cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/4] cxf git commit: Move CryptoUtils into rt-security
Date Thu, 30 Apr 2015 08:19:00 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes c1cc2248a -> 26818515c


http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
index 61661e9..9dc64e8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
@@ -19,7 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.grants.code;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 
 public class DigestCodeVerifier implements CodeVerifierTransformer {
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 9c5d233..cdbf2e1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -25,7 +25,6 @@ import java.util.Map;
 import javax.crypto.SecretKey;
 import javax.ws.rs.core.MultivaluedMap;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
@@ -40,6 +39,7 @@ import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
     private static final String REQUEST_PARAM = "request";

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
index 77a63b9..7fb8e1a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
@@ -24,7 +24,6 @@ import javax.crypto.SecretKey;
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
@@ -33,6 +32,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
index 428a818..951e92d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
@@ -20,8 +20,8 @@
 package org.apache.cxf.rs.security.oauth2.provider;
 
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 
 /**
  * ClientSecretVerifier which checks the passwords against hashes  

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
index f139632..5750a3e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -27,12 +27,12 @@ import java.util.concurrent.ConcurrentHashMap;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvider 
     implements ClientRegistrationProvider {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
index 9a2e25d..d9d70a5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
@@ -29,7 +29,6 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
@@ -37,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator {
     protected static final String HTTP_VERB = "http.verb";

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
index c711092..65a86a4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
@@ -18,12 +18,12 @@
  */
 package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
 
 //https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
 //->

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
index 64c7959..ce02419 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
@@ -23,10 +23,10 @@ import java.util.Map;
 
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
 import org.apache.cxf.rs.security.oauth2.common.AccessToken;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
 // https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
 // ->
 // https://github.com/hueniverse/hawk/blob/master/README.md

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 1d4088f..bd4ec9f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -28,7 +28,11 @@ import java.util.Set;
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.common.util.StringUtils;
+<<<<<<< HEAD
 import org.apache.cxf.common.util.crypto.CryptoUtils;
+=======
+import org.apache.cxf.jaxrs.ext.MessageContext;
+>>>>>>> b9e4fcf... Move CryptoUtils into rt-security
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -37,6 +41,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.apache.cxf.security.LoginSecurityContext;
 import org.apache.cxf.security.SecurityContext;
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index 4e8face..4360e14 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -29,8 +29,6 @@ import java.util.Map;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -38,6 +36,8 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 
 
 /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
index 72dede2..d1bb6e6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
@@ -31,8 +31,6 @@ import java.util.List;
 import javax.crypto.SecretKey;
 import javax.ws.rs.core.MediaType;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.provider.json.JSONProvider;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
@@ -44,7 +42,8 @@ import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistrati
 import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
 import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
 import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
index fdd3f1b..0fd6179 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
@@ -27,7 +27,6 @@ import java.util.Set;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -38,6 +37,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
 import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class EncryptingDataProvider implements OAuthDataProvider {
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
index 5f8bd8c..d6f0b68 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
@@ -23,13 +23,13 @@ import java.security.interfaces.RSAPublicKey;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractJwsJweProducer {
     private JwsSignatureProvider sigProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 42e94da..1a0c3de 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -26,10 +26,10 @@ import java.util.Map;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oidc.common.UserInfo;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 
 public final class OidcUtils {
     public static final String ID_TOKEN = "id_token";

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
new file mode 100644
index 0000000..4893137
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -0,0 +1,724 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.CompressionUtils;
+import org.apache.cxf.helpers.IOUtils;
+
+
+/**
+ * Encryption helpers
+ */
+public final class CryptoUtils {
+    
+    private CryptoUtils() {
+    }
+    
+    public static String encodeSecretKey(SecretKey key) throws SecurityException {
+        return encodeBytes(key.getEncoded());
+    }
+    
+    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
+        throws SecurityException {
+        KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
+        return encryptSecretKey(secretKey, publicKey, props);
+    }
+    
+    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
+        KeyProperties props) throws SecurityException {
+        byte[] encryptedBytes = wrapSecretKey(secretKey, publicKey, props);
+        return encodeBytes(encryptedBytes);
+    }
+    
+    public static byte[] generateSecureRandomBytes(int size) {
+        SecureRandom sr = new SecureRandom();
+        byte[] bytes = new byte[size];
+        sr.nextBytes(bytes);
+        return bytes;
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(String encodedModulus,
+                                               String encodedPublicExponent) {
+        try {
+            return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus),
+                                   CryptoUtils.decodeSequence(encodedPublicExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
+                                               byte[] publicExponentBytes) {
+        try {
+            return getRSAPublicKey(KeyFactory.getInstance("RSA"), 
+                                   modulusBytes,
+                                   publicExponentBytes);
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }         
+    }
+    
+    public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
+                                               byte[] modulusBytes,
+                                               byte[] publicExponentBytes) {
+        BigInteger modulus = toBigInteger(modulusBytes);
+        BigInteger publicExponent = toBigInteger(publicExponentBytes);
+        try {
+            return (RSAPublicKey)factory.generatePublic(
+                new RSAPublicKeySpec(modulus, publicExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+                                                 String encodedPrivateExponent) {
+        try {
+            return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
+                                    CryptoUtils.decodeSequence(encodedPrivateExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+                                                 byte[] privateExponentBytes) {
+        BigInteger modulus =  toBigInteger(modulusBytes);
+        BigInteger privateExponent =  toBigInteger(privateExponentBytes);
+        try {
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            return (RSAPrivateKey)factory.generatePrivate(
+                new RSAPrivateKeySpec(modulus, privateExponent));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    //CHECKSTYLE:OFF
+    public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+                                                 String encodedPublicExponent,
+                                                 String encodedPrivateExponent,
+                                                 String encodedPrimeP,
+                                                 String encodedPrimeQ,
+                                                 String encodedPrimeExpP,
+                                                 String encodedPrimeExpQ,
+                                                 String encodedCrtCoefficient) {
+    //CHECKSTYLE:ON
+        try {
+            return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
+                                    CryptoUtils.decodeSequence(encodedPublicExponent),
+                                    CryptoUtils.decodeSequence(encodedPrivateExponent),
+                                    CryptoUtils.decodeSequence(encodedPrimeP),
+                                    CryptoUtils.decodeSequence(encodedPrimeQ),
+                                    CryptoUtils.decodeSequence(encodedPrimeExpP),
+                                    CryptoUtils.decodeSequence(encodedPrimeExpQ),
+                                    CryptoUtils.decodeSequence(encodedCrtCoefficient));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    //CHECKSTYLE:OFF
+    public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+                                                 byte[] publicExponentBytes,
+                                                 byte[] privateExponentBytes,
+                                                 byte[] primePBytes,
+                                                 byte[] primeQBytes,
+                                                 byte[] primeExpPBytes,
+                                                 byte[] primeExpQBytes,
+                                                 byte[] crtCoefficientBytes) {
+    //CHECKSTYLE:ON
+        BigInteger modulus = toBigInteger(modulusBytes);
+        BigInteger publicExponent = toBigInteger(publicExponentBytes);
+        BigInteger privateExponent = toBigInteger(privateExponentBytes);
+        BigInteger primeP = toBigInteger(primePBytes);
+        BigInteger primeQ = toBigInteger(primeQBytes);
+        BigInteger primeExpP = toBigInteger(primeExpPBytes);
+        BigInteger primeExpQ = toBigInteger(primeExpQBytes);
+        BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes);
+        try {
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            return (RSAPrivateKey)factory.generatePrivate(
+                new RSAPrivateCrtKeySpec(modulus, 
+                                         publicExponent,
+                                         privateExponent,
+                                         primeP,
+                                         primeQ,
+                                         primeExpP,
+                                         primeExpQ,
+                                         crtCoefficient));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) {
+        try {
+            return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) {
+        try {
+            ECParameterSpec params = getECParameterSpec(curve, true);
+            ECPrivateKeySpec keySpec = new ECPrivateKeySpec(
+                                           toBigInteger(privateKey), params);
+            KeyFactory kf = KeyFactory.getInstance("EC");
+            return (ECPrivateKey) kf.generatePrivate(keySpec);
+
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate) 
+        throws Exception {
+        KeyPair pair = generateECKeyPair(curve);
+        return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams()
+            : ((ECPrivateKey) pair.getPrivate()).getParams();
+    }
+    
+    public static KeyPair generateECKeyPair(String curve) {
+        try {
+            KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
+            ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec"
+                                                                  + curve.toLowerCase().replace("-", "")
+                                                                  + "r1");
+            kpg.initialize(kpgparams);
+            return kpg.generateKeyPair();
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) {
+        try {
+            return getECPublicKey(curve,
+                                  CryptoUtils.decodeSequence(encodedXPoint),
+                                  CryptoUtils.decodeSequence(encodedYPoint));
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) {
+        try {
+            ECParameterSpec params = getECParameterSpec(curve, false);
+
+            ECPoint ecPoint = new ECPoint(toBigInteger(xPoint),
+                                          toBigInteger(yPoint));
+            ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params);
+            KeyFactory kf = KeyFactory.getInstance("EC");
+            return (ECPublicKey) kf.generatePublic(keySpec);
+
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }    
+    }
+    private static BigInteger toBigInteger(byte[] bytes) {
+        if (bytes[0] == -128) { 
+            return new BigInteger(bytes); 
+        } else {
+            return new BigInteger(1, bytes);
+        }
+    }
+    public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) {
+        // this can be overridden if needed
+        if (authTagLength > 0) {
+            return CryptoUtils.getGCMParameterSpec(authTagLength, iv);
+        } else if (iv.length > 0) {
+            return new IvParameterSpec(iv);
+        } else {
+            return null;
+        }
+    }
+    
+    public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) {
+        try {
+            // In case Java 6 compiler is used
+            Class<?> c = ClassLoaderUtils.loadClass("javax.crypto.spec.GCMParameterSpec", CryptoUtils.class);
+            Constructor<?> ctr = c.getConstructor(new Class[]{int.class, byte[].class});
+            return (AlgorithmParameterSpec)ctr.newInstance(new Object[]{authTagLength, iv});
+        } catch (Throwable t) {
+            throw new SecurityException(t);
+        }
+    }
+    
+    public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) {
+        return signData(data, key, signAlgo, null, null);
+    }
+    
+    public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random,
+                           AlgorithmParameterSpec params) {
+        try {
+            Signature s = getSignature(key, signAlgo, random, params);
+            s.update(data);
+            return s.sign();
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random,
+                                  AlgorithmParameterSpec params) {
+        try {
+            Signature s = Signature.getInstance(signAlgo);
+            if (random == null) {
+                s.initSign(key);
+            } else {
+                s.initSign(key, random);
+            }
+            if (params != null) {
+                s.setParameter(params);
+            }
+            return s;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) {
+        return verifySignature(data, signature, key, signAlgo, null);
+    }
+    
+    public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo, 
+                                AlgorithmParameterSpec params) {
+        try {
+            Signature s = Signature.getInstance(signAlgo);
+            s.initVerify(key);
+            if (params != null) {
+                s.setParameter(params);
+            }
+            s.update(data);
+            return s.verify(signature);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException {
+        return getSecretKey(new KeyProperties(symEncAlgo));
+    }
+    
+    public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException {
+        return getSecretKey(new KeyProperties(symEncAlgo, keySize));
+    }
+    
+    public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
+        try {
+            KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
+            AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
+            SecureRandom random = props.getSecureRandom();
+            if (algoSpec != null) {
+                if (random != null) {
+                    keyGen.init(algoSpec, random);
+                } else {
+                    keyGen.init(algoSpec);
+                }
+            } else {
+                int keySize = props.getKeySize();
+                if (keySize == -1) {
+                    keySize = 128;
+                }
+                if (random != null) {
+                    keyGen.init(keySize, random);
+                } else {
+                    keyGen.init(keySize);
+                }
+            }
+            
+            return keyGen.generateKey();
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static String decryptSequence(String encodedToken, String encodedSecretKey)
+        throws SecurityException {
+        return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
+    }
+    
+    public static String decryptSequence(String encodedData, String encodedSecretKey, 
+        KeyProperties props) throws SecurityException {
+        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptSequence(encodedData, key, props);
+    }
+    
+    public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException {
+        return decryptSequence(encodedData, secretKey, null);
+    }
+    
+    public static String decryptSequence(String encodedData, Key secretKey,
+        KeyProperties props) throws SecurityException {
+        byte[] encryptedBytes = decodeSequence(encodedData);
+        byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
+        try {
+            return new String(bytes, "UTF-8");
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static String encryptSequence(String sequence, Key secretKey) throws SecurityException {
+        return encryptSequence(sequence, secretKey, null);
+    }
+    
+    public static String encryptSequence(String sequence, Key secretKey,
+        KeyProperties keyProps) throws SecurityException {
+        try {
+            byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
+            return encodeBytes(bytes);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static String encodeBytes(byte[] bytes) throws SecurityException {
+        try {
+            return Base64UrlUtility.encode(bytes);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+        return encryptBytes(bytes, secretKey, null);
+    }
+    
+    public static byte[] encryptBytes(byte[] bytes, Key secretKey,
+        KeyProperties keyProps) throws SecurityException {
+        return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
+    }
+    
+    public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+        return decryptBytes(bytes, secretKey, null);
+    }
+    
+    public static byte[] decryptBytes(byte[] bytes, Key secretKey, 
+        KeyProperties keyProps) throws SecurityException {
+        return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
+    }
+    
+    public static byte[] wrapSecretKey(byte[] keyBytes, 
+                                       String keyAlgo,
+                                       Key wrapperKey,
+                                       KeyProperties wrapperKeyProps)  throws SecurityException {
+        return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)), 
+                             wrapperKey, 
+                             wrapperKeyProps);
+    }
+    
+    public static byte[] wrapSecretKey(Key secretKey,
+                                       Key wrapperKey,
+                                       KeyProperties keyProps)  throws SecurityException {
+        try {
+            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
+            return c.wrap(secretKey);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            String unwrapperKeyAlgo)  throws SecurityException {
+        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
+                               new KeyProperties(unwrapperKeyAlgo));
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            KeyProperties keyProps)  throws SecurityException {
+        return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY);    
+    }
+    
+    public static Key unwrapKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            KeyProperties keyProps,
+                                            int wrappedKeyType)  throws SecurityException {
+        try {
+            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
+            return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }    
+    }
+    
+    private static byte[] processBytes(byte[] bytes, 
+                                      Key secretKey, 
+                                      KeyProperties keyProps, 
+                                      int mode)  throws SecurityException {
+        boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
+        if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
+            bytes = CompressionUtils.deflate(bytes, false);
+        }
+        try {
+            Cipher c = initCipher(secretKey, keyProps, mode);
+            byte[] result = new byte[0];
+            int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
+            if (secretKey instanceof SecretKey && blockSize == -1) {
+                result = c.doFinal(bytes);
+            } else {
+                if (blockSize == -1) {
+                    blockSize = secretKey instanceof PublicKey ? 117 : 128;
+                }
+                boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null;
+                int offset = 0;
+                for (; offset + blockSize < bytes.length; offset += blockSize) {
+                    byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize) 
+                        : c.update(bytes, offset, blockSize);
+                    result = addToResult(result, next);
+                }
+                if (offset < bytes.length) {
+                    result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
+                } else {
+                    result = addToResult(result, c.doFinal());
+                }
+            }
+            if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
+                result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
+            }
+            return result;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode)  throws SecurityException {
+        try {
+            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null 
+                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
+            Cipher c = Cipher.getInstance(algorithm);
+            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
+                c.init(mode, secretKey);
+            } else {
+                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
+                SecureRandom random = keyProps.getSecureRandom();
+                if (algoSpec == null) {
+                    c.init(mode, secretKey, random);
+                } else if (random == null) {
+                    c.init(mode, secretKey, algoSpec);
+                } else {
+                    c.init(mode, secretKey, algoSpec, random);
+                }
+            }
+            if (keyProps != null && keyProps.getAdditionalData() != null) {
+                // TODO: call updateAAD directly after switching to Java7
+                try {
+                    Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
+                    m.invoke(c, new Object[]{keyProps.getAdditionalData()});
+                } catch (NoSuchMethodException ex) {
+                    throw new SecurityException(ex); 
+                }
+            }
+            return c;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    private static byte[] addToResult(byte[] prefix, byte[] suffix) {
+        if (suffix == null || suffix.length == 0) {
+            return prefix;    
+        } else if (prefix.length == 0) {
+            return suffix;
+        } else {
+            byte[] result = new byte[prefix.length + suffix.length];
+            System.arraycopy(prefix, 0, result, 0, prefix.length);
+            System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
+            return result;
+        }
+    }
+    
+    public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException {
+        return decodeSecretKey(encodedSecretKey, "AES");
+    }
+    
+    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) 
+        throws SecurityException {
+        byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
+        return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
+    }
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             PrivateKey privateKey) {
+        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
+    }
+    
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             PrivateKey privateKey)
+        throws SecurityException {
+        KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
+        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
+    }
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             KeyProperties props,
+                                             PrivateKey privateKey) throws SecurityException {
+        byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
+        return unwrapSecretKey(encryptedBytes, secretKeyAlgo, privateKey, props);
+    }
+    
+    public static SecretKey createSecretKeySpec(String encodedBytes, String algo) {
+        return new SecretKeySpec(decodeSequence(encodedBytes), algo);
+    }
+    public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
+        return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo));
+    }
+    public static byte[] decodeSequence(String encodedSequence) throws SecurityException {
+        try {
+            return Base64UrlUtility.decode(encodedSequence);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+    private static String convertJCECipherToSecretKeyName(String jceCipherName) {
+        if (jceCipherName != null) {
+            if (jceCipherName.startsWith("AES")) {
+                return "AES";
+            } else if (jceCipherName.startsWith("DESede")) {
+                return "DESede";
+            } else if (jceCipherName.startsWith("SEED")) {
+                return "SEED";
+            } else if (jceCipherName.startsWith("Camellia")) {
+                return "Camellia";
+            }
+        }
+        return null;
+    }
+    public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
+                                              String storeType) {
+        KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+        return loadCertificate(keyStore, alias);
+    }
+    public static Certificate loadCertificate(KeyStore keyStore, String alias) {
+        try {
+            if (alias == null) {
+                throw new SecurityException("No keystore alias was defined");
+            }
+            if (!keyStore.containsAlias(alias)) {
+                throw new SecurityException("No alias exists in the keystore for: " + alias);
+            }
+            return keyStore.getCertificate(alias);
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static String encodeCertificate(Certificate cert) {
+        try {
+            return Base64Utility.encode(cert.getEncoded());
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+    public static Certificate decodeCertificate(String encodedCert) {
+        try {
+            byte[] decoded = Base64Utility.decode(encodedCert);
+            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
+                                          String storeType) {
+        return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
+    }
+    public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
+        return loadCertificate(keyStore, alias).getPublicKey();
+    }
+    public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) {
+        try {
+            KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
+            ks.load(storeLocation, storePassword);
+            return ks;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    public static PrivateKey loadPrivateKey(InputStream storeLocation, 
+                                            char[] storePassword, 
+                                            char[] keyPassword, 
+                                            String alias,
+                                            String storeType) {
+        KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+        return loadPrivateKey(keyStore, keyPassword, alias);
+    }
+    
+    public static PrivateKey loadPrivateKey(KeyStore keyStore,
+                                            char[] keyPassword, 
+                                            String alias) {
+        try {
+            if (alias == null) {
+                throw new SecurityException("No keystore alias was defined");
+            }
+            if (!keyStore.containsAlias(alias)) {
+                throw new SecurityException("No alias exists in the keystore for: " + alias);
+            }
+            KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
+                keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
+            return pkEntry.getPrivateKey();
+        } catch (Exception ex) { 
+            throw new SecurityException(ex);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
new file mode 100644
index 0000000..bf50224
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
@@ -0,0 +1,145 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.Base64Utility;
+
+public final class HmacUtils {
+    
+    private HmacUtils() {
+        
+    }
+    
+    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
+        return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
+    }
+    
+    public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
+        byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
+        return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
+    }
+    
+    public static Mac getMac(String macAlgoJavaName) {
+        return getMac(macAlgoJavaName, (String)null);
+    }
+    
+    public static Mac getMac(String macAlgoJavaName, String provider) {
+        try {
+            return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
+        } catch (NoSuchAlgorithmException e) {
+            throw new SecurityException(e);
+        } catch (NoSuchProviderException e) {
+            throw new SecurityException(e);
+        }
+    }
+    
+    public static Mac getMac(String macAlgoJavaName, Provider provider) {
+        try {
+            return Mac.getInstance(macAlgoJavaName, provider);
+        } catch (NoSuchAlgorithmException e) {
+            throw new SecurityException(e);
+        }
+    }
+    
+    public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
+        Mac mac = getMac(macAlgoJavaName);
+        return computeHmac(key, mac, data);
+    }
+    
+    public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
+        return computeHmac(key, macAlgoJavaName, null, data);
+    }
+    public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec, 
+                                     String data) {
+        Mac mac = getMac(macAlgoJavaName);
+        return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data);
+    }
+    
+    public static byte[] computeHmac(String key, Mac hmac, String data) {
+        try {
+            return computeHmac(key.getBytes("UTF-8"), hmac, data);
+        } catch (UnsupportedEncodingException e) {
+            throw new SecurityException(e);
+        }
+    }
+    
+    public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
+        SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
+        return computeHmac(secretKey, hmac, data);
+    }
+    
+    public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
+        return computeHmac(secretKey, hmac, null, data);
+    }
+    
+    public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
+        initMac(hmac, secretKey, spec);
+        return hmac.doFinal(data.getBytes());
+    }
+    
+    public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) {
+        Mac hmac = getMac(algo);
+        initMac(hmac, key, spec);
+        return hmac;
+    }
+    
+    private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) {
+        initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec);
+        
+    }
+    private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) {
+        try {
+            if (spec == null) {
+                hmac.init(secretKey);
+            } else {
+                hmac.init(secretKey, spec);
+            }
+        } catch (InvalidKeyException e) {
+            throw new SecurityException(e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new SecurityException(e);
+        }
+    }
+    
+    public static String generateKey(String algo) {
+        try {
+            KeyGenerator keyGen = KeyGenerator.getInstance(algo);
+            return Base64Utility.encode(keyGen.generateKey().getEncoded());
+        } catch (NoSuchAlgorithmException e) {
+            throw new SecurityException(e);
+        }
+    }
+    
+       
+       
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java
new file mode 100644
index 0000000..45ca188
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+public class KeyProperties {
+    private String keyAlgo;
+    private int keySize;
+    private int blockSize = -1;
+    private byte[] additionalData;
+    private SecureRandom secureRandom;
+    private AlgorithmParameterSpec algoSpec;
+    private boolean compressionSupported;
+    
+    public KeyProperties() {
+    }
+    
+    public KeyProperties(String keyAlgo) {
+        this(keyAlgo, -1);
+    }
+    public KeyProperties(String keyAlgo, int keySize) {
+        this.keyAlgo = keyAlgo;
+        this.keySize = keySize;
+    }
+    public String getKeyAlgo() {
+        return keyAlgo;
+    }
+    public void setKeyAlgo(String keyAlgo) {
+        this.keyAlgo = keyAlgo;
+    }
+    public int getKeySize() {
+        return keySize;
+    }
+    public void setKeySize(int keySize) {
+        this.keySize = keySize;
+    }
+    public SecureRandom getSecureRandom() {
+        return secureRandom;
+    }
+    public void setSecureRandom(SecureRandom secureRandom) {
+        this.secureRandom = secureRandom;
+    }
+    public AlgorithmParameterSpec getAlgoSpec() {
+        return algoSpec;
+    }
+    public void setAlgoSpec(AlgorithmParameterSpec algoSpec) {
+        this.algoSpec = algoSpec;
+    }
+    public int getBlockSize() {
+        return blockSize;
+    }
+    public void setBlockSize(int blockSize) {
+        this.blockSize = blockSize;
+    }
+    public boolean isCompressionSupported() {
+        return compressionSupported;
+    }
+    public void setCompressionSupported(boolean compressionSupported) {
+        this.compressionSupported = compressionSupported;
+    }
+    public byte[] getAdditionalData() {
+        return additionalData;
+    }
+    public void setAdditionalData(byte[] additionalData) {
+        this.additionalData = additionalData;
+    }
+    
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java
new file mode 100644
index 0000000..1c18df2
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * The utility Message Digest generator which can be used for generating
+ * random values
+ */
+public final class MessageDigestUtils {
+    
+    public static final String ALGO_SHA_1 = "SHA-1";
+    public static final String ALGO_SHA_256 = "SHA-256";
+    public static final String ALGO_MD5 = "MD5";
+    
+    private MessageDigestUtils() {
+        
+    }
+        
+    public static String generate(byte[] input) {
+        return generate(input, ALGO_SHA_256);
+    }   
+    
+    public static String generate(byte[] input, String algo) {    
+        try {
+            byte[] messageDigest = createDigest(input, algo);
+            return StringUtils.toHexString(messageDigest);
+        } catch (NoSuchAlgorithmException e) {
+            throw new SecurityException(e);
+        }
+    }
+
+    public static byte[] createDigest(String input, String algo) {
+        try {
+            return createDigest(input.getBytes("UTF-8"), algo);
+        } catch (UnsupportedEncodingException e) {
+            throw new SecurityException(e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new SecurityException(e);
+        }   
+    }
+    
+    public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException { 
+        MessageDigest md = MessageDigest.getInstance(algo);
+        return md.digest(input);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
index ed78743..ce89320 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
@@ -26,7 +26,6 @@ import java.util.List;
 import java.util.Map;
 
 import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -36,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.saml.Constants;
 import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 
 public class OAuthDataProviderImpl implements OAuthDataProvider {


Mime
View raw message