cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [3/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Date Fri, 27 Feb 2015 13:55:25 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
index a8b5899..522b479 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -25,21 +25,21 @@ import java.util.Set;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
     private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(Algorithm.A128KW.getJwtName(),
-                      Algorithm.A192KW.getJwtName(),
-                      Algorithm.A256KW.getJwtName()));
-    public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
+        Arrays.asList(KeyAlgorithm.A128KW.getJwaName(),
+                      KeyAlgorithm.A192KW.getJwaName(),
+                      KeyAlgorithm.A256KW.getJwaName()));
+    public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) {    
         this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
     }
-    public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)),
+    public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
+        this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()),
              keyAlgoJwt);
     }
-    public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+    public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) {
         super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
deleted file mode 100644
index 6f53f53..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
-    byte[] getInitVector();
-    byte[] getContentEncryptionKey(JweHeaders headers);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
index e75eecc..055d602 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
@@ -20,9 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+
 
 public interface ContentEncryptionCipherProperties {
-    String getAlgorithm();
+    ContentAlgorithm getAlgorithm();
     byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad);
     AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java
new file mode 100644
index 0000000..940455a
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+
+
+public interface ContentEncryptionProvider extends ContentEncryptionCipherProperties {
+    byte[] getInitVector();
+    byte[] getContentEncryptionKey(JweHeaders headers);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
index f7cfcc1..0d08f2d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
@@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.Key;
 
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+
 public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
     private byte[] contentDecryptionKey;
     public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) {    
@@ -34,7 +36,7 @@ public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
         return contentDecryptionKey;
     }
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return null;
     }
     protected void validateKeyEncryptionKey(JweDecryptionInput jweDecryptionInput) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
index 3fe8967..e878beb 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
@@ -18,7 +18,9 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
-public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+
+public class DirectKeyEncryptionAlgorithm implements KeyEncryptionProvider {
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
         if (headers.getKeyEncryptionAlgorithm() != null) {
             throw new SecurityException();
@@ -31,7 +33,7 @@ public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
         }
     }
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
index fd72fa9..1d9741e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
@@ -20,15 +20,16 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.interfaces.ECPrivateKey;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
     private ECPrivateKey key;
-    private String algo;
+    private KeyAlgorithm algo;
     public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key) {    
-        this(key, Algorithm.ECDH_ES_A128KW.getJwtName());
+        this(key, KeyAlgorithm.ECDH_ES_A128KW);
     }
-    public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key, String algo) {    
+    public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key, KeyAlgorithm algo) {    
         this.key = key;
         this.algo = algo;
     }
@@ -39,14 +40,14 @@ public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm
                 jweDecryptionInput.getJweHeaders(), key);
         KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) {
             protected boolean isValidAlgorithmFamily(String wrapAlgo) {
-                return Algorithm.isEcdhEsWrap(wrapAlgo);
+                return AlgorithmUtils.isEcdhEsWrap(wrapAlgo);
             }    
         };
         return aesWrap.getDecryptedContentEncryptionKey(jweDecryptionInput);
     }    
     
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return algo;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
index ecfa68e..c61f102 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
@@ -22,49 +22,49 @@ import java.security.interfaces.ECPublicKey;
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.EcdhDirectKeyJweEncryption.EcdhHelper;
 
-public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
     
     private static final Map<String, String> ECDH_AES_MAP;
     static {
         ECDH_AES_MAP = new HashMap<String, String>();
-        ECDH_AES_MAP.put(Algorithm.ECDH_ES_A128KW.getJwtName(), Algorithm.A128KW.getJwtName());
-        ECDH_AES_MAP.put(Algorithm.ECDH_ES_A192KW.getJwtName(), Algorithm.A192KW.getJwtName());
-        ECDH_AES_MAP.put(Algorithm.ECDH_ES_A256KW.getJwtName(), Algorithm.A256KW.getJwtName());
+        ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A128KW.getJwaName(), KeyAlgorithm.A128KW.getJwaName());
+        ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A192KW.getJwaName(), KeyAlgorithm.A192KW.getJwaName());
+        ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A256KW.getJwaName(), KeyAlgorithm.A256KW.getJwaName());
     }
-    private String keyAlgo;
+    private KeyAlgorithm keyAlgo;
     private EcdhHelper helper;
     
     public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey,
                                              String curve,
                                              String apuString,
                                              String apvString,
-                                             String keyAlgo) {
+                                             KeyAlgorithm keyAlgo) {
         
         this.keyAlgo = keyAlgo;
-        helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, keyAlgo);
+        helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, keyAlgo.getJwaName());
     }
     
     @Override
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
         final byte[] derivedKey = helper.getDerivedKey(headers);
-        Algorithm jwtAlgo = Algorithm.valueOf(ECDH_AES_MAP.get(keyAlgo));
-        KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, 
-                                                                           jwtAlgo.getJwtName()) {
+        KeyEncryptionProvider aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, 
+                                                                           keyAlgo) {
             protected void checkAlgorithms(JweHeaders headers) {
                 // complete
             }
             protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-                return Algorithm.AES_WRAP_ALGO_JAVA;
+                return AlgorithmUtils.AES_WRAP_ALGO_JAVA;
             }
         };
         return aesWrap.getEncryptedContentEncryptionKey(headers, cek);
     }
     
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return keyAlgo;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
index 7284def..90466c4 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
@@ -21,26 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe;
 import java.security.interfaces.ECPrivateKey;
 
 import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 
 
 public class EcdhDirectKeyJweDecryption extends JweDecryption {
-    public EcdhDirectKeyJweDecryption(ECPrivateKey privateKey, String supportedCtAlgo) {
+    public EcdhDirectKeyJweDecryption(ECPrivateKey privateKey, ContentAlgorithm supportedCtAlgo) {
         super(new EcdhDirectKeyDecryptionAlgorithm(privateKey), 
               new AesGcmContentDecryptionAlgorithm(supportedCtAlgo));
     }
     protected static byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers,
                                                                         ECPrivateKey privateKey) {
-        Algorithm jwtAlgo = Algorithm.valueOf(headers.getContentEncryptionAlgorithm());
+        ContentAlgorithm jwtAlgo = ContentAlgorithm.valueOf(headers.getContentEncryptionAlgorithm());
         JsonWebKey publicJwk = headers.getJsonWebKey("epv");
         String apuHeader = (String)headers.getHeader("apu");
         byte[] apuBytes = apuHeader == null ? null : JoseUtils.decode(apuHeader);
         String apvHeader = (String)headers.getHeader("apv");
         byte[] apvBytes = apvHeader == null ? null : JoseUtils.decode(apvHeader);
         return JweUtils.getECDHKey(privateKey, JwkUtils.toECPublicKey(publicJwk), 
-                                   apuBytes, apvBytes, jwtAlgo.getJwtName(), jwtAlgo.getKeySizeBits());
+                                   apuBytes, apvBytes, jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits());
     }
     protected static class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm {
         private ECPrivateKey privateKey;

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
index 5264dff..fe01883 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
@@ -25,8 +25,8 @@ import java.security.interfaces.ECPublicKey;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 
 
@@ -35,7 +35,7 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption {
                                       String curve,
                                       String apuString,
                                       String apvString,
-                                      String ctAlgo) {
+                                      ContentAlgorithm ctAlgo) {
         super(new EcdhDirectKeyEncryptionAlgorithm(),
               new EcdhAesGcmContentEncryptionAlgorithm(peerPublicKey,
                                                        curve,
@@ -45,7 +45,7 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption {
     }
     protected static class EcdhDirectKeyEncryptionAlgorithm extends DirectKeyEncryptionAlgorithm {
         protected void checkKeyEncryptionAlgorithm(JweHeaders headers) {
-            headers.setKeyEncryptionAlgorithm(JoseConstants.ECDH_ES_DIRECT_ALGO);
+            headers.setKeyEncryptionAlgorithm(AlgorithmUtils.ECDH_ES_DIRECT_ALGO);
         }
     }
     protected static class EcdhAesGcmContentEncryptionAlgorithm extends AesGcmContentEncryptionAlgorithm {
@@ -54,9 +54,9 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption {
                                                     String curve,
                                                     String apuString,
                                                     String apvString,
-                                                    String ctAlgo) {
+                                                    ContentAlgorithm ctAlgo) {
             super(ctAlgo);
-            helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, ctAlgo);
+            helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, ctAlgo.getJwaName());
         }
         public byte[] getContentEncryptionKey(JweHeaders headers) {
             return helper.getDerivedKey(headers);
@@ -84,14 +84,14 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption {
             KeyPair pair = CryptoUtils.generateECKeyPair(ecurve);
             ECPublicKey publicKey = (ECPublicKey)pair.getPublic();
             ECPrivateKey privateKey = (ECPrivateKey)pair.getPrivate();
-            Algorithm jwtAlgo = Algorithm.valueOf(ctAlgo);
+            ContentAlgorithm jwtAlgo = ContentAlgorithm.valueOf(ctAlgo);
         
             headers.setHeader("apu", Base64UrlUtility.encode(apuBytes));
             headers.setHeader("apv", Base64UrlUtility.encode(apvBytes));
             headers.setJsonWebKey("epv", JwkUtils.fromECPublicKey(publicKey, ecurve));
             
             return JweUtils.getECDHKey(privateKey, peerPublicKey, apuBytes, apvBytes, 
-                                       jwtAlgo.getJwtName(), jwtAlgo.getKeySizeBits());
+                                       jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits());
             
         }
         private byte[] toBytes(String str) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java
index 00d994e..e314515 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 
 public class JweEncryption extends AbstractJweEncryption {
-    public JweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-                         ContentEncryptionAlgorithm contentEncryptionAlgo) {
+    public JweEncryption(KeyEncryptionProvider keyEncryptionAlgorithm,
+                         ContentEncryptionProvider contentEncryptionAlgo) {
         super(contentEncryptionAlgo, keyEncryptionAlgorithm);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
index 23a014f..24ab37a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
@@ -78,7 +78,7 @@ public class JweJsonConsumer {
     private JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jwe) {
         for (Map.Entry<JweJsonEncryptionEntry, JweHeaders> entry : recipientsMap.entrySet()) {
             String keyAlgo = entry.getValue().getKeyEncryptionAlgorithm();
-            if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm())
+            if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm().getJwaName())
                 || keyAlgo == null && jwe.getKeyAlgorithm() == null) {
                 return entry.getKey();        
             }    

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index 45d3d47..b722d08 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -170,7 +170,7 @@ public class JweJsonProducer {
     private String checkAndGetContentAlgorithm(List<JweEncryptionProvider> encryptors) {
         Set<String> set = new HashSet<String>();
         for (JweEncryptionProvider encryptor : encryptors) {
-            set.add(encryptor.getContentAlgorithm());
+            set.add(encryptor.getContentAlgorithm().getJwaName());
         }
         if (set.size() != 1) {
             throw new SecurityException("Invalid content encryption algorithm");

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
index 4217525..49d274c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
@@ -18,9 +18,12 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+
 
 
 public interface JweKeyProperties {
-    String getKeyAlgorithm();
-    String getContentAlgorithm();
+    KeyAlgorithm getKeyAlgorithm();
+    ContentAlgorithm getContentAlgorithm();
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index feba8bc..5389205 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -41,7 +41,9 @@ import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 
@@ -61,7 +63,7 @@ public final class JweUtils {
         return encrypt(key, keyAlgo, contentAlgo, content, null);
     }
     public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, keyAlgo);
+        KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo);
         return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
     }
     public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content) {
@@ -69,14 +71,14 @@ public final class JweUtils {
     }
     public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) {
         if (keyAlgo != null) {
-            KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
+            KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
             return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
         } else {
             return encryptDirect(key, contentAlgo, content, ct);
         }
     }
     public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String ct) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key);
+        KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
         return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
     }
     public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content) {
@@ -114,14 +116,14 @@ public final class JweUtils {
         JweDecryptionProvider jwe = getDirectKeyJweDecryption(key);
         return jwe.decrypt(content).getContent();
     }
-    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) {
-        return getKeyEncryptionAlgorithm(jwk, null);
+    public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk) {
+        return getKeyEncryptionProvider(jwk, null);
     }
-    public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
+    public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, String defaultAlgorithm) {
         String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        KeyEncryptionAlgorithm keyEncryptionProvider = null;
+        KeyEncryptionProvider keyEncryptionProvider = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jwk, true), 
+            keyEncryptionProvider = getRSAKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), 
                                                                  keyEncryptionAlgo);
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
             keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), 
@@ -131,14 +133,14 @@ public final class JweUtils {
         }
         return keyEncryptionProvider;
     }
-    public static KeyEncryptionAlgorithm getRSAKeyEncryptionAlgorithm(RSAPublicKey key, String algo) {
-        return new RSAKeyEncryptionAlgorithm(key, algo);
+    public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, String algo) {
+        return new RSAKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
     }
-    public static KeyEncryptionAlgorithm getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) {
-        if (Algorithm.isAesKeyWrap(algo)) {
-            return new AesWrapKeyEncryptionAlgorithm(key, algo);
-        } else if (Algorithm.isAesGcmKeyWrap(algo)) {
-            return new AesGcmWrapKeyEncryptionAlgorithm(key, algo);
+    public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) {
+        if (AlgorithmUtils.isAesKeyWrap(algo)) {
+            return new AesWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+        } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) {
+            return new AesGcmWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
         }
         return null;
     }
@@ -161,43 +163,43 @@ public final class JweUtils {
         return keyDecryptionProvider;
     }
     public static KeyDecryptionAlgorithm getRSAKeyDecryptionAlgorithm(RSAPrivateKey key, String algo) {
-        return new RSAKeyDecryptionAlgorithm(key, algo);
+        return new RSAKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
     }
     public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String algo) {
-        if (Algorithm.isAesKeyWrap(algo)) {
-            return new AesWrapKeyDecryptionAlgorithm(key, algo);
-        } else if (Algorithm.isAesGcmKeyWrap(algo)) {
-            return new AesGcmWrapKeyDecryptionAlgorithm(key, algo);
+        if (AlgorithmUtils.isAesKeyWrap(algo)) {
+            return new AesWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+        } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) {
+            return new AesGcmWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
         }
         return null;
     }
-    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk) {
+    public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk) {
         return getContentEncryptionAlgorithm(jwk, null);
     }
-    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
+    public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
         String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        ContentEncryptionAlgorithm contentEncryptionProvider = null;
+        ContentEncryptionProvider contentEncryptionProvider = null;
         if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
             return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),
                                                  ctEncryptionAlgo);
         }
         return contentEncryptionProvider;
     }
-    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(SecretKey key, String algorithm) {
-        if (Algorithm.isAesGcm(algorithm)) {
-            return new AesGcmContentEncryptionAlgorithm(key, null, algorithm);
+    public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, String algorithm) {
+        if (AlgorithmUtils.isAesGcm(algorithm)) {
+            return new AesGcmContentEncryptionAlgorithm(key, null, getContentAlgo(algorithm));
         }
         return null;
     }
-    public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(String algorithm) {
-        if (Algorithm.isAesGcm(algorithm)) {
-            return new AesGcmContentEncryptionAlgorithm(algorithm);
+    public static ContentEncryptionProvider getContentEncryptionAlgorithm(String algorithm) {
+        if (AlgorithmUtils.isAesGcm(algorithm)) {
+            return new AesGcmContentEncryptionAlgorithm(getContentAlgo(algorithm));
         }
         return null;
     }
     public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String algorithm) {
-        if (Algorithm.isAesGcm(algorithm)) {
-            return new AesGcmContentDecryptionAlgorithm(algorithm);
+        if (AlgorithmUtils.isAesGcm(algorithm)) {
+            return new AesGcmContentDecryptionAlgorithm(getContentAlgo(algorithm));
         }
         return null;
     }
@@ -206,14 +208,18 @@ public final class JweUtils {
     }
     public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk, String defaultAlgorithm) {
         String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
-        if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && Algorithm.isAesGcm(ctEncryptionAlgo)) {
+        if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && AlgorithmUtils.isAesGcm(ctEncryptionAlgo)) {
             return JwkUtils.toSecretKey(jwk);
         }
         return null;
     }
+    private static ContentAlgorithm getContentAlgo(String algo) {
+        return ContentAlgorithm.getAlgorithm(algo);
+    }
     public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) {
-        if (Algorithm.isAesCbcHmac(key.getAlgorithm())) {
-            return new AesCbcHmacJweEncryption(key.getAlgorithm(), JwkUtils.toSecretKey(key).getEncoded(), 
+        if (AlgorithmUtils.isAesCbcHmac(key.getAlgorithm())) {
+            return new AesCbcHmacJweEncryption(getContentAlgo(key.getAlgorithm()), 
+                                               JwkUtils.toSecretKey(key).getEncoded(), 
                                                null, new DirectKeyEncryptionAlgorithm());
         } else {
             return new JweEncryption(new DirectKeyEncryptionAlgorithm(),
@@ -221,8 +227,8 @@ public final class JweUtils {
         }
     }
     public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) {
-        if (Algorithm.isAesCbcHmac(algorithm)) {
-            return new AesCbcHmacJweEncryption(algorithm, key.getEncoded(), 
+        if (AlgorithmUtils.isAesCbcHmac(algorithm)) {
+            return new AesCbcHmacJweEncryption(getContentAlgo(algorithm), key.getEncoded(), 
                                                null, new DirectKeyEncryptionAlgorithm());
         } else {
             return new JweEncryption(new DirectKeyEncryptionAlgorithm(), 
@@ -230,17 +236,18 @@ public final class JweUtils {
         }
     }
     public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) {
-        if (Algorithm.isAesCbcHmac(algorithm)) { 
-            return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm);
+        if (AlgorithmUtils.isAesCbcHmac(algorithm)) { 
+            return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentAlgo(algorithm));
         } else {
             return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), 
                                  getContentDecryptionAlgorithm(algorithm));
         }
     }
     public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) {
-        if (Algorithm.isAesCbcHmac(key.getAlgorithm())) { 
+        if (AlgorithmUtils.isAesCbcHmac(key.getAlgorithm())) { 
             return new AesCbcHmacJweDecryption(
-                new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key).getEncoded()), key.getAlgorithm());
+                new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key).getEncoded()), 
+                    getContentAlgo(key.getAlgorithm()));
         } else {
             return new JweDecryption(new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key)), 
                                  getContentDecryptionAlgorithm(key.getAlgorithm()));
@@ -262,10 +269,10 @@ public final class JweUtils {
                 MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_PROP, 
                                                    KeyManagementUtils.RSSEC_REPORT_KEY_PROP));
         
-        KeyEncryptionAlgorithm keyEncryptionProvider = null;
+        KeyEncryptionProvider keyEncryptionProvider = null;
         String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
-        ContentEncryptionAlgorithm ctEncryptionProvider = null;
+        ContentEncryptionProvider ctEncryptionProvider = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
             keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), 
@@ -274,13 +281,13 @@ public final class JweUtils {
                 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                 ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
             } else {
-                keyEncryptionProvider = getKeyEncryptionAlgorithm(jwk, keyEncryptionAlgo);
+                keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo);
                 if (reportPublicKey) {
                     JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo);
                 }
             }
         } else {
-            keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(
+            keyEncryptionProvider = getRSAKeyEncryptionProvider(
                 (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), 
                 keyEncryptionAlgo);
             if (reportPublicKey) {
@@ -340,11 +347,11 @@ public final class JweUtils {
                                                                     String keyAlgo,
                                                                     String contentEncryptionAlgo,
                                                                     String compression) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, keyAlgo);
+        KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo);
         return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders headers) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, 
+        KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, 
                                                            headers.getKeyEncryptionAlgorithm());
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
@@ -352,37 +359,37 @@ public final class JweUtils {
                                                                     String keyAlgo,
                                                                     String contentEncryptionAlgo,
                                                                     String compression) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
+        KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
         return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders headers) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, 
+        KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, 
                                                            headers.getKeyEncryptionAlgorithm());
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key,
                                                                     String contentEncryptionAlgo,
                                                                     String compression) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key);
+        KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
         return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders headers) {
-        KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key);
+        KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
-    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider,
+    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
                                                                     String contentEncryptionAlgo,
                                                                     String compression) {
         JweHeaders headers = 
-            prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm() : null,
+            prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null,
                 contentEncryptionAlgo, compression);
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
-    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider,
+    public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
                                                                     JweHeaders headers) {
         String contentEncryptionAlgo = headers.getContentEncryptionAlgorithm();
-        if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { 
-            return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider);
+        if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo)) { 
+            return new AesCbcHmacJweEncryption(getContentAlgo(contentEncryptionAlgo), keyEncryptionProvider);
         } else {
             return new JweEncryption(keyEncryptionProvider,
                                      getContentEncryptionAlgorithm(contentEncryptionAlgo));
@@ -404,8 +411,8 @@ public final class JweUtils {
     }
     public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider,
                                                                     String contentDecryptionAlgo) {
-        if (Algorithm.isAesCbcHmac(contentDecryptionAlgo)) { 
-            return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo);
+        if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo)) { 
+            return new AesCbcHmacJweDecryption(keyDecryptionProvider, getContentAlgo(contentDecryptionAlgo));
         } else {
             return new JweDecryption(keyDecryptionProvider, 
                                      getContentDecryptionAlgorithm(contentDecryptionAlgo));
@@ -517,15 +524,15 @@ public final class JweUtils {
         }
         return headers;
     }
-    private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider,
-                                                                     ContentEncryptionAlgorithm ctEncryptionProvider,
+    private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
+                                                                     ContentEncryptionProvider ctEncryptionProvider,
                                                                      String contentEncryptionAlgo,
                                                                      String compression) {
         if (keyEncryptionProvider == null && ctEncryptionProvider == null) {
             throw new SecurityException();
         }
         JweHeaders headers = 
-            prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm() : null,
+            prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null,
                 contentEncryptionAlgo, compression);
         if (keyEncryptionProvider != null) {
             return createJweEncryptionProvider(keyEncryptionProvider, headers);
@@ -549,7 +556,7 @@ public final class JweUtils {
                                                String algo, String defaultAlgo) {
         if (algo == null) {
             if (defaultAlgo == null) {
-                defaultAlgo = JoseConstants.RSA_OAEP_ALGO;
+                defaultAlgo = AlgorithmUtils.RSA_OAEP_ALGO;
             }
             return KeyManagementUtils.getKeyAlgorithm(m, props, 
                 JSON_WEB_ENCRYPTION_KEY_ALGO_PROP, defaultAlgo);
@@ -558,19 +565,19 @@ public final class JweUtils {
     }
     private static String getDefaultKeyAlgo(JsonWebKey jwk) {
         if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            return JoseConstants.A128GCMKW_ALGO;
+            return AlgorithmUtils.A128GCMKW_ALGO;
         } else {
-            return JoseConstants.RSA_OAEP_ALGO;
+            return AlgorithmUtils.RSA_OAEP_ALGO;
         }
     }
     private static String getContentEncryptionAlgo(Message m, Properties props, String algo) {
         if (algo == null) {
             return KeyManagementUtils.getKeyAlgorithm(m, props, 
-                JSON_WEB_ENCRYPTION_CEK_ALGO_PROP, JoseConstants.A128GCM_ALGO);
+                JSON_WEB_ENCRYPTION_CEK_ALGO_PROP, AlgorithmUtils.A128GCM_ALGO);
         }
         return algo;
     }
-    private static String encrypt(KeyEncryptionAlgorithm keyEncryptionProvider, 
+    private static String encrypt(KeyEncryptionProvider keyEncryptionProvider, 
                                   String contentAlgo, byte[] content, String ct) {
         JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo, null);
         return jwe.encrypt(content, toJweHeaders(ct));

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
index f8df934..bccd896 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
@@ -18,8 +18,10 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+
 
 public interface KeyDecryptionAlgorithm {
-    String getAlgorithm();
+    KeyAlgorithm getAlgorithm();
     byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
deleted file mode 100644
index 3885291..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface KeyEncryptionAlgorithm {
-    String getAlgorithm();
-    byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java
new file mode 100644
index 0000000..2f5c8db
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+
+
+public interface KeyEncryptionProvider {
+    KeyAlgorithm getAlgorithm();
+    byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
index 3ab9623..020d9b01 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
@@ -19,28 +19,30 @@
 package org.apache.cxf.rs.security.jose.jwe;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
     private byte[] password;
-    private String algo;
+    private KeyAlgorithm algo;
     public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) {    
-        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false);
+        this(password, KeyAlgorithm.PBES2_HS256_A128KW, false);
     }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo, boolean hashLargePasswords) {    
+    public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, KeyAlgorithm algo, boolean hashLargePasswords) {    
         this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo, hashLargePasswords);
     }
     public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) {    
-        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false);
+        this(password, KeyAlgorithm.PBES2_HS256_A128KW, false);
     }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo, boolean hashLargePasswords) {    
+    public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, KeyAlgorithm algo, boolean hashLargePasswords) {    
         this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo, hashLargePasswords);
     }
     public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) {    
-        this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false);
+        this(password, KeyAlgorithm.PBES2_HS256_A128KW, false);
     }
-    public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo, boolean hashLargePasswords) {    
-        this.password = PbesHmacAesWrapKeyEncryptionAlgorithm.validatePassword(password, algo, hashLargePasswords);
+    public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, KeyAlgorithm algo, boolean hashLargePasswords) {    
+        this.password = 
+            PbesHmacAesWrapKeyEncryptionAlgorithm.validatePassword(password, algo.getJwaName(), hashLargePasswords);
         this.algo = algo;
     }
     @Override
@@ -54,7 +56,7 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor
             .createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
         KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) {
             protected boolean isValidAlgorithmFamily(String wrapAlgo) {
-                return Algorithm.isPbesHsWrap(wrapAlgo);
+                return AlgorithmUtils.isPbesHsWrap(wrapAlgo);
             }    
         };
         return aesWrap.getDecryptedContentEncryptionKey(jweDecryptionInput);
@@ -67,7 +69,7 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor
         }
     }
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return algo;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index ecb9aa0..6e678c7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -28,7 +28,8 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.common.util.crypto.MessageDigestUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
@@ -36,52 +37,55 @@ import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
 
-public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
     private static final Map<String, Integer> PBES_HMAC_MAP;
     private static final Map<String, String> PBES_AES_MAP;
     private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
     static {
         PBES_HMAC_MAP = new HashMap<String, Integer>();
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 256);
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 384);
-        PBES_HMAC_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 512);
+        PBES_HMAC_MAP.put(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), 256);
+        PBES_HMAC_MAP.put(KeyAlgorithm.PBES2_HS384_A192KW.getJwaName(), 384);
+        PBES_HMAC_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), 512);
         
         PBES_AES_MAP = new HashMap<String, String>();
-        PBES_AES_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), Algorithm.A128KW.getJwtName());
-        PBES_AES_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), Algorithm.A192KW.getJwtName());
-        PBES_AES_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), Algorithm.A256KW.getJwtName());
+        PBES_AES_MAP.put(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), KeyAlgorithm.A128KW.getJwaName());
+        PBES_AES_MAP.put(KeyAlgorithm.PBES2_HS384_A192KW.getJwaName(), KeyAlgorithm.A192KW.getJwaName());
+        PBES_AES_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), KeyAlgorithm.A256KW.getJwaName());
         
         DERIVED_KEY_SIZE_MAP = new HashMap<String, Integer>();
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 16);
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 24);
-        DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 32);
+        DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), 16);
+        DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS384_A192KW.getJwaName(), 24);
+        DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), 32);
     }
     
     
     private byte[] password;
     private int pbesCount;
-    private String keyAlgoJwt;
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, String keyAlgoJwt) {
+    private KeyAlgorithm keyAlgoJwt;
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, KeyAlgorithm keyAlgoJwt) {
         this(stringToBytes(password), keyAlgoJwt);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt, 
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, 
+                                                 KeyAlgorithm keyAlgoJwt, 
                                                  boolean hashLargePasswords) {
         this(stringToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, String keyAlgoJwt) {
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, KeyAlgorithm keyAlgoJwt) {
         this(password, 4096, keyAlgoJwt, false);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt, 
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, 
+                                                 KeyAlgorithm keyAlgoJwt, 
                                                  boolean hashLargePasswords) {
         this(charsToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, String keyAlgoJwt) {
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, KeyAlgorithm keyAlgoJwt) {
         this(password, 4096, keyAlgoJwt, false);
     }
-    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt, 
+    public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, 
+                                                 KeyAlgorithm keyAlgoJwt, 
                                                  boolean hashLargePasswords) {
         this.keyAlgoJwt = validateKeyAlgorithm(keyAlgoJwt);
-        this.password = validatePassword(password, keyAlgoJwt, hashLargePasswords);
+        this.password = validatePassword(password, keyAlgoJwt.getJwaName(), hashLargePasswords);
         this.pbesCount = validatePbesCount(pbesCount);
     }
     
@@ -102,20 +106,20 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
     }
     @Override
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        int keySize = getKeySize(keyAlgoJwt);
+        int keySize = getKeySize(keyAlgoJwt.getJwaName());
         byte[] saltInput = CryptoUtils.generateSecureRandomBytes(keySize);
-        byte[] derivedKey = createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
+        byte[] derivedKey = createDerivedKey(keyAlgoJwt.getJwaName(), 
+                                             keySize, password, saltInput, pbesCount);
         
         headers.setHeader("p2s", Base64UrlUtility.encode(saltInput));
         headers.setIntegerHeader("p2c", pbesCount);
         
-        final String aesAlgoJwt = PBES_AES_MAP.get(keyAlgoJwt);
-        KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, aesAlgoJwt) {
+        KeyEncryptionProvider aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, keyAlgoJwt) {
             protected void checkAlgorithms(JweHeaders headers) {
                 // complete
             }
             protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-                return Algorithm.AES_WRAP_ALGO_JAVA;
+                return AlgorithmUtils.AES_WRAP_ALGO_JAVA;
             }
         };
         return aesWrap.getEncryptedContentEncryptionKey(headers, cek);
@@ -151,8 +155,8 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
         System.arraycopy(saltInput, 0, saltValue, algoBytes.length + 1, saltInput.length);
         return saltValue;
     }
-    static String validateKeyAlgorithm(String algo) {
-        if (!Algorithm.isPbesHsWrap(algo)) {
+    static KeyAlgorithm validateKeyAlgorithm(KeyAlgorithm algo) {
+        if (!AlgorithmUtils.isPbesHsWrap(algo.getJwaName())) {
             throw new SecurityException();
         }
         return algo;
@@ -174,7 +178,7 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
         return b;
     }
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return keyAlgoJwt;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
index 5bacb6e..b1809c8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
@@ -20,16 +20,17 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.interfaces.RSAPrivateKey;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
     public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {    
         this(privateKey, null);
     }
-    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo) {    
+    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, KeyAlgorithm supportedAlgo) {    
         this(privateKey, supportedAlgo, true);
     }
-    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo, boolean unwrap) {    
+    public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, KeyAlgorithm supportedAlgo, boolean unwrap) {    
         super(privateKey, supportedAlgo, unwrap);
     }
     protected int getKeyCipherBlockSize() {
@@ -38,7 +39,7 @@ public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
     @Override
     protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
         super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!Algorithm.isRsaKeyWrap(keyAlgo)) {
+        if (!AlgorithmUtils.isRsaKeyWrap(keyAlgo)) {
             throw new SecurityException();
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
index dee0a2c..b820cdd 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
@@ -20,14 +20,15 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.interfaces.RSAPublicKey;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class RSAKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
+    public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, KeyAlgorithm jweAlgo) {
         this(publicKey, jweAlgo, true);
     }
-    public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
-        super(publicKey, jweAlgo, wrap, Algorithm.RSA_CEK_SET);
+    public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, KeyAlgorithm jweAlgo, boolean wrap) {
+        super(publicKey, jweAlgo, wrap, AlgorithmUtils.RSA_CEK_SET);
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 2980dcc..4e5f74e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -23,16 +23,17 @@ import java.security.spec.AlgorithmParameterSpec;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 
 public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
     private Key cekDecryptionKey;
     private boolean unwrap;
-    private String supportedAlgo;
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo) {    
+    private KeyAlgorithm supportedAlgo;
+    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, KeyAlgorithm supportedAlgo) {    
         this(cekDecryptionKey, supportedAlgo, true);
     }
-    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo, boolean unwrap) {    
+    public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, KeyAlgorithm supportedAlgo, boolean unwrap) {    
         this.cekDecryptionKey = cekDecryptionKey;
         this.supportedAlgo = supportedAlgo;
         this.unwrap = unwrap;
@@ -64,15 +65,15 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
     protected String getKeyEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
         String keyAlgo = jweDecryptionInput.getJweHeaders().getKeyEncryptionAlgorithm();
         validateKeyEncryptionAlgorithm(keyAlgo);
-        return Algorithm.toJavaName(keyAlgo);
+        return AlgorithmUtils.toJavaName(keyAlgo);
     }
     protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        if (keyAlgo == null || supportedAlgo != null && !supportedAlgo.equals(keyAlgo)) {
+        if (keyAlgo == null || supportedAlgo != null && !supportedAlgo.getJwaName().equals(keyAlgo)) {
             throw new SecurityException();
         }
     }
     protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
-        return Algorithm.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm());
+        return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm());
     }
     protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweDecryptionInput jweDecryptionInput) {
         return null;
@@ -81,7 +82,7 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
         return jweDecryptionInput.getEncryptedCEK();
     }
     @Override
-    public String getAlgorithm() {
+    public KeyAlgorithm getAlgorithm() {
         return supportedAlgo;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 911ddda..201d418 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -47,7 +47,9 @@ import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
 import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -55,7 +57,7 @@ import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
@@ -395,10 +397,10 @@ public final class JwkUtils {
     
     public static SecretKey toSecretKey(JsonWebKey jwk) {
         return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), 
-                                               Algorithm.toJavaName(jwk.getAlgorithm()));
+                                               AlgorithmUtils.toJavaName(jwk.getAlgorithm()));
     }
     public static JsonWebKey fromSecretKey(SecretKey secretKey, String algo) {
-        if (!Algorithm.isOctet(algo)) {
+        if (!AlgorithmUtils.isOctet(algo)) {
             throw new SecurityException("Invalid algorithm");
         }
         JsonWebKey jwk = new JsonWebKey();
@@ -411,16 +413,16 @@ public final class JwkUtils {
     
     
     private static JweEncryptionProvider createDefaultEncryption(char[] password) {
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
-        return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption);
+        KeyEncryptionProvider keyEncryption = 
+            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, KeyAlgorithm.PBES2_HS256_A128KW);
+        return new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, keyEncryption);
     }
     private static JweDecryptionProvider createDefaultDecryption(char[] password) {
         KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
         return new AesCbcHmacJweDecryption(keyDecryption);
     }
     private static JsonWebKey prepareRSAJwk(BigInteger modulus, String algo) {
-        if (!Algorithm.isRsa(algo)) {
+        if (!AlgorithmUtils.isRsa(algo)) {
             throw new SecurityException("Invalid algorithm");
         }
         JsonWebKey jwk = new JsonWebKey();

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
index e2ebda5..dd2defc 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
@@ -19,12 +19,13 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 
 public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider {
-    private String algorithm;
+    private SignatureAlgorithm algorithm;
     
-    protected AbstractJwsSignatureProvider(String algo) {
+    protected AbstractJwsSignatureProvider(SignatureAlgorithm algo) {
         this.algorithm = algo;
     }
     
@@ -36,13 +37,13 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid
         if (algo != null) {
             checkAlgorithm(algo);
         } else {
-            checkAlgorithm(algorithm);
-            headers.setAlgorithm(algorithm);
+            checkAlgorithm(algorithm.getJwaName());
+            headers.setAlgorithm(algorithm.getJwaName());
         }
         return headers;
     }
     @Override
-    public String getAlgorithm() {
+    public SignatureAlgorithm getAlgorithm() {
         return algorithm;    
     }
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
index 431c211..3bb92b9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java
@@ -23,27 +23,28 @@ import java.security.Signature;
 import java.security.interfaces.ECPrivateKey;
 import java.security.spec.AlgorithmParameterSpec;
 
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class EcDsaJwsSignatureProvider extends PrivateKeyJwsSignatureProvider {
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, String algo) {
+    public EcDsaJwsSignatureProvider(ECPrivateKey key, SignatureAlgorithm algo) {
         this(key, null, algo);
     }
-    public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, String algo) {
+    public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) {
         this(key, null, spec, algo);
     }
     public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec spec, 
-                                     String algo) {
+                                     SignatureAlgorithm algo) {
         super(key, random, spec, algo);
     }
     @Override
     protected boolean isValidAlgorithmFamily(String algo) {
-        return Algorithm.isEcDsaSign(algo);
+        return AlgorithmUtils.isEcDsaSign(algo);
     }
     @Override
     protected JwsSignature doCreateJwsSignature(Signature s) {
         return new EcDsaPrivateKeyJwsSignature(s, 
-            EcDsaJwsSignatureVerifier.SIGNATURE_LENGTH_MAP.get(super.getAlgorithm()));
+            EcDsaJwsSignatureVerifier.SIGNATURE_LENGTH_MAP.get(super.getAlgorithm().getJwaName()));
     }
     
     protected static class EcDsaPrivateKeyJwsSignature extends PrivateKeyJwsSignature {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
index 8c788bc..b0bdae4 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java
@@ -24,25 +24,26 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier {
     static final Map<String, Integer> SIGNATURE_LENGTH_MAP;
     static {
         SIGNATURE_LENGTH_MAP = new HashMap<String, Integer>();
-        SIGNATURE_LENGTH_MAP.put(Algorithm.SHA256withECDSA.getJwtName(), 64);
-        SIGNATURE_LENGTH_MAP.put(Algorithm.SHA384withECDSA.getJwtName(), 96);
-        SIGNATURE_LENGTH_MAP.put(Algorithm.SHA512withECDSA.getJwtName(), 132);
+        SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES256.getJwaName(), 64);
+        SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES384.getJwaName(), 96);
+        SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES512.getJwaName(), 132);
     }
-    public EcDsaJwsSignatureVerifier(PublicKey key, String supportedAlgo) {
+    public EcDsaJwsSignatureVerifier(PublicKey key, SignatureAlgorithm supportedAlgo) {
         this(key, null, supportedAlgo);
     }
-    public EcDsaJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) {
+    public EcDsaJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) {
         super(key, spec, supportedAlgo);
     }
     @Override
     public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) {
-        if (SIGNATURE_LENGTH_MAP.get(super.getAlgorithm()) != signature.length) {
+        if (SIGNATURE_LENGTH_MAP.get(super.getAlgorithm().getJwaName()) != signature.length) {
             throw new SecurityException();
         }
         byte[] der = signatureToDer(signature);
@@ -50,7 +51,7 @@ public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier {
     }
     @Override
     protected boolean isValidAlgorithmFamily(String algo) {
-        return Algorithm.isEcDsaSign(algo);
+        return AlgorithmUtils.isEcDsaSign(algo);
     }
     private static byte[] signatureToDer(byte joseSig[]) {
         int partLen = joseSig.length / 2;

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
index 81db7d6..f272dad 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
@@ -26,21 +26,22 @@ import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
     private byte[] key;
     private AlgorithmParameterSpec hmacSpec;
     
-    public HmacJwsSignatureProvider(byte[] key, String algo) {
+    public HmacJwsSignatureProvider(byte[] key, SignatureAlgorithm algo) {
         this(key, null, algo);
     }
-    public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, String algo) {
+    public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) {
         super(algo);
         this.key = key;
         this.hmacSpec = spec;
     }
-    public HmacJwsSignatureProvider(String encodedKey, String algo) {
+    public HmacJwsSignatureProvider(String encodedKey, SignatureAlgorithm algo) {
         super(algo);
         try {
             this.key = Base64UrlUtility.decode(encodedKey);
@@ -50,7 +51,7 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
     }
     
     protected JwsSignature doCreateJwsSignature(JoseHeaders headers) {
-        final Mac mac = HmacUtils.getInitializedMac(key, Algorithm.toJavaName(headers.getAlgorithm()),
+        final Mac mac = HmacUtils.getInitializedMac(key, AlgorithmUtils.toJavaName(headers.getAlgorithm()),
                                                     hmacSpec);
         return new JwsSignature() {
 
@@ -69,7 +70,7 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
     @Override
     protected void checkAlgorithm(String algo) {
         super.checkAlgorithm(algo);
-        if (!Algorithm.isHmacSign(algo)) {
+        if (!AlgorithmUtils.isHmacSign(algo)) {
             throw new SecurityException();
         }
     }


Mime
View raw message