cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [2/2] cxf git commit: Updating Jose utils to use enums were possible
Date Mon, 06 Jul 2015 20:36:40 GMT
Updating Jose utils to use enums were possible


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e92477bc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e92477bc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e92477bc

Branch: refs/heads/master
Commit: e92477bc8d0a0a00eb5afca6fb5ee5a85718672b
Parents: e545379
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Jul 6 21:36:12 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Jul 6 21:36:12 2015 +0100

----------------------------------------------------------------------
 .../jose/jwe/JweJwtCompactConsumer.java         |  10 +-
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 169 ++++++++++---------
 .../cxf/rs/security/jose/jwk/JwkUtils.java      |  33 ++--
 .../security/jose/jws/JwsCompactConsumer.java   |   9 +-
 .../security/jose/jws/JwsCompactProducer.java   |  10 +-
 .../rs/security/jose/jws/JwsJsonConsumer.java   |   7 +-
 .../rs/security/jose/jws/JwsJsonProducer.java   |   5 +-
 .../cxf/rs/security/jose/jws/JwsUtils.java      |  77 +++++----
 .../jose/cookbook/JwsJoseCookBookTest.java      |  72 ++++----
 .../security/jose/jwe/JweJsonConsumerTest.java  |  29 ++--
 .../security/jose/jwe/JweJsonProducerTest.java  |  10 +-
 .../grants/code/JwtRequestCodeFilter.java       |   9 +-
 .../oauth2/grants/code/JwtRequestCodeGrant.java |   7 +-
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  |  11 +-
 .../oidc/idp/AbstractJwsJweProducer.java        |  12 +-
 15 files changed, 260 insertions(+), 210 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
index 09e491b..d7a76b9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
@@ -36,17 +36,17 @@ public class JweJwtCompactConsumer  {
     }
     public JwtToken decryptWith(JsonWebKey key) {
         return decryptWith(JweUtils.createJweDecryptionProvider(key, 
-                               headers.getContentEncryptionAlgorithm().getJwaName()));
+                               headers.getContentEncryptionAlgorithm()));
     }
     public JwtToken decryptWith(RSAPrivateKey key) {
         return decryptWith(JweUtils.createJweDecryptionProvider(key, 
-                               headers.getKeyEncryptionAlgorithm().getJwaName(),
-                               headers.getContentEncryptionAlgorithm().getJwaName()));
+                               headers.getKeyEncryptionAlgorithm(),
+                               headers.getContentEncryptionAlgorithm()));
     }
     public JwtToken decryptWith(SecretKey key) {
         return decryptWith(JweUtils.createJweDecryptionProvider(key, 
-                               headers.getKeyEncryptionAlgorithm().getJwaName(),
-                               headers.getContentEncryptionAlgorithm().getJwaName()));
+                               headers.getKeyEncryptionAlgorithm(),
+                               headers.getContentEncryptionAlgorithm()));
     }
     public JwtToken decryptWith(JweDecryptionProvider jwe) {
         byte[] bytes = jwe.decrypt(jweConsumer.getJweDecryptionInput());

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index c0b7317..bac9ba7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -66,17 +66,21 @@ public final class JweUtils {
     private JweUtils() {
         
     }
-    public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content) {
+    public static String encrypt(RSAPublicKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, 
+                                 byte[] content) {
         return encrypt(key, keyAlgo, contentAlgo, content, null);
     }
-    public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) {
+    public static String encrypt(RSAPublicKey key, KeyAlgorithm keyAlgo, 
+                                 ContentAlgorithm contentAlgo, byte[] content, String ct) {
         KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo);
         return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
     }
-    public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content) {
+    public static String encrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, 
+                                 byte[] content) {
         return encrypt(key, keyAlgo, contentAlgo, content, null);
     }
-    public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) {
+    public static String encrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, 
+                                 byte[] content, String ct) {
         if (keyAlgo != null) {
             KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
             return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
@@ -84,14 +88,14 @@ public final class JweUtils {
             return encryptDirect(key, contentAlgo, content, ct);
         }
     }
-    public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String ct) {
+    public static String encrypt(JsonWebKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) {
         KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
         return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
     }
-    public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content) {
+    public static String encryptDirect(SecretKey key, ContentAlgorithm contentAlgo, byte[] content) {
         return encryptDirect(key, contentAlgo, content, null);
     }
-    public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content, String ct) {
+    public static String encryptDirect(SecretKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) {
         JweEncryptionProvider jwe = getDirectKeyJweEncryption(key, contentAlgo);
         return jwe.encrypt(content, toJweHeaders(ct));
     }
@@ -99,11 +103,11 @@ public final class JweUtils {
         JweEncryptionProvider jwe = getDirectKeyJweEncryption(key);
         return jwe.encrypt(content, toJweHeaders(ct));
     }
-    public static byte[] decrypt(PrivateKey key, String keyAlgo, String contentAlgo, String content) {
+    public static byte[] decrypt(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, String content) {
         KeyDecryptionAlgorithm keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(key, keyAlgo);
         return decrypt(keyDecryptionProvider, contentAlgo, content);
     }
-    public static byte[] decrypt(SecretKey key, String keyAlgo, String contentAlgo, String content) {
+    public static byte[] decrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, String content) {
         if (keyAlgo != null) {
             KeyDecryptionAlgorithm keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(key, keyAlgo);
             return decrypt(keyDecryptionProvider, contentAlgo, content);
@@ -111,11 +115,11 @@ public final class JweUtils {
             return decryptDirect(key, contentAlgo, content);
         }
     }
-    public static byte[] decrypt(JsonWebKey key, String contentAlgo, String content) {
+    public static byte[] decrypt(JsonWebKey key, ContentAlgorithm contentAlgo, String content) {
         KeyDecryptionAlgorithm keyDecryptionProvider = getKeyDecryptionAlgorithm(key);
         return decrypt(keyDecryptionProvider, contentAlgo, content);
     }
-    public static byte[] decryptDirect(SecretKey key, String contentAlgo, String content) {
+    public static byte[] decryptDirect(SecretKey key, ContentAlgorithm contentAlgo, String content) {
         JweDecryptionProvider jwe = getDirectKeyJweDecryption(key, contentAlgo);
         return jwe.decrypt(content).getContent();
     }
@@ -126,31 +130,32 @@ public final class JweUtils {
     public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk) {
         return getKeyEncryptionProvider(jwk, null);
     }
-    public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, String defaultAlgorithm) {
-        String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+    public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
+        KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm 
+            : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
         KeyEncryptionProvider keyEncryptionProvider = null;
         KeyType keyType = jwk.getKeyType();
         if (KeyType.RSA == keyType) {
             keyEncryptionProvider = getRSAKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), 
-                                                                 keyEncryptionAlgo);
+                                                                 keyAlgo);
         } else if (KeyType.OCTET == keyType) {
             keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), 
-                                                                    keyEncryptionAlgo);
+                                                                    keyAlgo);
         } else {
             keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk),
                                         jwk.getStringProperty(JsonWebKey.EC_CURVE),
-                                        KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
+                                        keyAlgo);
         }
         return keyEncryptionProvider;
     }
-    public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, String algo) {
-        return new RSAKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+    public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, KeyAlgorithm algo) {
+        return new RSAKeyEncryptionAlgorithm(key, algo);
     }
-    public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) {
-        if (AlgorithmUtils.isAesKeyWrap(algo)) {
-            return new AesWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
-        } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) {
-            return new AesGcmWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+    public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm algo) {
+        if (AlgorithmUtils.isAesKeyWrap(algo.getJwaName())) {
+            return new AesWrapKeyEncryptionAlgorithm(key, algo);
+        } else if (AlgorithmUtils.isAesGcmKeyWrap(algo.getJwaName())) {
+            return new AesGcmWrapKeyEncryptionAlgorithm(key, algo);
         }
         return null;
     }
@@ -158,34 +163,35 @@ public final class JweUtils {
         return getKeyDecryptionAlgorithm(jwk, null);
     }
     
-    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
-        String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+    public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
+        KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm 
+            : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
         KeyDecryptionAlgorithm keyDecryptionProvider = null;
         KeyType keyType = jwk.getKeyType();
         if (KeyType.RSA == keyType) {
             keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk), 
-                                                                 keyEncryptionAlgo);
+                                                                 keyAlgo);
         } else if (KeyType.OCTET == keyType) {
             keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(JwkUtils.toSecretKey(jwk),
-                                            keyEncryptionAlgo);
+                                            keyAlgo);
         } else {
             keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toECPrivateKey(jwk), 
-                                                                     keyEncryptionAlgo);
+                                                                     keyAlgo);
         }
         return keyDecryptionProvider;
     }
-    public static KeyDecryptionAlgorithm getPrivateKeyDecryptionAlgorithm(PrivateKey key, String algo) {
+    public static KeyDecryptionAlgorithm getPrivateKeyDecryptionAlgorithm(PrivateKey key, KeyAlgorithm algo) {
         if (key instanceof RSAPrivateKey) {
-            return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, KeyAlgorithm.getAlgorithm(algo));
+            return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, algo);
         } else {
-            return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, KeyAlgorithm.getAlgorithm(algo));
+            return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, algo);
         }
     }
-    public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String algo) {
-        if (AlgorithmUtils.isAesKeyWrap(algo)) {
-            return new AesWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
-        } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) {
-            return new AesGcmWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+    public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, KeyAlgorithm algo) {
+        if (AlgorithmUtils.isAesKeyWrap(algo.getJwaName())) {
+            return new AesWrapKeyDecryptionAlgorithm(key, algo);
+        } else if (AlgorithmUtils.isAesGcmKeyWrap(algo.getJwaName())) {
+            return new AesGcmWrapKeyDecryptionAlgorithm(key, algo);
         }
         return null;
     }
@@ -198,13 +204,14 @@ public final class JweUtils {
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
             return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),
-                                                 ctEncryptionAlgo);
+                                                 getContentAlgo(ctEncryptionAlgo));
         }
         return contentEncryptionProvider;
     }
-    public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, String algorithm) {
-        if (AlgorithmUtils.isAesGcm(algorithm)) {
-            return new AesGcmContentEncryptionAlgorithm(key, null, getContentAlgo(algorithm));
+    public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, 
+                                                                          ContentAlgorithm algorithm) {
+        if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) {
+            return new AesGcmContentEncryptionAlgorithm(key, null, algorithm);
         }
         return null;
     }
@@ -214,9 +221,9 @@ public final class JweUtils {
         }
         return null;
     }
-    public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String algorithm) {
-        if (AlgorithmUtils.isAesGcm(algorithm)) {
-            return new AesGcmContentDecryptionAlgorithm(getContentAlgo(algorithm));
+    public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(ContentAlgorithm algorithm) {
+        if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) {
+            return new AesGcmContentDecryptionAlgorithm(algorithm);
         }
         return null;
     }
@@ -235,23 +242,24 @@ public final class JweUtils {
         return ContentAlgorithm.getAlgorithm(algo);
     }
     public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) {
-        return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), key.getAlgorithm());
+        return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), 
+                                         getContentAlgo(key.getAlgorithm()));
     }
-    public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) {
-        if (AlgorithmUtils.isAesCbcHmac(algorithm)) {
-            return new AesCbcHmacJweEncryption(getContentAlgo(algorithm), key.getEncoded(), 
+    public static JweEncryption getDirectKeyJweEncryption(SecretKey key, ContentAlgorithm algo) {
+        if (AlgorithmUtils.isAesCbcHmac(algo.getJwaName())) {
+            return new AesCbcHmacJweEncryption(algo, key.getEncoded(), 
                                                null, new DirectKeyEncryptionAlgorithm());
         } else {
             return new JweEncryption(new DirectKeyEncryptionAlgorithm(), 
-                                 getContentEncryptionAlgorithm(key, algorithm));
+                                 getContentEncryptionAlgorithm(key, algo));
         }
     }
     public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) {
-        return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), key.getAlgorithm());
+        return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm()));
     }
-    public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) {
-        if (AlgorithmUtils.isAesCbcHmac(algorithm)) { 
-            return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentAlgo(algorithm));
+    public static JweDecryption getDirectKeyJweDecryption(SecretKey key, ContentAlgorithm algorithm) {
+        if (AlgorithmUtils.isAesCbcHmac(algorithm.getJwaName())) { 
+            return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm);
         } else {
             return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), 
                                  getContentDecryptionAlgorithm(algorithm));
@@ -279,6 +287,7 @@ public final class JweUtils {
         
         KeyEncryptionProvider keyEncryptionProvider = null;
         String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
+        KeyAlgorithm keyAlgo = KeyAlgorithm.getAlgorithm(keyEncryptionAlgo); 
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         ContentEncryptionProvider ctEncryptionProvider = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
@@ -289,7 +298,7 @@ public final class JweUtils {
             } else {
                 keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), 
                                                          getDefaultKeyAlgo(jwk));
-                keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo);
+                keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);
                 if (reportPublicKey || reportPublicKeyId) {
                     JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo, 
                                               reportPublicKey, reportPublicKeyId);
@@ -298,7 +307,7 @@ public final class JweUtils {
         } else {
             keyEncryptionProvider = getRSAKeyEncryptionProvider(
                 (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), 
-                keyEncryptionAlgo);
+                keyAlgo);
             if (reportPublicKey) {
                 headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
             }
@@ -334,7 +343,7 @@ public final class JweUtils {
                 KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT);
             contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName();
             keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(privateKey, 
-                                                                 inHeaders.getKeyEncryptionAlgorithm().getJwaName());
+                                                                 inHeaders.getKeyEncryptionAlgorithm());
         } else {
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
                 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT);
@@ -344,41 +353,44 @@ public final class JweUtils {
                 } else {
                     keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
                                                              getDefaultKeyAlgo(jwk));
-                    keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo);
+                    keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, 
+                                                                      KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
                 }
             } else {
                 keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(
-                    KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), keyEncryptionAlgo);
+                    KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), 
+                    KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
             }
         }
-        return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo);
+        return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, 
+                                           getContentAlgo(contentEncryptionAlgo));
     }
     public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key,
-                                                                    String keyAlgo,
-                                                                    String contentEncryptionAlgo,
+                                                                    KeyAlgorithm keyAlgo,
+                                                                    ContentAlgorithm contentEncryptionAlgo,
                                                                     String compression) {
         KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo);
         return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders headers) {
         KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, 
-                                                           headers.getKeyEncryptionAlgorithm().getJwaName());
+                                                           headers.getKeyEncryptionAlgorithm());
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key,
-                                                                    String keyAlgo,
-                                                                    String contentEncryptionAlgo,
+                                                                    KeyAlgorithm keyAlgo,
+                                                                    ContentAlgorithm contentEncryptionAlgo,
                                                                     String compression) {
         KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
         return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders headers) {
         KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, 
-                                                           headers.getKeyEncryptionAlgorithm().getJwaName());
+                                                           headers.getKeyEncryptionAlgorithm());
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key,
-                                                                    String contentEncryptionAlgo,
+                                                                    ContentAlgorithm contentEncryptionAlgo,
                                                                     String compression) {
         KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
         return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
@@ -388,11 +400,11 @@ public final class JweUtils {
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
-                                                                    String contentEncryptionAlgo,
+                                                                    ContentAlgorithm contentEncryptionAlgo,
                                                                     String compression) {
         JweHeaders headers = 
             prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null,
-                contentEncryptionAlgo, compression);
+                contentEncryptionAlgo.getJwaName(), compression);
         return createJweEncryptionProvider(keyEncryptionProvider, headers);
     }
     public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
@@ -406,23 +418,23 @@ public final class JweUtils {
         }
     }
     public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey key,
-                                                                    String keyAlgo,
-                                                                    String contentDecryptionAlgo) {
+                                                                    KeyAlgorithm keyAlgo,
+                                                                    ContentAlgorithm contentDecryptionAlgo) {
         return createJweDecryptionProvider(getPrivateKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo);
     }
     public static JweDecryptionProvider createJweDecryptionProvider(SecretKey key,
-                                                                    String keyAlgo,
-                                                                    String contentDecryptionAlgo) {
+                                                                    KeyAlgorithm keyAlgo,
+                                                                    ContentAlgorithm contentDecryptionAlgo) {
         return createJweDecryptionProvider(getSecretKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo);
     }
     public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey key,
-                                                                    String contentDecryptionAlgo) {
+                                                                    ContentAlgorithm contentDecryptionAlgo) {
         return createJweDecryptionProvider(getKeyDecryptionAlgorithm(key), contentDecryptionAlgo);
     }
     public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider,
-                                                                    String contentDecryptionAlgo) {
-        if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo)) { 
-            return new AesCbcHmacJweDecryption(keyDecryptionProvider, getContentAlgo(contentDecryptionAlgo));
+                                                                    ContentAlgorithm contentDecryptionAlgo) {
+        if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo.getJwaName())) { 
+            return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo);
         } else {
             return new JweDecryption(keyDecryptionProvider, 
                                      getContentDecryptionAlgorithm(contentDecryptionAlgo));
@@ -556,7 +568,7 @@ public final class JweUtils {
     }
     private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider,
                                                                     SecretKey ctDecryptionKey,
-                                                                    String contentDecryptionAlgo) {
+                                                                    ContentAlgorithm contentDecryptionAlgo) {
         if (keyDecryptionProvider == null && ctDecryptionKey == null) {
             LOG.warning("Key or content encryptor is not available");
             throw new JweException(JweException.Error.NO_ENCRYPTOR);
@@ -594,11 +606,12 @@ public final class JweUtils {
         return algo;
     }
     private static String encrypt(KeyEncryptionProvider keyEncryptionProvider, 
-                                  String contentAlgo, byte[] content, String ct) {
+                                  ContentAlgorithm contentAlgo, byte[] content, String ct) {
         JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo, null);
         return jwe.encrypt(content, toJweHeaders(ct));
     }
-    private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, String contentAlgo, String content) {
+    private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, ContentAlgorithm contentAlgo, 
+                                  String content) {
         JweDecryptionProvider jwe = createJweDecryptionProvider(keyDecryptionProvider, contentAlgo);
         return jwe.decrypt(content).getContent();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 511bf9b..608c4f5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -51,6 +51,7 @@ import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
 import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -117,14 +118,16 @@ public final class JwkUtils {
         return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), 
                            toJweHeaders("jwk-set+json"));
     }
-    public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, String keyAlgo, String contentAlgo) {
+    public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, KeyAlgorithm keyAlgo, 
+                                       ContentAlgorithm contentAlgo) {
         return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
                                 "jwk-set+json");
     }
-    public static String signJwkSet(JsonWebKeys jwkSet, RSAPrivateKey key, String algo) {
+    public static String signJwkSet(JsonWebKeys jwkSet, RSAPrivateKey key, SignatureAlgorithm algo) {
         return JwsUtils.sign(key, algo, jwkSetToJson(jwkSet), "jwk-set+json");
     }
-    public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, String keyAlgo, String contentAlgo) {
+    public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, KeyAlgorithm keyAlgo, 
+                                       ContentAlgorithm contentAlgo) {
         return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
                                 "jwk-set+json");
     }
@@ -137,13 +140,15 @@ public final class JwkUtils {
     public static JsonWebKeys decryptJwkSet(String jsonJwkSet, JweDecryptionProvider jwe, JwkReaderWriter reader) {
         return reader.jsonToJwkSet(jwe.decrypt(jsonJwkSet).getContentText());
     }
-    public static JsonWebKeys decryptJwkSet(RSAPrivateKey key, String keyAlgo, String ctAlgo, String jsonJwkSet) {
+    public static JsonWebKeys decryptJwkSet(RSAPrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
+                                            String jsonJwkSet) {
         return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
     }
-    public static JsonWebKeys verifyJwkSet(RSAPublicKey key, String keyAlgo, String jsonJwk) {
+    public static JsonWebKeys verifyJwkSet(RSAPublicKey key, SignatureAlgorithm keyAlgo, String jsonJwk) {
         return readJwkSet(JwsUtils.verify(key, keyAlgo, jsonJwk));
     }
-    public static JsonWebKeys decryptJwkSet(SecretKey key, String keyAlgo, String ctAlgo, String jsonJwkSet) {
+    public static JsonWebKeys decryptJwkSet(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, 
+                                            String jsonJwkSet) {
         return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
     }
     public static JsonWebKeys decryptJwkSet(InputStream is, char[] password) throws IOException {
@@ -167,15 +172,17 @@ public final class JwkUtils {
         return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), 
                            toJweHeaders("jwk+json"));
     }
-    public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, String keyAlgo, String contentAlgo) {
+    public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, KeyAlgorithm keyAlgo, 
+                                       ContentAlgorithm contentAlgo) {
         return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
                                 "jwk+json");
     }
-    public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, String keyAlgo, String contentAlgo) {
+    public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, KeyAlgorithm keyAlgo, 
+                                       ContentAlgorithm contentAlgo) {
         return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
                                 "jwk+json");
     }
-    public static String signJwkKey(JsonWebKey jwkKey, RSAPrivateKey key, String algo) {
+    public static String signJwkKey(JsonWebKey jwkKey, RSAPrivateKey key, SignatureAlgorithm algo) {
         return JwsUtils.sign(key, algo, jwkKeyToJson(jwkKey), "jwk+json");
     }
     public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password) {
@@ -184,13 +191,15 @@ public final class JwkUtils {
     public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password, JwkReaderWriter reader) {
         return decryptJwkKey(jsonJwkKey, createDefaultDecryption(password), reader);
     }
-    public static JsonWebKey decryptJwkKey(RSAPrivateKey key, String keyAlgo, String ctAlgo, String jsonJwk) {
+    public static JsonWebKey decryptJwkKey(RSAPrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, 
+                                           String jsonJwk) {
         return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
     }
-    public static JsonWebKey verifyJwkKey(RSAPublicKey key, String keyAlgo, String jsonJwk) {
+    public static JsonWebKey verifyJwkKey(RSAPublicKey key, SignatureAlgorithm keyAlgo, String jsonJwk) {
         return readJwkKey(JwsUtils.verify(key, keyAlgo, jsonJwk));
     }
-    public static JsonWebKey decryptJwkKey(SecretKey key, String keyAlgo, String ctAlgo, String jsonJwk) {
+    public static JsonWebKey decryptJwkKey(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, 
+                                           String jsonJwk) {
         return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
     }
     public static JsonWebKey decryptJwkKey(String jsonJwkKey, JweDecryptionProvider jwe, JwkReaderWriter reader) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
index edd2560..62975a6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
@@ -27,6 +27,7 @@ import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
 import org.apache.cxf.rs.security.jose.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 
 public class JwsCompactConsumer {
@@ -112,16 +113,16 @@ public class JwsCompactConsumer {
     public boolean verifySignatureWith(JsonWebKey key) {
         return verifySignatureWith(JwsUtils.getSignatureVerifier(key));
     }
-    public boolean verifySignatureWith(JsonWebKey key, String algo) {
+    public boolean verifySignatureWith(JsonWebKey key, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo));
     }
-    public boolean verifySignatureWith(X509Certificate cert, String algo) {
+    public boolean verifySignatureWith(X509Certificate cert, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(cert, algo));
     }
-    public boolean verifySignatureWith(PublicKey key, String algo) {
+    public boolean verifySignatureWith(PublicKey key, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
     }
-    public boolean verifySignatureWith(byte[] key, String algo) {
+    public boolean verifySignatureWith(byte[] key, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
     }
     public boolean validateCriticalHeaders() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index fc13844..6a549aa 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -24,6 +24,7 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 
 public class JwsCompactProducer {
@@ -74,14 +75,17 @@ public class JwsCompactProducer {
         return getUnsignedEncodedJws(detached) + "." + (noSignature ? "" : signature);
     }
     public String signWith(JsonWebKey jwk) {
-        return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm()));
+        return signWith(JwsUtils.getSignatureProvider(jwk, 
+                            SignatureAlgorithm.getAlgorithm(headers.getAlgorithm())));
     }
     
     public String signWith(PrivateKey key) {
-        return signWith(JwsUtils.getPrivateKeySignatureProvider(key, headers.getAlgorithm()));
+        return signWith(JwsUtils.getPrivateKeySignatureProvider(key, 
+                                   SignatureAlgorithm.getAlgorithm(headers.getAlgorithm())));
     }
     public String signWith(byte[] key) {
-        return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm()));
+        return signWith(JwsUtils.getHmacSignatureProvider(key, 
+                   SignatureAlgorithm.getAlgorithm(headers.getAlgorithm())));
     }
     
     public String signWith(JwsSignatureProvider signer) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index a7cb20a..33dc8bf 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -34,6 +34,7 @@ import org.apache.cxf.jaxrs.provider.json.JsonMapObject;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 
 public class JwsJsonConsumer {
@@ -128,10 +129,10 @@ public class JwsJsonConsumer {
         }
         return false;
     }
-    public boolean verifySignatureWith(PublicKey key, String algo) {
+    public boolean verifySignatureWith(PublicKey key, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
     }
-    public boolean verifySignatureWith(byte[] key, String algo) {
+    public boolean verifySignatureWith(byte[] key, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
     }
     public boolean verifySignatureWith(List<JwsSignatureVerifier> validators) {
@@ -172,7 +173,7 @@ public class JwsJsonConsumer {
     public boolean verifySignatureWith(JsonWebKey key) {
         return verifySignatureWith(JwsUtils.getSignatureVerifier(key));
     }
-    public boolean verifySignatureWith(JsonWebKey key, String algo) {
+    public boolean verifySignatureWith(JsonWebKey key, SignatureAlgorithm algo) {
         return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo));
     }
     public JwsJsonProducer toProducer() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index 9bac5b8..16841b7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -32,6 +32,7 @@ import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 public class JwsJsonProducer {
     protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonProducer.class);
@@ -110,10 +111,10 @@ public class JwsJsonProducer {
     public String signWith(JsonWebKey jwk) {
         return signWith(JwsUtils.getSignatureProvider(jwk));
     }
-    public String signWith(PrivateKey key, String algo) {
+    public String signWith(PrivateKey key, SignatureAlgorithm algo) {
         return signWith(JwsUtils.getPrivateKeySignatureProvider(key, algo));
     }
-    public String signWith(byte[] key, String algo) {
+    public String signWith(byte[] key, SignatureAlgorithm algo) {
         return signWith(JwsUtils.getHmacSignatureProvider(key, algo));
     }
     public String signWith(JwsSignatureProvider signer,

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index f8073cd..d0b5b6e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -61,112 +61,115 @@ public final class JwsUtils {
     private JwsUtils() {
         
     }
-    public static String sign(PrivateKey key, String algo, String content) {
+    public static String sign(PrivateKey key, SignatureAlgorithm algo, String content) {
         return sign(key, algo, content, null);
     }
     
     
-    public static String sign(PrivateKey key, String algo, String content, String ct) {
+    public static String sign(PrivateKey key, SignatureAlgorithm algo, String content, String ct) {
         return sign(getPrivateKeySignatureProvider(key, algo), content, ct);
     }
-    public static String sign(byte[] key, String algo, String content) {
+    public static String sign(byte[] key, SignatureAlgorithm algo, String content) {
         return sign(key, algo, content, null);
     }
-    public static String sign(byte[] key, String algo, String content, String ct) {
+    public static String sign(byte[] key, SignatureAlgorithm algo, String content, String ct) {
         return sign(getHmacSignatureProvider(key, algo), content, ct);
     }
-    public static String verify(PublicKey key, String algo, String content) {
+    public static String verify(PublicKey key, SignatureAlgorithm algo, String content) {
         JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content);
         return jws.getDecodedJwsPayload();
     }
-    public static String verify(byte[] key, String algo, String content) {
+    public static String verify(byte[] key, SignatureAlgorithm algo, String content) {
         JwsCompactConsumer jws = verify(getHmacSignatureVerifier(key, algo), content);
         return jws.getDecodedJwsPayload();
     }
     public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) {
         return getSignatureProvider(jwk, null);
     }
-    public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) {
-        String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+    public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, 
+                                                            SignatureAlgorithm defaultAlgorithm) {
+        SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm 
+            : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
         JwsSignatureProvider theSigProvider = null;
         KeyType keyType = jwk.getKeyType();
         if (KeyType.RSA == keyType) {
             theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
-                                                            signatureAlgo);
+                                                            sigAlgo);
         } else if (KeyType.OCTET == keyType) { 
             byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-            theSigProvider = getHmacSignatureProvider(key, signatureAlgo);
+            theSigProvider = getHmacSignatureProvider(key, sigAlgo);
         } else if (KeyType.EC == jwk.getKeyType()) {
             theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk),
-                                                            signatureAlgo);
+                                                            sigAlgo);
         }
         return theSigProvider;
     }
-    public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, String algo) {
+    public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, SignatureAlgorithm algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
             throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
         }
         if (key instanceof ECPrivateKey) {
-            return new EcDsaJwsSignatureProvider((ECPrivateKey)key, SignatureAlgorithm.getAlgorithm(algo));
+            return new EcDsaJwsSignatureProvider((ECPrivateKey)key, algo);
         } else if (key instanceof RSAPrivateKey) {
-            return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+            return new PrivateKeyJwsSignatureProvider(key, algo);
         }
         
         return null;
     }
-    public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo) {
+    public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, SignatureAlgorithm algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
             throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
         }
-        if (AlgorithmUtils.isHmacSign(algo)) {
-            return new HmacJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+        if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
+            return new HmacJwsSignatureProvider(key, algo);
         }
         return null;
     }
     public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) {
         return getSignatureVerifier(jwk, null);
     }
-    public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) {
-        String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+    public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, SignatureAlgorithm defaultAlgorithm) {
+        SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm 
+            : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
         JwsSignatureVerifier theVerifier = null;
         KeyType keyType = jwk.getKeyType();
         if (KeyType.RSA == keyType) {
-            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), signatureAlgo);
+            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), sigAlgo);
         } else if (KeyType.OCTET == keyType) { 
             byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-            theVerifier = getHmacSignatureVerifier(key, signatureAlgo);
+            theVerifier = getHmacSignatureVerifier(key, sigAlgo);
         } else if (KeyType.EC == keyType) {
-            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), signatureAlgo);
+            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), sigAlgo);
         }
         return theVerifier;
     }
-    public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, String algo) {
+    public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, SignatureAlgorithm algo) {
         return getPublicKeySignatureVerifier(cert.getPublicKey(), algo);
     }
-    public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, String algo) {
+    public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, SignatureAlgorithm algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
             throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
         }
         
         if (key instanceof RSAPublicKey) {
-            return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+            return new PublicKeyJwsSignatureVerifier(key, algo);
         } else if (key instanceof ECPublicKey) {
-            return new EcDsaJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+            return new EcDsaJwsSignatureVerifier(key, algo);
         }
         
         return null;
     }
-    public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo) {
+    public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, SignatureAlgorithm algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
             throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
         }
         
-        if (AlgorithmUtils.isHmacSign(algo)) {
-            return new HmacJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+        if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
+            return new HmacJwsSignatureVerifier(key, algo);
         }
         return null;
     }
@@ -272,7 +275,7 @@ public final class JwsUtils {
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
             if (jwk != null) {
                 String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
+                theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
                 if (reportPublicKey || reportPublicKeyId) {
                     JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo, reportPublicKey, reportPublicKeyId);
                 }
@@ -280,7 +283,8 @@ public final class JwsUtils {
         } else {
             String signatureAlgo = getSignatureAlgo(m, props, null, null);
             PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
-            theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
+            theSigProvider = getPrivateKeySignatureProvider(pk, 
+                                                            SignatureAlgorithm.getAlgorithm(signatureAlgo));
             if (reportPublicKey) {
                 headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
             }
@@ -306,11 +310,13 @@ public final class JwsUtils {
                     || !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) {
                     throw new JwsException(JwsException.Error.INVALID_KEY);
                 }
-                return getSignatureVerifier(publicJwk, inHeaders.getAlgorithm());
+                return getSignatureVerifier(publicJwk, 
+                                            SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm()));
             } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
                 List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
                 KeyManagementUtils.validateCertificateChain(props, chain);
-                return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), inHeaders.getAlgorithm());
+                return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), 
+                                                     SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm()));
             }
         }
         
@@ -318,13 +324,14 @@ public final class JwsUtils {
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid);
             if (jwk != null) {
                 String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theVerifier = getSignatureVerifier(jwk, signatureAlgo);
+                theVerifier = getSignatureVerifier(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
             }
             
         } else {
             String signatureAlgo = getSignatureAlgo(m, props, null, null);
             theVerifier = getPublicKeySignatureVerifier(
-                              KeyManagementUtils.loadPublicKey(m, props), signatureAlgo);
+                              KeyManagementUtils.loadPublicKey(m, props), 
+                              SignatureAlgorithm.getAlgorithm(signatureAlgo));
         }
         if (theVerifier == null && !ignoreNullVerifier) {
             LOG.warning("Verifier is not available");

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
index c31ba44..2c2435d 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
@@ -370,7 +370,8 @@ public class JwsJoseCookBookTest {
         JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
         List<JsonWebKey> publicKeys = publicJwks.getKeys();
         JsonWebKey rsaPublicKey = publicKeys.get(1);
-        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, 
+                                                       SignatureAlgorithm.RS256));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -378,16 +379,17 @@ public class JwsJoseCookBookTest {
         JoseHeaders protectedHeader = new JoseHeaders();
         protectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO);
         protectedHeader.setKeyId(RSA_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, 
+                                                            SignatureAlgorithm.RS256), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
     }
     @Test
     public void testRSAPSSSignature() throws Exception {
@@ -414,7 +416,7 @@ public class JwsJoseCookBookTest {
         JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
         List<JsonWebKey> publicKeys = publicJwks.getKeys();
         JsonWebKey rsaPublicKey = publicKeys.get(1);
-        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -422,16 +424,16 @@ public class JwsJoseCookBookTest {
         JoseHeaders protectedHeader = new JoseHeaders();
         protectedHeader.setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO);
         protectedHeader.setKeyId(RSA_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length());
         JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length());
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
 
         Security.removeProvider(BouncyCastleProvider.class.getName());
     }
@@ -465,7 +467,7 @@ public class JwsJoseCookBookTest {
             JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
             List<JsonWebKey> publicKeys = publicJwks.getKeys();
             JsonWebKey ecPublicKey = publicKeys.get(0);
-            assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO));
+            assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
         } finally {
             Security.removeProvider(BouncyCastleProvider.class.getName());
         }
@@ -486,7 +488,7 @@ public class JwsJoseCookBookTest {
         assertEquals(compactProducer.getSignedEncodedJws(),
                 HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE);
         JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
-        assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -494,16 +496,16 @@ public class JwsJoseCookBookTest {
         JoseHeaders protectedHeader = new JoseHeaders();
         protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         protectedHeader.setKeyId(HMAC_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
     }
     @Test
     public void testDetachedHMACSignature() throws Exception {
@@ -521,7 +523,7 @@ public class JwsJoseCookBookTest {
         assertEquals(compactProducer.getSignedEncodedJws(true), DETACHED_HMAC_JWS);
         JwsCompactConsumer compactConsumer =
                 new JwsCompactConsumer(compactProducer.getSignedEncodedJws(true), ENCODED_PAYLOAD);
-        assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
 
         JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
         assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -529,17 +531,17 @@ public class JwsJoseCookBookTest {
         JoseHeaders protectedHeader = new JoseHeaders();
         protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
         protectedHeader.setKeyId(HMAC_KID_VALUE);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer =
                 new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
     }
     @Test
     public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
@@ -553,21 +555,21 @@ public class JwsJoseCookBookTest {
         JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
         List<JsonWebKey> keys = jwks.getKeys();
         JsonWebKey key = keys.get(0);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
                 protectedHeader, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer =
                 new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
                 protectedHeader, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
     }
     @Test
     public void testProtectingContentOnlySignature() throws Exception {
@@ -580,21 +582,21 @@ public class JwsJoseCookBookTest {
         JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
         List<JsonWebKey> keys = jwks.getKeys();
         JsonWebKey key = keys.get(0);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
                 null, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION);
         JwsJsonConsumer jsonConsumer =
                 new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
 
         jsonProducer = new JwsJsonProducer(PAYLOAD, true);
-        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+        jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
                 null, unprotectedHeader);
         assertEquals(jsonProducer.getJwsJsonSignedDocument(),
                 PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION);
         jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
-        assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+        assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
     }
     @Test
     public void testMultipleSignatures() throws Exception {
@@ -614,7 +616,7 @@ public class JwsJoseCookBookTest {
             JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
             List<JsonWebKey> keys = jwks.getKeys();
             JsonWebKey rsaKey = keys.get(1);
-            jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO),
+            jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256),
                     firstSignerProtectedHeader, firstSignerUnprotectedHeader);
             assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(),
                     FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
@@ -623,7 +625,7 @@ public class JwsJoseCookBookTest {
             secondSignerUnprotectedHeader.setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO);
             secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE);
             JsonWebKey ecKey = keys.get(0);
-            jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, AlgorithmUtils.ES_SHA_512_ALGO),
+            jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, SignatureAlgorithm.ES512),
                     null, secondSignerUnprotectedHeader);
             assertEquals(new JoseHeadersReaderWriter().toJson(
                 jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()),
@@ -637,7 +639,7 @@ public class JwsJoseCookBookTest {
             JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt");
             List<JsonWebKey> secretKeys = secretJwks.getKeys();
             JsonWebKey hmacKey = secretKeys.get(0);
-            jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO),
+            jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, SignatureAlgorithm.HS256),
                     thirdSignerProtectedHeader);
             assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(),
                     THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
@@ -649,9 +651,9 @@ public class JwsJoseCookBookTest {
             List<JsonWebKey> publicKeys = publicJwks.getKeys();
             JsonWebKey rsaPublicKey = publicKeys.get(1);
             JsonWebKey ecPublicKey = publicKeys.get(0);
-            assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
-            assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO));
-            assertTrue(jsonConsumer.verifySignatureWith(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO));
+            assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
+            assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
+            assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256));
         } finally {
             Security.removeProvider(BouncyCastleProvider.class.getName());
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
index a243aca..a5c178c 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
@@ -25,8 +25,11 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -70,7 +73,7 @@ public class JweJsonConsumerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_OUTPUT, 
-                              AlgorithmUtils.A128GCM_ALGO, 
+                              ContentAlgorithm.A128GCM, 
                               JweJsonProducerTest.WRAPPER_BYTES1,
                               null);
     }
@@ -79,7 +82,7 @@ public class JweJsonConsumerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_FLAT_OUTPUT, 
-                              AlgorithmUtils.A128GCM_ALGO, 
+                              ContentAlgorithm.A128GCM, 
                               JweJsonProducerTest.WRAPPER_BYTES1,
                               null);
     }
@@ -88,7 +91,7 @@ public class JweJsonConsumerTest extends Assert {
         final String text = "The true sign of intelligence is not knowledge but imagination.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_DIRECT_OUTPUT, 
-                              AlgorithmUtils.A128GCM_ALGO, 
+                              ContentAlgorithm.A128GCM, 
                               null, 
                               JweJsonProducerTest.CEK_BYTES);
     }
@@ -97,7 +100,7 @@ public class JweJsonConsumerTest extends Assert {
         String text = "Live long and prosper.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, 
-                              AlgorithmUtils.A128CBC_HS256_ALGO, 
+                              ContentAlgorithm.A128CBC_HS256, 
                               null,
                               JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3);
     }
@@ -106,7 +109,7 @@ public class JweJsonConsumerTest extends Assert {
         String text = "Live long and prosper.";
         doTestSingleRecipient(text, 
                               JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, 
-                              AlgorithmUtils.A128CBC_HS256_ALGO, 
+                              ContentAlgorithm.A128CBC_HS256, 
                               Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3),
                               null);
     }
@@ -116,8 +119,9 @@ public class JweJsonConsumerTest extends Assert {
         
         SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, 
                                                                "AES");
-        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, 
-                                                                         AlgorithmUtils.A128GCM_ALGO);
+        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, 
+                                                                         KeyAlgorithm.A128KW, 
+                                                                         ContentAlgorithm.A128GCM);
         JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT);
         JweDecryptionOutput out = consumer.decryptWith(jwe);
         assertEquals(text, out.getContentText());
@@ -127,8 +131,9 @@ public class JweJsonConsumerTest extends Assert {
     public void testSingleRecipientAllTypeOfHeadersAndAadModified() {
         SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, 
                                                                "AES");
-        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, 
-                                                                         AlgorithmUtils.A128GCM_ALGO);
+        JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, 
+                                                                         KeyAlgorithm.A128KW, 
+                                                                         ContentAlgorithm.A128GCM);
         JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT);
         try {
             consumer.decryptWith(jwe);
@@ -140,13 +145,15 @@ public class JweJsonConsumerTest extends Assert {
     }
     private void doTestSingleRecipient(String text,
                                        String input, 
-                                       String contentEncryptionAlgo,
+                                       ContentAlgorithm contentEncryptionAlgo,
                                        final byte[] wrapperKeyBytes,
                                        final byte[] cek) throws Exception {
         JweDecryptionProvider jwe = null;
         if (wrapperKeyBytes != null) {
             SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
-            jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, contentEncryptionAlgo);
+            jwe = JweUtils.createJweDecryptionProvider(wrapperKey, 
+                                                       KeyAlgorithm.A128KW, 
+                                                       contentEncryptionAlgo);
         } else {
             SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
             jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index ed18b96..bc5f556 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -219,7 +219,7 @@ public class JweJsonProducerTest extends Assert {
         if (wrapperKeyBytes == null) {
             headers.asMap().remove("alg");
             SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
-            jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo.getJwaName());
+            jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
         } else {
             SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
             jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
@@ -246,8 +246,8 @@ public class JweJsonProducerTest extends Assert {
         sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
         
         JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, 
-                                                                         AlgorithmUtils.A128KW_ALGO,
-                                                                         AlgorithmUtils.A128GCM_ALGO,
+                                                                         KeyAlgorithm.A128KW,
+                                                                         ContentAlgorithm.A128GCM,
                                                                          null);
         JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                                 sharedUnprotectedHeaders,
@@ -280,12 +280,12 @@ public class JweJsonProducerTest extends Assert {
         List<JweEncryptionProvider> jweList = new LinkedList<JweEncryptionProvider>();
         
         KeyEncryptionProvider keyEncryption1 = 
-            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, AlgorithmUtils.A128KW_ALGO);
+            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
         ContentEncryptionProvider contentEncryption = 
             JweUtils.getContentEncryptionAlgorithm(AlgorithmUtils.A128GCM_ALGO);
         JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
         KeyEncryptionProvider keyEncryption2 = 
-            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, AlgorithmUtils.A128KW_ALGO);
+            JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
         JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
         jweList.add(jwe1);
         jweList.add(jwe2);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index cdbf2e1..4920af0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -28,7 +28,8 @@ import javax.ws.rs.core.MultivaluedMap;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
@@ -105,7 +106,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
         } 
         if (decryptWithClientSecret) {
             SecretKey key = CryptoUtils.decodeSecretKey(c.getClientSecret());
-            return JweUtils.getDirectKeyJweDecryption(key, AlgorithmUtils.A128GCM_ALGO);
+            return JweUtils.getDirectKeyJweDecryption(key, ContentAlgorithm.A128GCM);
         }
         return JweUtils.loadDecryptionProvider(false);
     }
@@ -115,11 +116,11 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
         } 
         if (verifyWithClientSecret) {
             byte[] hmac = CryptoUtils.decodeSequence(c.getClientSecret());
-            return JwsUtils.getHmacSignatureVerifier(hmac, AlgorithmUtils.HMAC_SHA_256_ALGO);
+            return JwsUtils.getHmacSignatureVerifier(hmac, SignatureAlgorithm.HS256);
         } else if (verifyWithClientCertificates) {
             X509Certificate cert = 
                 (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0));
-            return JwsUtils.getPublicKeySignatureVerifier(cert, AlgorithmUtils.RS_SHA_256_ALGO);
+            return JwsUtils.getPublicKeySignatureVerifier(cert, SignatureAlgorithm.RS256);
         } 
         return JwsUtils.loadSignatureVerifier(true);
     }


Mime
View raw message