cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/4] cxf git commit: Move CryptoUtils into rt-security
Date Thu, 30 Apr 2015 08:19:01 GMT
Move CryptoUtils into rt-security

Conflicts:
	rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/179c1d41
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/179c1d41
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/179c1d41

Branch: refs/heads/3.0.x-fixes
Commit: 179c1d418e870de16c60630255cae204c5b50664
Parents: c1cc224
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 29 20:56:10 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 29 20:57:05 2015 +0100

----------------------------------------------------------------------
 .../common/util/MessageDigestInputStream.java   |   6 +-
 .../cxf/common/util/crypto/CryptoUtils.java     | 724 -------------------
 .../cxf/common/util/crypto/HmacUtils.java       | 145 ----
 .../cxf/common/util/crypto/KeyProperties.java   |  88 ---
 .../common/util/crypto/MessageDigestUtils.java  |  69 --
 .../features/src/main/resources/features.xml    |   1 +
 rt/rs/security/jose/pom.xml                     |   5 +
 .../apache/cxf/rs/security/jose/JoseUtils.java  |   2 +-
 .../jaxrs/JwtAuthenticationClientFilter.java    |   2 +-
 .../security/jose/jaxrs/KeyManagementUtils.java |   2 +-
 .../jwe/AbstractContentEncryptionAlgorithm.java |   2 +-
 ...stractContentEncryptionCipherProperties.java |   2 +-
 .../jose/jwe/AbstractJweDecryption.java         |   4 +-
 .../jose/jwe/AbstractJweEncryption.java         |   4 +-
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java |   4 +-
 .../jose/jwe/AesCbcHmacJweEncryption.java       |   2 +-
 .../jwe/AesGcmContentEncryptionAlgorithm.java   |   2 +-
 .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java   |   2 +-
 .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java   |   2 +-
 .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java |   2 +-
 .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java |   2 +-
 .../jose/jwe/EcdhDirectKeyJweEncryption.java    |   2 +-
 .../security/jose/jwe/JweEncryptionOutput.java  |   2 +-
 .../cxf/rs/security/jose/jwe/JweUtils.java      |   2 +-
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  |   4 +-
 .../jose/jwe/WrappedKeyDecryptionAlgorithm.java |   4 +-
 .../cxf/rs/security/jose/jwk/JwkUtils.java      |   2 +-
 .../jose/jws/HmacJwsSignatureProvider.java      |   2 +-
 .../jose/jws/HmacJwsSignatureVerifier.java      |   2 +-
 .../jws/PrivateKeyJwsSignatureProvider.java     |   2 +-
 .../jose/jws/PublicKeyJwsSignatureVerifier.java |   2 +-
 .../jose/jwe/JweCompactReaderWriterTest.java    |   3 +-
 .../security/jose/jwe/JweJsonConsumerTest.java  |   3 +-
 .../security/jose/jwe/JweJsonProducerTest.java  |   3 +-
 .../jose/jws/JwsCompactReaderWriterTest.java    |   3 +-
 .../code/DefaultEncryptingCodeDataProvider.java |   2 +-
 .../oauth2/grants/code/DigestCodeVerifier.java  |   2 +-
 .../grants/code/JwtRequestCodeFilter.java       |   2 +-
 .../oauth2/grants/code/JwtRequestCodeGrant.java |   2 +-
 .../provider/ClientSecretHashVerifier.java      |   2 +-
 .../DefaultEncryptingOAuthDataProvider.java     |   4 +-
 .../hawk/AbstractHawkAccessTokenValidator.java  |   2 +-
 .../oauth2/tokens/hawk/HawkAccessToken.java     |   2 +-
 .../tokens/hawk/HawkAuthorizationScheme.java    |   2 +-
 .../rs/security/oauth2/utils/OAuthUtils.java    |   5 +
 .../utils/crypto/ModelEncryptionSupport.java    |   4 +-
 .../oauth2/utils/crypto/CryptoUtilsTest.java    |   5 +-
 .../utils/crypto/EncryptingDataProvider.java    |   2 +-
 .../oidc/idp/AbstractJwsJweProducer.java        |   2 +-
 .../cxf/rs/security/oidc/utils/OidcUtils.java   |   2 +-
 .../cxf/rt/security/crypto/CryptoUtils.java     | 724 +++++++++++++++++++
 .../cxf/rt/security/crypto/HmacUtils.java       | 145 ++++
 .../cxf/rt/security/crypto/KeyProperties.java   |  88 +++
 .../rt/security/crypto/MessageDigestUtils.java  |  69 ++
 .../security/oauth2/OAuthDataProviderImpl.java  |   2 +-
 55 files changed, 1091 insertions(+), 1085 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java b/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
index 0237b8d..d089403 100644
--- a/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
+++ b/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
@@ -22,11 +22,11 @@ import java.io.InputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
-
 public class MessageDigestInputStream extends java.security.DigestInputStream {
+    public static final String ALGO_SHA_256 = "SHA-256";
+    
     public MessageDigestInputStream(InputStream is) {
-        super(is, getDigestInstance(MessageDigestUtils.ALGO_SHA_256));
+        super(is, getDigestInstance(ALGO_SHA_256));
     }
     
     private static MessageDigest getDigestInstance(String algo)  {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
deleted file mode 100644
index 2c22adf..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
+++ /dev/null
@@ -1,724 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.common.util.crypto;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.ECGenParameterSpec;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.ECPrivateKeySpec;
-import java.security.spec.ECPublicKeySpec;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPrivateKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.CompressionUtils;
-import org.apache.cxf.helpers.IOUtils;
-
-
-/**
- * Encryption helpers
- */
-public final class CryptoUtils {
-    
-    private CryptoUtils() {
-    }
-    
-    public static String encodeSecretKey(SecretKey key) throws SecurityException {
-        return encodeBytes(key.getEncoded());
-    }
-    
-    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
-        throws SecurityException {
-        KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
-        return encryptSecretKey(secretKey, publicKey, props);
-    }
-    
-    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
-        KeyProperties props) throws SecurityException {
-        byte[] encryptedBytes = wrapSecretKey(secretKey, publicKey, props);
-        return encodeBytes(encryptedBytes);
-    }
-    
-    public static byte[] generateSecureRandomBytes(int size) {
-        SecureRandom sr = new SecureRandom();
-        byte[] bytes = new byte[size];
-        sr.nextBytes(bytes);
-        return bytes;
-    }
-    
-    public static RSAPublicKey getRSAPublicKey(String encodedModulus,
-                                               String encodedPublicExponent) {
-        try {
-            return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus),
-                                   CryptoUtils.decodeSequence(encodedPublicExponent));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
-                                               byte[] publicExponentBytes) {
-        try {
-            return getRSAPublicKey(KeyFactory.getInstance("RSA"), 
-                                   modulusBytes,
-                                   publicExponentBytes);
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }         
-    }
-    
-    public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
-                                               byte[] modulusBytes,
-                                               byte[] publicExponentBytes) {
-        BigInteger modulus = toBigInteger(modulusBytes);
-        BigInteger publicExponent = toBigInteger(publicExponentBytes);
-        try {
-            return (RSAPublicKey)factory.generatePublic(
-                new RSAPublicKeySpec(modulus, publicExponent));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
-    }
-    
-    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
-                                                 String encodedPrivateExponent) {
-        try {
-            return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
-                                    CryptoUtils.decodeSequence(encodedPrivateExponent));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
-                                                 byte[] privateExponentBytes) {
-        BigInteger modulus =  toBigInteger(modulusBytes);
-        BigInteger privateExponent =  toBigInteger(privateExponentBytes);
-        try {
-            KeyFactory factory = KeyFactory.getInstance("RSA");
-            return (RSAPrivateKey)factory.generatePrivate(
-                new RSAPrivateKeySpec(modulus, privateExponent));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
-    }
-    //CHECKSTYLE:OFF
-    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
-                                                 String encodedPublicExponent,
-                                                 String encodedPrivateExponent,
-                                                 String encodedPrimeP,
-                                                 String encodedPrimeQ,
-                                                 String encodedPrimeExpP,
-                                                 String encodedPrimeExpQ,
-                                                 String encodedCrtCoefficient) {
-    //CHECKSTYLE:ON
-        try {
-            return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
-                                    CryptoUtils.decodeSequence(encodedPublicExponent),
-                                    CryptoUtils.decodeSequence(encodedPrivateExponent),
-                                    CryptoUtils.decodeSequence(encodedPrimeP),
-                                    CryptoUtils.decodeSequence(encodedPrimeQ),
-                                    CryptoUtils.decodeSequence(encodedPrimeExpP),
-                                    CryptoUtils.decodeSequence(encodedPrimeExpQ),
-                                    CryptoUtils.decodeSequence(encodedCrtCoefficient));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    //CHECKSTYLE:OFF
-    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
-                                                 byte[] publicExponentBytes,
-                                                 byte[] privateExponentBytes,
-                                                 byte[] primePBytes,
-                                                 byte[] primeQBytes,
-                                                 byte[] primeExpPBytes,
-                                                 byte[] primeExpQBytes,
-                                                 byte[] crtCoefficientBytes) {
-    //CHECKSTYLE:ON
-        BigInteger modulus = toBigInteger(modulusBytes);
-        BigInteger publicExponent = toBigInteger(publicExponentBytes);
-        BigInteger privateExponent = toBigInteger(privateExponentBytes);
-        BigInteger primeP = toBigInteger(primePBytes);
-        BigInteger primeQ = toBigInteger(primeQBytes);
-        BigInteger primeExpP = toBigInteger(primeExpPBytes);
-        BigInteger primeExpQ = toBigInteger(primeExpQBytes);
-        BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes);
-        try {
-            KeyFactory factory = KeyFactory.getInstance("RSA");
-            return (RSAPrivateKey)factory.generatePrivate(
-                new RSAPrivateCrtKeySpec(modulus, 
-                                         publicExponent,
-                                         privateExponent,
-                                         primeP,
-                                         primeQ,
-                                         primeExpP,
-                                         primeExpQ,
-                                         crtCoefficient));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
-    }
-    
-    public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) {
-        try {
-            return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) {
-        try {
-            ECParameterSpec params = getECParameterSpec(curve, true);
-            ECPrivateKeySpec keySpec = new ECPrivateKeySpec(
-                                           toBigInteger(privateKey), params);
-            KeyFactory kf = KeyFactory.getInstance("EC");
-            return (ECPrivateKey) kf.generatePrivate(keySpec);
-
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
-    }
-    private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate) 
-        throws Exception {
-        KeyPair pair = generateECKeyPair(curve);
-        return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams()
-            : ((ECPrivateKey) pair.getPrivate()).getParams();
-    }
-    
-    public static KeyPair generateECKeyPair(String curve) {
-        try {
-            KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
-            ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec"
-                                                                  + curve.toLowerCase().replace("-", "")
-                                                                  + "r1");
-            kpg.initialize(kpgparams);
-            return kpg.generateKeyPair();
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) {
-        try {
-            return getECPublicKey(curve,
-                                  CryptoUtils.decodeSequence(encodedXPoint),
-                                  CryptoUtils.decodeSequence(encodedYPoint));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) {
-        try {
-            ECParameterSpec params = getECParameterSpec(curve, false);
-
-            ECPoint ecPoint = new ECPoint(toBigInteger(xPoint),
-                                          toBigInteger(yPoint));
-            ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params);
-            KeyFactory kf = KeyFactory.getInstance("EC");
-            return (ECPublicKey) kf.generatePublic(keySpec);
-
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
-    }
-    private static BigInteger toBigInteger(byte[] bytes) {
-        if (bytes[0] == -128) { 
-            return new BigInteger(bytes); 
-        } else {
-            return new BigInteger(1, bytes);
-        }
-    }
-    public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) {
-        // this can be overridden if needed
-        if (authTagLength > 0) {
-            return CryptoUtils.getGCMParameterSpec(authTagLength, iv);
-        } else if (iv.length > 0) {
-            return new IvParameterSpec(iv);
-        } else {
-            return null;
-        }
-    }
-    
-    public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) {
-        try {
-            // In case Java 6 compiler is used
-            Class<?> c = ClassLoaderUtils.loadClass("javax.crypto.spec.GCMParameterSpec", CryptoUtils.class);
-            Constructor<?> ctr = c.getConstructor(new Class[]{int.class, byte[].class});
-            return (AlgorithmParameterSpec)ctr.newInstance(new Object[]{authTagLength, iv});
-        } catch (Throwable t) {
-            throw new SecurityException(t);
-        }
-    }
-    
-    public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) {
-        return signData(data, key, signAlgo, null, null);
-    }
-    
-    public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random,
-                           AlgorithmParameterSpec params) {
-        try {
-            Signature s = getSignature(key, signAlgo, random, params);
-            s.update(data);
-            return s.sign();
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random,
-                                  AlgorithmParameterSpec params) {
-        try {
-            Signature s = Signature.getInstance(signAlgo);
-            if (random == null) {
-                s.initSign(key);
-            } else {
-                s.initSign(key, random);
-            }
-            if (params != null) {
-                s.setParameter(params);
-            }
-            return s;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) {
-        return verifySignature(data, signature, key, signAlgo, null);
-    }
-    
-    public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo, 
-                                AlgorithmParameterSpec params) {
-        try {
-            Signature s = Signature.getInstance(signAlgo);
-            s.initVerify(key);
-            if (params != null) {
-                s.setParameter(params);
-            }
-            s.update(data);
-            return s.verify(signature);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException {
-        return getSecretKey(new KeyProperties(symEncAlgo));
-    }
-    
-    public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException {
-        return getSecretKey(new KeyProperties(symEncAlgo, keySize));
-    }
-    
-    public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
-        try {
-            KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
-            AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
-            SecureRandom random = props.getSecureRandom();
-            if (algoSpec != null) {
-                if (random != null) {
-                    keyGen.init(algoSpec, random);
-                } else {
-                    keyGen.init(algoSpec);
-                }
-            } else {
-                int keySize = props.getKeySize();
-                if (keySize == -1) {
-                    keySize = 128;
-                }
-                if (random != null) {
-                    keyGen.init(keySize, random);
-                } else {
-                    keyGen.init(keySize);
-                }
-            }
-            
-            return keyGen.generateKey();
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static String decryptSequence(String encodedToken, String encodedSecretKey)
-        throws SecurityException {
-        return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
-    }
-    
-    public static String decryptSequence(String encodedData, String encodedSecretKey, 
-        KeyProperties props) throws SecurityException {
-        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptSequence(encodedData, key, props);
-    }
-    
-    public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException {
-        return decryptSequence(encodedData, secretKey, null);
-    }
-    
-    public static String decryptSequence(String encodedData, Key secretKey,
-        KeyProperties props) throws SecurityException {
-        byte[] encryptedBytes = decodeSequence(encodedData);
-        byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
-        try {
-            return new String(bytes, "UTF-8");
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static String encryptSequence(String sequence, Key secretKey) throws SecurityException {
-        return encryptSequence(sequence, secretKey, null);
-    }
-    
-    public static String encryptSequence(String sequence, Key secretKey,
-        KeyProperties keyProps) throws SecurityException {
-        try {
-            byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
-            return encodeBytes(bytes);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static String encodeBytes(byte[] bytes) throws SecurityException {
-        try {
-            return Base64UrlUtility.encode(bytes);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
-        return encryptBytes(bytes, secretKey, null);
-    }
-    
-    public static byte[] encryptBytes(byte[] bytes, Key secretKey,
-        KeyProperties keyProps) throws SecurityException {
-        return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
-    }
-    
-    public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
-        return decryptBytes(bytes, secretKey, null);
-    }
-    
-    public static byte[] decryptBytes(byte[] bytes, Key secretKey, 
-        KeyProperties keyProps) throws SecurityException {
-        return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
-    }
-    
-    public static byte[] wrapSecretKey(byte[] keyBytes, 
-                                       String keyAlgo,
-                                       Key wrapperKey,
-                                       KeyProperties wrapperKeyProps)  throws SecurityException {
-        return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)), 
-                             wrapperKey, 
-                             wrapperKeyProps);
-    }
-    
-    public static byte[] wrapSecretKey(Key secretKey,
-                                       Key wrapperKey,
-                                       KeyProperties keyProps)  throws SecurityException {
-        try {
-            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
-            return c.wrap(secretKey);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }    
-    }
-    
-    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            String unwrapperKeyAlgo)  throws SecurityException {
-        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
-                               new KeyProperties(unwrapperKeyAlgo));
-    }
-    
-    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            KeyProperties keyProps)  throws SecurityException {
-        return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY);    
-    }
-    
-    public static Key unwrapKey(byte[] wrappedBytes,
-                                            String wrappedKeyAlgo,
-                                            Key unwrapperKey,
-                                            KeyProperties keyProps,
-                                            int wrappedKeyType)  throws SecurityException {
-        try {
-            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
-            return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }    
-    }
-    
-    private static byte[] processBytes(byte[] bytes, 
-                                      Key secretKey, 
-                                      KeyProperties keyProps, 
-                                      int mode)  throws SecurityException {
-        boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
-        if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
-            bytes = CompressionUtils.deflate(bytes, false);
-        }
-        try {
-            Cipher c = initCipher(secretKey, keyProps, mode);
-            byte[] result = new byte[0];
-            int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
-            if (secretKey instanceof SecretKey && blockSize == -1) {
-                result = c.doFinal(bytes);
-            } else {
-                if (blockSize == -1) {
-                    blockSize = secretKey instanceof PublicKey ? 117 : 128;
-                }
-                boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null;
-                int offset = 0;
-                for (; offset + blockSize < bytes.length; offset += blockSize) {
-                    byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize) 
-                        : c.update(bytes, offset, blockSize);
-                    result = addToResult(result, next);
-                }
-                if (offset < bytes.length) {
-                    result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
-                } else {
-                    result = addToResult(result, c.doFinal());
-                }
-            }
-            if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
-                result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
-            }
-            return result;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode)  throws SecurityException {
-        try {
-            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null 
-                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
-            Cipher c = Cipher.getInstance(algorithm);
-            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
-                c.init(mode, secretKey);
-            } else {
-                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
-                SecureRandom random = keyProps.getSecureRandom();
-                if (algoSpec == null) {
-                    c.init(mode, secretKey, random);
-                } else if (random == null) {
-                    c.init(mode, secretKey, algoSpec);
-                } else {
-                    c.init(mode, secretKey, algoSpec, random);
-                }
-            }
-            if (keyProps != null && keyProps.getAdditionalData() != null) {
-                // TODO: call updateAAD directly after switching to Java7
-                try {
-                    Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
-                    m.invoke(c, new Object[]{keyProps.getAdditionalData()});
-                } catch (NoSuchMethodException ex) {
-                    throw new SecurityException(ex); 
-                }
-            }
-            return c;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    private static byte[] addToResult(byte[] prefix, byte[] suffix) {
-        if (suffix == null || suffix.length == 0) {
-            return prefix;    
-        } else if (prefix.length == 0) {
-            return suffix;
-        } else {
-            byte[] result = new byte[prefix.length + suffix.length];
-            System.arraycopy(prefix, 0, result, 0, prefix.length);
-            System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
-            return result;
-        }
-    }
-    
-    public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException {
-        return decodeSecretKey(encodedSecretKey, "AES");
-    }
-    
-    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) 
-        throws SecurityException {
-        byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
-        return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
-    }
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             PrivateKey privateKey) {
-        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
-    }
-    
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             String secretKeyAlgo,
-                                             PrivateKey privateKey)
-        throws SecurityException {
-        KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
-        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
-    }
-    
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
-                                             String secretKeyAlgo,
-                                             KeyProperties props,
-                                             PrivateKey privateKey) throws SecurityException {
-        byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
-        return unwrapSecretKey(encryptedBytes, secretKeyAlgo, privateKey, props);
-    }
-    
-    public static SecretKey createSecretKeySpec(String encodedBytes, String algo) {
-        return new SecretKeySpec(decodeSequence(encodedBytes), algo);
-    }
-    public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
-        return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo));
-    }
-    public static byte[] decodeSequence(String encodedSequence) throws SecurityException {
-        try {
-            return Base64UrlUtility.decode(encodedSequence);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    private static String convertJCECipherToSecretKeyName(String jceCipherName) {
-        if (jceCipherName != null) {
-            if (jceCipherName.startsWith("AES")) {
-                return "AES";
-            } else if (jceCipherName.startsWith("DESede")) {
-                return "DESede";
-            } else if (jceCipherName.startsWith("SEED")) {
-                return "SEED";
-            } else if (jceCipherName.startsWith("Camellia")) {
-                return "Camellia";
-            }
-        }
-        return null;
-    }
-    public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
-                                              String storeType) {
-        KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
-        return loadCertificate(keyStore, alias);
-    }
-    public static Certificate loadCertificate(KeyStore keyStore, String alias) {
-        try {
-            if (alias == null) {
-                throw new SecurityException("No keystore alias was defined");
-            }
-            if (!keyStore.containsAlias(alias)) {
-                throw new SecurityException("No alias exists in the keystore for: " + alias);
-            }
-            return keyStore.getCertificate(alias);
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    public static String encodeCertificate(Certificate cert) {
-        try {
-            return Base64Utility.encode(cert.getEncoded());
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    public static Certificate decodeCertificate(String encodedCert) {
-        try {
-            byte[] decoded = Base64Utility.decode(encodedCert);
-            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
-                                          String storeType) {
-        return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
-    }
-    public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
-        return loadCertificate(keyStore, alias).getPublicKey();
-    }
-    public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) {
-        try {
-            KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
-            ks.load(storeLocation, storePassword);
-            return ks;
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    public static PrivateKey loadPrivateKey(InputStream storeLocation, 
-                                            char[] storePassword, 
-                                            char[] keyPassword, 
-                                            String alias,
-                                            String storeType) {
-        KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
-        return loadPrivateKey(keyStore, keyPassword, alias);
-    }
-    
-    public static PrivateKey loadPrivateKey(KeyStore keyStore,
-                                            char[] keyPassword, 
-                                            String alias) {
-        try {
-            if (alias == null) {
-                throw new SecurityException("No keystore alias was defined");
-            }
-            if (!keyStore.containsAlias(alias)) {
-                throw new SecurityException("No alias exists in the keystore for: " + alias);
-            }
-            KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
-                keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
-            return pkEntry.getPrivateKey();
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
deleted file mode 100644
index 4a07edc..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.common.util.crypto;
-
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.Base64Utility;
-
-public final class HmacUtils {
-    
-    private HmacUtils() {
-        
-    }
-    
-    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
-        return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
-    }
-    
-    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
-        byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
-        return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
-    }
-    
-    public static Mac getMac(String macAlgoJavaName) {
-        return getMac(macAlgoJavaName, (String)null);
-    }
-    
-    public static Mac getMac(String macAlgoJavaName, String provider) {
-        try {
-            return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException(e);
-        } catch (NoSuchProviderException e) {
-            throw new SecurityException(e);
-        }
-    }
-    
-    public static Mac getMac(String macAlgoJavaName, Provider provider) {
-        try {
-            return Mac.getInstance(macAlgoJavaName, provider);
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException(e);
-        }
-    }
-    
-    public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
-        Mac mac = getMac(macAlgoJavaName);
-        return computeHmac(key, mac, data);
-    }
-    
-    public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
-        return computeHmac(key, macAlgoJavaName, null, data);
-    }
-    public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec, 
-                                     String data) {
-        Mac mac = getMac(macAlgoJavaName);
-        return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data);
-    }
-    
-    public static byte[] computeHmac(String key, Mac hmac, String data) {
-        try {
-            return computeHmac(key.getBytes("UTF-8"), hmac, data);
-        } catch (UnsupportedEncodingException e) {
-            throw new SecurityException(e);
-        }
-    }
-    
-    public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
-        SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
-        return computeHmac(secretKey, hmac, data);
-    }
-    
-    public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
-        return computeHmac(secretKey, hmac, null, data);
-    }
-    
-    public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
-        initMac(hmac, secretKey, spec);
-        return hmac.doFinal(data.getBytes());
-    }
-    
-    public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) {
-        Mac hmac = getMac(algo);
-        initMac(hmac, key, spec);
-        return hmac;
-    }
-    
-    private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) {
-        initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec);
-        
-    }
-    private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) {
-        try {
-            if (spec == null) {
-                hmac.init(secretKey);
-            } else {
-                hmac.init(secretKey, spec);
-            }
-        } catch (InvalidKeyException e) {
-            throw new SecurityException(e);
-        } catch (InvalidAlgorithmParameterException e) {
-            throw new SecurityException(e);
-        }
-    }
-    
-    public static String generateKey(String algo) {
-        try {
-            KeyGenerator keyGen = KeyGenerator.getInstance(algo);
-            return Base64Utility.encode(keyGen.generateKey().getEncoded());
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException(e);
-        }
-    }
-    
-       
-       
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java b/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
deleted file mode 100644
index 1d4f75c..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.common.util.crypto;
-
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-public class KeyProperties {
-    private String keyAlgo;
-    private int keySize;
-    private int blockSize = -1;
-    private byte[] additionalData;
-    private SecureRandom secureRandom;
-    private AlgorithmParameterSpec algoSpec;
-    private boolean compressionSupported;
-    
-    public KeyProperties() {
-    }
-    
-    public KeyProperties(String keyAlgo) {
-        this(keyAlgo, -1);
-    }
-    public KeyProperties(String keyAlgo, int keySize) {
-        this.keyAlgo = keyAlgo;
-        this.keySize = keySize;
-    }
-    public String getKeyAlgo() {
-        return keyAlgo;
-    }
-    public void setKeyAlgo(String keyAlgo) {
-        this.keyAlgo = keyAlgo;
-    }
-    public int getKeySize() {
-        return keySize;
-    }
-    public void setKeySize(int keySize) {
-        this.keySize = keySize;
-    }
-    public SecureRandom getSecureRandom() {
-        return secureRandom;
-    }
-    public void setSecureRandom(SecureRandom secureRandom) {
-        this.secureRandom = secureRandom;
-    }
-    public AlgorithmParameterSpec getAlgoSpec() {
-        return algoSpec;
-    }
-    public void setAlgoSpec(AlgorithmParameterSpec algoSpec) {
-        this.algoSpec = algoSpec;
-    }
-    public int getBlockSize() {
-        return blockSize;
-    }
-    public void setBlockSize(int blockSize) {
-        this.blockSize = blockSize;
-    }
-    public boolean isCompressionSupported() {
-        return compressionSupported;
-    }
-    public void setCompressionSupported(boolean compressionSupported) {
-        this.compressionSupported = compressionSupported;
-    }
-    public byte[] getAdditionalData() {
-        return additionalData;
-    }
-    public void setAdditionalData(byte[] additionalData) {
-        this.additionalData = additionalData;
-    }
-    
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
deleted file mode 100644
index b8e84e2..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.common.util.crypto;
-
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-import org.apache.cxf.common.util.StringUtils;
-
-/**
- * The utility Message Digest generator which can be used for generating
- * random values
- */
-public final class MessageDigestUtils {
-    
-    public static final String ALGO_SHA_1 = "SHA-1";
-    public static final String ALGO_SHA_256 = "SHA-256";
-    public static final String ALGO_MD5 = "MD5";
-    
-    private MessageDigestUtils() {
-        
-    }
-        
-    public static String generate(byte[] input) {
-        return generate(input, ALGO_SHA_256);
-    }   
-    
-    public static String generate(byte[] input, String algo) {    
-        try {
-            byte[] messageDigest = createDigest(input, algo);
-            return StringUtils.toHexString(messageDigest);
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException(e);
-        }
-    }
-
-    public static byte[] createDigest(String input, String algo) {
-        try {
-            return createDigest(input.getBytes("UTF-8"), algo);
-        } catch (UnsupportedEncodingException e) {
-            throw new SecurityException(e);
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException(e);
-        }   
-    }
-    
-    public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException { 
-        MessageDigest md = MessageDigest.getInstance(algo);
-        return md.digest(input);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/osgi/karaf/features/src/main/resources/features.xml
----------------------------------------------------------------------
diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml
index c32b40d..ec5a949 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -203,6 +203,7 @@
     </feature>
     <feature name="cxf-rs-security-jose" version="${project.version}" resolver="(obr)">
         <feature version="${project.version}">cxf-jaxrs</feature>
+        <feature version="${project.version}">cxf-rt-security</feature>
         <bundle start-level="40">mvn:org.apache.cxf/cxf-rt-rs-security-jose/${project.version}</bundle>
     </feature>
     <feature name="cxf-rs-security-oauth2" version="${project.version}" resolver="(obr)">

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/pom.xml
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/pom.xml b/rt/rs/security/jose/pom.xml
index 77c18c6..fee7c60 100644
--- a/rt/rs/security/jose/pom.xml
+++ b/rt/rs/security/jose/pom.xml
@@ -38,6 +38,11 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-security</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
             <version>${project.version}</version>
         </dependency>

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
index f3e25c1..635ca76 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
@@ -25,8 +25,8 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public final class JoseUtils {
     private static final Logger LOG = LogUtils.getL7dLogger(JoseUtils.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index 821a36a..70a1905 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -27,7 +27,6 @@ import javax.ws.rs.client.ClientRequestFilter;
 import javax.ws.rs.core.HttpHeaders;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
@@ -37,6 +36,7 @@ import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 @Priority(Priorities.AUTHENTICATION)
 public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
index 499e4f6..9a4078e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -44,13 +44,13 @@ import java.util.logging.Logger;
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.PropertyUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.JoseException;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.apache.cxf.security.SecurityContext;
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index bf7a68c..355a21b 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.util.concurrent.atomic.AtomicInteger;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 
 public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
index 4f9eecd..b683c77 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
@@ -22,8 +22,8 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 
 public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
index 88cde87..dbae000 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
@@ -23,13 +23,13 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public abstract class AbstractJweDecryption implements JweDecryptionProvider {
     protected static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 171ecc6..6d4c0cb 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -26,13 +26,13 @@ import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public abstract class AbstractJweEncryption implements JweEncryptionProvider {
     protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index 642fcf6..7e94cd6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -24,10 +24,10 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
     protected static final Logger LOG = LogUtils.getL7dLogger(AbstractWrapKeyEncryptionAlgorithm.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index 8ac33e4..36d21e8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -26,9 +26,9 @@ import java.util.Map;
 import javax.crypto.Mac;
 import javax.crypto.spec.IvParameterSpec;
 
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 public class AesCbcHmacJweEncryption extends JweEncryption {
     private static final Map<String, String> AES_HMAC_MAP;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index 0b4dd1e..1c53a82 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 
 public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
index f0529f2..dda527e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
@@ -25,10 +25,10 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.JoseException;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
     protected static final Logger LOG = LogUtils.getL7dLogger(AesGcmWrapKeyDecryptionAlgorithm.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
index 584d48f..6349b7d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
@@ -26,9 +26,9 @@ import java.util.Set;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
     private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 2ef461f..11350a2 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
     public AesWrapKeyDecryptionAlgorithm(String encodedKey) {    

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
index 522b479..3fe85e3 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -24,8 +24,8 @@ import java.util.Set;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
     private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
index 210c597..95aa6dc 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
@@ -24,10 +24,10 @@ import java.security.interfaces.ECPublicKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 
 public class EcdhDirectKeyJweEncryption extends JweEncryption {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
index 918ef5a..5036887 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import javax.crypto.Cipher;
 
-import org.apache.cxf.common.util.crypto.KeyProperties;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public class JweEncryptionOutput {
     private Cipher cipher;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index f8e2f20..fd837d8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -36,7 +36,6 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
@@ -49,6 +48,7 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 
 public final class JweUtils {
     private static final Logger LOG = LogUtils.getL7dLogger(JweUtils.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index d2d4ff4..0a17be5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -28,10 +28,10 @@ import java.util.logging.Logger;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 6414461..7def0ce 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -23,10 +23,10 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
     protected static final Logger LOG = LogUtils.getL7dLogger(WrappedKeyDecryptionAlgorithm.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 241fe6b..9dcd0fe 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -38,7 +38,6 @@ import javax.crypto.SecretKey;
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
@@ -62,6 +61,7 @@ import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public final class JwkUtils {
     public static final String JWK_KEY_STORE_TYPE = "jwk";

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
index d904de9..0c88113 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
@@ -24,10 +24,10 @@ import javax.crypto.Mac;
 
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
     private byte[] key;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 984eb32..e0a4c68 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -23,10 +23,10 @@ import java.util.Arrays;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
     protected static final Logger LOG = LogUtils.getL7dLogger(HmacJwsSignatureVerifier.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
index cb7b5ab..258d5e3 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
@@ -24,10 +24,10 @@ import java.security.Signature;
 import java.security.SignatureException;
 import java.security.spec.AlgorithmParameterSpec;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider {
     private PrivateKey key;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
index d40e66d..86fabca 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
@@ -24,9 +24,9 @@ import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
     protected static final Logger LOG = LogUtils.getL7dLogger(PublicKeyJwsSignatureVerifier.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 91debe2..6fff443 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -28,14 +28,13 @@ import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
index 5a52682..dad6f70 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
@@ -24,10 +24,9 @@ import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 71f0d90..7a8c6c0 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -27,10 +27,9 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 285705b..8f65be7 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -28,7 +28,6 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
@@ -37,8 +36,8 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 import org.junit.Assert;
 import org.junit.Test;
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index 64e6276..a7f58c9 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -25,11 +25,11 @@ import java.util.Set;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDataProvider 
     implements AuthorizationCodeDataProvider {


Mime
View raw message