cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [4/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Date Fri, 27 Feb 2015 14:09:24 GMT
[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e57a012e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e57a012e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e57a012e

Branch: refs/heads/3.0.x-fixes
Commit: e57a012ee821901b9e1cb438c42e77bbf50e0c30
Parents: 6821aca
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Feb 27 13:55:04 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Feb 27 14:08:56 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/JoseConstants.java     |  42 ---
 .../jose/jaxrs/JwsJsonWriterInterceptor.java    |   2 +-
 .../cxf/rs/security/jose/jwa/Algorithm.java     | 291 -------------------
 .../rs/security/jose/jwa/AlgorithmUtils.java    | 268 +++++++++++++++++
 .../rs/security/jose/jwa/ContentAlgorithm.java  |  67 +++++
 .../cxf/rs/security/jose/jwa/KeyAlgorithm.java  |  74 +++++
 .../security/jose/jwa/SignatureAlgorithm.java   |  77 +++++
 .../jwe/AbstractContentEncryptionAlgorithm.java |  13 +-
 ...stractContentEncryptionCipherProperties.java |   7 +-
 .../jose/jwe/AbstractJweDecryption.java         |  10 +-
 .../jose/jwe/AbstractJweEncryption.java         |  41 +--
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java |  23 +-
 .../jose/jwe/AesCbcHmacJweDecryption.java       |  11 +-
 .../jose/jwe/AesCbcHmacJweEncryption.java       |  33 ++-
 .../jwe/AesGcmContentDecryptionAlgorithm.java   |   7 +-
 .../jwe/AesGcmContentEncryptionAlgorithm.java   |  15 +-
 .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java   |  13 +-
 .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java   |  17 +-
 .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java |  14 +-
 .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java |  16 +-
 .../jose/jwe/ContentEncryptionAlgorithm.java    |  26 --
 .../jwe/ContentEncryptionCipherProperties.java  |   4 +-
 .../jose/jwe/ContentEncryptionProvider.java     |  26 ++
 .../jose/jwe/DirectKeyDecryptionAlgorithm.java  |   4 +-
 .../jose/jwe/DirectKeyEncryptionAlgorithm.java  |   6 +-
 .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java  |  13 +-
 .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java  |  26 +-
 .../jose/jwe/EcdhDirectKeyJweDecryption.java    |   8 +-
 .../jose/jwe/EcdhDirectKeyJweEncryption.java    |  16 +-
 .../cxf/rs/security/jose/jwe/JweEncryption.java |   4 +-
 .../rs/security/jose/jwe/JweJsonConsumer.java   |   2 +-
 .../rs/security/jose/jwe/JweJsonProducer.java   |   2 +-
 .../rs/security/jose/jwe/JweKeyProperties.java  |   7 +-
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 139 ++++-----
 .../jose/jwe/KeyDecryptionAlgorithm.java        |   4 +-
 .../jose/jwe/KeyEncryptionAlgorithm.java        |  25 --
 .../jose/jwe/KeyEncryptionProvider.java         |  27 ++
 .../PbesHmacAesWrapKeyDecryptionAlgorithm.java  |  24 +-
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  |  58 ++--
 .../jose/jwe/RSAKeyDecryptionAlgorithm.java     |   9 +-
 .../jose/jwe/RSAKeyEncryptionAlgorithm.java     |   9 +-
 .../jose/jwe/WrappedKeyDecryptionAlgorithm.java |  17 +-
 .../cxf/rs/security/jose/jwk/JwkUtils.java      |  18 +-
 .../jose/jws/AbstractJwsSignatureProvider.java  |  11 +-
 .../jose/jws/EcDsaJwsSignatureProvider.java     |  13 +-
 .../jose/jws/EcDsaJwsSignatureVerifier.java     |  17 +-
 .../jose/jws/HmacJwsSignatureProvider.java      |  13 +-
 .../jose/jws/HmacJwsSignatureVerifier.java      |  22 +-
 .../security/jose/jws/JwsCompactProducer.java   |   4 +-
 .../rs/security/jose/jws/JwsJsonConsumer.java   |   4 +-
 .../rs/security/jose/jws/JwsJsonProducer.java   |   2 +-
 .../security/jose/jws/JwsSignatureProvider.java |   3 +-
 .../security/jose/jws/JwsSignatureVerifier.java |   3 +-
 .../cxf/rs/security/jose/jws/JwsUtils.java      |  30 +-
 .../jose/jws/NoneJwsSignatureProvider.java      |   5 +-
 .../jose/jws/NoneJwsSignatureVerifier.java      |   5 +-
 .../jws/PrivateKeyJwsSignatureProvider.java     |  13 +-
 .../jose/jws/PublicKeyJwsSignatureVerifier.java |  17 +-
 .../jose/cookbook/JwkJoseCookBookTest.java      |   7 +-
 .../jose/cookbook/JwsJoseCookBookTest.java      | 110 +++----
 .../jose/jwe/JweCompactReaderWriterTest.java    |  50 ++--
 .../security/jose/jwe/JweJsonConsumerTest.java  |  29 +-
 .../security/jose/jwe/JweJsonProducerTest.java  |  47 ++-
 .../jose/jwe/JwePbeHmacAesWrapTest.java         |  23 +-
 .../rs/security/jose/jwk/JsonWebKeyTest.java    |  21 +-
 .../security/jose/jws/JwsCompactHeaderTest.java |  26 +-
 .../jose/jws/JwsCompactReaderWriterTest.java    |  47 ++-
 .../security/jose/jws/JwsJsonProducerTest.java  |  21 +-
 .../grants/code/JwtRequestCodeFilter.java       |   8 +-
 .../oauth2/grants/code/JwtRequestCodeGrant.java |   6 +-
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  |  12 +-
 .../oidc/idp/AbstractJwsJweProducer.java        |  10 +-
 .../apache/cxf/systest/jaxrs/BookServer.java    |   3 +-
 .../jaxrs/JAXRSClientServerBookTest.java        |   1 +
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     |  15 +-
 .../jaxrs/security/jwt/JAXRSJwsJsonTest.java    |   4 +-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |   4 +-
 77 files changed, 1170 insertions(+), 951 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
index e131147..c5f3e03 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
@@ -44,48 +44,6 @@ public final class JoseConstants {
     public static final String MEDIA_TYPE_JOSE = "application/jose";
     public static final String MEDIA_TYPE_JOSE_JSON = "application/jose+json";
     
-    public static final String PLAIN_TEXT_ALGO = "none";
-    public static final String HMAC_SHA_256_ALGO = "HS256";
-    public static final String HMAC_SHA_384_ALGO = "HS384";
-    public static final String HMAC_SHA_512_ALGO = "HS512";
-    public static final String RS_SHA_256_ALGO = "RS256";
-    public static final String RS_SHA_384_ALGO = "RS384";
-    public static final String RS_SHA_512_ALGO = "RS512";
-    public static final String PS_SHA_256_ALGO = "PS256";
-    public static final String PS_SHA_384_ALGO = "PS384";
-    public static final String PS_SHA_512_ALGO = "PS512";
-    public static final String ES_SHA_256_ALGO = "ES256";
-    public static final String ES_SHA_384_ALGO = "ES384";
-    public static final String ES_SHA_512_ALGO = "ES512";
-    
-    // Key Encryption
-    public static final String RSA_OAEP_ALGO = "RSA-OAEP";
-    public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256";
-    public static final String RSA_1_5_ALGO = "RSA1_5";
-    public static final String A128KW_ALGO = "A128KW";
-    public static final String A192KW_ALGO = "A192KW";
-    public static final String A256KW_ALGO = "A256KW";
-    public static final String A128GCMKW_ALGO = "A128GCMKW";
-    public static final String A192GCMKW_ALGO = "A192GCMKW";
-    public static final String A256GCMKW_ALGO = "A256GCMKW";
-    
-    public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES";
-    
-    public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW";
-    public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW";
-    public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW";
-    
-    public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW";
-    public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW";
-    public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW";
-    // Content Encryption
-    public static final String A128CBC_HS256_ALGO = "A128CBC-HS256";
-    public static final String A192CBC_HS384_ALGO = "A192CBC-HS384";
-    public static final String A256CBC_HS512_ALGO = "A256CBC-HS512";
-    public static final String A128GCM_ALGO = "A128GCM";
-    public static final String A192GCM_ALGO = "A192GCM";
-    public static final String A256GCM_ALGO = "A256GCM";
-    
     public static final String JOSE_CONTEXT_PROPERTY = "org.apache.cxf.jose.context";
     
     private JoseConstants() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
index c5159a1..069279b 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
@@ -93,7 +93,7 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl
     private JoseHeaders prepareProtectedHeader(WriterInterceptorContext ctx, 
                                                           JwsSignatureProvider signer) {
         JoseHeaders headers = new JoseHeaders();
-        headers.setAlgorithm(signer.getAlgorithm());
+        headers.setAlgorithm(signer.getAlgorithm().getJwaName());
         setContentTypeIfNeeded(headers, ctx);
         return headers;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
deleted file mode 100644
index f6e167e..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ /dev/null
@@ -1,291 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.JoseConstants;
-
-
-
-public enum Algorithm {
-    // Signature
-    HmacSHA256(JoseConstants.HMAC_SHA_256_ALGO, 256),
-    HmacSHA384(JoseConstants.HMAC_SHA_384_ALGO, 384),
-    HmacSHA512(JoseConstants.HMAC_SHA_512_ALGO, 512),
-    
-    SHA256withRSA(JoseConstants.RS_SHA_256_ALGO, 256),
-    SHA384withRSA(JoseConstants.RS_SHA_384_ALGO, 384),
-    SHA512withRSA(JoseConstants.RS_SHA_512_ALGO, 512),
-    
-    SHA256withECDSA(JoseConstants.ES_SHA_256_ALGO, 256),
-    SHA384withECDSA(JoseConstants.ES_SHA_384_ALGO, 384),
-    SHA512withECDSA(JoseConstants.ES_SHA_512_ALGO, 512),
-    
-    // Key Encryption
-    RSA_OAEP(JoseConstants.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
-    RSA_OAEP_256(JoseConstants.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
-    RSA_1_5(JoseConstants.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
-    A128KW(JoseConstants.A128KW_ALGO, "AESWrap", 128),
-    A192KW(JoseConstants.A192KW_ALGO, "AESWrap", 192),
-    A256KW(JoseConstants.A256KW_ALGO, "AESWrap", 256),
-    A128GCMKW(JoseConstants.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCMKW(JoseConstants.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCMKW(JoseConstants.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
-    PBES2_HS256_A128KW(JoseConstants.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
-    PBES2_HS384_A192KW(JoseConstants.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
-    PBES2_HS512_A256KW(JoseConstants.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
-    ECDH_ES_A128KW(JoseConstants.ECDH_ES_A128KW_ALGO, "AESWrap", 128),
-    ECDH_ES_A192KW(JoseConstants.ECDH_ES_A192KW_ALGO, "AESWrap", 192),
-    ECDH_ES_A256KW(JoseConstants.ECDH_ES_A256KW_ALGO, "AESWrap", 256),
-    // Content Encryption
-    A128GCM(JoseConstants.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCM(JoseConstants.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCM(JoseConstants.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
-    //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding" 
-    // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only 
-    A128CBC_HS256(JoseConstants.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
-    A192CBC_HS384(JoseConstants.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
-    A256CBC_HS512(JoseConstants.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
-    
-    public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
-    public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
-    public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
-    public static final String RS_SHA_256_JAVA = "SHA256withRSA";
-    public static final String RS_SHA_384_JAVA = "SHA384withRSA";
-    public static final String RS_SHA_512_JAVA = "SHA512withRSA";
-    public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1";
-    public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1";
-    public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1";
-    public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
-    public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
-    public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
-    public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
-    public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
-    public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
-    public static final String AES_ALGO_JAVA = "AES";
-    public static final String AES_WRAP_ALGO_JAVA = "AESWrap";
-    public static final String AES_GCM_ALGO_JAVA = "AES/GCM/NoPadding";
-    public static final String AES_CBC_ALGO_JAVA = "AES/CBC/PKCS7Padding";
-    
-    public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.HMAC_SHA_256_ALGO,
-                                                                        JoseConstants.HMAC_SHA_384_ALGO,
-                                                                        JoseConstants.HMAC_SHA_512_ALGO));
-    public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.RS_SHA_256_ALGO,
-                                                                        JoseConstants.RS_SHA_384_ALGO,
-                                                                        JoseConstants.RS_SHA_512_ALGO));
-    public static final Set<String> RSA_SHA_PS_SIGN_SET = 
-        new HashSet<String>(Arrays.asList(JoseConstants.PS_SHA_256_ALGO,
-                                          JoseConstants.PS_SHA_384_ALGO,
-                                          JoseConstants.PS_SHA_512_ALGO));
-    public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.ES_SHA_256_ALGO,
-                                                                         JoseConstants.ES_SHA_384_ALGO,
-                                                                         JoseConstants.ES_SHA_512_ALGO));
-    public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
-                                                                                    JoseConstants.RSA_OAEP_256_ALGO,
-                                                                                    JoseConstants.RSA_1_5_ALGO));
-    public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCM_ALGO,
-                                                                                        JoseConstants.A192GCM_ALGO,
-                                                                                        JoseConstants.A256GCM_ALGO));
-    public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCMKW_ALGO,
-                                                                                        JoseConstants.A192GCMKW_ALGO,
-                                                                                        JoseConstants.A256GCMKW_ALGO));
-    public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128KW_ALGO,
-                                                                                        JoseConstants.A192KW_ALGO,
-                                                                                        JoseConstants.A256KW_ALGO));
-    public static final Set<String> ACBC_HS_SET = 
-        new HashSet<String>(Arrays.asList(JoseConstants.A128CBC_HS256_ALGO,
-                                          JoseConstants.A192CBC_HS384_ALGO,
-                                          JoseConstants.A256CBC_HS512_ALGO));
-    public static final Set<String> PBES_HS_SET = 
-        new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW.getJwtName(),
-                                          PBES2_HS384_A192KW.getJwtName(),
-                                          PBES2_HS512_A256KW.getJwtName()));
-    public static final Set<String> ECDH_ES_SET = 
-        new HashSet<String>(Arrays.asList(ECDH_ES_A128KW.getJwtName(),
-                                          ECDH_ES_A192KW.getJwtName(),
-                                          ECDH_ES_A256KW.getJwtName()));
-    
-    private static final Map<String, String> JAVA_TO_JWT_NAMES;
-    private static final Map<String, String> JWT_TO_JAVA_NAMES;
-    static {
-        JAVA_TO_JWT_NAMES = new HashMap<String, String>();
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_256_JAVA, JoseConstants.HMAC_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_384_JAVA, JoseConstants.HMAC_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(HMAC_SHA_512_JAVA, JoseConstants.HMAC_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_256_JAVA, JoseConstants.RS_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JoseConstants.RS_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JoseConstants.RS_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(PS_SHA_256_JAVA, JoseConstants.PS_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(PS_SHA_384_JAVA, JoseConstants.PS_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(PS_SHA_512_JAVA, JoseConstants.PS_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_256_JAVA, JoseConstants.ES_SHA_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_384_JAVA, JoseConstants.ES_SHA_384_ALGO);
-        JAVA_TO_JWT_NAMES.put(ES_SHA_512_JAVA, JoseConstants.ES_SHA_512_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JoseConstants.RSA_OAEP_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JoseConstants.RSA_OAEP_256_ALGO);
-        JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JoseConstants.RSA_1_5_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A256GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A192GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A128GCM_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A128KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A192KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A256KW_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A128CBC_HS256_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A192CBC_HS384_ALGO);
-        JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A256CBC_HS512_ALGO);
-        JWT_TO_JAVA_NAMES = new HashMap<String, String>();
-        JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_256_ALGO, RS_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_256_ALGO, PS_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_384_ALGO, PS_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_512_ALGO, PS_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_256_ALGO, ES_SHA_256_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_384_ALGO, ES_SHA_384_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_512_ALGO, ES_SHA_512_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-    }
-    private final String jwtName;
-    private final String javaName;
-    private final int keySizeBits;
-    
-    private Algorithm(String jwtName, int keySizeBits) {
-        this(jwtName, null, keySizeBits);
-    }
-    private Algorithm(String jwtName, String javaName, int keySizeBits) {
-        this.jwtName = jwtName;
-        this.javaName = javaName;
-        this.keySizeBits = keySizeBits;
-    }
-
-    public String getJwtName() {
-        return jwtName;
-    }
-
-    public String getJavaName() {
-        return javaName == null ? name() : javaName;
-    }
-    
-    public String getJavaAlgoName() {
-        return stripAlgoProperties(getJavaName());
-    }
-
-    public int getKeySizeBits() {
-        return keySizeBits;
-    }
-    
-    public static String toJwtName(String javaName, int keyBitSize) {
-        //TODO: perhaps a key should be a name+keysize pair
-        String name = JAVA_TO_JWT_NAMES.get(javaName);
-        if (name == null && javaName.startsWith(AES_ALGO_JAVA)) {
-            name = "A" + keyBitSize + "GCM";
-        } 
-        return name;
-    }
-    public static String toJavaName(String jwtName) {    
-        return JWT_TO_JAVA_NAMES.get(jwtName);
-    }
-    public static String toJavaAlgoNameOnly(String jwtName) {    
-        return stripAlgoProperties(toJavaName(jwtName));
-    }
-    public static String stripAlgoProperties(String javaName) {    
-        if (javaName != null) {
-            int index = javaName.indexOf('/');
-            if (index != -1) {
-                javaName = javaName.substring(0, index);
-            }
-        }
-        return javaName;
-    }
-    public static boolean isRsa(String algo) {
-        return isRsaKeyWrap(algo) || isRsaSign(algo);
-    }
-    public static boolean isRsaKeyWrap(String algo) {
-        return RSA_CEK_SET.contains(algo);
-    }
-    public static boolean isAesKeyWrap(String algo) {
-        return AES_KW_SET.contains(algo);
-    }
-    public static boolean isAesGcmKeyWrap(String algo) {
-        return AES_GCM_KW_SET.contains(algo);
-    }
-    public static boolean isPbesHsWrap(String algo) {
-        return PBES_HS_SET.contains(algo); 
-    }
-    public static boolean isEcdhEsWrap(String algo) {
-        return ECDH_ES_SET.contains(algo); 
-    }
-    public static boolean isAesGcm(String algo) {
-        return AES_GCM_CEK_SET.contains(algo);
-    }
-    public static boolean isAesCbcHmac(String algo) {
-        return ACBC_HS_SET.contains(algo); 
-    }
-    public static boolean isHmacSign(String algo) {
-        return HMAC_SIGN_SET.contains(algo); 
-    }
-    public static boolean isOctet(String algo) {
-        return isHmacSign(algo)
-            || isAesCbcHmac(algo)
-            || isAesGcm(algo)
-            || isAesGcmKeyWrap(algo)
-            || isAesKeyWrap(algo); 
-    }
-    public static boolean isRsaSign(String algo) {
-        return isRsaShaSign(algo) || isRsaShaPsSign(algo); 
-    }
-    public static boolean isRsaShaSign(String algo) {
-        return RSA_SHA_SIGN_SET.contains(algo); 
-    }
-    public static boolean isRsaShaPsSign(String algo) {
-        return RSA_SHA_PS_SIGN_SET.contains(algo); 
-    }
-    public static boolean isEcDsaSign(String algo) {
-        return EC_SHA_SIGN_SET.contains(algo); 
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
new file mode 100644
index 0000000..22d7908
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
@@ -0,0 +1,268 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+
+
+
+public final class AlgorithmUtils {
+    public static final String AES = "AES";
+    
+    // Key Encryption
+    // JWA
+    public static final String RSA_OAEP_ALGO = "RSA-OAEP";
+    public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256";
+    public static final String RSA_1_5_ALGO = "RSA1_5";
+    public static final String A128KW_ALGO = "A128KW";
+    public static final String A192KW_ALGO = "A192KW";
+    public static final String A256KW_ALGO = "A256KW";
+    public static final String A128GCMKW_ALGO = "A128GCMKW";
+    public static final String A192GCMKW_ALGO = "A192GCMKW";
+    public static final String A256GCMKW_ALGO = "A256GCMKW";
+    public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW";
+    public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW";
+    public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW";
+    public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW";
+    public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW";
+    public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW";
+    public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES";
+    // Java
+    public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
+    public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
+    public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
+    public static final String AES_WRAP_ALGO_JAVA = AES + "Wrap";
+    // Content Encryption
+    // JWA
+    public static final String A128CBC_HS256_ALGO = "A128CBC-HS256";
+    public static final String A192CBC_HS384_ALGO = "A192CBC-HS384";
+    public static final String A256CBC_HS512_ALGO = "A256CBC-HS512";
+    public static final String A128GCM_ALGO = "A128GCM";
+    public static final String A192GCM_ALGO = "A192GCM";
+    public static final String A256GCM_ALGO = "A256GCM";
+    // Java
+    public static final String AES_GCM_ALGO_JAVA = AES + "/GCM/NoPadding";
+    public static final String AES_CBC_ALGO_JAVA = AES + "/CBC/PKCS7Padding";
+    // Signature
+    // JWA
+    public static final String HMAC_SHA_256_ALGO = "HS256";
+    public static final String HMAC_SHA_384_ALGO = "HS384";
+    public static final String HMAC_SHA_512_ALGO = "HS512";
+    public static final String RS_SHA_256_ALGO = "RS256";
+    public static final String RS_SHA_384_ALGO = "RS384";
+    public static final String RS_SHA_512_ALGO = "RS512";
+    public static final String PS_SHA_256_ALGO = "PS256";
+    public static final String PS_SHA_384_ALGO = "PS384";
+    public static final String PS_SHA_512_ALGO = "PS512";
+    public static final String ES_SHA_256_ALGO = "ES256";
+    public static final String ES_SHA_384_ALGO = "ES384";
+    public static final String ES_SHA_512_ALGO = "ES512";
+    public static final String PLAIN_TEXT_ALGO = "none";
+    // Java
+    public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
+    public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
+    public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
+    public static final String RS_SHA_256_JAVA = "SHA256withRSA";
+    public static final String RS_SHA_384_JAVA = "SHA384withRSA";
+    public static final String RS_SHA_512_JAVA = "SHA512withRSA";
+    public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1";
+    public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1";
+    public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1";
+    public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
+    public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
+    public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
+    
+    public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(HMAC_SHA_256_ALGO,
+                                                                                      HMAC_SHA_384_ALGO,
+                                                                                      HMAC_SHA_512_ALGO));
+    public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(RS_SHA_256_ALGO,
+                                                                      RS_SHA_384_ALGO,
+                                                                      RS_SHA_512_ALGO));
+    public static final Set<String> RSA_SHA_PS_SIGN_SET = new HashSet<String>(Arrays.asList(PS_SHA_256_ALGO,
+                                        PS_SHA_384_ALGO,
+                                        PS_SHA_512_ALGO));
+    public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(ES_SHA_256_ALGO,
+                                                                       ES_SHA_384_ALGO,
+                                                                       ES_SHA_512_ALGO));
+    public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(RSA_OAEP_ALGO,
+                                                                                  RSA_OAEP_256_ALGO,
+                                                                                  RSA_1_5_ALGO));
+    public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(A128GCM_ALGO,
+                                                                                      A192GCM_ALGO,
+                                                                                      A256GCM_ALGO));
+    public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(A128GCMKW_ALGO,
+                                                                                      A192GCMKW_ALGO,
+                                                                                      A256GCMKW_ALGO));
+    public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(A128KW_ALGO,
+                                                                                   A192KW_ALGO,
+                                                                                   A256KW_ALGO));
+    public static final Set<String> ACBC_HS_SET = new HashSet<String>(Arrays.asList(A128CBC_HS256_ALGO,
+                                        A192CBC_HS384_ALGO,
+                                        A256CBC_HS512_ALGO));
+    public static final Set<String> PBES_HS_SET = new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW_ALGO,
+                                          PBES2_HS384_A192KW_ALGO,
+                                          PBES2_HS512_A256KW_ALGO));
+    public static final Set<String> ECDH_ES_SET = new HashSet<String>(Arrays.asList(ECDH_ES_A128KW_ALGO,
+                      ECDH_ES_A192KW_ALGO,
+                      ECDH_ES_A256KW_ALGO));
+    
+    private static final Map<String, String> JAVA_TO_JWA_NAMES;
+    private static final Map<String, String> JWA_TO_JAVA_NAMES;
+    static {
+        JAVA_TO_JWA_NAMES = new HashMap<String, String>();
+        JAVA_TO_JWA_NAMES.put(HMAC_SHA_256_JAVA, HMAC_SHA_256_ALGO);
+        JAVA_TO_JWA_NAMES.put(HMAC_SHA_384_JAVA, HMAC_SHA_384_ALGO);
+        JAVA_TO_JWA_NAMES.put(HMAC_SHA_512_JAVA, HMAC_SHA_512_ALGO);
+        JAVA_TO_JWA_NAMES.put(RS_SHA_256_JAVA, RS_SHA_256_ALGO);
+        JAVA_TO_JWA_NAMES.put(RS_SHA_384_JAVA, RS_SHA_384_ALGO);
+        JAVA_TO_JWA_NAMES.put(RS_SHA_512_JAVA, RS_SHA_512_ALGO);
+        JAVA_TO_JWA_NAMES.put(PS_SHA_256_JAVA, PS_SHA_256_ALGO);
+        JAVA_TO_JWA_NAMES.put(PS_SHA_384_JAVA, PS_SHA_384_ALGO);
+        JAVA_TO_JWA_NAMES.put(PS_SHA_512_JAVA, PS_SHA_512_ALGO);
+        JAVA_TO_JWA_NAMES.put(ES_SHA_256_JAVA, ES_SHA_256_ALGO);
+        JAVA_TO_JWA_NAMES.put(ES_SHA_384_JAVA, ES_SHA_384_ALGO);
+        JAVA_TO_JWA_NAMES.put(ES_SHA_512_JAVA, ES_SHA_512_ALGO);
+        JAVA_TO_JWA_NAMES.put(RSA_OAEP_ALGO_JAVA, RSA_OAEP_ALGO);
+        JAVA_TO_JWA_NAMES.put(RSA_OAEP_256_ALGO_JAVA, RSA_OAEP_256_ALGO);
+        JAVA_TO_JWA_NAMES.put(RSA_1_5_ALGO_JAVA, RSA_1_5_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A256GCM_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A192GCM_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A128GCM_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A128KW_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A192KW_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A256KW_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A128CBC_HS256_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A192CBC_HS384_ALGO);
+        JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A256CBC_HS512_ALGO);
+        JWA_TO_JAVA_NAMES = new HashMap<String, String>();
+        JWA_TO_JAVA_NAMES.put(HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
+        JWA_TO_JAVA_NAMES.put(HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
+        JWA_TO_JAVA_NAMES.put(HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
+        JWA_TO_JAVA_NAMES.put(RS_SHA_256_ALGO, RS_SHA_256_JAVA);
+        JWA_TO_JAVA_NAMES.put(RS_SHA_384_ALGO, RS_SHA_384_JAVA);
+        JWA_TO_JAVA_NAMES.put(RS_SHA_512_ALGO, RS_SHA_512_JAVA);
+        JWA_TO_JAVA_NAMES.put(PS_SHA_256_ALGO, PS_SHA_256_JAVA);
+        JWA_TO_JAVA_NAMES.put(PS_SHA_384_ALGO, PS_SHA_384_JAVA);
+        JWA_TO_JAVA_NAMES.put(PS_SHA_512_ALGO, PS_SHA_512_JAVA);
+        JWA_TO_JAVA_NAMES.put(ES_SHA_256_ALGO, ES_SHA_256_JAVA);
+        JWA_TO_JAVA_NAMES.put(ES_SHA_384_ALGO, ES_SHA_384_JAVA);
+        JWA_TO_JAVA_NAMES.put(ES_SHA_512_ALGO, ES_SHA_512_JAVA);
+        JWA_TO_JAVA_NAMES.put(RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A128KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A192KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A256KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A256GCM_ALGO, AES_GCM_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A192GCM_ALGO, AES_GCM_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A128GCM_ALGO, AES_GCM_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
+        JWA_TO_JAVA_NAMES.put(ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
+    }
+    
+    private AlgorithmUtils() {
+    }
+    public static boolean isRsa(String algo) {
+        return isRsaKeyWrap(algo) || isRsaSign(algo);
+    }
+    public static boolean isRsaKeyWrap(String algo) {
+        return RSA_CEK_SET.contains(algo);
+    }
+    public static boolean isAesKeyWrap(String algo) {
+        return AES_KW_SET.contains(algo);
+    }
+    public static boolean isAesGcmKeyWrap(String algo) {
+        return AES_GCM_KW_SET.contains(algo);
+    }
+    public static boolean isPbesHsWrap(String algo) {
+        return PBES_HS_SET.contains(algo); 
+    }
+    public static boolean isEcdhEsWrap(String algo) {
+        return ECDH_ES_SET.contains(algo); 
+    }
+    public static boolean isAesGcm(String algo) {
+        return AES_GCM_CEK_SET.contains(algo);
+    }
+    public static boolean isAesCbcHmac(String algo) {
+        return ACBC_HS_SET.contains(algo); 
+    }
+    public static boolean isHmacSign(String algo) {
+        return HMAC_SIGN_SET.contains(algo); 
+    }
+    public static boolean isOctet(String algo) {
+        return isHmacSign(algo)
+            || isAesCbcHmac(algo)
+            || isAesGcm(algo)
+            || isAesGcmKeyWrap(algo)
+            || isAesKeyWrap(algo); 
+    }
+    public static boolean isRsaSign(String algo) {
+        return isRsaShaSign(algo) || isRsaShaPsSign(algo); 
+    }
+    public static boolean isRsaShaSign(String algo) {
+        return RSA_SHA_SIGN_SET.contains(algo); 
+    }
+    public static boolean isRsaShaPsSign(String algo) {
+        return RSA_SHA_PS_SIGN_SET.contains(algo); 
+    }
+    public static boolean isEcDsaSign(String algo) {
+        return EC_SHA_SIGN_SET.contains(algo); 
+    }
+    
+    public static String toJwaName(String javaName, int keyBitSize) {
+        //TODO: perhaps a key should be a name+keysize pair
+        String name = JAVA_TO_JWA_NAMES.get(javaName);
+        if (name == null && javaName.startsWith(AES)) {
+            name = "A" + keyBitSize + "GCM";
+        } 
+        return name;
+    }
+    public static String toJavaName(String jwtName) {    
+        return JWA_TO_JAVA_NAMES.get(jwtName);
+    }
+    public static String toJavaAlgoNameOnly(String jwtName) {    
+        return stripAlgoProperties(toJavaName(jwtName));
+    }
+    public static String stripAlgoProperties(String javaName) {    
+        if (javaName != null) {
+            int index = javaName.indexOf('/');
+            if (index != -1) {
+                javaName = javaName.substring(0, index);
+            }
+        }
+        return javaName;
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
new file mode 100644
index 0000000..5f9e158
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+
+
+
+public enum ContentAlgorithm {
+    A128GCM(AlgorithmUtils.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
+    A192GCM(AlgorithmUtils.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
+    A256GCM(AlgorithmUtils.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
+    //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding" 
+    // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only 
+    A128CBC_HS256(AlgorithmUtils.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
+    A192CBC_HS384(AlgorithmUtils.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
+    A256CBC_HS512(AlgorithmUtils.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
+    
+    private final String jwaName;
+    private final String javaName;
+    private final int keySizeBits;
+    
+    private ContentAlgorithm(String jwaName, String javaName, int keySizeBits) {
+        this.jwaName = jwaName;
+        this.javaName = javaName;
+        this.keySizeBits = keySizeBits;
+    }
+
+    public String getJwaName() {
+        return jwaName;
+    }
+
+    public String getJavaName() {
+        return javaName == null ? name() : javaName;
+    }
+    
+    public String getJavaAlgoName() {
+        return AlgorithmUtils.stripAlgoProperties(getJavaName());
+    }
+
+    public int getKeySizeBits() {
+        return keySizeBits;
+    }
+    
+    public static ContentAlgorithm getAlgorithm(String algo) {
+        return ContentAlgorithm.valueOf(algo.replace('-', '_')
+                                        .replace('+', '_'));
+        
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
new file mode 100644
index 0000000..d5b03fb
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+
+
+
+public enum KeyAlgorithm {
+    RSA_OAEP(AlgorithmUtils.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
+    RSA_OAEP_256(AlgorithmUtils.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
+    RSA_1_5(AlgorithmUtils.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
+    A128KW(AlgorithmUtils.A128KW_ALGO, "AESWrap", 128),
+    A192KW(AlgorithmUtils.A192KW_ALGO, "AESWrap", 192),
+    A256KW(AlgorithmUtils.A256KW_ALGO, "AESWrap", 256),
+    A128GCMKW(AlgorithmUtils.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
+    A192GCMKW(AlgorithmUtils.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
+    A256GCMKW(AlgorithmUtils.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
+    PBES2_HS256_A128KW(AlgorithmUtils.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
+    PBES2_HS384_A192KW(AlgorithmUtils.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
+    PBES2_HS512_A256KW(AlgorithmUtils.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
+    ECDH_ES_A128KW(AlgorithmUtils.ECDH_ES_A128KW_ALGO, "AESWrap", 128),
+    ECDH_ES_A192KW(AlgorithmUtils.ECDH_ES_A192KW_ALGO, "AESWrap", 192),
+    ECDH_ES_A256KW(AlgorithmUtils.ECDH_ES_A256KW_ALGO, "AESWrap", 256);
+        
+    private final String jwaName;
+    private final String javaName;
+    private final int keySizeBits;
+    
+    private KeyAlgorithm(String jwaName, String javaName, int keySizeBits) {
+        this.jwaName = jwaName;
+        this.javaName = javaName;
+        this.keySizeBits = keySizeBits;
+    }
+
+    public String getJwaName() {
+        return jwaName;
+    }
+
+    public String getJavaName() {
+        return javaName == null ? name() : javaName;
+    }
+    
+    public String getJavaAlgoName() {
+        return AlgorithmUtils.stripAlgoProperties(getJavaName());
+    }
+
+    public int getKeySizeBits() {
+        return keySizeBits;
+    }
+    public static KeyAlgorithm getAlgorithm(String algo) {
+        return KeyAlgorithm.valueOf(algo.replace('-', '_')
+                                    .replace('+', '_'));
+        
+    }
+    
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
new file mode 100644
index 0000000..79f41a5
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+
+
+
+public enum SignatureAlgorithm {
+    HS256(AlgorithmUtils.HMAC_SHA_256_ALGO, AlgorithmUtils.HMAC_SHA_256_JAVA, 256),
+    HS384(AlgorithmUtils.HMAC_SHA_384_ALGO, AlgorithmUtils.HMAC_SHA_384_JAVA, 384),
+    HS512(AlgorithmUtils.HMAC_SHA_512_ALGO, AlgorithmUtils.HMAC_SHA_512_JAVA, 512),
+    
+    RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, 256),
+    RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, 384),
+    RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, 512),
+    
+    PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, 256),
+    PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, 384),
+    PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, 512),
+    
+    ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, 256),
+    ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384),
+    ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512),
+    
+    PLAIN(AlgorithmUtils.PLAIN_TEXT_ALGO, null, -1);
+    
+    
+    private final String jwaName;
+    private final String javaName;
+    private final int keySizeBits;
+    
+    private SignatureAlgorithm(String jwaName, String javaName, int keySizeBits) {
+        this.jwaName = jwaName;
+        this.javaName = javaName;
+        this.keySizeBits = keySizeBits;
+    }
+
+    public String getJwaName() {
+        return jwaName;
+    }
+
+    public String getJavaName() {
+        return javaName == null ? name() : javaName;
+    }
+    
+    public String getJavaAlgoName() {
+        return AlgorithmUtils.stripAlgoProperties(getJavaName());
+    }
+
+    public int getKeySizeBits() {
+        return keySizeBits;
+    }
+    
+    public static SignatureAlgorithm getAlgorithm(String algo) {
+        return SignatureAlgorithm.valueOf(algo.replace('-', '_')
+                                        .replace('+', '_'));
+        
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index 5edf9fa..7627b94 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -21,29 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 
 public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentEncryptionAlgorithm {
+    implements ContentEncryptionProvider {
     private static final int DEFAULT_IV_SIZE = 128;
     private byte[] cek;
     private byte[] iv;
     private AtomicInteger providedIvUsageCount;
-    private String algorithm;
     
-    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
+    
+    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { 
         super(algo);
         this.cek = cek;
         this.iv = iv;
         if (iv != null && iv.length > 0) {
             providedIvUsageCount = new AtomicInteger();
         }    
-        this.algorithm = algo;
-    }
-    @Override
-    public String getAlgorithm() { 
-        return algorithm;
     }
+    
     public byte[] getContentEncryptionKey(JweHeaders headers) {
         return cek;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
index e9fc794..f7eb38c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
@@ -21,13 +21,14 @@ package org.apache.cxf.rs.security.jose.jwe;
 import java.security.spec.AlgorithmParameterSpec;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 
 public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
     private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
     private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
-    private String algo;
-    public AbstractContentEncryptionCipherProperties(String algo) {
+    private ContentAlgorithm algo;
+    public AbstractContentEncryptionCipherProperties(ContentAlgorithm algo) {
         this.algo = algo;
     }
     public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
@@ -40,7 +41,7 @@ public abstract class AbstractContentEncryptionCipherProperties implements Conte
         return authTagLen;
     }
     @Override
-    public String getAlgorithm() {
+    public ContentAlgorithm getAlgorithm() {
         return algo;    
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
index ad4fd8e..d49359c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
@@ -24,7 +24,9 @@ import java.security.spec.AlgorithmParameterSpec;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public abstract class AbstractJweDecryption implements JweDecryptionProvider {
     private KeyDecryptionAlgorithm keyDecryptionAlgo;
@@ -70,7 +72,7 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider {
             getContentEncryptionCipherInitVector(jweDecryptionInput));
     }
     protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
-        return Algorithm.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm());
+        return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm());
     }
     protected byte[] getContentEncryptionCipherAAD(JweDecryptionInput jweDecryptionInput) {
         return contentDecryptionAlgo.getAdditionalAuthenticationData(
@@ -94,11 +96,11 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider {
         return theCek;
     }
     @Override
-    public String getKeyAlgorithm() {
+    public KeyAlgorithm getKeyAlgorithm() {
         return keyDecryptionAlgo.getAlgorithm();
     }
     @Override
-    public String getContentAlgorithm() {
+    public ContentAlgorithm getContentAlgorithm() {
         return contentDecryptionAlgo.getAlgorithm();
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 6f47018..613dd2c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -28,19 +28,21 @@ import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public abstract class AbstractJweEncryption implements JweEncryptionProvider {
     protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private ContentEncryptionAlgorithm contentEncryptionAlgo;
-    private KeyEncryptionAlgorithm keyEncryptionAlgo;
+    private ContentEncryptionProvider contentEncryptionAlgo;
+    private KeyEncryptionProvider keyEncryptionAlgo;
     private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter();
-    protected AbstractJweEncryption(ContentEncryptionAlgorithm contentEncryptionAlgo,
-                                    KeyEncryptionAlgorithm keyEncryptionAlgo) {
+    protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo,
+                                    KeyEncryptionProvider keyEncryptionAlgo) {
         this.keyEncryptionAlgo = keyEncryptionAlgo;
         this.contentEncryptionAlgo = contentEncryptionAlgo;
     }
-    protected ContentEncryptionAlgorithm getContentEncryptionAlgorithm() {
+    protected ContentEncryptionProvider getContentEncryptionAlgorithm() {
         return contentEncryptionAlgo;
     }
     protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
@@ -52,14 +54,14 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
         if (cek == null) {
             String algoJava = getContentEncryptionAlgoJava();
             String algoJwt = getContentEncryptionAlgoJwt();
-            cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava), 
+            cek = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava), 
                                            getCekSize(algoJwt)).getEncoded();
         }
         return cek;
     }
    
     protected int getCekSize(String algoJwt) {
-        return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
+        return ContentAlgorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
     }
     
     protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) {
@@ -71,10 +73,10 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
     }
     
     protected String getContentEncryptionAlgoJwt() {
-        return getContentEncryptionAlgorithm().getAlgorithm();
+        return getContentEncryptionAlgorithm().getAlgorithm().getJwaName();
     }
     protected String getContentEncryptionAlgoJava() {
-        return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
+        return getContentEncryptionAlgorithm().getAlgorithm().getJavaName();
     }
     protected byte[] getAAD(String protectedHeaders, byte[] aad) {
         return getContentEncryptionAlgorithm().getAdditionalAuthenticationData(protectedHeaders, aad);
@@ -128,11 +130,12 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
         return Arrays.copyOfRange(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8, cipher.length);
     }
     @Override
-    public String getKeyAlgorithm() {
-        return getKeyEncryptionAlgo().getAlgorithm();
+    public KeyAlgorithm getKeyAlgorithm() {
+        KeyAlgorithm keyAlgo = getKeyEncryptionAlgo().getAlgorithm();
+        return keyAlgo != null ? keyAlgo : null;
     }
     @Override
-    public String getContentAlgorithm() {
+    public ContentAlgorithm getContentAlgorithm() {
         return getContentEncryptionAlgorithm().getAlgorithm();
     }
     protected JoseHeadersReaderWriter getJwtHeadersWriter() {
@@ -154,17 +157,17 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
     private JweEncryptionInternal getInternalState(JweHeaders jweInHeaders, JweEncryptionInput jweInput) {
         JweHeaders theHeaders = new JweHeaders();
         if (getKeyAlgorithm() != null) {
-            theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm());
+            theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm().getJwaName());
         }
-        theHeaders.setContentEncryptionAlgorithm(getContentAlgorithm());
+        theHeaders.setContentEncryptionAlgorithm(getContentEncryptionAlgoJwt());
         
         JweHeaders protectedHeaders = null;
         if (jweInHeaders != null) {
             if (jweInHeaders.getKeyEncryptionAlgorithm() != null 
                 && (getKeyAlgorithm() == null 
-                    || !getKeyAlgorithm().equals(jweInHeaders.getKeyEncryptionAlgorithm()))
+                    || !getKeyAlgorithm().getJwaName().equals(jweInHeaders.getKeyEncryptionAlgorithm()))
                 || jweInHeaders.getContentEncryptionAlgorithm() != null 
-                    && !getContentAlgorithm().equals(jweInHeaders.getContentEncryptionAlgorithm())) {
+                    && !getContentEncryptionAlgoJwt().equals(jweInHeaders.getContentEncryptionAlgorithm())) {
                 throw new SecurityException();
             }
             theHeaders.asMap().putAll(jweInHeaders.asMap());
@@ -178,7 +181,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
         
         byte[] theCek = jweInput != null && jweInput.getCek() != null 
             ? jweInput.getCek() : getContentEncryptionKey(theHeaders);
-        String contentEncryptionAlgoJavaName = Algorithm.toJavaName(getContentEncryptionAlgoJwt());
+        String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
         KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
         keyProps.setCompressionSupported(compressionRequired(theHeaders));
         
@@ -209,7 +212,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
     private boolean compressionRequired(JweHeaders theHeaders) {
         return JoseConstants.DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm());
     }
-    protected KeyEncryptionAlgorithm getKeyEncryptionAlgo() {
+    protected KeyEncryptionProvider getKeyEncryptionAlgo() {
         return keyEncryptionAlgo;
     }
     protected static class JweEncryptionInternal {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index ed35eab..3797b64 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -24,12 +24,13 @@ import java.util.Set;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
-public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
     private Key keyEncryptionKey;
     private boolean wrap;
-    private String algorithm;
+    private KeyAlgorithm algorithm;
     private Set<String> supportedAlgorithms;
     protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
         this(key, null, true, supportedAlgorithms);
@@ -37,10 +38,10 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
     protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
         this(key, null, wrap, supportedAlgorithms);
     }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) {
+    protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, Set<String> supportedAlgorithms) {
         this(key, jweAlgo, true, supportedAlgorithms);
     }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, boolean wrap, 
+    protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, boolean wrap, 
                                                  Set<String> supportedAlgorithms) {
         this.keyEncryptionKey = key;
         this.algorithm = jweAlgo;
@@ -48,7 +49,7 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
         this.supportedAlgorithms = supportedAlgorithms;
     }
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return algorithm;
     }
     @Override
@@ -69,10 +70,10 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
         }
     }
     protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm());
+        return AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm());
     }
     protected String getContentEncryptionAlgoJava(JweHeaders headers) {
-        return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
+        return AlgorithmUtils.toJavaName(headers.getContentEncryptionAlgorithm());
     }
     protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
         return null;
@@ -86,14 +87,14 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
     protected void checkAlgorithms(JweHeaders headers) {
         String providedAlgo = headers.getKeyEncryptionAlgorithm();
         if ((providedAlgo == null && algorithm == null)
-            || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm))) {
+            || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm.getJwaName()))) {
             throw new SecurityException();
         }
         if (providedAlgo != null) {
             checkAlgorithm(providedAlgo);
         } else if (algorithm != null) {
-            headers.setKeyEncryptionAlgorithm(algorithm);
-            checkAlgorithm(algorithm);
+            headers.setKeyEncryptionAlgorithm(algorithm.getJwaName());
+            checkAlgorithm(algorithm.getJwaName());
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
index 68c558f..b39b787 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
@@ -23,7 +23,8 @@ import java.util.Arrays;
 
 import javax.crypto.spec.IvParameterSpec;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 public class AesCbcHmacJweDecryption extends JweDecryption {
     private String supportedAlgo;
@@ -31,9 +32,9 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
         this(keyDecryptionAlgo, null);
     }
     public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
-                                   String supportedAlgo) {
+                                   ContentAlgorithm supportedAlgo) {
         super(keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm(supportedAlgo));
-        this.supportedAlgo = supportedAlgo;
+        this.supportedAlgo = supportedAlgo == null ? null : supportedAlgo.getJwaName();
     }
     protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
         validateAuthenticationTag(jweDecryptionInput, cek);
@@ -62,7 +63,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
     }
     private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
         implements ContentDecryptionAlgorithm {
-        public AesCbcContentDecryptionAlgorithm(String supportedAlgo) {
+        public AesCbcContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
             super(supportedAlgo);
         }
         @Override
@@ -79,7 +80,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
         }
     }
     private String validateCekAlgorithm(String cekAlgo) {
-        if (!Algorithm.isAesCbcHmac(cekAlgo) 
+        if (!AlgorithmUtils.isAesCbcHmac(cekAlgo) 
             || supportedAlgo != null && !supportedAlgo.equals(cekAlgo)) {
             throw new SecurityException();
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index a6a0dd2..d3de1c7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -27,28 +27,33 @@ import javax.crypto.Mac;
 import javax.crypto.spec.IvParameterSpec;
 
 import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 public class AesCbcHmacJweEncryption extends JweEncryption {
     private static final Map<String, String> AES_HMAC_MAP;
     private static final Map<String, Integer> AES_CEK_SIZE_MAP;
     static {
         AES_HMAC_MAP = new HashMap<String, String>();
-        AES_HMAC_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), Algorithm.HMAC_SHA_256_JAVA);
-        AES_HMAC_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), Algorithm.HMAC_SHA_384_JAVA);
-        AES_HMAC_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), Algorithm.HMAC_SHA_512_JAVA);
+        AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA);
+        AES_HMAC_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), AlgorithmUtils.HMAC_SHA_384_JAVA);
+        AES_HMAC_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), AlgorithmUtils.HMAC_SHA_512_JAVA);
         
         AES_CEK_SIZE_MAP = new HashMap<String, Integer>();
-        AES_CEK_SIZE_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), 32);
-        AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48);
-        AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64);
+        AES_CEK_SIZE_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), 32);
+        AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48);
+        AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64);
     }
-    public AesCbcHmacJweEncryption(String cekAlgoJwt, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
+    public AesCbcHmacJweEncryption(String cekAlgo, 
+                                   KeyEncryptionProvider keyEncryptionAlgorithm) {
+        this(ContentAlgorithm.getAlgorithm(cekAlgo), keyEncryptionAlgorithm);
+    }
+    public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, 
+                                   KeyEncryptionProvider keyEncryptionAlgorithm) {
         this(cekAlgoJwt, null, null, keyEncryptionAlgorithm);
     }
-    public AesCbcHmacJweEncryption(String cekAlgoJwt, byte[] cek, 
-                                   byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
+    public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek, 
+                                   byte[] iv, KeyEncryptionProvider keyEncryptionAlgorithm) {
         super(keyEncryptionAlgorithm,
               new AesCbcContentEncryptionAlgorithm(cek, iv, 
                                                    validateCekAlgorithm(cekAlgoJwt)));
@@ -142,7 +147,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
     }
     
     private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
+        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { 
             super(cek, iv, algo);    
         }
         @Override
@@ -160,8 +165,8 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
         private byte[] al;
     }
     
-    private static String validateCekAlgorithm(String cekAlgo) {
-        if (!Algorithm.isAesCbcHmac(cekAlgo)) {
+    private static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm cekAlgo) {
+        if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) {
             throw new SecurityException();
         }
         return cekAlgo;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
index f1f3388..f1a75ea 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
@@ -18,20 +18,21 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 
 
 public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
     implements ContentDecryptionAlgorithm {
-    public AesGcmContentDecryptionAlgorithm(String supportedAlgo) {
+    public AesGcmContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
         super(supportedAlgo);
     }
 
     @Override
     public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
         String algo = headers.getContentEncryptionAlgorithm();
-        if (!Algorithm.isAesGcm(algo) || !getAlgorithm().equals(algo)) {
+        if (!AlgorithmUtils.isAesGcm(algo) || !getAlgorithm().getJwaName().equals(algo)) {
             throw new SecurityException();
         }
         return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index bcd0fb3..f5788d9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -21,28 +21,29 @@ package org.apache.cxf.rs.security.jose.jwe;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 
 
 public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
     private static final int DEFAULT_IV_SIZE = 96;
-    public AesGcmContentEncryptionAlgorithm(String algo) {
+    public AesGcmContentEncryptionAlgorithm(ContentAlgorithm algo) {
         this((byte[])null, null, algo);
     }
-    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo) {
+    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, ContentAlgorithm algo) {
         this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo);
     }
-    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) { 
+    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo) { 
         this(key.getEncoded(), iv, algo);    
     }
-    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
+    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { 
         super(cek, iv, checkAlgorithm(algo));    
     }
     protected int getIvSize() { 
         return DEFAULT_IV_SIZE;
     }
-    private static String checkAlgorithm(String algo) {
-        if (Algorithm.isAesGcm(algo)) {       
+    private static ContentAlgorithm checkAlgorithm(ContentAlgorithm algo) {
+        if (AlgorithmUtils.isAesGcm(algo.getJwaName())) {       
             return algo;
         }
         throw new SecurityException();

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
index 6180014..8d8ec23 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
@@ -24,25 +24,26 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
     public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {    
         this(encodedKey, null);
     }
-    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) {    
+    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) {    
         this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
     }
     public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
         this(secretKey, null);
     }
-    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_ALGO_JAVA), supportedAlgo);
+    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {    
+        this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES), supportedAlgo);
     }
     public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) {    
         this(secretKey, null);
     }
-    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) {    
+    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) {    
         super(secretKey, supportedAlgo);
     }
     @Override
@@ -65,7 +66,7 @@ public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgori
     }
     protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
         super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isAesGcmKeyWrap(keyAlgo)) {
+        if (!AlgorithmUtils.isAesGcmKeyWrap(keyAlgo)) {
             throw new SecurityException();
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
index e230470..584d48f 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
@@ -27,21 +27,22 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
     private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128GCMKW.getJwtName(),
-                      Algorithm.A192GCMKW.getJwtName(),
-                      Algorithm.A256GCMKW.getJwtName()));
-    public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
+        Arrays.asList(KeyAlgorithm.A128GCMKW.getJwaName(),
+                      KeyAlgorithm.A192GCMKW.getJwaName(),
+                      KeyAlgorithm.A256GCMKW.getJwaName()));
+    public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) {    
         this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
     }
-    public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.AES_ALGO_JAVA),
+    public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
+        this(CryptoUtils.createSecretKeySpec(keyBytes, AlgorithmUtils.AES),
              keyAlgoJwt);
     }
-    public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+    public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) {
         super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 8871f06..7cfe880 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -21,25 +21,27 @@ package org.apache.cxf.rs.security.jose.jwe;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
     public AesWrapKeyDecryptionAlgorithm(String encodedKey) {    
         this(encodedKey, null);
     }
-    public AesWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) {    
+    public AesWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) {    
         this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
     }
     public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
         this(secretKey, null);
     }
-    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA), supportedAlgo);
+    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {    
+        this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES_WRAP_ALGO_JAVA), 
+             supportedAlgo);
     }
     public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey) {
         this(secretKey, null);
     }
-    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) {    
+    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) {    
         super(secretKey, supportedAlgo);
     }
     @Override
@@ -51,7 +53,7 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm
     }
     
     protected boolean isValidAlgorithmFamily(String keyAlgo) {
-        return Algorithm.isAesKeyWrap(keyAlgo);
+        return AlgorithmUtils.isAesKeyWrap(keyAlgo);
     }
     
 }


Mime
View raw message