cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating JOSE password handling
Date Fri, 20 Feb 2015 22:24:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 6e3224606 -> 6641d5892


Updating JOSE password handling


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6641d589
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6641d589
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6641d589

Branch: refs/heads/master
Commit: 6641d5892b25949723fd7a5f1b59a2f457f9ecc6
Parents: 6e32246
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Feb 20 22:24:16 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Feb 20 22:24:16 2015 +0000

----------------------------------------------------------------------
 .../PbesHmacAesWrapKeyDecryptionAlgorithm.java  | 18 +++++-----
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  | 36 +++++++++++++++-----
 .../rs/security/jose/jwk/JsonWebKeyTest.java    | 10 +++---
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     | 13 +++++--
 .../jwt/PrivateKeyPasswordProviderImpl.java     |  9 ++++-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |  5 ++-
 .../security/certs/encryptedJwkPrivateSet.txt   |  2 +-
 .../secret.aescbchmac.inlinejwk.properties      |  5 +--
 .../secret.aescbchmac.inlineset.properties      | 15 +-------
 9 files changed, 67 insertions(+), 46 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
index 3fd9992..3ab9623 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
@@ -25,22 +25,22 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor
     private byte[] password;
     private String algo;
     public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) {    
-        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false);
     }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo) {    
-        this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo);
+    public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo, boolean hashLargePasswords)
{    
+        this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo, hashLargePasswords);
     }
     public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) {    
-        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false);
     }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo) {    
-        this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo);
+    public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo, boolean hashLargePasswords)
{    
+        this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo, hashLargePasswords);
     }
     public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) {    
-        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false);
     }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo) {    
-        this.password = password;
+    public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo, boolean hashLargePasswords)
{    
+        this.password = PbesHmacAesWrapKeyEncryptionAlgorithm.validatePassword(password,
algo, hashLargePasswords);
         this.algo = algo;
     }
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index 2089859..ecb9aa0 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -27,6 +27,7 @@ import java.util.Map;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.MessageDigestUtils;
 import org.apache.cxf.rs.security.jose.jwa.Algorithm;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
@@ -36,7 +37,6 @@ import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
 
 public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
-    
     private static final Map<String, Integer> PBES_HMAC_MAP;
     private static final Map<String, String> PBES_AES_MAP;
     private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
@@ -64,24 +64,42 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
     public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, String keyAlgoJwt) {
         this(stringToBytes(password), keyAlgoJwt);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt)
{
-        this(stringToBytes(password), pbesCount, keyAlgoJwt);
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt,

+                                                 boolean hashLargePasswords) {
+        this(stringToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords);
     }
     public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, String keyAlgoJwt) {
-        this(password, 4096, keyAlgoJwt);
+        this(password, 4096, keyAlgoJwt, false);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt)
{
-        this(charsToBytes(password), pbesCount, keyAlgoJwt);
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt,

+                                                 boolean hashLargePasswords) {
+        this(charsToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords);
     }
     public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, String keyAlgoJwt) {
-        this(password, 4096, keyAlgoJwt);
+        this(password, 4096, keyAlgoJwt, false);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt)
{
-        this.password = password;
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt,

+                                                 boolean hashLargePasswords) {
         this.keyAlgoJwt = validateKeyAlgorithm(keyAlgoJwt);
+        this.password = validatePassword(password, keyAlgoJwt, hashLargePasswords);
         this.pbesCount = validatePbesCount(pbesCount);
     }
     
+    static byte[] validatePassword(byte[] p, String keyAlgoJwt, boolean hashLargePasswords)
{
+        int minLen = DERIVED_KEY_SIZE_MAP.get(keyAlgoJwt);
+        if (p.length < minLen || p.length > 128) {
+            throw new SecurityException();
+        }
+        if (p.length > minLen && hashLargePasswords) {
+            try {
+                return MessageDigestUtils.createDigest(p, MessageDigestUtils.ALGO_SHA_256);
+            } catch (Exception ex) {
+                throw new SecurityException(ex);
+            }
+        } else {
+            return p;
+        }
+    }
     @Override
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
         int keySize = getKeySize(keyAlgoJwt);

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
index 15ade7d..ba92742 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
@@ -121,18 +121,19 @@ public class JsonWebKeyTest extends Assert {
     }
     @Test
     public void testEncryptDecryptPrivateSet() throws Exception {
+        final String password = "Thus from my lips, by yours, my sin is purged.";
         Security.addProvider(new BouncyCastleProvider());    
         try {
             JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
             validatePrivateSet(jwks);
-            String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray());
+            String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray());
             JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
             assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
             assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
             assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
             assertNotNull(c.getJweHeaders().getHeader("p2s"));
             assertNotNull(c.getJweHeaders().getHeader("p2c"));
-            jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray());
+            jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray());
             validatePrivateSet(jwks);
         } finally {
             Security.removeProvider(BouncyCastleProvider.class.getName());
@@ -140,6 +141,7 @@ public class JsonWebKeyTest extends Assert {
     }
     @Test
     public void testEncryptDecryptPrivateKey() throws Exception {
+        final String password = "Thus from my lips, by yours, my sin is purged.";
         final String key = "{\"kty\":\"oct\","
             + "\"alg\":\"A128KW\","
             + "\"k\":\"GawgguFyGrWKav7AX4VKUg\","
@@ -148,14 +150,14 @@ public class JsonWebKeyTest extends Assert {
         try {
             JsonWebKey jwk = readKey(key);
             validateSecretAesKey(jwk);
-            String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray());
+            String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray());
             JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
             assertEquals("jwk+json", c.getJweHeaders().getContentType());
             assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
             assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
             assertNotNull(c.getJweHeaders().getHeader("p2s"));
             assertNotNull(c.getJweHeaders().getHeader("p2c"));
-            jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray());
+            jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray());
             validateSecretAesKey(jwk);
         } finally {
             Security.removeProvider(BouncyCastleProvider.class.getName());

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index ba1c033..976fde0 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -169,7 +169,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
         providers.add(new JweClientResponseFilter());
         bean.setProviders(providers);
         bean.getProperties(true).put("rs.security.encryption.properties", propFile);
-        PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
+        PrivateKeyPasswordProvider provider = 
+            new PrivateKeyPasswordProviderImpl("Thus from my lips, by yours, my sin is purged.");
         bean.getProperties(true).put("rs.security.key.password.provider", provider);
         BookStore bs = bean.create(BookStore.class);
         String text = bs.echoText("book");
@@ -406,10 +407,16 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
     }
     
     private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider
{
-
+        private String password = "password";
+        public PrivateKeyPasswordProviderImpl() {
+            
+        }
+        public PrivateKeyPasswordProviderImpl(String password) {
+            this.password = password;
+        }
         @Override
         public char[] getPassword(Properties storeProperties) {
-            return "password".toCharArray();
+            return password.toCharArray();
         }
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
index 9fbdc81..f86417f 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
@@ -24,9 +24,16 @@ import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
 
 public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
 
+    private String password = "password";
+    public PrivateKeyPasswordProviderImpl() {
+        
+    }
+    public PrivateKeyPasswordProviderImpl(String password) {
+        this.password = password;
+    }
     @Override
     public char[] getPassword(Properties storeProperties) {
-        return "password".toCharArray();
+        return password.toCharArray();
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 155cf69..bd81abb 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -74,6 +74,9 @@ under the License.
     <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
     <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor"/>
     <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"/>
+    <bean id="keyPasswordProvider2" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl">
+         <constructor-arg value="Thus from my lips, by yours, my sin is purged."/>
+    </bean>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsa">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>
@@ -170,7 +173,7 @@ under the License.
         </jaxrs:providers>
         <jaxrs:properties>
             <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties"/>
-            <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
+            <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider2"/>
         </jaxrs:properties>
     </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac">

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt
index 0865b39..1848c11 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt
@@ -1 +1 @@
-eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiSmZmRmp6YzhGUHhRVlFPSlVYbXZuZyIsInAyYyI6NDA5NiwiY3R5IjoiandrLXNldCtqc29uIn0.osOgt-dpiYVRkJO_jYkrC7wIzAUi_HMRzW-XjvwHJbXECJGlmzFeMw.lYcyfoR4xxkHscyZ8--p9g.x0QTLYtwBtMmfRjH_wxUTsUiR2DIHFbY4SwZGKXW9E5hIfz0YJn2syO5c7ozIJrL3Al4OeCVRTg--aif0WXtLW728KdU1qDrQ3Pj8GW0J8eCUonLDJZEMssWFdroyhBvHIu-Jlpx0lnsjTStdMwwx9pL8OM4jtsOziDMjpuUqKCqfii8UfG1dKaH6FPRKsRe4K08D02XXKDopyZ1XUXNCj3ov4kgo2o_sUWcVcy8Oo56_77IvIL5CY-Itclv0EUWfI_Sd0Q9_n6m14ZyVbcU1r9NMwcruGTj-6ef5-dST58rPg_D-0ngp9zJg5cfzsI9_UWAw1xQtTKQQ07vQhvIHjRDc-M58_dZ3xp__hTjrZtqAufnGrYLK-ZaQO5-5VYZglbtDtPbNA6WAUxxBBsI6FMo0y5nM0ZFo2JV1vnwoQKLERn91IwVUJbtOr1_y2osWWvwxF7iRuClKaV1XJ3Zg_F8bawstSe-gzdKMmv9AYMMrAh2TSbTvOxi5s4bvWX_vjbFN5vINzVLj-o40BT36o-V6LXylxXFOToBBuRNUrHg8bhLGxZR3zVE_0panv1ruebnpWNGCwgpBK0NYornbV-i1RfreFhzWcOyHbE8hmFqMQhsuGvyrbszuxJ9rpryJsKjAxrsPb_SuhzVb-2WFsNynpTciAcGp6xjb_pm2-25u4iBjOfL9PlQcaEcrIxzihb9PGzJFOfBIvteAqCOJx4iiNfutcGxBEcnV1VOLGSp8uJPoWE3n6dROYu5pqO
 -ztLH-mfU9IjC6K7J5ulRtbZU2_qxVpcNTClRjT5BPWMgVElfvUIkHry-X6CjUUm3dh6B-zH5hTT3NTPOL7EwtebAtkiK509GOvO6pDOuqtn8-Dn92RDlh2fecDJOycjRInyt71SkrI6WhiVylhRNiZvt720Nesg41OqMweWxpgu4TGZflX9fB8sG-RBO0I1hP00Zk_c4t7t4k0-qKtV56zt3LJVE6K-hGBCB_0HtPDRbWUdkKbqkJ51JUda6RnXYBe7tLlVIzcLubd1YrikKeg0JnrFNafXqMoOWmUm2Q11EHuAZUiIJkBejgSEnbgfCjUc9gckQ0vOBP7ERhQJ4scpDCrG4fE5SPKo484qLxZuLhZBAntPdLCfKIav6WUg_Vbd0M7pP1vb53LdsZAsPidk_AB7_3TQdCct4xvK5C6MdHNQArlKzE9oMahQdyDWcYe7YbAu2ROwoz6xU3jKsrzJv-XI-Svw10eaE-KTlQwi8GaWw168-0Jnv23nSk5jGHh681iK8R0zbCIO2TNGZLe_jnJjiOlM-F3N-li73YEl8p30y2i0BUYTrPZYkwLUhFedlSX0hwR1jQpIoV0njzGeyf-pfySAUHXOhHRA00O3BzPZAXNBDTYCi54d6ng8QtlvG_IrhLbGkVTKJt8S6bfbsdvZvK8VW8_D0zf8uMoWBTAAoOkEz2a3x-UJ120LYq8LwzksuEFPRJ56m-YRLMO39vfMnQZbOxHsjzGsIZPgcaMhsYQugCMfU_TIJLc4zQx0DCC5VVnOwumXBz8lV0LHUOx79TXFzYMF0-VhzO0I.P-GdQKruCwb8-iDagtZIqQ
\ No newline at end of file
+eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiTWJlR0VTekk2MURJaHFncnc4ZG9TZyIsInAyYyI6NDA5Nn0.MVJlK1vV0lWLt2ySU2WB_nphsWZqf6jhVfb2mGuf05mXnxqistGBng.x6itAzrmrAn9KetfUl1ZPg.2if8qkLqADwsF0li0BzhPX8Q9LLYrUE_uHfv-qo23BwOryGm_cOSj01_TVZnO58N30wYBMJZ_mgYIQTYGL_6VUJJv8_qzP_wmBUkV99VPWOrEYLf75VWvJSMwyFjGljzpYoWONvrp6QwfrKjdum8_xEOs1dgurq8Spct-y1Ueqk9YCO_6fvklAzLPxgyyPXw5HwSIw1f4wtDN9XVHfmphvuNLNXrzxI-b1Xi4t1FIZBgX6LephgwL3LpJeP0MrKQlPpe4RI3fXfoe6yo432gH72kGCui6WgoIAZUrX2ShaS_ephxIrB3s24-QcG4pcfRcaHuIc1VhnsFSgC1IvNh1QnDnlxQ7PCVhBifXaf_7Vy9LZQYhRJ8Wj_NClPJT8NNYQOZTcXEjzLYRMxCUI8C-KZBUaZd14oZhWgTVi9xre6EyUq5lQbMl55x_f_5FXzO-dJB9EG3MtRLm1CSmPaH4slUKhk45fKTzowqYgD0ueVcqvT8JtnlxRSj2NPC0vPy4r_3H3HzKvvtICQeaR6ZP5g_UMyvLju08tZMYSqeFzYxDKuExzC8l00tc8GlFM_K15A-J7TGQXGGDZtcn8raNOMgCzq4ijr5z6hyniNzu1j8sjKZH9FX3okfINRy6kW6W168r4GSvRAFf01sCNBvcSi3gsC0djTZdeyzbcEq_oqYHdBS3Ur4bXFw_5fLVKi4oaYG4AdWgAYiPp7uATO1k3VPoxIjJyRaUt4ZG-RX3eMULUF31OAV2owfthhyFzdOhg2RBPHhpiH5lbldTHRuP3PtQKt
 M6J0wbOoKwHdNSQUuRFJ3Ypqol2kxFl7e6NCTlvJrPX93b4JLYMpGeK43IXqnGzdUKCUEwsqz5m_x-eawlp34VHugxrAyW23hWXivbM_2p0nBYURd-DhdEErpzv6abGo89HQ_cOocI9JNIrfJejdMvVF1SxWPfwV9xvGqYcOvECUAJ_DRs3BxHEE83gLVEvs16JvLb-UVbNul7M-2R6McfH1tLc3GXOxtIIimpz0pu0PIEf_ptwSpsXPuhUo-GzJSqN_XOqS1FAn7ELOAuxTzw4P8fQpMB3IChwEJQDo4fApstbg9hsQrW8oOO1puFFYscuNYKgFGu_fVroZtgxPveoEYsB8JvPXgAGeiblaCYcUZiuOfj14B6GAsoqzCETxmNDe5ouHWjJ10QxdPWRjQUmlS0Pe_sjXWfYuian-WodiNDpVtDhBdWI7klifiJpRUL2xyOvMODJRSLVQck5ifHXAjb05Us6JTdDJU4MjNhPsNnnuy92I0JWW6MIV-DFfkSgt8J1kxaltyhyPdNBDSgTTSEZQjRmvbt93opbejkRT8yTL96Q59Cw32SK3cKwiaDJsVctcgpsHcHK7ImcoqvzcPFwwb3v32o14oqC4KS0WZw7wW-FlYhUjkh-orlka90_rw1687nKx0D5EV8wtMpQ69n8vTSme3hjoDIBxIxUrI0k3sv6UvjfH7qQLey0eIckPtRGDzR0ydFBVfKcj2BJQPCeTj08aOzU1f26dovhO9XKbOAYvtkOYO5Q2Sp4TvcC8fezQGYqRNX-k.BIKOj0XbCIfOv_qePGSEcg
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties
index 1c172a1..2455204 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties
@@ -15,9 +15,6 @@
 #    specific language governing permissions and limitations
 #    under the License.
 rs.security.keystore.type=jwk
-rs.security.keystore.jwkkey=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoi\
-dk5QZzk4emFVT2RxZEJRbzhfZU5OUSIsInAyYyI6NDA5NiwiY3R5IjoiandrK2pzb24ifQ.8RodwuWBWWZp9fj5FB93D5Qf9y27eyQiqR\
-Hq0sbezF8m8ZIWjFqdgA.E5r-EbVtVttblREyU2mMVg.xI7gboooFhAcbnhBfsJD8-lbmf0sp0ZABNGLOf7ETs1TbHtRJ1qZlxczfwP2WG0\
-YggD9PsYMTllG7JeVU6xG2mF4t8kpquMiC3e4JlGJlvM.-XoyywZ0D2D9hk5w4RjnmA
+rs.security.keystore.jwkkey=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiaXVHOExqSkNrN3FtcnVGRUdyMHVuUSIsInAyYyI6NDA5Nn0.TuUE2NnCsl3ZWJY7sl0uqEWxFV2ZHw5tw-0ri8Qyst5Gn6YzuPGKJw.aaesJ4e-rLFYIdxA6gMdMw.lnncuqaZ2o3lPRX9bfFh4huW5llDWXC0Gg5987pNSte0SyY7gJcg4EFPHrPdO1YSAZJmPC3hEEmcwqh42w8g2rWiyUqcJ8Z4PqEj7HkNUdE.NccysFtj5AoMMSEk2Sa6oQ
 rs.security.keystore.alias.jwe=AesWrapKey
 rs.security.jwe.content.encryption.algorithm=A128CBC-HS256

http://git-wip-us.apache.org/repos/asf/cxf/blob/6641d589/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties
index 3968284..e00378f 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties
@@ -15,19 +15,6 @@
 #    specific language governing permissions and limitations
 #    under the License.
 rs.security.keystore.type=jwk
-rs.security.keystore.jwkset=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiSmZmRmp6YzhGUHhRVlFPSlVYbXZuZ\
-yIsInAyYyI6NDA5NiwiY3R5IjoiandrLXNldCtqc29uIn0.osOgt-dpiYVRkJO_jYkrC7wIzAUi_HMRzW-XjvwHJbXECJGlmzFeMw.lYcyfoR4xxkHscyZ8--p9g.x0QTLYtwB\
-tMmfRjH_wxUTsUiR2DIHFbY4SwZGKXW9E5hIfz0YJn2syO5c7ozIJrL3Al4OeCVRTg--aif0WXtLW728KdU1qDrQ3Pj8GW0J8eCUonLDJZEMssWFdroyhBvHIu-Jlpx0lnsjTSt\
-dMwwx9pL8OM4jtsOziDMjpuUqKCqfii8UfG1dKaH6FPRKsRe4K08D02XXKDopyZ1XUXNCj3ov4kgo2o_sUWcVcy8Oo56_77IvIL5CY-Itclv0EUWfI_Sd0Q9_n6m14ZyVbcU1r9\
-NMwcruGTj-6ef5-dST58rPg_D-0ngp9zJg5cfzsI9_UWAw1xQtTKQQ07vQhvIHjRDc-M58_dZ3xp__hTjrZtqAufnGrYLK-ZaQO5-5VYZglbtDtPbNA6WAUxxBBsI6FMo0y5nM0Z\
-Fo2JV1vnwoQKLERn91IwVUJbtOr1_y2osWWvwxF7iRuClKaV1XJ3Zg_F8bawstSe-gzdKMmv9AYMMrAh2TSbTvOxi5s4bvWX_vjbFN5vINzVLj-o40BT36o-V6LXylxXFOToBBuRN\
-UrHg8bhLGxZR3zVE_0panv1ruebnpWNGCwgpBK0NYornbV-i1RfreFhzWcOyHbE8hmFqMQhsuGvyrbszuxJ9rpryJsKjAxrsPb_SuhzVb-2WFsNynpTciAcGp6xjb_pm2-25u4iB\
-jOfL9PlQcaEcrIxzihb9PGzJFOfBIvteAqCOJx4iiNfutcGxBEcnV1VOLGSp8uJPoWE3n6dROYu5pqO-ztLH-mfU9IjC6K7J5ulRtbZU2_qxVpcNTClRjT5BPWMgVElfvUIkHry-X\
-6CjUUm3dh6B-zH5hTT3NTPOL7EwtebAtkiK509GOvO6pDOuqtn8-Dn92RDlh2fecDJOycjRInyt71SkrI6WhiVylhRNiZvt720Nesg41OqMweWxpgu4TGZflX9fB8sG-RBO0I1hP00\
-Zk_c4t7t4k0-qKtV56zt3LJVE6K-hGBCB_0HtPDRbWUdkKbqkJ51JUda6RnXYBe7tLlVIzcLubd1YrikKeg0JnrFNafXqMoOWmUm2Q11EHuAZUiIJkBejgSEnbgfCjUc9gckQ0vOBP\
-7ERhQJ4scpDCrG4fE5SPKo484qLxZuLhZBAntPdLCfKIav6WUg_Vbd0M7pP1vb53LdsZAsPidk_AB7_3TQdCct4xvK5C6MdHNQArlKzE9oMahQdyDWcYe7YbAu2ROwoz6xU3jKsrzJ\
-v-XI-Svw10eaE-KTlQwi8GaWw168-0Jnv23nSk5jGHh681iK8R0zbCIO2TNGZLe_jnJjiOlM-F3N-li73YEl8p30y2i0BUYTrPZYkwLUhFedlSX0hwR1jQpIoV0njzGeyf-pfySAUH\
-XOhHRA00O3BzPZAXNBDTYCi54d6ng8QtlvG_IrhLbGkVTKJt8S6bfbsdvZvK8VW8_D0zf8uMoWBTAAoOkEz2a3x-UJ120LYq8LwzksuEFPRJ56m-YRLMO39vfMnQZbOxHsjzGsIZPg\
-caMhsYQugCMfU_TIJLc4zQx0DCC5VVnOwumXBz8lV0LHUOx79TXFzYMF0-VhzO0I.P-GdQKruCwb8-iDagtZIqQ
+rs.security.keystore.jwkset=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiTWJlR0VTekk2MURJaHFncnc4ZG9TZyIsInAyYyI6NDA5Nn0.MVJlK1vV0lWLt2ySU2WB_nphsWZqf6jhVfb2mGuf05mXnxqistGBng.x6itAzrmrAn9KetfUl1ZPg.2if8qkLqADwsF0li0BzhPX8Q9LLYrUE_uHfv-qo23BwOryGm_cOSj01_TVZnO58N30wYBMJZ_mgYIQTYGL_6VUJJv8_qzP_wmBUkV99VPWOrEYLf75VWvJSMwyFjGljzpYoWONvrp6QwfrKjdum8_xEOs1dgurq8Spct-y1Ueqk9YCO_6fvklAzLPxgyyPXw5HwSIw1f4wtDN9XVHfmphvuNLNXrzxI-b1Xi4t1FIZBgX6LephgwL3LpJeP0MrKQlPpe4RI3fXfoe6yo432gH72kGCui6WgoIAZUrX2ShaS_ephxIrB3s24-QcG4pcfRcaHuIc1VhnsFSgC1IvNh1QnDnlxQ7PCVhBifXaf_7Vy9LZQYhRJ8Wj_NClPJT8NNYQOZTcXEjzLYRMxCUI8C-KZBUaZd14oZhWgTVi9xre6EyUq5lQbMl55x_f_5FXzO-dJB9EG3MtRLm1CSmPaH4slUKhk45fKTzowqYgD0ueVcqvT8JtnlxRSj2NPC0vPy4r_3H3HzKvvtICQeaR6ZP5g_UMyvLju08tZMYSqeFzYxDKuExzC8l00tc8GlFM_K15A-J7TGQXGGDZtcn8raNOMgCzq4ijr5z6hyniNzu1j8sjKZH9FX3okfINRy6kW6W168r4GSvRAFf01sCNBvcSi3gsC0djTZdeyzbcEq_oqYHdBS3Ur4bXFw_5fLVKi4oaYG4AdWgAYiPp7uATO1k3VPoxIjJyRaUt4ZG-RX3eMULUF31OAV2owfthhyFzd
 Ohg2RBPHhpiH5lbldTHRuP3PtQKtM6J0wbOoKwHdNSQUuRFJ3Ypqol2kxFl7e6NCTlvJrPX93b4JLYMpGeK43IXqnGzdUKCUEwsqz5m_x-eawlp34VHugxrAyW23hWXivbM_2p0nBYURd-DhdEErpzv6abGo89HQ_cOocI9JNIrfJejdMvVF1SxWPfwV9xvGqYcOvECUAJ_DRs3BxHEE83gLVEvs16JvLb-UVbNul7M-2R6McfH1tLc3GXOxtIIimpz0pu0PIEf_ptwSpsXPuhUo-GzJSqN_XOqS1FAn7ELOAuxTzw4P8fQpMB3IChwEJQDo4fApstbg9hsQrW8oOO1puFFYscuNYKgFGu_fVroZtgxPveoEYsB8JvPXgAGeiblaCYcUZiuOfj14B6GAsoqzCETxmNDe5ouHWjJ10QxdPWRjQUmlS0Pe_sjXWfYuian-WodiNDpVtDhBdWI7klifiJpRUL2xyOvMODJRSLVQck5ifHXAjb05Us6JTdDJU4MjNhPsNnnuy92I0JWW6MIV-DFfkSgt8J1kxaltyhyPdNBDSgTTSEZQjRmvbt93opbejkRT8yTL96Q59Cw32SK3cKwiaDJsVctcgpsHcHK7ImcoqvzcPFwwb3v32o14oqC4KS0WZw7wW-FlYhUjkh-orlka90_rw1687nKx0D5EV8wtMpQ69n8vTSme3hjoDIBxIxUrI0k3sv6UvjfH7qQLey0eIckPtRGDzR0ydFBVfKcj2BJQPCeTj08aOzU1f26dovhO9XKbOAYvtkOYO5Q2Sp4TvcC8fezQGYqRNX-k.BIKOj0XbCIfOv_qePGSEcg
 rs.security.keystore.alias.jwe=AesWrapKey
 rs.security.jwe.content.encryption.algorithm=A128CBC-HS256


Mime
View raw message