMap(JsonWebKey.KEY_TYPE);
-    }
-    public Map<String, List<JsonWebKey>> getKeyUseMap() {
-        return getKeyPropertyMap(JsonWebKey.PUBLIC_KEY_USE);
-    }
-    private Map<String, List<JsonWebKey>> getKeyPropertyMap(String propertyName) {
-        List<JsonWebKey> keys = getKeys();
-        if (keys == null) {
-            return Collections.emptyMap();
-        }
-        Map<String, List<JsonWebKey>> map = new LinkedHashMap<String, List<JsonWebKey>>();
-        for (JsonWebKey key : keys) {
-            String propValue = (String)key.getProperty(propertyName);
-            if (propValue != null) {
-                List<JsonWebKey> list = map.get(propValue);
-                if (list == null) {
-                    list = new LinkedList<JsonWebKey>();
-                    map.put(propValue, list);
-                }
-                list.add(key);
-            }
-        }
-        return map;
-    }
-    public Map<String, List<JsonWebKey>> getKeyOperationMap() {
-        List<JsonWebKey> keys = getKeys();
-        if (keys == null) {
-            return Collections.emptyMap();
-        }
-        Map<String, List<JsonWebKey>> map = new LinkedHashMap<String, List<JsonWebKey>>();
-        for (JsonWebKey key : keys) {
-            List<String> ops = key.getKeyOperation();
-            if (ops != null) {
-                for (String op : ops) {
-                    List<JsonWebKey> list = map.get(op);
-                    if (list == null) {
-                        list = new LinkedList<JsonWebKey>();
-                        map.put(op, list);
-                    }
-                    list.add(key);
-                }
-            }
-        }
-        return map;
-    }
-    public List<JsonWebKey> getKeys(String keyType) {
-        return getKeyTypeMap().get(keyType);
-    }
-    public List<JsonWebKey> getRsaKeys() {
-        return getKeyTypeMap().get(JsonWebKey.KEY_TYPE_RSA);
-    }
-    public List<JsonWebKey> getEllipticKeys() {
-        return getKeyTypeMap().get(JsonWebKey.KEY_TYPE_ELLIPTIC);
-    }
-    public List<JsonWebKey> getSecretKeys() {
-        return getKeyTypeMap().get(JsonWebKey.KEY_TYPE_OCTET);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java
deleted file mode 100644
index 679b7aa..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwk;
-
-
-public interface JwkReaderWriter {
-    String jwkToJson(JsonWebKey jwk);
-    JsonWebKey jsonToJwk(String jwkJson);
-    String jwkSetToJson(JsonWebKeys jwkSet);
-    JsonWebKeys jsonToJwkSet(String jwkSetJson);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
deleted file mode 100644
index c994b1e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ /dev/null
@@ -1,280 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwk;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Collections;
-import java.util.List;
-import java.util.Properties;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
-import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
-
-public final class JwkUtils {
-    public static final String JWK_KEY_STORE_TYPE = "jwk";
-    public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset";
-    public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey";
-    private JwkUtils() {
-        
-    }
-    public static JsonWebKey readJwkKey(InputStream is) throws IOException {
-        return new DefaultJwkReaderWriter().jsonToJwk(IOUtils.readStringFromStream(is));
-    }
-    public static JsonWebKeys readJwkSet(InputStream is) throws IOException {
-        return new DefaultJwkReaderWriter().jsonToJwkSet(IOUtils.readStringFromStream(is));
-    }
-    public static JsonWebKey readJwkKey(String jwkJson) {
-        return new DefaultJwkReaderWriter().jsonToJwk(jwkJson);
-    }
-    public static JsonWebKeys readJwkSet(String jwksJson) {
-        return new DefaultJwkReaderWriter().jsonToJwkSet(jwksJson);
-    }
-    public static String jwkKeyToJson(JsonWebKey jwkKey) {
-        return new DefaultJwkReaderWriter().jwkToJson(jwkKey);
-    }
-    public static String jwkSetToJson(JsonWebKeys jwkSet) {
-        return new DefaultJwkReaderWriter().jwkSetToJson(jwkSet);
-    }
-    public static String encryptJwkSet(JsonWebKeys jwkSet, char[] password) {
-        return encryptJwkSet(jwkSet, password, new DefaultJwkReaderWriter());
-    }
-    public static String encryptJwkSet(JsonWebKeys jwkSet, char[] password, JwkReaderWriter writer) {
-        return encryptJwkSet(jwkSet, createDefaultEncryption(password), writer);
-    }
-    public static String encryptJwkSet(JsonWebKeys jwkSet, JweEncryptionProvider jwe, JwkReaderWriter writer) {
-        return jwe.encrypt(stringToBytes(writer.jwkSetToJson(jwkSet)), "jwk-set+json");
-    }
-    public static JsonWebKeys decryptJwkSet(String jsonJwkSet, char[] password) {
-        return decryptJwkSet(jsonJwkSet, password, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKeys decryptJwkSet(String jsonJwkSet, char[] password, JwkReaderWriter reader) {
-        return decryptJwkSet(jsonJwkSet, createDefaultDecryption(password), reader);
-    }
-    public static JsonWebKeys decryptJwkSet(String jsonJwkSet, JweDecryptionProvider jwe, JwkReaderWriter reader) {
-        return reader.jsonToJwkSet(jwe.decrypt(jsonJwkSet).getContentText());
-    }
-    public static JsonWebKeys decryptJwkSet(InputStream is, char[] password) throws IOException {
-        return decryptJwkSet(is, password, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKeys decryptJwkSet(InputStream is, char[] password, JwkReaderWriter reader) 
-        throws IOException {
-        return decryptJwkSet(is, createDefaultDecryption(password), reader);
-    }
-    public static JsonWebKeys decryptJwkSet(InputStream is, JweDecryptionProvider jwe, JwkReaderWriter reader)
-        throws IOException {
-        return reader.jsonToJwkSet(jwe.decrypt(IOUtils.readStringFromStream(is)).getContentText());
-    }
-    public static String encryptJwkKey(JsonWebKey jwk, char[] password) {
-        return encryptJwkKey(jwk, password, new DefaultJwkReaderWriter());
-    }
-    public static String encryptJwkKey(JsonWebKey jwkKey, char[] password, JwkReaderWriter writer) {
-        return encryptJwkKey(jwkKey, createDefaultEncryption(password), writer);
-    }
-    public static String encryptJwkKey(JsonWebKey jwkKey, JweEncryptionProvider jwe, JwkReaderWriter writer) {
-        return jwe.encrypt(stringToBytes(writer.jwkToJson(jwkKey)), "jwk+json");
-    }
-    public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password) {
-        return decryptJwkKey(jsonJwkKey, password, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password, JwkReaderWriter reader) {
-        return decryptJwkKey(jsonJwkKey, createDefaultDecryption(password), reader);
-    }
-    public static JsonWebKey decryptJwkKey(String jsonJwkKey, JweDecryptionProvider jwe, JwkReaderWriter reader) {
-        return reader.jsonToJwk(jwe.decrypt(jsonJwkKey).getContentText());
-    }
-    public static JsonWebKey decryptJwkKey(InputStream is, char[] password) throws IOException {
-        return decryptJwkKey(is, password, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKey decryptJwkKey(InputStream is, char[] password, JwkReaderWriter reader) 
-        throws IOException {
-        return decryptJwkKey(is, createDefaultDecryption(password), reader);
-    }
-    public static JsonWebKey decryptJwkKey(InputStream is, JweDecryptionProvider jwe, JwkReaderWriter reader) 
-        throws IOException {
-        return reader.jsonToJwk(jwe.decrypt(IOUtils.readStringFromStream(is)).getContentText());
-    }
-    private static JweEncryptionProvider createDefaultEncryption(char[] password) {
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
-        return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption);
-    }
-    private static JweDecryptionProvider createDefaultDecryption(char[] password) {
-        KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
-        return new AesCbcHmacJweDecryption(keyDecryption);
-    }
-    public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb) {
-        return loadJwkSet(m, props, cb, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb, 
-                                         JwkReaderWriter reader) {
-        JsonWebKeys jwkSet = (JsonWebKeys)m.getExchange().get(props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE));
-        if (jwkSet == null) {
-            jwkSet = loadJwkSet(props, m.getExchange().getBus(), cb, reader);
-            m.getExchange().put((String)props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE), jwkSet);
-        }
-        return jwkSet;
-    }
-    public static JsonWebKeys loadJwkSet(Properties props, Bus bus, PrivateKeyPasswordProvider cb) {
-        return loadJwkSet(props, bus, cb, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKeys loadJwkSet(Properties props, Bus bus, PrivateKeyPasswordProvider cb, 
-                                         JwkReaderWriter reader) {
-        JweDecryptionProvider decryption = cb != null
-            ? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm(cb.getPassword(props))) : null;
-        return loadJwkSet(props, bus, decryption, reader);
-    }
-    public static JsonWebKeys loadJwkSet(Properties props, Bus bus, JweDecryptionProvider jwe, JwkReaderWriter reader) {
-        String keyContent = null;
-        String keyStoreLoc = props.getProperty(KeyManagementUtils.RSSEC_KEY_STORE_FILE);
-        if (keyStoreLoc != null) {
-            try {
-                InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
-                keyContent = IOUtils.readStringFromStream(is);
-            } catch (Exception ex) {
-                throw new SecurityException(ex);
-            }
-        } else {
-            keyContent = props.getProperty(RSSEC_KEY_STORE_JWKSET);
-            if (keyContent == null) {
-                keyContent = props.getProperty(RSSEC_KEY_STORE_JWKKEY);
-            }
-        }
-        if (jwe != null) {
-            keyContent = jwe.decrypt(keyContent).getContentText();
-        }
-        if (props.getProperty(RSSEC_KEY_STORE_JWKKEY) == null) {
-            return reader.jsonToJwkSet(keyContent);
-        } else {
-            JsonWebKey key = reader.jsonToJwk(keyContent);
-            JsonWebKeys keys = new JsonWebKeys();
-            keys.setKeys(Collections.singletonList(key));
-            return keys;
-        }
-    }
-    public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper) {
-        return loadJsonWebKey(m, props, keyOper, new DefaultJwkReaderWriter());
-    }
-    public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, JwkReaderWriter reader) {
-        PrivateKeyPasswordProvider cb = 
-            (PrivateKeyPasswordProvider)m.getContextualProperty(KeyManagementUtils.RSSEC_KEY_PSWD_PROVIDER);
-        if (cb == null && keyOper != null) {
-            String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER
-                : keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT) 
-                ? KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
-            if (propName != null) {
-                cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName);
-            }
-        }
-        JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader);
-        String kid = props.getProperty(KeyManagementUtils.RSSEC_KEY_STORE_ALIAS);
-        if (kid == null && keyOper != null) {
-            String keyIdProp = null;
-            if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)) {
-                keyIdProp = KeyManagementUtils.RSSEC_KEY_STORE_ALIAS + ".jwe";
-            } else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN)
-                       || keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) {
-                keyIdProp = KeyManagementUtils.RSSEC_KEY_STORE_ALIAS + ".jws";
-            }
-            if (keyIdProp != null) {
-                kid = props.getProperty(keyIdProp);
-            }
-        }
-        if (kid != null) {
-            return jwkSet.getKey(kid);
-        } else if (keyOper != null) {
-            List<JsonWebKey> keys = jwkSet.getKeyUseMap().get(keyOper);
-            if (keys != null && keys.size() == 1) {
-                return keys.get(0);
-            }
-        }
-        return null;
-    }
-    public static RSAPublicKey toRSAPublicKey(JsonWebKey jwk) {
-        String encodedModulus = (String)jwk.getProperty(JsonWebKey.RSA_MODULUS);
-        String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
-        return CryptoUtils.getRSAPublicKey(encodedModulus, encodedPublicExponent);
-    }
-    public static RSAPrivateKey toRSAPrivateKey(JsonWebKey jwk) {
-        String encodedModulus = (String)jwk.getProperty(JsonWebKey.RSA_MODULUS);
-        String encodedPrivateExponent = (String)jwk.getProperty(JsonWebKey.RSA_PRIVATE_EXP);
-        String encodedPrimeP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR);
-        if (encodedPrimeP == null) {
-            return CryptoUtils.getRSAPrivateKey(encodedModulus, encodedPrivateExponent);
-        } else {
-            String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
-            String encodedPrimeQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR);
-            String encodedPrimeExpP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT);
-            String encodedPrimeExpQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT);
-            String encodedCrtCoefficient = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT);
-            return CryptoUtils.getRSAPrivateKey(encodedModulus, 
-                                                encodedPublicExponent,
-                                                encodedPrivateExponent,
-                                                encodedPrimeP,
-                                                encodedPrimeQ,
-                                                encodedPrimeExpP,
-                                                encodedPrimeExpQ,
-                                                encodedCrtCoefficient);
-        }
-    }
-    public static ECPublicKey toECPublicKey(JsonWebKey jwk) {
-        String eCurve = (String)jwk.getProperty(JsonWebKey.EC_CURVE);
-        String encodedXCoord = (String)jwk.getProperty(JsonWebKey.EC_X_COORDINATE);
-        String encodedYCoord = (String)jwk.getProperty(JsonWebKey.EC_Y_COORDINATE);
-        return CryptoUtils.getECPublicKey(eCurve, encodedXCoord, encodedYCoord);
-    }
-    public static ECPrivateKey toECPrivateKey(JsonWebKey jwk) {
-        String eCurve = (String)jwk.getProperty(JsonWebKey.EC_CURVE);
-        String encodedPrivateKey = (String)jwk.getProperty(JsonWebKey.EC_PRIVATE_KEY);
-        return CryptoUtils.getECPrivateKey(eCurve, encodedPrivateKey);
-    }
-    
-    public static SecretKey toSecretKey(JsonWebKey jwk) {
-        return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), 
-                                               Algorithm.toJavaName(jwk.getAlgorithm()));
-    }
-    private static byte[] stringToBytes(String str) {
-        try {
-            return str.getBytes("UTF-8");
-        } catch (UnsupportedEncodingException ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
deleted file mode 100644
index fd1a390..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-
-public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider {
-    private String algorithm;
-    
-    protected AbstractJwsSignatureProvider(String algo) {
-        this.algorithm = algo;
-    }
-    
-    protected JwsHeaders prepareHeaders(JwsHeaders headers) {
-        if (headers == null) {
-            headers = new JwsHeaders();
-        }
-        String algo = headers.getAlgorithm();
-        if (algo != null) {
-            checkAlgorithm(algo);
-        } else {
-            checkAlgorithm(algorithm);
-            headers.setAlgorithm(algorithm);
-        }
-        return headers;
-    }
-    @Override
-    public String getAlgorithm() {
-        return algorithm;    
-    }
-    @Override
-    public JwsSignature createJwsSignature(JwsHeaders headers) {
-        return doCreateJwsSignature(prepareHeaders(headers));
-    }
-    
-    protected abstract JwsSignature doCreateJwsSignature(JwsHeaders headers);
-    
-    protected void checkAlgorithm(String algo) {
-        if (algo == null) {
-            throw new SecurityException();
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
deleted file mode 100644
index b6da904..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.SecureRandom;
-import java.security.interfaces.ECPrivateKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class EcDsaJwsSignatureProvider extends PrivateKeyJwsSignatureProvider {
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, String algo) {
-        this(key, null, algo);
-    }
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, String algo) {
-        this(key, null, spec, algo);
-    }
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec spec, 
-                                     String algo) {
-        super(key, random, spec, algo);
-    }
-    @Override
-    protected boolean isValidAlgorithmFamily(String algo) {
-        return Algorithm.isEcDsaSign(algo);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
deleted file mode 100644
index 97a8991..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier {
-    public EcDsaJwsSignatureVerifier(PublicKey key) {
-        this(key, null);
-    }
-    public EcDsaJwsSignatureVerifier(PublicKey key, String supportedAlgo) {
-        this(key, null, supportedAlgo);
-    }
-    public EcDsaJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) {
-        super(key, spec, supportedAlgo);
-    }
-    @Override
-    protected boolean isValidAlgorithmFamily(String algo) {
-        return Algorithm.isEcDsaSign(algo);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
deleted file mode 100644
index 3808d4e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Mac;
-
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
-    private byte[] key;
-    private AlgorithmParameterSpec hmacSpec;
-    
-    public HmacJwsSignatureProvider(byte[] key, String algo) {
-        this(key, null, algo);
-    }
-    public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, String algo) {
-        super(algo);
-        this.key = key;
-        this.hmacSpec = spec;
-    }
-    public HmacJwsSignatureProvider(String encodedKey, String algo) {
-        super(algo);
-        try {
-            this.key = Base64UrlUtility.decode(encodedKey);
-        } catch (Base64Exception ex) {
-            throw new SecurityException();
-        }
-    }
-    
-    protected JwsSignature doCreateJwsSignature(JwsHeaders headers) {
-        final Mac mac = HmacUtils.getInitializedMac(key, Algorithm.toJavaName(headers.getAlgorithm()),
-                                                    hmacSpec);
-        return new JwsSignature() {
-
-            @Override
-            public void update(byte[] src, int off, int len) {
-                mac.update(src, off, len);
-            }
-
-            @Override
-            public byte[] sign() {
-                return mac.doFinal();
-            }
-            
-        };
-    }
-    @Override
-    protected void checkAlgorithm(String algo) {
-        super.checkAlgorithm(algo);
-        if (!Algorithm.isHmacSign(algo)) {
-            throw new SecurityException();
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
deleted file mode 100644
index 4ad9c27..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-
-public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
-    private byte[] key;
-    private AlgorithmParameterSpec hmacSpec;
-    private String supportedAlgo;
-    
-    public HmacJwsSignatureVerifier(byte[] key) {
-        this(key, null);
-    }
-    public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec) {
-        this(key, spec, null);
-    }
-    public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, String supportedAlgo) {
-        this.key = key;
-        this.hmacSpec = spec;
-        this.supportedAlgo = supportedAlgo;
-    }
-    public HmacJwsSignatureVerifier(String encodedKey) {
-        this(encodedKey, null);
-    }
-    public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) {
-        try {
-            this.key = Base64UrlUtility.decode(encodedKey);
-        } catch (Base64Exception ex) {
-            throw new SecurityException();
-        }
-        this.supportedAlgo = supportedAlgo;
-    }
-    
-    @Override
-    public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) {
-        byte[] expected = computeMac(headers, unsignedText);
-        return Arrays.equals(expected, signature);
-    }
-    
-    private byte[] computeMac(JwtHeaders headers, String text) {
-        return HmacUtils.computeHmac(key, 
-                                     Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())),
-                                     hmacSpec,
-                                     text);
-    }
-    
-    protected String checkAlgorithm(String algo) {
-        if (algo == null 
-            || !Algorithm.isHmacSign(algo)
-            || supportedAlgo != null && !supportedAlgo.equals(algo)) {
-            throw new SecurityException();
-        }
-        return algo;
-    }
-}


Mime
View raw message