cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [05/10] [CXF-5944] Finalizing the current round of refactorings with introducing a dedicated rt rs security module, idea from Luigi Lo Iacono
Date Mon, 06 Oct 2014 17:30:42 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
deleted file mode 100644
index a1bd5cf..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.Properties;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
-import org.apache.cxf.rs.security.jose.jwe.AesGcmContentDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweDecryption;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweDecryption;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-
-public class AbstractJweDecryptingFilter {
-    private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
-    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";    
-    private JweDecryptionProvider decryption;
-    private String defaultMediaType;
-    protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
-        JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider();
-        JweDecryptionOutput out = theDecryptor.decrypt(new String(IOUtils.readBytesFromStream(is), "UTF-8"));
-        validateHeaders(out.getHeaders());
-        return out;
-    }
-
-    protected void validateHeaders(JweHeaders headers) {
-        // complete
-    }
-    public void setDecryptionProvider(JweDecryptionProvider decryptor) {
-        this.decryption = decryptor;
-    }
-    protected JweDecryptionProvider getInitializedDecryptionProvider() {
-        if (decryption != null) {
-            return decryption;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            KeyDecryptionAlgorithm keyDecryptionProvider = null;
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
-            SecretKey ctDecryptionKey = null;
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-                String keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
-                if ("direct".equals(keyEncryptionAlgo)) {
-                    contentEncryptionAlgo = getContentEncryptionAlgo(props, contentEncryptionAlgo);
-                    ctDecryptionKey = JweUtils.getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
-                } else {
-                    keyDecryptionProvider = JweUtils.getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo);
-                }
-            } else {
-                keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(
-                    (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(
-                        m, props, KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
-            }
-            if (keyDecryptionProvider == null && ctDecryptionKey == null) {
-                throw new SecurityException();
-            }
-            if (keyDecryptionProvider != null) {
-                if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { 
-                    return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentEncryptionAlgo);
-                } else {
-                    return new WrappedKeyJweDecryption(keyDecryptionProvider, 
-                                                       new AesGcmContentDecryptionAlgorithm(contentEncryptionAlgo));
-                }
-            } else {
-                return new DirectKeyJweDecryption(ctDecryptionKey, 
-                                                  new AesGcmContentDecryptionAlgorithm(contentEncryptionAlgo));
-            }
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-        
-    }
-    
-    private String getKeyEncryptionAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : algo;
-    }
-    private String getContentEncryptionAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP) : algo;
-    }
-    public String getDefaultMediaType() {
-        return defaultMediaType;
-    }
-
-    public void setDefaultMediaType(String defaultMediaType) {
-        this.defaultMediaType = defaultMediaType;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
deleted file mode 100644
index 6902e97..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Properties;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier;
-
-public class AbstractJwsReaderProvider {
-    private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
-    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
-    
-    
-    private JwsSignatureVerifier sigVerifier;
-    private String defaultMediaType;
-    
-    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
-        this.sigVerifier = signatureVerifier;
-    }
-
-    protected JwsSignatureVerifier getInitializedSigVerifier() {
-        if (sigVerifier != null) {
-            return sigVerifier;    
-        } 
-        
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            JwsSignatureVerifier theVerifier = null;
-            String rsaSignatureAlgo = null;
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
-                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
-                theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
-                
-            } else {
-                theVerifier = new PublicKeyJwsSignatureVerifier(
-                                  (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props));
-            }
-            return theVerifier;
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-
-    public String getDefaultMediaType() {
-        return defaultMediaType;
-    }
-
-    public void setDefaultMediaType(String defaultMediaType) {
-        this.defaultMediaType = defaultMediaType;
-    }
-    
-    private String getSignatureAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP) : algo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
deleted file mode 100644
index 480f83d..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.interfaces.RSAPrivateKey;
-import java.util.Properties;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rs.security.jose.jws.PrivateKeyJwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-
-public class AbstractJwsWriterProvider {
-    private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
-    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
-    
-    private JwsSignatureProvider sigProvider;
-    
-    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
-        this.sigProvider = signatureProvider;
-    }
-    
-    protected JwsSignatureProvider getInitializedSigProvider(JwtHeaders headers) {
-        if (sigProvider != null) {
-            return sigProvider;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        try {
-            Properties props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
-            JwsSignatureProvider theSigProvider = null; 
-            String rsaSignatureAlgo = null;
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
-                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
-                theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
-            } else {
-                rsaSignatureAlgo = getSignatureAlgo(props, null);
-                RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props, 
-                    KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
-                theSigProvider = new PrivateKeyJwsSignatureProvider(pk, rsaSignatureAlgo);
-            }
-            if (theSigProvider == null) {
-                throw new SecurityException();
-            }
-            headers.setAlgorithm(rsaSignatureAlgo);
-            return theSigProvider;
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    protected void writeJws(JwsCompactProducer p, JwsSignatureProvider theSigProvider, OutputStream os) 
-        throws IOException {
-        p.signWith(theSigProvider);
-        IOUtils.copy(new ByteArrayInputStream(p.getSignedEncodedJws().getBytes("UTF-8")), os);
-    }
-    private String getSignatureAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP) : algo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
deleted file mode 100644
index d04d4c2..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientResponseContext;
-import javax.ws.rs.client.ClientResponseFilter;
-
-import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
-
-@Priority(Priorities.JWE_CLIENT_READ_PRIORITY)
-public class JweClientResponseFilter extends AbstractJweDecryptingFilter implements ClientResponseFilter {
-    @Override
-    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
-        JweDecryptionOutput out = decrypt(res.getEntityStream());
-        byte[] bytes = out.getContent();
-        res.setEntityStream(new ByteArrayInputStream(bytes));
-        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            res.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
deleted file mode 100644
index c58fe7e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-
-import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
-
-@PreMatching
-@Priority(Priorities.JWE_SERVER_READ_PRIORITY)
-public class JweContainerRequestFilter extends AbstractJweDecryptingFilter implements ContainerRequestFilter {
-    @Override
-    public void filter(ContainerRequestContext context) throws IOException {
-        JweDecryptionOutput out = decrypt(context.getEntityStream());
-        byte[] bytes = out.getContent();
-        context.setEntityStream(new ByteArrayInputStream(bytes));
-        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            context.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
deleted file mode 100644
index d35c519..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ /dev/null
@@ -1,200 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Properties;
-import java.util.zip.DeflaterOutputStream;
-
-import javax.annotation.Priority;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.ext.WriterInterceptor;
-import javax.ws.rs.ext.WriterInterceptorContext;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
-import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.ContentEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
-import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState;
-import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
-import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweEncryption;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-
-@Priority(Priorities.JWE_WRITE_PRIORITY)
-public class JweWriterInterceptor implements WriterInterceptor {
-    private static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
-    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
-    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
-    private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
-    private JweEncryptionProvider encryptionProvider;
-    private boolean contentTypeRequired = true;
-    private boolean useJweOutputStream;
-    private JoseHeadersWriter writer = new JoseHeadersReaderWriter();
-    @Override
-    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
-        
-        OutputStream actualOs = ctx.getOutputStream();
-        
-        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
-        
-        String ctString = null;
-        if (contentTypeRequired) {
-            MediaType mt = ctx.getMediaType();
-            if (mt != null) {
-                if ("application".equals(mt.getType())) {
-                    ctString = mt.getSubtype();
-                } else {
-                    ctString = JAXRSUtils.mediaTypeToString(mt);
-                }
-            }
-        }
-        
-        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
-        if (useJweOutputStream) {
-            JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(ctString);
-            try {
-                JweCompactProducer.startJweContent(actualOs,
-                                                   encryption.getHeaders(), 
-                                                   writer, 
-                                                   encryption.getContentEncryptionKey(), 
-                                                   encryption.getIv());
-            } catch (IOException ex) {
-                throw new SecurityException(ex);
-            }
-            OutputStream jweStream = new JweOutputStream(actualOs, encryption.getCipher(), 
-                                                         encryption.getAuthTagProducer());
-            if (encryption.isCompressionSupported()) {
-                jweStream = new DeflaterOutputStream(jweStream);
-            }
-            
-            ctx.setOutputStream(jweStream);
-            ctx.proceed();
-            jweStream.flush();
-        } else {
-            CachedOutputStream cos = new CachedOutputStream(); 
-            ctx.setOutputStream(cos);
-            ctx.proceed();
-            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), ctString);
-            IOUtils.copy(new ByteArrayInputStream(jweContent.getBytes("UTF-8")), actualOs);
-            actualOs.flush();
-        }
-    }
-    
-    protected JweEncryptionProvider getInitializedEncryptionProvider() {
-        if (encryptionProvider != null) {
-            return encryptionProvider;    
-        } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
-        try {
-            KeyEncryptionAlgorithm keyEncryptionProvider = null;
-            String keyEncryptionAlgo = null;
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
-            ContentEncryptionAlgorithm ctEncryptionProvider = null;
-            if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-                keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
-                if ("direct".equals(keyEncryptionAlgo)) {
-                    contentEncryptionAlgo = getContentEncryptionAlgo(props, jwk.getAlgorithm());
-                    ctEncryptionProvider = JweUtils.getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
-                } else {
-                    keyEncryptionProvider = JweUtils.getKeyEncryptionAlgorithm(jwk, keyEncryptionAlgo);
-                }
-                
-            } else {
-                keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(
-                    (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), 
-                    getKeyEncryptionAlgo(props, keyEncryptionAlgo));
-            }
-            if (keyEncryptionProvider == null && ctEncryptionProvider == null) {
-                throw new SecurityException();
-            }
-            
-            
-            JweHeaders headers = new JweHeaders(getKeyEncryptionAlgo(props, keyEncryptionAlgo), 
-                                                contentEncryptionAlgo);
-            String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
-            if (compression != null) {
-                headers.setZipAlgorithm(compression);
-            }
-            if (keyEncryptionProvider != null) {
-                if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { 
-                    return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider);
-                } else {
-                    return new WrappedKeyJweEncryption(headers, 
-                                                       keyEncryptionProvider,
-                                                       new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgo));
-                }
-            } else {
-                return new DirectKeyJweEncryption(ctEncryptionProvider);
-            }
-        } catch (SecurityException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    private String getKeyEncryptionAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : algo;
-    }
-    private String getContentEncryptionAlgo(Properties props, String algo) {
-        return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP) : algo;
-    }
-    public void setUseJweOutputStream(boolean useJweOutputStream) {
-        this.useJweOutputStream = useJweOutputStream;
-    }
-
-    public void setWriter(JoseHeadersWriter writer) {
-        this.writer = writer;
-    }
-
-    public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
-        this.encryptionProvider = encryptionProvider;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
deleted file mode 100644
index 64a1cfa..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientResponseContext;
-import javax.ws.rs.client.ClientResponseFilter;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-
-@Priority(Priorities.JWS_CLIENT_READ_PRIORITY)
-public class JwsClientResponseFilter extends AbstractJwsReaderProvider implements ClientResponseFilter {
-    @Override
-    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
-        if (!p.verifySignatureWith(theSigVerifier)) {
-            throw new SecurityException();
-        }
-        byte[] bytes = p.getDecodedJwsPayloadBytes();
-        res.setEntityStream(new ByteArrayInputStream(bytes));
-        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            res.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
deleted file mode 100644
index fbd051d..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-
-@PreMatching
-@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
-public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter {
-    @Override
-    public void filter(ContainerRequestContext context) throws IOException {
-        
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
-        if (!p.verifySignatureWith(theSigVerifier)) {
-            context.abortWith(JAXRSUtils.toResponse(400));
-            return;
-        }
-        byte[] bytes = p.getDecodedJwsPayloadBytes();
-        context.setEntityStream(new ByteArrayInputStream(bytes));
-        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        
-        String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            context.getHeaders().putSingle("Content-Type", ct);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java
deleted file mode 100644
index b1c1f53..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyReader.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyReader;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-
-public class JwsJwtMessageBodyReader extends AbstractJwsReaderProvider 
-    implements MessageBodyReader<JwtToken> {
-    
-    @Override
-    public boolean isReadable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return cls == JwtToken.class;
-    }
-
-    @Override
-    public JwtToken readFrom(Class<JwtToken> cls, Type t, Annotation[] anns, MediaType mt,
-                             MultivaluedMap<String, String> headers, InputStream is) throws IOException,
-        WebApplicationException {
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        JwsJwtCompactConsumer p = new JwsJwtCompactConsumer(IOUtils.readStringFromStream(is));
-        p.verifySignatureWith(theSigVerifier);
-        return p.getJwtToken();
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java
deleted file mode 100644
index e700ff7..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJwtMessageBodyWriter.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyWriter;
-
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-
-public class JwsJwtMessageBodyWriter  extends AbstractJwsWriterProvider 
-    implements MessageBodyWriter<JwtToken> {
-    
-    @Override
-    public long getSize(JwtToken token, Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return -1;
-    }
-
-    @Override
-    public boolean isWriteable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
-        return cls == JwtToken.class;
-    }
-
-    @Override
-    public void writeTo(JwtToken token, Class<?> cls, Type type, Annotation[] anns, MediaType mt,
-                        MultivaluedMap<String, Object> headers, OutputStream os) throws IOException,
-        WebApplicationException {
-        JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
-        JwtHeaders jwtHeaders = new JwtHeaders();
-        JwsSignatureProvider sigProvider = getInitializedSigProvider(jwtHeaders);
-        jwtHeaders.setContentType(JoseConstants.TYPE_JWT);
-        writeJws(p, sigProvider, os);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
deleted file mode 100644
index 56279e5..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.annotation.Priority;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.ext.WriterInterceptor;
-import javax.ws.rs.ext.WriterInterceptorContext;
-
-import org.apache.cxf.common.util.Base64UrlOutputStream;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
-import org.apache.cxf.rs.security.jose.jws.JwsOutputStream;
-import org.apache.cxf.rs.security.jose.jws.JwsSignature;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-
-@Priority(Priorities.JWS_WRITE_PRIORITY)
-public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor {
-    private boolean contentTypeRequired = true;
-    private boolean useJwsOutputStream;
-    private JoseHeadersWriter writer = new JoseHeadersReaderWriter();
-    @Override
-    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
-        JwsHeaders headers = new JwsHeaders();
-        JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
-        setContentTypeIfNeeded(headers, ctx);
-        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
-        OutputStream actualOs = ctx.getOutputStream();
-        if (useJwsOutputStream) {
-            JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
-            JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature);
-            byte[] headerBytes = writer.headersToJson(headers).getBytes("UTF-8");
-            Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
-            jwsStream.write(new byte[]{'.'});
-                        
-            Base64UrlOutputStream base64Stream = new Base64UrlOutputStream(jwsStream);
-            ctx.setOutputStream(base64Stream);
-            ctx.proceed();
-            base64Stream.flush();
-            jwsStream.flush();
-        } else {
-            CachedOutputStream cos = new CachedOutputStream(); 
-            ctx.setOutputStream(cos);
-            ctx.proceed();
-            JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), "UTF-8"));
-            writeJws(p, sigProvider, actualOs);
-        }
-    }
-    
-    public void setContentTypeRequired(boolean contentTypeRequired) {
-        this.contentTypeRequired = contentTypeRequired;
-    }
-    
-    public void setUseJwsOutputStream(boolean useJwsOutputStream) {
-        this.useJwsOutputStream = useJwsOutputStream;
-    }
-    public void setWriter(JoseHeadersWriter writer) {
-        this.writer = writer;
-    }
-    private void setContentTypeIfNeeded(JwtHeaders headers, WriterInterceptorContext ctx) {    
-        if (contentTypeRequired) {
-            MediaType mt = ctx.getMediaType();
-            if (mt != null 
-                && !JAXRSUtils.mediaTypeToString(mt).equals(JoseConstants.MEDIA_TYPE_JOSE_JSON)) {
-                if ("application".equals(mt.getType())) {
-                    headers.setContentType(mt.getSubtype());
-                } else {
-                    headers.setContentType(JAXRSUtils.mediaTypeToString(mt));
-                }
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
deleted file mode 100644
index 369e072..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.Properties;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.security.SecurityContext;
-
-
-/**
- * Encryption helpers
- */
-public final class KeyManagementUtils {
-    public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type";
-    public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password";
-    public static final String RSSEC_KEY_PSWD = "rs.security.key.password";
-    public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias";
-    public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file";
-    public static final String RSSEC_PRINCIPAL_NAME = "rs.security.principal.name";
-    public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider";
-    public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
-    public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
-    
-    private KeyManagementUtils() {
-    }
-    
-    public static PublicKey loadPublicKey(Message m, Properties props) {
-        KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props);
-        return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
-    }
-    public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
-        return loadPublicKey(m, keyStoreLocProp, null);
-    }
-    public static PublicKey loadPublicKey(Message m, String keyStoreLocPropPreferred, String keyStoreLocPropDefault) {
-        String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
-        Bus bus = m.getExchange().getBus();
-        try {
-            Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
-            return KeyManagementUtils.loadPublicKey(m, props);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    private static String getMessageProperty(Message m, String keyStoreLocPropPreferred, 
-                                             String keyStoreLocPropDefault) {
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        return propLoc;
-    }
-    public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider provider) {
-        KeyStore keyStore = loadKeyStore(props, bus);
-        return loadPrivateKey(keyStore, props, bus, provider);
-    }
-    public static PrivateKey loadPrivateKey(KeyStore keyStore, 
-                                            Properties props, 
-                                            Bus bus, 
-                                            PrivateKeyPasswordProvider provider) {
-        
-        String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
-        String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
-        char[] keyPswdChars = provider != null ? provider.getPassword(props) 
-            : keyPswd != null ? keyPswd.toCharArray() : null;    
-        return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, alias);
-    }
-    
-    public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp) {
-        return loadPrivateKey(m, keyStoreLocProp, null, passwordProviderProp);
-    }
-    public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred,
-                                            String keyStoreLocPropDefault, String passwordProviderProp) {
-        String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
-        Bus bus = m.getExchange().getBus();
-        try {
-            Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
-            return KeyManagementUtils.loadPrivateKey(m, props, passwordProviderProp);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    public static PrivateKey loadPrivateKey(Message m, Properties props, String passwordProviderProp) {
-        Bus bus = m.getExchange().getBus();
-        KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props);
-        PrivateKeyPasswordProvider cb = 
-            (PrivateKeyPasswordProvider)m.getContextualProperty(passwordProviderProp);
-        if (cb != null && m.getExchange().getInMessage() != null) {
-            SecurityContext sc = m.getExchange().getInMessage().get(SecurityContext.class);
-            if (sc != null) {
-                Principal p = sc.getUserPrincipal();
-                if (p != null) {
-                    props.setProperty(RSSEC_PRINCIPAL_NAME, p.getName());
-                }
-            }
-        }
-        return KeyManagementUtils.loadPrivateKey(keyStore, props, bus, cb);
-    }
-    public static KeyStore loadPersistKeyStore(Message m, Properties props) {
-        KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE));
-        if (keyStore == null) {
-            keyStore = KeyManagementUtils.loadKeyStore(props, m.getExchange().getBus());
-            m.getExchange().put((String)props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE), keyStore);
-        }
-        return keyStore;
-    }
-    public static KeyStore loadKeyStore(Properties props, Bus bus) {
-        String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
-        String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
-        String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
-        try {
-            InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
-            return CryptoUtils.loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
deleted file mode 100644
index fc48ebc..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-public final class Priorities {
-    public static final int JWE_SERVER_READ_PRIORITY = 1000;
-    public static final int JWE_WRITE_PRIORITY = 1000;
-    public static final int JWE_CLIENT_READ_PRIORITY = 1001;
-    public static final int JWS_SERVER_READ_PRIORITY = 1001;
-    public static final int JWS_WRITE_PRIORITY = 1001;
-    public static final int JWS_CLIENT_READ_PRIORITY = 1000;
-    private Priorities() {
-        
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
deleted file mode 100644
index bfcde49..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.util.Properties;
-
-public interface PrivateKeyPasswordProvider {
-    char[] getPassword(Properties storeProperties); 
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
deleted file mode 100644
index 89ac29d..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ /dev/null
@@ -1,227 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.JoseConstants;
-
-
-
-public enum Algorithm {
-    // Signature
-    HmacSHA256(JoseConstants.HMAC_SHA_256_ALGO, 256),
-    HmacSHA384(JoseConstants.HMAC_SHA_384_ALGO, 384),
-    HmacSHA512(JoseConstants.HMAC_SHA_512_ALGO, 512),
-    
-    SHA256withRSA(JoseConstants.RS_SHA_256_ALGO, 256),
-    SHA384withRSA(JoseConstants.RS_SHA_384_ALGO, 384),
-    SHA512withRSA(JoseConstants.RS_SHA_512_ALGO, 512),
-    
-    SHA256withECDSA(JoseConstants.ES_SHA_256_ALGO, 256),
-    SHA384withECDSA(JoseConstants.ES_SHA_384_ALGO, 384),
-    SHA512withECDSA(JoseConstants.ES_SHA_512_ALGO, 512),
-    
-    // Key Encryption
-    RSA_OAEP(JoseConstants.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
-    RSA_OAEP_256(JoseConstants.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
-    RSA_1_5(JoseConstants.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
-    A128KW(JoseConstants.A128KW_ALGO, "AESWrap", 128),
-    A192KW(JoseConstants.A192KW_ALGO, "AESWrap", 192),
-    A256KW(JoseConstants.A256KW_ALGO, "AESWrap", 256),
-    A128GCMKW(JoseConstants.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCMKW(JoseConstants.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCMKW(JoseConstants.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
-    PBES2_HS256_A128KW(JoseConstants.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
-    PBES2_HS384_A192KW(JoseConstants.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
-    PBES2_HS512_A256KW(JoseConstants.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
-    
-    // Content Encryption
-    A128GCM(JoseConstants.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCM(JoseConstants.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCM(JoseConstants.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
-    A128CBC_HS256(JoseConstants.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
-    A192CBC_HS384(JoseConstants.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
-    A256CBC_HS512(JoseConstants.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
-    
-    public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
-    public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
-    public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
-    public static final String RS_SHA_256_JAVA = "SHA256withRSA";
-    public static final String RS_SHA_384_JAVA = "SHA384withRSA";
-    public static final String RS_SHA_512_JAVA = "SHA512withRSA";
-    public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
-    public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
-    public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
-    public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
-    public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
-    public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
-    public static final String AES_ALGO_JAVA = "AES";
-    public static final String AES_WRAP_ALGO_JAVA = "AESWrap";
-    public static final String AES_GCM_ALGO_JAVA = "AES/GCM/NoPadding";
-    public static final String AES_CBC_ALGO_JAVA = "AES/CBC/PKCS7Padding";
-    
-    private static final Map<String, String> JAVA_TO_JWT_NAMES;
-    private static final Map<String, String> JWT_TO_JAVA_NAMES;
-    static {
-        JAVA_TO_JWT_NAMES = new HashMap<String, String>();
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_256_JAVA, JoseConstants.HMAC_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_384_JAVA, JoseConstants.HMAC_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_512_JAVA, JoseConstants.HMAC_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_256_JAVA, JoseConstants.RS_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JoseConstants.RS_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JoseConstants.RS_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_256_JAVA, JoseConstants.ES_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_384_JAVA, JoseConstants.ES_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_512_JAVA, JoseConstants.ES_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JoseConstants.RSA_OAEP_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JoseConstants.RSA_OAEP_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JoseConstants.RSA_1_5_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A256GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A192GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A128GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A128KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A192KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A256KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A128CBC_HS256_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A192CBC_HS384_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A256CBC_HS512_ALGO);
-        JWT_TO_JAVA_NAMES = new HashMap<String, String>();
-        JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_256_ALGO, RS_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_256_ALGO, ES_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_384_ALGO, ES_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_512_ALGO, ES_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-    }
-    private final String jwtName;
-    private final String javaName;
-    private final int keySizeBits;
-    
-    private Algorithm(String jwtName, int keySizeBits) {
-        this(jwtName, null, keySizeBits);
-    }
-    private Algorithm(String jwtName, String javaName, int keySizeBits) {
-        this.jwtName = jwtName;
-        this.javaName = javaName;
-        this.keySizeBits = keySizeBits;
-    }
-
-    public String getJwtName() {
-        return jwtName;
-    }
-
-    public String getJavaName() {
-        return javaName == null ? name() : javaName;
-    }
-    
-    public String getJavaAlgoName() {
-        return stripAlgoProperties(getJavaName());
-    }
-
-    public int getKeySizeBits() {
-        return keySizeBits;
-    }
-    
-    public static String toJwtName(String javaName, int keyBitSize) {
-        //TODO: perhaps a key should be a name+keysize pair
-        String name = JAVA_TO_JWT_NAMES.get(javaName);
-        if (name == null && javaName.startsWith(AES_ALGO_JAVA)) {
-            name = "A" + keyBitSize + "GCM";
-        } 
-        return name;
-    }
-    public static String toJavaName(String jwtName) {    
-        return JWT_TO_JAVA_NAMES.get(jwtName);
-    }
-    public static String toJavaAlgoNameOnly(String jwtName) {    
-        return stripAlgoProperties(toJavaName(jwtName));
-    }
-    public static String stripAlgoProperties(String javaName) {    
-        if (javaName != null) {
-            int index = javaName.indexOf('/');
-            if (index != -1) {
-                javaName = javaName.substring(0, index);
-            }
-        }
-        return javaName;
-    }
-    public static boolean isRsaOaep(String algo) {
-        return JoseConstants.RSA_OAEP_ALGO.equals(algo)
-               || JoseConstants.RSA_OAEP_256_ALGO.equals(algo);
-    }
-    public static boolean isAesKeyWrap(String algo) {
-        return JoseConstants.A128KW_ALGO.equals(algo)
-               || JoseConstants.A192KW_ALGO.equals(algo)
-               || JoseConstants.A256KW_ALGO.equals(algo);
-    }
-    public static boolean isAesGcmKeyWrap(String algo) {
-        return JoseConstants.A128GCMKW_ALGO.equals(algo)
-               || JoseConstants.A192GCMKW_ALGO.equals(algo)
-               || JoseConstants.A256GCMKW_ALGO.equals(algo);
-    }
-    public static boolean isAesGcm(String algo) {
-        return JoseConstants.A128GCM_ALGO.equals(algo)
-               || JoseConstants.A192GCM_ALGO.equals(algo)
-               || JoseConstants.A256GCM_ALGO.equals(algo);
-    }
-    public static boolean isAesCbcHmac(String algo) {
-        return JoseConstants.A128CBC_HS256_ALGO.equals(algo)
-            || JoseConstants.A192CBC_HS384_ALGO.equals(algo)
-            || JoseConstants.A256CBC_HS512_ALGO.equals(algo); 
-    }
-    public static boolean isHmacSign(String algo) {
-        return JoseConstants.HMAC_SHA_256_ALGO.equals(algo)
-            || JoseConstants.HMAC_SHA_384_ALGO.equals(algo)
-            || JoseConstants.HMAC_SHA_512_ALGO.equals(algo); 
-    }
-    public static boolean isRsaShaSign(String algo) {
-        return JoseConstants.RS_SHA_256_ALGO.equals(algo)
-            || JoseConstants.RS_SHA_384_ALGO.equals(algo)
-            || JoseConstants.RS_SHA_512_ALGO.equals(algo); 
-    }
-    public static boolean isEcDsaSign(String algo) {
-        return JoseConstants.ES_SHA_256_ALGO.equals(algo)
-            || JoseConstants.ES_SHA_384_ALGO.equals(algo)
-            || JoseConstants.ES_SHA_512_ALGO.equals(algo); 
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
deleted file mode 100644
index 770ee56..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.concurrent.atomic.AtomicInteger;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentEncryptionAlgorithm {
-    private static final int DEFAULT_IV_SIZE = 128;
-    private byte[] cek;
-    private byte[] iv;
-    private AtomicInteger providedIvUsageCount;
-    private String algorithm;
-    
-    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
-        this.cek = cek;
-        this.iv = iv;
-        if (iv != null && iv.length > 0) {
-            providedIvUsageCount = new AtomicInteger();
-        }    
-        this.algorithm = algo;
-    }
-    @Override
-    public String getAlgorithm() { 
-        return algorithm;
-    }
-    public byte[] getContentEncryptionKey(JweHeaders headers) {
-        return cek;
-    }
-    public byte[] getInitVector() {
-        if (iv == null) {
-            return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8);
-        } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1) {
-            throw new SecurityException();
-        } else {
-            return iv;
-        }
-    }
-    protected int getIvSize() { 
-        return DEFAULT_IV_SIZE;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
deleted file mode 100644
index bc30979..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
-    private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
-    
-    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
-    }
-    public byte[] getAdditionalAuthenticationData(String headersJson) {
-        return JweHeaders.toCipherAdditionalAuthData(headersJson);
-    }
-    protected int getAuthTagLen() {
-        return authTagLen;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
deleted file mode 100644
index 45d3ee7..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public abstract class AbstractJweDecryption implements JweDecryptionProvider {
-    private KeyDecryptionAlgorithm keyDecryptionAlgo;
-    private ContentDecryptionAlgorithm contentDecryptionAlgo;
-    private JoseHeadersReader reader = new JoseHeadersReaderWriter();
-    protected AbstractJweDecryption(JoseHeadersReader theReader,
-                                    KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                    ContentDecryptionAlgorithm contentDecryptionAlgo) {
-        if (theReader != null) {
-            reader = theReader;
-        }
-        this.keyDecryptionAlgo = keyDecryptionAlgo;
-        this.contentDecryptionAlgo = contentDecryptionAlgo;
-    }
-    
-    protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
-        return this.keyDecryptionAlgo.getDecryptedContentEncryptionKey(consumer);
-    }
-    
-    public JweDecryptionOutput decrypt(String content) {
-        JweCompactConsumer consumer = new JweCompactConsumer(content, reader);
-        return doDecrypt(consumer);
-    }
-    public byte[] decrypt(JweCompactConsumer consumer) {
-        return doDecrypt(consumer).getContent();
-    }
-    
-    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer) {
-        byte[] cek = getContentEncryptionKey(consumer);
-        return doDecrypt(consumer, cek);
-    }
-    protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer, byte[] cek) {
-        KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(consumer));
-        keyProperties.setAdditionalData(getContentEncryptionCipherAAD(consumer));
-        AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(consumer);
-        keyProperties.setAlgoSpec(spec);
-        boolean compressionSupported = 
-            JoseConstants.DEFLATE_ZIP_ALGORITHM.equals(consumer.getJweHeaders().getZipAlgorithm());
-        keyProperties.setCompressionSupported(compressionSupported);
-        byte[] actualCek = getActualCek(cek, consumer.getJweHeaders().getContentEncryptionAlgorithm());
-        Key secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
-        byte[] bytes = 
-            CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(consumer), secretKey, keyProperties);
-        return new JweDecryptionOutput(consumer.getJweHeaders(), bytes);
-    }
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        return consumer.getEncryptedContentEncryptionKey();
-    }
-    protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweCompactConsumer consumer) {
-        return contentDecryptionAlgo.getAlgorithmParameterSpec(getContentEncryptionCipherInitVector(consumer));
-    }
-    protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
-        return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
-    }
-    protected byte[] getContentEncryptionCipherAAD(JweCompactConsumer consumer) {
-        return contentDecryptionAlgo.getAdditionalAuthenticationData(consumer.getDecodedJsonHeaders());
-    }
-    protected byte[] getEncryptedContentWithAuthTag(JweCompactConsumer consumer) {
-        return contentDecryptionAlgo.getEncryptedSequence(consumer.getJweHeaders(),
-                                                          consumer.getEncryptedContent(), 
-                                                          getEncryptionAuthenticationTag(consumer));
-    }
-    protected byte[] getContentEncryptionCipherInitVector(JweCompactConsumer consumer) { 
-        return consumer.getContentDecryptionCipherInitVector();
-    }
-    protected byte[] getEncryptionAuthenticationTag(JweCompactConsumer consumer) {
-        return consumer.getEncryptionAuthenticationTag();
-    }
-    protected int getEncryptionAuthenticationTagLenBits(JweCompactConsumer consumer) {
-        return getEncryptionAuthenticationTag(consumer).length * 8;
-    }
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    
-}


Mime
View raw message