cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [2/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Date Fri, 27 Feb 2015 13:55:24 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 55ec94e..c02ee70 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -22,26 +22,26 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.util.Arrays;
 
 import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
     private byte[] key;
     private AlgorithmParameterSpec hmacSpec;
-    private String supportedAlgo;
+    private SignatureAlgorithm supportedAlgo;
     
     public HmacJwsSignatureVerifier(String encodedKey) {
-        this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO);
+        this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256);
     }
-    public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) {
+    public HmacJwsSignatureVerifier(String encodedKey, SignatureAlgorithm supportedAlgo) {
         this(JoseUtils.decode(encodedKey), supportedAlgo);
     }
-    public HmacJwsSignatureVerifier(byte[] key, String supportedAlgo) {
+    public HmacJwsSignatureVerifier(byte[] key, SignatureAlgorithm supportedAlgo) {
         this(key, null, supportedAlgo);
     }
-    public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, String supportedAlgo) {
+    public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) {
         this.key = key;
         this.hmacSpec = spec;
         this.supportedAlgo = supportedAlgo;
@@ -56,21 +56,21 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
     
     private byte[] computeMac(JoseHeaders headers, String text) {
         return HmacUtils.computeHmac(key, 
-                                     Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())),
+                                     AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())),
                                      hmacSpec,
                                      text);
     }
     
     protected String checkAlgorithm(String algo) {
         if (algo == null 
-            || !Algorithm.isHmacSign(algo)
-            || !algo.equals(supportedAlgo)) {
+            || !AlgorithmUtils.isHmacSign(algo)
+            || !algo.equals(supportedAlgo.getJwaName())) {
             throw new SecurityException();
         }
         return algo;
     }
     @Override
-    public String getAlgorithm() {
+    public SignatureAlgorithm getAlgorithm() {
         return supportedAlgo;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index b8f192b..14b654c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -22,9 +22,9 @@ import java.security.interfaces.RSAPrivateKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 
 public class JwsCompactProducer {
@@ -105,7 +105,7 @@ public class JwsCompactProducer {
         this.signature = sig;
     }
     private boolean isPlainText() {
-        return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm());
+        return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm());
     }
     private String getAlgorithm() {
         return getJoseHeaders().getAlgorithm();

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index 2b32d9a..ce9bf27 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -110,7 +110,7 @@ public class JwsJsonConsumer {
     }
     public boolean verifySignatureWith(JwsSignatureVerifier validator) {
         List<JwsJsonSignatureEntry> theSignatureEntries = 
-            getSignatureEntryMap().get(validator.getAlgorithm());
+            getSignatureEntryMap().get(validator.getAlgorithm().getJwaName());
         if (theSignatureEntries != null) {
             for (JwsJsonSignatureEntry signatureEntry : theSignatureEntries) {
                 if (signatureEntry.verifySignatureWith(validator)) {
@@ -143,7 +143,7 @@ public class JwsJsonConsumer {
         for (JwsSignatureVerifier validator : validators) {
             boolean validated = false;
             List<JwsJsonSignatureEntry> theSignatureEntries = 
-                getSignatureEntryMap().get(validator.getAlgorithm());
+                getSignatureEntryMap().get(validator.getAlgorithm().getJwaName());
             if (theSignatureEntries != null) {
                 for (JwsJsonSignatureEntry sigEntry : theSignatureEntries) {
                     if (sigEntry.verifySignatureWith(validator)) {     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index bd72a53..5620232 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -96,7 +96,7 @@ public class JwsJsonProducer {
     }
     public String signWith(JwsSignatureProvider signer) {
         JoseHeaders headers = new JoseHeaders();
-        headers.setAlgorithm(signer.getAlgorithm());
+        headers.setAlgorithm(signer.getAlgorithm().getJwaName());
         return signWith(signer, headers);
     }
     public String signWith(JwsSignatureProvider signer, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
index c6f60b9..9ca48cb 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
@@ -19,10 +19,11 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 
 public interface JwsSignatureProvider {
-    String getAlgorithm();
+    SignatureAlgorithm getAlgorithm();
     byte[] sign(JoseHeaders headers, byte[] content);
     /**
      * Create a signature handler capable of updating the signature input (optional operation)

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
index 492c676..26f9597 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
@@ -19,8 +19,9 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public interface JwsSignatureVerifier {
+    SignatureAlgorithm getAlgorithm();
     boolean verify(JoseHeaders headers, String unsignedText, byte[] signature);
-    String getAlgorithm();
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 1e8e6d4..bca768a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -37,7 +37,8 @@ import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 
@@ -88,16 +89,16 @@ public final class JwsUtils {
             theSigProvider = getHmacSignatureProvider(key, rsaSignatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
             theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk),
-                                                           rsaSignatureAlgo);
+                                                           SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo));
         }
         return theSigProvider;
     }
     public static JwsSignatureProvider getRSAKeySignatureProvider(RSAPrivateKey key, String algo) {
-        return new PrivateKeyJwsSignatureProvider(key, algo);
+        return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
     }
     public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo) {
-        if (Algorithm.isHmacSign(algo)) {
-            return new HmacJwsSignatureProvider(key, algo);
+        if (AlgorithmUtils.isHmacSign(algo)) {
+            return new HmacJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
         }
         return null;
     }
@@ -113,16 +114,17 @@ public final class JwsUtils {
             byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
             theVerifier = getHmacSignatureVerifier(key, rsaSignatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-            theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), rsaSignatureAlgo);
+            theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), 
+                                                        SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo));
         }
         return theVerifier;
     }
     public static JwsSignatureVerifier getRSAKeySignatureVerifier(RSAPublicKey key, String algo) {
-        return new PublicKeyJwsSignatureVerifier(key, algo);
+        return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
     }
     public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo) {
-        if (Algorithm.isHmacSign(algo)) {
-            return new HmacJwsSignatureVerifier(key, algo);
+        if (AlgorithmUtils.isHmacSign(algo)) {
+            return new HmacJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
         }
         return null;
     }
@@ -146,7 +148,7 @@ public final class JwsUtils {
         }
         JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, headers, false);
         if (headers != null) {
-            headers.setAlgorithm(theSigProvider.getAlgorithm());
+            headers.setAlgorithm(theSigProvider.getAlgorithm().getJwaName());
         }
         return theSigProvider;
     }
@@ -287,7 +289,7 @@ public final class JwsUtils {
     private static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) {
         if (algo == null) {
             if (defaultAlgo == null) {
-                defaultAlgo = JoseConstants.RS_SHA_256_ALGO;
+                defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO;
             }
             return KeyManagementUtils.getKeyAlgorithm(m, props, JSON_WEB_SIGNATURE_ALGO_PROP, defaultAlgo);
         }
@@ -295,11 +297,11 @@ public final class JwsUtils {
     }
     private static String getDefaultKeyAlgo(JsonWebKey jwk) {
         if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
-            return JoseConstants.HMAC_SHA_256_ALGO;
+            return AlgorithmUtils.HMAC_SHA_256_ALGO;
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-            return JoseConstants.ES_SHA_256_ALGO;
+            return AlgorithmUtils.ES_SHA_256_ALGO;
         } else {
-            return JoseConstants.RS_SHA_256_ALGO;
+            return AlgorithmUtils.RS_SHA_256_ALGO;
         }
     }
     public static JwsCompactConsumer verify(JwsSignatureVerifier v, String content) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
index 6226102..d442677 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
@@ -19,12 +19,13 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class NoneJwsSignatureProvider implements JwsSignatureProvider {
 
     @Override
-    public String getAlgorithm() {
-        return "none";
+    public SignatureAlgorithm getAlgorithm() {
+        return SignatureAlgorithm.PLAIN;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
index 99cb770..270234e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class NoneJwsSignatureVerifier implements JwsSignatureVerifier {
 
@@ -28,8 +29,8 @@ public class NoneJwsSignatureVerifier implements JwsSignatureVerifier {
     }
 
     @Override
-    public String getAlgorithm() {
-        return "none";
+    public SignatureAlgorithm getAlgorithm() {
+        return SignatureAlgorithm.PLAIN;
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
index 2f84f54..292ecf6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
@@ -26,21 +26,22 @@ import java.security.spec.AlgorithmParameterSpec;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider {
     private PrivateKey key;
     private SecureRandom random; 
     private AlgorithmParameterSpec signatureSpec;
     
-    public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) {
+    public PrivateKeyJwsSignatureProvider(PrivateKey key, SignatureAlgorithm algo) {
         this(key, null, algo);
     }
-    public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String algo) {
+    public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) {
         this(key, null, spec, algo);
     }
     public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, 
-                                          AlgorithmParameterSpec spec, String algo) {
+                                          AlgorithmParameterSpec spec, SignatureAlgorithm algo) {
         super(algo);
         this.key = key;
         this.random = random;
@@ -48,7 +49,7 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider
     }
     protected JwsSignature doCreateJwsSignature(JoseHeaders headers) {
         final Signature s = CryptoUtils.getSignature(key, 
-                                                     Algorithm.toJavaName(headers.getAlgorithm()),
+                                                     AlgorithmUtils.toJavaName(headers.getAlgorithm()),
                                                      random,
                                                      signatureSpec);
         return doCreateJwsSignature(s);
@@ -66,7 +67,7 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider
     }
     
     protected boolean isValidAlgorithmFamily(String algo) {
-        return Algorithm.isRsaSign(algo);
+        return AlgorithmUtils.isRsaSign(algo);
     }
 
     protected static class PrivateKeyJwsSignature implements JwsSignature {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
index 70842cf..7e8fd80 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
@@ -24,17 +24,18 @@ import java.security.spec.AlgorithmParameterSpec;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 
 public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
     private PublicKey key;
     private AlgorithmParameterSpec signatureSpec;
-    private String supportedAlgo;
+    private SignatureAlgorithm supportedAlgo;
     
-    public PublicKeyJwsSignatureVerifier(PublicKey key, String supportedAlgorithm) {
+    public PublicKeyJwsSignatureVerifier(PublicKey key, SignatureAlgorithm supportedAlgorithm) {
         this(key, null, supportedAlgorithm);
     }
-    public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) {
+    public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) {
         this.key = key;
         this.signatureSpec = spec;
         this.supportedAlgo = supportedAlgo;
@@ -45,7 +46,7 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
             return CryptoUtils.verifySignature(StringUtils.toBytesUTF8(unsignedText), 
                                                signature, 
                                                key, 
-                                               Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())),
+                                               AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())),
                                                signatureSpec);
         } catch (Exception ex) {
             throw new SecurityException(ex);
@@ -54,16 +55,16 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
     protected String checkAlgorithm(String algo) {
         if (algo == null 
             || !isValidAlgorithmFamily(algo)
-            || !algo.equals(supportedAlgo)) {
+            || !algo.equals(supportedAlgo.getJwaName())) {
             throw new SecurityException();
         }
         return algo;
     }
     protected boolean isValidAlgorithmFamily(String algo) {
-        return Algorithm.isRsaSign(algo);
+        return AlgorithmUtils.isRsaSign(algo);
     }
     @Override
-    public String getAlgorithm() {
+    public SignatureAlgorithm getAlgorithm() {
         return supportedAlgo;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
index 0b47927..68775fc 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
@@ -23,10 +23,11 @@ import java.util.List;
 import java.util.Map;
 
 import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -138,13 +139,13 @@ public class JwkJoseCookBookTest extends Assert {
         assertEquals(SIGN_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
         assertEquals(SIGN_KID_VALUE, key.getKid());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        assertEquals(JoseConstants.HMAC_SHA_256_ALGO, key.getAlgorithm());
+        assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm());
     }
     private void validateSecretEncKey(JsonWebKey key) {
         assertEquals(ENCRYPTION_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
         assertEquals(ENCRYPTION_KID_VALUE, key.getKid());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        assertEquals(JoseConstants.A256GCM_ALGO, key.getAlgorithm());
+        assertEquals(AlgorithmUtils.A256GCM_ALGO, key.getAlgorithm());
     }
     private void validatePublicRsaKey(JsonWebKey key) {
         assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
index 52088d8..c31ba44 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
@@ -27,10 +27,10 @@ import javax.crypto.Cipher;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
@@ -354,7 +354,7 @@ public class JwsJoseCookBookTest {
     @Test
     public void testRSAv15Signature() throws Exception {
         JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
-        compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.RS_SHA_256_ALGO);
+        compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO);
         compactProducer.getJoseHeaders().setKeyId(RSA_KID_VALUE);
         JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
         assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON);
@@ -370,35 +370,35 @@ public class JwsJoseCookBookTest {
         JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
         List<JsonWebKey> publicKeys = publicJwks.getKeys();
         JsonWebKey rsaPublicKey = publicKeys.get(1);
-        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
         assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
         JoseHeaders protectedHeader = new JoseHeaders();
-        protectedHeader.setAlgorithm(JoseConstants.RS_SHA_256_ALGO);
+        protectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO);
         protectedHeader.setKeyId(RSA_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.RS_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.RS_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
     }
     @Test
     public void testRSAPSSSignature() throws Exception {
         try {
-            Cipher.getInstance(Algorithm.PS_SHA_384_JAVA);
+            Cipher.getInstance(AlgorithmUtils.PS_SHA_384_JAVA);
         } catch (Throwable t) {
             Security.addProvider(new BouncyCastleProvider());
         }
 
         JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
-        compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.PS_SHA_384_ALGO);
+        compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO);
         compactProducer.getJoseHeaders().setKeyId(RSA_KID_VALUE);
         JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
         assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), RSA_PSS_SIGNATURE_PROTECTED_HEADER_JSON);
@@ -414,24 +414,24 @@ public class JwsJoseCookBookTest {
         JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
         List<JsonWebKey> publicKeys = publicJwks.getKeys();
         JsonWebKey rsaPublicKey = publicKeys.get(1);
-        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.PS_SHA_384_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
         assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
         JoseHeaders protectedHeader = new JoseHeaders();
-        protectedHeader.setAlgorithm(JoseConstants.PS_SHA_384_ALGO);
+        protectedHeader.setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO);
         protectedHeader.setKeyId(RSA_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.PS_SHA_384_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length());
         JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.PS_SHA_384_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.PS_SHA_384_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length());
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.PS_SHA_384_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
 
         Security.removeProvider(BouncyCastleProvider.class.getName());
     }
@@ -439,13 +439,13 @@ public class JwsJoseCookBookTest {
     public void testECDSASignature() throws Exception {
         
         try {
-            Cipher.getInstance(Algorithm.ES_SHA_512_JAVA);
+            Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA);
         } catch (Throwable t) {
             Security.addProvider(new BouncyCastleProvider());
         }
         try {
             JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
-            compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.ES_SHA_512_ALGO);
+            compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO);
             compactProducer.getJoseHeaders().setKeyId(ECDSA_KID_VALUE);
             JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
             assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), 
@@ -456,7 +456,7 @@ public class JwsJoseCookBookTest {
             List<JsonWebKey> keys = jwks.getKeys();
             JsonWebKey ecKey = keys.get(0);
             compactProducer.signWith(new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(ecKey),
-                    JoseConstants.ES_SHA_512_ALGO));
+                                                                   SignatureAlgorithm.ES512));
             assertEquals(compactProducer.getUnsignedEncodedJws(), 
                          ECSDA_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
             assertEquals(132, Base64UrlUtility.decode(compactProducer.getEncodedSignature()).length);
@@ -465,7 +465,7 @@ public class JwsJoseCookBookTest {
             JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
             List<JsonWebKey> publicKeys = publicJwks.getKeys();
             JsonWebKey ecPublicKey = publicKeys.get(0);
-            assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, JoseConstants.ES_SHA_512_ALGO));
+            assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO));
         } finally {
             Security.removeProvider(BouncyCastleProvider.class.getName());
         }
@@ -473,7 +473,7 @@ public class JwsJoseCookBookTest {
     @Test
     public void testHMACSignature() throws Exception {
         JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
-        compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+        compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         compactProducer.getJoseHeaders().setKeyId(HMAC_KID_VALUE);
         JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
         assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
@@ -486,29 +486,29 @@ public class JwsJoseCookBookTest {
         assertEquals(compactProducer.getSignedEncodedJws(),
                 HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE);
         JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
-        assertTrue(compactConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
         assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
         JoseHeaders protectedHeader = new JoseHeaders();
-        protectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+        protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         protectedHeader.setKeyId(HMAC_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
     }
     @Test
     public void testDetachedHMACSignature() throws Exception {
         JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
-        compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+        compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         compactProducer.getJoseHeaders().setKeyId(HMAC_KID_VALUE);
         JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
         assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
@@ -521,25 +521,25 @@ public class JwsJoseCookBookTest {
         assertEquals(compactProducer.getSignedEncodedJws(true), DETACHED_HMAC_JWS);
         JwsCompactConsumer compactConsumer =
                 new JwsCompactConsumer(compactProducer.getSignedEncodedJws(true), ENCODED_PAYLOAD);
-        assertTrue(compactConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
         assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
         JoseHeaders protectedHeader = new JoseHeaders();
-        protectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+        protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         protectedHeader.setKeyId(HMAC_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer =
                 new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
     }
     @Test
     public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
@@ -547,27 +547,27 @@ public class JwsJoseCookBookTest {
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
         assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
         JoseHeaders protectedHeader = new JoseHeaders();
-        protectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+        protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         JoseHeaders unprotectedHeader = new JoseHeaders();
         unprotectedHeader.setKeyId(HMAC_KID_VALUE);
         JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
         List<JsonWebKey> keys = jwks.getKeys();
         JsonWebKey key = keys.get(0);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
                 protectedHeader, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer =
                 new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
                 protectedHeader, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
     }
     @Test
     public void testProtectingContentOnlySignature() throws Exception {
@@ -575,31 +575,31 @@ public class JwsJoseCookBookTest {
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
         assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
         JoseHeaders unprotectedHeader = new JoseHeaders();
-        unprotectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+        unprotectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         unprotectedHeader.setKeyId(HMAC_KID_VALUE);
         JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
         List<JsonWebKey> keys = jwks.getKeys();
         JsonWebKey key = keys.get(0);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
                 null, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer =
                 new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
                 null, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
     }
     @Test
     public void testMultipleSignatures() throws Exception {
         try {
-            Cipher.getInstance(Algorithm.ES_SHA_512_JAVA);
+            Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA);
         } catch (Throwable t) {
             Security.addProvider(new BouncyCastleProvider());
         }
@@ -608,22 +608,22 @@ public class JwsJoseCookBookTest {
             assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
             assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
             JoseHeaders firstSignerProtectedHeader = new JoseHeaders();
-            firstSignerProtectedHeader.setAlgorithm(JoseConstants.RS_SHA_256_ALGO);
+            firstSignerProtectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO);
             JoseHeaders firstSignerUnprotectedHeader = new JoseHeaders();
             firstSignerUnprotectedHeader.setKeyId(RSA_KID_VALUE);
             JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
             List<JsonWebKey> keys = jwks.getKeys();
             JsonWebKey rsaKey = keys.get(1);
-            jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.RS_SHA_256_ALGO),
+            jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO),
                     firstSignerProtectedHeader, firstSignerUnprotectedHeader);
             assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(),
                     FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
 
             JoseHeaders secondSignerUnprotectedHeader = new JoseHeaders();
-            secondSignerUnprotectedHeader.setAlgorithm(JoseConstants.ES_SHA_512_ALGO);
+            secondSignerUnprotectedHeader.setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO);
             secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE);
             JsonWebKey ecKey = keys.get(0);
-            jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, JoseConstants.ES_SHA_512_ALGO),
+            jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, AlgorithmUtils.ES_SHA_512_ALGO),
                     null, secondSignerUnprotectedHeader);
             assertEquals(new JoseHeadersReaderWriter().toJson(
                 jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()),
@@ -632,12 +632,12 @@ public class JwsJoseCookBookTest {
                     SECOND_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES.length());
 
             JoseHeaders thirdSignerProtectedHeader = new JoseHeaders();
-            thirdSignerProtectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO);
+            thirdSignerProtectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
             thirdSignerProtectedHeader.setKeyId(HMAC_KID_VALUE);
             JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt");
             List<JsonWebKey> secretKeys = secretJwks.getKeys();
             JsonWebKey hmacKey = secretKeys.get(0);
-            jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, JoseConstants.HMAC_SHA_256_ALGO),
+            jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO),
                     thirdSignerProtectedHeader);
             assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(),
                     THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
@@ -649,9 +649,9 @@ public class JwsJoseCookBookTest {
             List<JsonWebKey> publicKeys = publicJwks.getKeys();
             JsonWebKey rsaPublicKey = publicKeys.get(1);
             JsonWebKey ecPublicKey = publicKeys.get(0);
-            assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO));
-            assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, JoseConstants.ES_SHA_512_ALGO));
-            assertTrue(jsonConsumer.verifySignatureWith(hmacKey, JoseConstants.HMAC_SHA_256_ALGO));
+            assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+            assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO));
+            assertTrue(jsonConsumer.verifySignatureWith(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO));
         } finally {
             Security.removeProvider(BouncyCastleProvider.class.getName());
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 50d8d3d..21a45ae 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -29,8 +29,9 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -84,8 +85,8 @@ public class JweCompactReaderWriterTest extends Assert {
     @BeforeClass
     public static void registerBouncyCastleIfNeeded() throws Exception {
         try {
-            Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
-            Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA);
+            Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA);
+            Cipher.getInstance(AlgorithmUtils.AES_CBC_ALGO_JAVA);
         } catch (Throwable t) {
             Security.addProvider(new BouncyCastleProvider());    
         }
@@ -102,8 +103,8 @@ public class JweCompactReaderWriterTest extends Assert {
         byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
         
         AesWrapKeyEncryptionAlgorithm keyEncryption = 
-            new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
+            new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128KW);
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
                                                            CONTENT_ENCRYPTION_KEY_A3, 
                                                            INIT_VECTOR_A3,
                                                            keyEncryption);
@@ -131,11 +132,11 @@ public class JweCompactReaderWriterTest extends Assert {
                                            JsonWebKey.EC_CURVE_P256, 
                                            "Alice", 
                                            "Bob", 
-                                           Algorithm.A128GCM.getJwtName());
+                                           ContentAlgorithm.A128GCM);
     
         String jweOutput = jweOut.encrypt("Hello".getBytes(), null);
         JweDecryptionProvider jweIn = 
-            new EcdhDirectKeyJweDecryption(bobPrivateKey, Algorithm.A128GCM.getJwtName());
+            new EcdhDirectKeyJweDecryption(bobPrivateKey, ContentAlgorithm.A128GCM);
         assertEquals("Hello", jweIn.decrypt(jweOutput).getContentText());
     }
     @Test
@@ -145,10 +146,10 @@ public class JweCompactReaderWriterTest extends Assert {
         RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, 
                                                              RSA_PUBLIC_EXPONENT_ENCODED_A1);
         
-        KeyEncryptionAlgorithm keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, 
-                                                       Algorithm.RSA_1_5.getJwtName());
+        KeyEncryptionProvider keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, 
+                                                                             KeyAlgorithm.RSA_1_5);
         
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
                                                            CONTENT_ENCRYPTION_KEY_A3, 
                                                            INIT_VECTOR_A3,
                                                            keyEncryption);
@@ -157,7 +158,7 @@ public class JweCompactReaderWriterTest extends Assert {
         RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, 
                                                                 RSA_PRIVATE_EXPONENT_ENCODED_A1);
         KeyDecryptionAlgorithm keyDecryption = new RSAKeyDecryptionAlgorithm(privateKey,
-                                                                                 Algorithm.RSA_1_5.getJwtName());
+                                                                             KeyAlgorithm.RSA_1_5);
         JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
         String decryptedText = decryption.decrypt(jweContent).getContentText();
         assertEquals(specPlainText, decryptedText);
@@ -175,8 +176,8 @@ public class JweCompactReaderWriterTest extends Assert {
         byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
         
         AesGcmWrapKeyEncryptionAlgorithm keyEncryption = 
-            new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JoseConstants.A128GCMKW_ALGO);
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
+            new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128GCMKW);
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
                                                            CONTENT_ENCRYPTION_KEY_A3, 
                                                            INIT_VECTOR_A3,
                                                            keyEncryption);
@@ -218,27 +219,28 @@ public class JweCompactReaderWriterTest extends Assert {
         String jwtKeyName = null;
         if (key == null) {
             // the encryptor will generate it
-            jwtKeyName = Algorithm.A128GCM.getJwtName();
+            jwtKeyName = ContentAlgorithm.A128GCM.getJwaName();
         } else {
-            jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8);
+            jwtKeyName = AlgorithmUtils.toJwaName(key.getAlgorithm(), key.getEncoded().length * 8);
         }
-        KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey, 
-                                                       Algorithm.RSA_OAEP.getJwtName()); 
-        ContentEncryptionAlgorithm contentEncryptionAlgo = 
-            new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName);
+        KeyEncryptionProvider keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey, 
+                                                                                 KeyAlgorithm.RSA_OAEP); 
+        ContentEncryptionProvider contentEncryptionAlgo = 
+            new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, 
+                ContentAlgorithm.getAlgorithm(jwtKeyName));
         JweEncryptionProvider encryptor = new JweEncryption(keyEncryptionAlgo, contentEncryptionAlgo);
         return encryptor.encrypt(content.getBytes("UTF-8"), null);
     }
     private String encryptContentDirect(SecretKey key, String content) throws Exception {
         JweEncryption encryptor = new JweEncryption(new DirectKeyEncryptionAlgorithm(),
-            new AesGcmContentEncryptionAlgorithm(key, INIT_VECTOR_A1, JoseConstants.A128GCM_ALGO));
+            new AesGcmContentEncryptionAlgorithm(key, INIT_VECTOR_A1, ContentAlgorithm.A128GCM));
         return encryptor.encrypt(content.getBytes("UTF-8"), null);
     }
     private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception {
         RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, 
                                                                 RSA_PRIVATE_EXPONENT_ENCODED_A1);
-        String algo = Cipher.getMaxAllowedKeyLength("AES") > 128 
-            ? JoseConstants.A256GCM_ALGO : JoseConstants.A128GCM_ALGO; 
+        ContentAlgorithm algo = Cipher.getMaxAllowedKeyLength("AES") > 128 
+            ? ContentAlgorithm.A256GCM : ContentAlgorithm.A128GCM; 
         JweDecryptionProvider decryptor = new JweDecryption(new RSAKeyDecryptionAlgorithm(privateKey),
                                               new AesGcmContentDecryptionAlgorithm(algo));
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
@@ -246,7 +248,7 @@ public class JweCompactReaderWriterTest extends Assert {
     }
     private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception {
         JweDecryption decryptor = new JweDecryption(new DirectKeyDecryptionAlgorithm(key), 
-                                               new AesGcmContentDecryptionAlgorithm(JoseConstants.A128GCM_ALGO));
+                                               new AesGcmContentDecryptionAlgorithm(ContentAlgorithm.A128GCM));
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
         assertEquals(decryptedText, plainContent);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
index 0fcdece..5b1c9f3 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
@@ -25,8 +25,7 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 import org.junit.AfterClass;
@@ -56,8 +55,8 @@ public class JweJsonConsumerTest extends Assert {
     @BeforeClass
     public static void registerBouncyCastleIfNeeded() throws Exception {
         try {
-            Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
-            Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA);
+            Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA);
+            Cipher.getInstance(AlgorithmUtils.AES_CBC_ALGO_JAVA);
         } catch (Throwable t) {
             Security.addProvider(new BouncyCastleProvider());    
         }
@@ -72,7 +71,7 @@ public class JweJsonConsumerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_OUTPUT, 
-                              JoseConstants.A128GCM_ALGO, 
+                              AlgorithmUtils.A128GCM_ALGO, 
                               JweJsonProducerTest.WRAPPER_BYTES1,
                               null);
     }
@@ -81,7 +80,7 @@ public class JweJsonConsumerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_FLAT_OUTPUT, 
-                              JoseConstants.A128GCM_ALGO, 
+                              AlgorithmUtils.A128GCM_ALGO, 
                               JweJsonProducerTest.WRAPPER_BYTES1,
                               null);
     }
@@ -90,7 +89,7 @@ public class JweJsonConsumerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_DIRECT_OUTPUT, 
-                              JoseConstants.A128GCM_ALGO, 
+                              AlgorithmUtils.A128GCM_ALGO, 
                               null, 
                               JweJsonProducerTest.CEK_BYTES);
     }
@@ -99,7 +98,7 @@ public class JweJsonConsumerTest extends Assert {
         String text = "Live long and prosper.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, 
-                              JoseConstants.A128CBC_HS256_ALGO, 
+                              AlgorithmUtils.A128CBC_HS256_ALGO, 
                               null,
                               JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3);
     }
@@ -108,7 +107,7 @@ public class JweJsonConsumerTest extends Assert {
         String text = "Live long and prosper.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, 
-                              JoseConstants.A128CBC_HS256_ALGO, 
+                              AlgorithmUtils.A128CBC_HS256_ALGO, 
                               Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3),
                               null);
     }
@@ -118,8 +117,8 @@ public class JweJsonConsumerTest extends Assert {
         
         SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, 
                                                                "AES");
-        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, 
-                                                                         JoseConstants.A128GCM_ALGO);
+        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, 
+                                                                         AlgorithmUtils.A128GCM_ALGO);
         JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT);
         JweDecryptionOutput out = consumer.decryptWith(jwe);
         assertEquals(text, out.getContentText());
@@ -129,8 +128,8 @@ public class JweJsonConsumerTest extends Assert {
     public void testSingleRecipientAllTypeOfHeadersAndAadModified() {
         SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, 
                                                                "AES");
-        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, 
-                                                                         JoseConstants.A128GCM_ALGO);
+        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, 
+                                                                         AlgorithmUtils.A128GCM_ALGO);
         JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT);
         try {
             consumer.decryptWith(jwe);
@@ -148,7 +147,7 @@ public class JweJsonConsumerTest extends Assert {
         JweDecryptionProvider jwe = null;
         if (wrapperKeyBytes != null) {
             SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
-            jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, contentEncryptionAlgo);
+            jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, contentEncryptionAlgo);
         } else {
             SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
             jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo);

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 1fa0c9f..5e11159 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -28,8 +28,7 @@ import javax.crypto.SecretKey;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 import org.junit.AfterClass;
@@ -147,8 +146,8 @@ public class JweJsonProducerTest extends Assert {
     @BeforeClass
     public static void registerBouncyCastleIfNeeded() throws Exception {
         try {
-            Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
-            Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA);
+            Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA);
+            Cipher.getInstance(AlgorithmUtils.AES_CBC_ALGO_JAVA);
         } catch (Throwable t) {
             Security.addProvider(new BouncyCastleProvider());    
         }
@@ -161,35 +160,35 @@ public class JweJsonProducerTest extends Assert {
     @Test
     public void testSingleRecipientGcm() throws Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
-        doTestSingleRecipient(text, SINGLE_RECIPIENT_OUTPUT, JoseConstants.A128GCM_ALGO, 
+        doTestSingleRecipient(text, SINGLE_RECIPIENT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, 
                               WRAPPER_BYTES1, JweCompactReaderWriterTest.INIT_VECTOR_A1, 
                               CEK_BYTES, false);
     }
     @Test
     public void testSingleRecipientDirectGcm() throws Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
-        doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_OUTPUT, JoseConstants.A128GCM_ALGO, 
+        doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, 
                               null, JweCompactReaderWriterTest.INIT_VECTOR_A1, 
                               CEK_BYTES, false);
     }
     @Test
     public void testSingleRecipientDirectFlatGcm() throws Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
-        doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_FLAT_OUTPUT, JoseConstants.A128GCM_ALGO, 
+        doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_FLAT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, 
                               null, JweCompactReaderWriterTest.INIT_VECTOR_A1, 
                               CEK_BYTES, true);
     }
     @Test
     public void testSingleRecipientFlatGcm() throws Exception {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
-        doTestSingleRecipient(text, SINGLE_RECIPIENT_FLAT_OUTPUT, JoseConstants.A128GCM_ALGO, 
+        doTestSingleRecipient(text, SINGLE_RECIPIENT_FLAT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, 
                               WRAPPER_BYTES1, JweCompactReaderWriterTest.INIT_VECTOR_A1, 
                               CEK_BYTES, true);
     }
     @Test
     public void testSingleRecipientA128CBCHS256() throws Exception {
         String text = "Live long and prosper.";
-        doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, JoseConstants.A128CBC_HS256_ALGO, 
+        doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, AlgorithmUtils.A128CBC_HS256_ALGO, 
                               Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3),
                               JweCompactReaderWriterTest.INIT_VECTOR_A3,
                               JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3,
@@ -198,7 +197,7 @@ public class JweJsonProducerTest extends Assert {
     @Test
     public void testSingleRecipientDirectA128CBCHS256() throws Exception {
         String text = "Live long and prosper.";
-        doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, JoseConstants.A128CBC_HS256_ALGO, 
+        doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, AlgorithmUtils.A128CBC_HS256_ALGO, 
                               null,
                               JweCompactReaderWriterTest.INIT_VECTOR_A3,
                               JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3,
@@ -212,7 +211,7 @@ public class JweJsonProducerTest extends Assert {
                                          final byte[] iv,
                                          final byte[] cek,
                                          boolean canBeFlat) throws Exception {
-        JweHeaders headers = new JweHeaders(JoseConstants.A128KW_ALGO,
+        JweHeaders headers = new JweHeaders(AlgorithmUtils.A128KW_ALGO,
                                             contentEncryptionAlgo);
         JweEncryptionProvider jwe = null;
         if (wrapperKeyBytes == null) {
@@ -240,13 +239,13 @@ public class JweJsonProducerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
         
-        JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
+        JweHeaders protectedHeaders = new JweHeaders(AlgorithmUtils.A128GCM_ALGO);
         JweHeaders sharedUnprotectedHeaders = new JweHeaders();
         sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
         
         JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, 
-                                                                         JoseConstants.A128KW_ALGO,
-                                                                         JoseConstants.A128GCM_ALGO,
+                                                                         AlgorithmUtils.A128KW_ALGO,
+                                                                         AlgorithmUtils.A128GCM_ALGO,
                                                                          null);
         JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                                 sharedUnprotectedHeaders,
@@ -261,7 +260,7 @@ public class JweJsonProducerTest extends Assert {
             }
         };
         JweHeaders recepientUnprotectedHeaders = new JweHeaders();
-        recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO);
+        recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(AlgorithmUtils.A128KW_ALGO);
         String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders);
         assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson);
     }
@@ -271,20 +270,20 @@ public class JweJsonProducerTest extends Assert {
         SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
         SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
         
-        JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
+        JweHeaders protectedHeaders = new JweHeaders(AlgorithmUtils.A128GCM_ALGO);
         JweHeaders sharedUnprotectedHeaders = new JweHeaders();
         sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
-        sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO);
+        sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(AlgorithmUtils.A128KW_ALGO);
         
         List<JweEncryptionProvider> jweList = new LinkedList<JweEncryptionProvider>();
         
-        KeyEncryptionAlgorithm keyEncryption1 = 
-            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, JoseConstants.A128KW_ALGO);
-        ContentEncryptionAlgorithm contentEncryption = 
-            JweUtils.getContentEncryptionAlgorithm(JoseConstants.A128GCM_ALGO);
+        KeyEncryptionProvider keyEncryption1 = 
+            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, AlgorithmUtils.A128KW_ALGO);
+        ContentEncryptionProvider contentEncryption = 
+            JweUtils.getContentEncryptionAlgorithm(AlgorithmUtils.A128GCM_ALGO);
         JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
-        KeyEncryptionAlgorithm keyEncryption2 = 
-            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, JoseConstants.A128KW_ALGO);
+        KeyEncryptionProvider keyEncryption2 = 
+            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, AlgorithmUtils.A128KW_ALGO);
         JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
         jweList.add(jwe1);
         jweList.add(jwe2);

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
index 5f721f5..2e1d942 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
@@ -20,8 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.Security;
 
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 import org.junit.After;
@@ -42,9 +43,9 @@ public class JwePbeHmacAesWrapTest extends Assert {
     public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception {
         final String specPlainText = "Live long and prosper.";
         final String password = "Thus from my lips, by yours, my sin is purged."; 
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO);
-        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
+        KeyEncryptionProvider keyEncryption = 
+            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, KeyAlgorithm.PBES2_HS256_A128KW);
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
                                                                        keyEncryption);
         String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
         
@@ -58,17 +59,17 @@ public class JwePbeHmacAesWrapTest extends Assert {
     public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception {
         final String specPlainText = "Live long and prosper.";
         JweHeaders headers = new JweHeaders();
-        headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO);
-        headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName());
+        headers.setAlgorithm(AlgorithmUtils.PBES2_HS256_A128KW_ALGO);
+        headers.setContentEncryptionAlgorithm(ContentAlgorithm.A128GCM.getJwaName());
         final String password = "Thus from my lips, by yours, my sin is purged."; 
-        KeyEncryptionAlgorithm keyEncryption = 
-            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO);
+        KeyEncryptionProvider keyEncryption = 
+            new PbesHmacAesWrapKeyEncryptionAlgorithm(password, KeyAlgorithm.PBES2_HS256_A128KW);
         JweEncryptionProvider encryption = new JweEncryption(keyEncryption,
-            new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
+            new AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM));
         String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
         PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
         JweDecryptionProvider decryption = new JweDecryption(keyDecryption, 
-                                               new AesGcmContentDecryptionAlgorithm(JoseConstants.A128GCM_ALGO));
+                                               new AesGcmContentDecryptionAlgorithm(ContentAlgorithm.A128GCM));
         String decryptedText = decryption.decrypt(jweContent).getContentText();
         assertEquals(specPlainText, decryptedText);
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
index ba92742..6c0f243 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
@@ -25,8 +25,9 @@ import java.util.List;
 import java.util.Map;
 
 import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
@@ -129,8 +130,9 @@ public class JsonWebKeyTest extends Assert {
             String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray());
             JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
             assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
-            assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
-            assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
+            assertEquals(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
+            assertEquals(ContentAlgorithm.A128CBC_HS256.getJwaName(), 
+                         c.getJweHeaders().getContentEncryptionAlgorithm());
             assertNotNull(c.getJweHeaders().getHeader("p2s"));
             assertNotNull(c.getJweHeaders().getHeader("p2c"));
             jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray());
@@ -153,8 +155,9 @@ public class JsonWebKeyTest extends Assert {
             String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray());
             JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
             assertEquals("jwk+json", c.getJweHeaders().getContentType());
-            assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
-            assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
+            assertEquals(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
+            assertEquals(ContentAlgorithm.A128CBC_HS256.getJwaName(), 
+                         c.getJweHeaders().getContentEncryptionAlgorithm());
             assertNotNull(c.getJweHeaders().getHeader("p2s"));
             assertNotNull(c.getJweHeaders().getHeader("p2c"));
             jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray());
@@ -181,13 +184,13 @@ public class JsonWebKeyTest extends Assert {
         assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
         assertEquals(AES_KID_VALUE, key.getKid());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        assertEquals(JoseConstants.A128KW_ALGO, key.getAlgorithm());
+        assertEquals(AlgorithmUtils.A128KW_ALGO, key.getAlgorithm());
     }
     private void validateSecretHmacKey(JsonWebKey key) {
         assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
         assertEquals(HMAC_KID_VALUE, key.getKid());
         assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
-        assertEquals(JoseConstants.HMAC_SHA_256_ALGO, key.getAlgorithm());
+        assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm());
     }
     
     private void validatePublicRsaKey(JsonWebKey key) {
@@ -195,7 +198,7 @@ public class JsonWebKeyTest extends Assert {
         assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
         assertEquals(RSA_KID_VALUE, key.getKid());
         assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType());
-        assertEquals(JoseConstants.RS_SHA_256_ALGO, key.getAlgorithm());
+        assertEquals(AlgorithmUtils.RS_SHA_256_ALGO, key.getAlgorithm());
     }
     private void validatePrivateRsaKey(JsonWebKey key) {
         validatePublicRsaKey(key);


Mime
View raw message