cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [08/22] cxf git commit: Splitting current jose module into jose-core + jose-jaxrs
Date Tue, 13 Oct 2015 10:35:01 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
deleted file mode 100644
index 1a8b1e8..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ /dev/null
@@ -1,389 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilder;
-import java.security.cert.CertPathBuilderResult;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertStore;
-import java.security.cert.Certificate;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Properties;
-import java.util.logging.Logger;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.PropertyUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.JoseException;
-import org.apache.cxf.rs.security.jose.jwk.KeyOperation;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.security.SecurityContext;
-
-
-/**
- * Encryption helpers
- */
-public final class KeyManagementUtils {
-    public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type";
-    public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password";
-    public static final String RSSEC_KEY_PSWD = "rs.security.key.password";
-    public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias";
-    public static final String RSSEC_KEY_STORE_ALIASES = "rs.security.keystore.aliases";
-    public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file";
-    public static final String RSSEC_PRINCIPAL_NAME = "rs.security.principal.name";
-    public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider";
-    public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
-    public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
-    public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms";
-    public static final String RSSEC_REPORT_KEY_PROP = "rs.security.report.public.key";
-    public static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.report.public.key.id";
-    public static final String RSSEC_ACCEPT_PUBLIC_KEY_PROP = "rs.security.accept.public.key.properties";
-    private static final Logger LOG = LogUtils.getL7dLogger(KeyManagementUtils.class);
-    
-    private KeyManagementUtils() {
-    }
-    public static List<String> loadAndEncodeX509CertificateOrChain(Message m, Properties props) {
-        X509Certificate[] chain = loadX509CertificateOrChain(m, props);
-        return encodeX509CertificateChain(chain);
-    }
-    public static X509Certificate[] loadX509CertificateOrChain(Message m, Properties props) {
-        KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props);
-        String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
-        return loadX509CertificateOrChain(keyStore, alias);
-    }
-    private static X509Certificate[] loadX509CertificateOrChain(KeyStore keyStore, String alias) {
-        try {
-            Certificate[] certs = keyStore.getCertificateChain(alias);
-            if (certs != null) {
-                return Arrays.copyOf(certs, certs.length, X509Certificate[].class);
-            } else {
-                return new X509Certificate[]{(X509Certificate)CryptoUtils.loadCertificate(keyStore, alias)};
-            }
-        } catch (Exception ex) {
-            LOG.warning("X509 Certificates can not be created");
-            throw new JoseException(ex);
-        }    
-    }
-    
-    public static PublicKey loadPublicKey(Message m, Properties props) {
-        KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props);
-        return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
-    }
-    public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
-        return loadPublicKey(m, keyStoreLocProp, null);
-    }
-    public static PublicKey loadPublicKey(Message m, String keyStoreLocPropPreferred, String keyStoreLocPropDefault) {
-        String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
-        Bus bus = m.getExchange().getBus();
-        try {
-            Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
-            return KeyManagementUtils.loadPublicKey(m, props);
-        } catch (Exception ex) {
-            LOG.warning("Public key can not be loaded");
-            throw new JoseException(ex);
-        }
-    }
-    private static String getMessageProperty(Message m, String keyStoreLocPropPreferred, 
-                                             String keyStoreLocPropDefault) {
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
-        if (propLoc == null) {
-            LOG.warning("Properties resource is not identified");
-            throw new JoseException();
-        }
-        return propLoc;
-    }
-    private static PrivateKey loadPrivateKey(KeyStore keyStore, 
-                                            Message m,
-                                            Properties props, 
-                                            Bus bus, 
-                                            PrivateKeyPasswordProvider provider,
-                                            KeyOperation keyOper,
-                                            String alias) {
-        
-        String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
-        String theAlias = alias != null ? alias : getKeyId(m, props, RSSEC_KEY_STORE_ALIAS, keyOper);
-        char[] keyPswdChars = provider != null ? provider.getPassword(props) 
-            : keyPswd != null ? keyPswd.toCharArray() : null;    
-        return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias);
-    }
-    
-    public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, KeyOperation keyOper) {
-        return loadPrivateKey(m, keyStoreLocProp, null, keyOper);
-    }
-    public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred,
-                                            String keyStoreLocPropDefault, KeyOperation keyOper) {
-        String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
-        Bus bus = m.getExchange().getBus();
-        try {
-            Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
-            return loadPrivateKey(m, props, keyOper);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    
-    public static String getKeyId(Message m, Properties props, 
-                                  String preferredPropertyName, 
-                                  KeyOperation keyOper) {
-        String kid = null;
-        String altPropertyName = null;
-        if (keyOper != null) {
-            if (keyOper == KeyOperation.ENCRYPT || keyOper == KeyOperation.DECRYPT) {
-                altPropertyName = preferredPropertyName + ".jwe";
-            } else if (keyOper == KeyOperation.SIGN || keyOper == KeyOperation.VERIFY) {
-                altPropertyName = preferredPropertyName + ".jws";
-            }
-            String direction = m.getExchange().getOutMessage() == m ? ".out" : ".in";
-            kid = (String)MessageUtils.getContextualProperty(m, preferredPropertyName, altPropertyName + direction);
-            // Check whether the direction is not set for the altPropertyName
-            if (kid == null && altPropertyName != null) {
-                kid = (String)m.getContextualProperty(altPropertyName);
-            }
-        }
-        
-        if (kid == null) {
-            kid = props.getProperty(preferredPropertyName);
-        }
-        if (kid == null && altPropertyName != null) {
-            kid = props.getProperty(altPropertyName);
-        }
-        return kid;
-    }
-    public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, KeyOperation keyOper) {
-        PrivateKeyPasswordProvider cb = 
-            (PrivateKeyPasswordProvider)m.getContextualProperty(RSSEC_KEY_PSWD_PROVIDER);
-        if (cb == null && keyOper != null) {
-            String propName = keyOper == KeyOperation.SIGN ? RSSEC_SIG_KEY_PSWD_PROVIDER
-                : keyOper == KeyOperation.DECRYPT 
-                ? RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
-            if (propName != null) {
-                cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName);
-            }
-        }
-        return cb;
-    }
-    
-    public static PrivateKey loadPrivateKey(Message m, Properties props, KeyOperation keyOper) {
-        KeyStore keyStore = loadPersistKeyStore(m, props);
-        return loadPrivateKey(keyStore, m, props, keyOper, null);
-    }
-    private static PrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props, KeyOperation keyOper, 
-                                                String alias) {
-        Bus bus = m.getExchange().getBus();
-        PrivateKeyPasswordProvider cb = loadPasswordProvider(m, props, keyOper);
-        if (cb != null && m.getExchange().getInMessage() != null) {
-            SecurityContext sc = m.getExchange().getInMessage().get(SecurityContext.class);
-            if (sc != null) {
-                Principal p = sc.getUserPrincipal();
-                if (p != null) {
-                    props.setProperty(RSSEC_PRINCIPAL_NAME, p.getName());
-                }
-            }
-        }
-        return loadPrivateKey(keyStore, m, props, bus, cb, keyOper, alias);
-    }
-    public static KeyStore loadPersistKeyStore(Message m, Properties props) {
-        if (!props.containsKey(RSSEC_KEY_STORE_FILE)) {
-            LOG.warning("No keystore file has been configured");
-            throw new JoseException("No keystore file has been configured");
-        }
-        KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(RSSEC_KEY_STORE_FILE));
-        if (keyStore == null) {
-            keyStore = loadKeyStore(props, m.getExchange().getBus());
-            m.getExchange().put((String)props.get(RSSEC_KEY_STORE_FILE), keyStore);
-        }
-        return keyStore;
-    }
-    public static KeyStore loadKeyStore(Properties props, Bus bus) {
-        String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
-        String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
-        String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
-        
-        if (keyStorePswd == null) {
-            throw new JoseException("No keystore password was defined");
-        }
-        try {
-            InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
-            return CryptoUtils.loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
-        } catch (Exception ex) {
-            LOG.warning("Key store can not be loaded");
-            throw new JoseException(ex);
-        }
-    }
-    public static List<String> encodeX509CertificateChain(X509Certificate[] chain) {
-        return encodeX509CertificateChain(Arrays.asList(chain));
-    }
-    public static List<String> encodeX509CertificateChain(List<X509Certificate> chain) {
-        List<String> encodedChain = new ArrayList<String>(chain.size());
-        for (X509Certificate cert : chain) {
-            try {
-                encodedChain.add(CryptoUtils.encodeCertificate(cert));
-            } catch (Exception ex) {
-                LOG.warning("X509 Certificate can not be encoded");
-                throw new JoseException(ex);
-            }    
-        }
-        return encodedChain;
-    }
-    public static List<X509Certificate> toX509CertificateChain(List<String> base64EncodedChain) {
-        if (base64EncodedChain != null) {
-            List<X509Certificate> certs = new ArrayList<X509Certificate>(base64EncodedChain.size());
-            for (String encodedCert : base64EncodedChain) {
-                try {
-                    certs.add((X509Certificate)CryptoUtils.decodeCertificate(encodedCert));
-                } catch (Exception ex) {
-                    LOG.warning("X509 Certificate can not be decoded");
-                    throw new JoseException(ex);
-                }
-            }
-            return certs;
-        } else {
-            return null;
-        }
-    }
-    //TODO: enhance the certificate validation code
-    public static void validateCertificateChain(Properties storeProperties, List<X509Certificate> inCerts) {
-        KeyStore ks = loadPersistKeyStore(JAXRSUtils.getCurrentMessage(), storeProperties);
-        validateCertificateChain(ks, inCerts);
-    }
-    public static void validateCertificateChain(KeyStore ks, List<X509Certificate> inCerts) {
-        // Initial chain validation, to be enhanced as needed
-        try {
-            X509CertSelector certSelect = new X509CertSelector();
-            certSelect.setCertificate((X509Certificate) inCerts.get(0));
-            PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ks, certSelect);
-            pbParams.addCertStore(CertStore.getInstance("Collection", 
-                                                        new CollectionCertStoreParameters(inCerts)));
-            pbParams.setMaxPathLength(-1);
-            pbParams.setRevocationEnabled(false);
-            CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);               
-            CertPath certPath = buildResult.getCertPath();
-            CertPathValidator.getInstance("PKIX").validate(certPath, pbParams);
-        } catch (Exception ex) {
-            LOG.warning("Certificate path validation error");
-            throw new JoseException(ex);
-        }
-    }
-    public static X509Certificate[] toX509CertificateChainArray(List<String> base64EncodedChain) {
-        List<X509Certificate> chain = toX509CertificateChain(base64EncodedChain);
-        return chain == null ? null : chain.toArray(new X509Certificate[]{});
-    }
-    public static String getKeyAlgorithm(Message m, Properties props, String propName, String defaultAlg) {
-        String algo = props.getProperty(propName);
-        if (algo == null) {
-            algo = (String)m.getContextualProperty(propName);
-        }
-        if (algo == null && PropertyUtils.isTrue(m.getContextualProperty(RSSEC_DEFAULT_ALGORITHMS))) {
-            algo = defaultAlg;
-        }
-        return algo;
-    }
-
-    public static Properties loadStoreProperties(Message m, boolean required, 
-                                                 String storeProp1, String storeProp2) {
-        if (m == null) {
-            if (required) {
-                throw new JoseException();
-            }
-            return null;
-        }
-        Properties props = null;
-        String propLoc = 
-            (String)MessageUtils.getContextualProperty(m, storeProp1, storeProp2);
-        if (propLoc != null) {
-            try {
-                props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
-            } catch (Exception ex) {
-                LOG.warning("Properties resource is not identified");
-                throw new JoseException(ex);
-            }
-        } else {
-            String keyFile = (String)m.getContextualProperty(RSSEC_KEY_STORE_FILE);
-            if (keyFile != null) {
-                props = new Properties();
-                props.setProperty(RSSEC_KEY_STORE_FILE, keyFile);
-                String type = (String)m.getContextualProperty(RSSEC_KEY_STORE_TYPE);
-                if (type == null) {
-                    type = "jwk";
-                }
-                props.setProperty(RSSEC_KEY_STORE_TYPE, type);
-                String alias = (String)m.getContextualProperty(RSSEC_KEY_STORE_ALIAS);
-                if (alias != null) {
-                    props.setProperty(RSSEC_KEY_STORE_ALIAS, alias);
-                }
-                String keystorePassword = (String)m.getContextualProperty(RSSEC_KEY_STORE_PSWD);
-                if (keystorePassword != null) {
-                    props.setProperty(RSSEC_KEY_STORE_PSWD, keystorePassword);
-                }
-                String keyPassword = (String)m.getContextualProperty(RSSEC_KEY_PSWD);
-                if (keyPassword != null) {
-                    props.setProperty(RSSEC_KEY_PSWD, keyPassword);
-                }
-            }
-        }
-        if (props == null && required) { 
-            LOG.warning("Properties resource is not identified");
-            throw new JoseException();
-        }
-        return props; 
-    }
-    public static PrivateKey loadPrivateKey(Message m, Properties props, 
-                                            List<X509Certificate> inCerts, 
-                                            KeyOperation keyOper) {
-        KeyStore ks = loadPersistKeyStore(m, props);
-        
-        try {
-            String alias = ks.getCertificateAlias(inCerts.get(0));
-            if (alias != null) {
-                for (Enumeration<String> e = ks.aliases(); e.hasMoreElements();) {
-                    String currentAlias = e.nextElement();
-                    X509Certificate[] currentCertArray = loadX509CertificateOrChain(ks, currentAlias);
-                    if (currentCertArray != null) {
-                        alias = currentAlias;
-                        break;
-                    }
-                }
-            }
-            return loadPrivateKey(ks, m, props, keyOper, alias);
-            
-        } catch (Exception ex) {
-            LOG.warning("Private key can not be loaded");
-            throw new JoseException(ex);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
deleted file mode 100644
index 877ff0c..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/Priorities.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-public final class Priorities {
-    public static final int JWE_SERVER_READ_PRIORITY = 1001;
-    public static final int JWS_SERVER_READ_PRIORITY = 1002;
-    
-    public static final int JWE_WRITE_PRIORITY = 1001;
-    public static final int JWS_WRITE_PRIORITY = 1002;
-    
-    public static final int JWE_CLIENT_READ_PRIORITY = 1002;
-    public static final int JWS_CLIENT_READ_PRIORITY = 1001;
-    
-    private Priorities() {
-        
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
deleted file mode 100644
index bfcde49..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jaxrs;
-
-import java.util.Properties;
-
-public interface PrivateKeyPasswordProvider {
-    char[] getPassword(Properties storeProperties); 
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
deleted file mode 100644
index 76854ca..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
+++ /dev/null
@@ -1,271 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-
-
-
-public final class AlgorithmUtils {
-    public static final String AES = "AES";
-    
-    // Key Encryption
-    // JWA
-    public static final String RSA_OAEP_ALGO = "RSA-OAEP";
-    public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256";
-    public static final String RSA1_5_ALGO = "RSA1_5";
-    public static final String A128KW_ALGO = "A128KW";
-    public static final String A192KW_ALGO = "A192KW";
-    public static final String A256KW_ALGO = "A256KW";
-    public static final String A128GCMKW_ALGO = "A128GCMKW";
-    public static final String A192GCMKW_ALGO = "A192GCMKW";
-    public static final String A256GCMKW_ALGO = "A256GCMKW";
-    public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW";
-    public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW";
-    public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW";
-    public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW";
-    public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW";
-    public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW";
-    public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES";
-    // Java
-    public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
-    public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
-    public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
-    public static final String AES_WRAP_ALGO_JAVA = AES + "Wrap";
-    // Content Encryption
-    // JWA
-    public static final String A128CBC_HS256_ALGO = "A128CBC-HS256";
-    public static final String A192CBC_HS384_ALGO = "A192CBC-HS384";
-    public static final String A256CBC_HS512_ALGO = "A256CBC-HS512";
-    public static final String A128GCM_ALGO = "A128GCM";
-    public static final String A192GCM_ALGO = "A192GCM";
-    public static final String A256GCM_ALGO = "A256GCM";
-    // Java
-    public static final String AES_GCM_ALGO_JAVA = AES + "/GCM/NoPadding";
-    public static final String AES_CBC_ALGO_JAVA = AES + "/CBC/PKCS7Padding";
-    // Signature
-    // JWA
-    public static final String HMAC_SHA_256_ALGO = "HS256";
-    public static final String HMAC_SHA_384_ALGO = "HS384";
-    public static final String HMAC_SHA_512_ALGO = "HS512";
-    public static final String RS_SHA_256_ALGO = "RS256";
-    public static final String RS_SHA_384_ALGO = "RS384";
-    public static final String RS_SHA_512_ALGO = "RS512";
-    public static final String PS_SHA_256_ALGO = "PS256";
-    public static final String PS_SHA_384_ALGO = "PS384";
-    public static final String PS_SHA_512_ALGO = "PS512";
-    public static final String ES_SHA_256_ALGO = "ES256";
-    public static final String ES_SHA_384_ALGO = "ES384";
-    public static final String ES_SHA_512_ALGO = "ES512";
-    public static final String NONE_TEXT_ALGO = "none";
-    // Java
-    public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
-    public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
-    public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
-    public static final String RS_SHA_256_JAVA = "SHA256withRSA";
-    public static final String RS_SHA_384_JAVA = "SHA384withRSA";
-    public static final String RS_SHA_512_JAVA = "SHA512withRSA";
-    public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1";
-    public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1";
-    public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1";
-    public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
-    public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
-    public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
-    
-    public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(HMAC_SHA_256_ALGO,
-                                                                                      HMAC_SHA_384_ALGO,
-                                                                                      HMAC_SHA_512_ALGO));
-    public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(RS_SHA_256_ALGO,
-                                                                      RS_SHA_384_ALGO,
-                                                                      RS_SHA_512_ALGO));
-    public static final Set<String> RSA_SHA_PS_SIGN_SET = new HashSet<String>(Arrays.asList(PS_SHA_256_ALGO,
-                                        PS_SHA_384_ALGO,
-                                        PS_SHA_512_ALGO));
-    public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(ES_SHA_256_ALGO,
-                                                                       ES_SHA_384_ALGO,
-                                                                       ES_SHA_512_ALGO));
-    public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(RSA_OAEP_ALGO,
-                                                                                  RSA_OAEP_256_ALGO,
-                                                                                  RSA1_5_ALGO));
-    public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(A128GCM_ALGO,
-                                                                                      A192GCM_ALGO,
-                                                                                      A256GCM_ALGO));
-    public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(A128GCMKW_ALGO,
-                                                                                      A192GCMKW_ALGO,
-                                                                                      A256GCMKW_ALGO));
-    public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(A128KW_ALGO,
-                                                                                   A192KW_ALGO,
-                                                                                   A256KW_ALGO));
-    public static final Set<String> ACBC_HS_SET = new HashSet<String>(Arrays.asList(A128CBC_HS256_ALGO,
-                                        A192CBC_HS384_ALGO,
-                                        A256CBC_HS512_ALGO));
-    public static final Set<String> PBES_HS_SET = new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW_ALGO,
-                                          PBES2_HS384_A192KW_ALGO,
-                                          PBES2_HS512_A256KW_ALGO));
-    public static final Set<String> ECDH_ES_WRAP_SET = new HashSet<String>(Arrays.asList(ECDH_ES_A128KW_ALGO,
-                      ECDH_ES_A192KW_ALGO,
-                      ECDH_ES_A256KW_ALGO));
-    
-    private static final Map<String, String> JAVA_TO_JWA_NAMES;
-    private static final Map<String, String> JWA_TO_JAVA_NAMES;
-    static {
-        JAVA_TO_JWA_NAMES = new HashMap<String, String>();
-        JAVA_TO_JWA_NAMES.put(HMAC_SHA_256_JAVA, HMAC_SHA_256_ALGO);
-        JAVA_TO_JWA_NAMES.put(HMAC_SHA_384_JAVA, HMAC_SHA_384_ALGO);
-        JAVA_TO_JWA_NAMES.put(HMAC_SHA_512_JAVA, HMAC_SHA_512_ALGO);
-        JAVA_TO_JWA_NAMES.put(RS_SHA_256_JAVA, RS_SHA_256_ALGO);
-        JAVA_TO_JWA_NAMES.put(RS_SHA_384_JAVA, RS_SHA_384_ALGO);
-        JAVA_TO_JWA_NAMES.put(RS_SHA_512_JAVA, RS_SHA_512_ALGO);
-        JAVA_TO_JWA_NAMES.put(PS_SHA_256_JAVA, PS_SHA_256_ALGO);
-        JAVA_TO_JWA_NAMES.put(PS_SHA_384_JAVA, PS_SHA_384_ALGO);
-        JAVA_TO_JWA_NAMES.put(PS_SHA_512_JAVA, PS_SHA_512_ALGO);
-        JAVA_TO_JWA_NAMES.put(ES_SHA_256_JAVA, ES_SHA_256_ALGO);
-        JAVA_TO_JWA_NAMES.put(ES_SHA_384_JAVA, ES_SHA_384_ALGO);
-        JAVA_TO_JWA_NAMES.put(ES_SHA_512_JAVA, ES_SHA_512_ALGO);
-        JAVA_TO_JWA_NAMES.put(RSA_OAEP_ALGO_JAVA, RSA_OAEP_ALGO);
-        JAVA_TO_JWA_NAMES.put(RSA_OAEP_256_ALGO_JAVA, RSA_OAEP_256_ALGO);
-        JAVA_TO_JWA_NAMES.put(RSA_1_5_ALGO_JAVA, RSA1_5_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A256GCM_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A192GCM_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A128GCM_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A128KW_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A192KW_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A256KW_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A128CBC_HS256_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A192CBC_HS384_ALGO);
-        JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A256CBC_HS512_ALGO);
-        JWA_TO_JAVA_NAMES = new HashMap<String, String>();
-        JWA_TO_JAVA_NAMES.put(HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
-        JWA_TO_JAVA_NAMES.put(HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
-        JWA_TO_JAVA_NAMES.put(HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
-        JWA_TO_JAVA_NAMES.put(RS_SHA_256_ALGO, RS_SHA_256_JAVA);
-        JWA_TO_JAVA_NAMES.put(RS_SHA_384_ALGO, RS_SHA_384_JAVA);
-        JWA_TO_JAVA_NAMES.put(RS_SHA_512_ALGO, RS_SHA_512_JAVA);
-        JWA_TO_JAVA_NAMES.put(PS_SHA_256_ALGO, PS_SHA_256_JAVA);
-        JWA_TO_JAVA_NAMES.put(PS_SHA_384_ALGO, PS_SHA_384_JAVA);
-        JWA_TO_JAVA_NAMES.put(PS_SHA_512_ALGO, PS_SHA_512_JAVA);
-        JWA_TO_JAVA_NAMES.put(ES_SHA_256_ALGO, ES_SHA_256_JAVA);
-        JWA_TO_JAVA_NAMES.put(ES_SHA_384_ALGO, ES_SHA_384_JAVA);
-        JWA_TO_JAVA_NAMES.put(ES_SHA_512_ALGO, ES_SHA_512_JAVA);
-        JWA_TO_JAVA_NAMES.put(RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(RSA1_5_ALGO, RSA_1_5_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A256GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A192GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A128GCM_ALGO, AES_GCM_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
-        JWA_TO_JAVA_NAMES.put(ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
-    }
-    
-    private AlgorithmUtils() {
-    }
-    public static boolean isRsa(String algo) {
-        return isRsaKeyWrap(algo) || isRsaSign(algo);
-    }
-    public static boolean isRsaKeyWrap(String algo) {
-        return RSA_CEK_SET.contains(algo);
-    }
-    public static boolean isAesKeyWrap(String algo) {
-        return AES_KW_SET.contains(algo);
-    }
-    public static boolean isAesGcmKeyWrap(String algo) {
-        return AES_GCM_KW_SET.contains(algo);
-    }
-    public static boolean isPbesHsWrap(String algo) {
-        return PBES_HS_SET.contains(algo); 
-    }
-    public static boolean isEcdhEsWrap(String algo) {
-        return ECDH_ES_WRAP_SET.contains(algo); 
-    }
-    public static boolean isEcdhEsDirect(String algo) {
-        return ECDH_ES_DIRECT_ALGO.equals(algo); 
-    }
-    public static boolean isAesGcm(String algo) {
-        return AES_GCM_CEK_SET.contains(algo);
-    }
-    public static boolean isAesCbcHmac(String algo) {
-        return ACBC_HS_SET.contains(algo); 
-    }
-    public static boolean isHmacSign(String algo) {
-        return HMAC_SIGN_SET.contains(algo); 
-    }
-    public static boolean isOctet(String algo) {
-        return isHmacSign(algo)
-            || isAesCbcHmac(algo)
-            || isAesGcm(algo)
-            || isAesGcmKeyWrap(algo)
-            || isAesKeyWrap(algo); 
-    }
-    public static boolean isRsaSign(String algo) {
-        return isRsaShaSign(algo) || isRsaShaPsSign(algo); 
-    }
-    public static boolean isRsaShaSign(String algo) {
-        return RSA_SHA_SIGN_SET.contains(algo); 
-    }
-    public static boolean isRsaShaPsSign(String algo) {
-        return RSA_SHA_PS_SIGN_SET.contains(algo); 
-    }
-    public static boolean isEcDsaSign(String algo) {
-        return EC_SHA_SIGN_SET.contains(algo); 
-    }
-    
-    public static String toJwaName(String javaName, int keyBitSize) {
-        //TODO: perhaps a key should be a name+keysize pair
-        String name = JAVA_TO_JWA_NAMES.get(javaName);
-        if (name == null && javaName.startsWith(AES)) {
-            name = "A" + keyBitSize + "GCM";
-        } 
-        return name;
-    }
-    public static String toJavaName(String jwtName) {    
-        return JWA_TO_JAVA_NAMES.get(jwtName);
-    }
-    public static String toJavaAlgoNameOnly(String jwtName) {    
-        return stripAlgoProperties(toJavaName(jwtName));
-    }
-    public static String stripAlgoProperties(String javaName) {    
-        if (javaName != null) {
-            int index = javaName.indexOf('/');
-            if (index != -1) {
-                javaName = javaName.substring(0, index);
-            }
-        }
-        return javaName;
-    }
-    
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
deleted file mode 100644
index 1cc806c..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-
-
-
-public enum ContentAlgorithm {
-    A128GCM(AlgorithmUtils.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCM(AlgorithmUtils.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCM(AlgorithmUtils.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
-    //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding" 
-    // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only 
-    A128CBC_HS256(AlgorithmUtils.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
-    A192CBC_HS384(AlgorithmUtils.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
-    A256CBC_HS512(AlgorithmUtils.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
-    
-    private final String jwaName;
-    private final String javaName;
-    private final int keySizeBits;
-    
-    ContentAlgorithm(String jwaName, String javaName, int keySizeBits) {
-        this.jwaName = jwaName;
-        this.javaName = javaName;
-        this.keySizeBits = keySizeBits;
-    }
-
-    public String getJwaName() {
-        return jwaName;
-    }
-
-    public String getJavaName() {
-        return javaName == null ? name() : javaName;
-    }
-    
-    public String getJavaAlgoName() {
-        return AlgorithmUtils.stripAlgoProperties(getJavaName());
-    }
-
-    public int getKeySizeBits() {
-        return keySizeBits;
-    }
-    
-    public static ContentAlgorithm getAlgorithm(String algo) {
-        if (algo == null) {
-            return null;
-        }
-        return ContentAlgorithm.valueOf(algo.replace('-', '_')
-                                        .replace('+', '_'));
-        
-    }
-    
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
deleted file mode 100644
index 46bccf3..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-
-
-
-public enum KeyAlgorithm {
-    RSA_OAEP(AlgorithmUtils.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
-    RSA_OAEP_256(AlgorithmUtils.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
-    RSA1_5(AlgorithmUtils.RSA1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
-    A128KW(AlgorithmUtils.A128KW_ALGO, "AESWrap", 128),
-    A192KW(AlgorithmUtils.A192KW_ALGO, "AESWrap", 192),
-    A256KW(AlgorithmUtils.A256KW_ALGO, "AESWrap", 256),
-    A128GCMKW(AlgorithmUtils.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
-    A192GCMKW(AlgorithmUtils.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
-    A256GCMKW(AlgorithmUtils.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
-    PBES2_HS256_A128KW(AlgorithmUtils.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
-    PBES2_HS384_A192KW(AlgorithmUtils.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
-    PBES2_HS512_A256KW(AlgorithmUtils.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
-    ECDH_ES_A128KW(AlgorithmUtils.ECDH_ES_A128KW_ALGO, "AESWrap", 128),
-    ECDH_ES_A192KW(AlgorithmUtils.ECDH_ES_A192KW_ALGO, "AESWrap", 192),
-    ECDH_ES_A256KW(AlgorithmUtils.ECDH_ES_A256KW_ALGO, "AESWrap", 256),
-    ECDH_ES_DIRECT(AlgorithmUtils.ECDH_ES_DIRECT_ALGO, null, -1);
-        
-    private final String jwaName;
-    private final String javaName;
-    private final int keySizeBits;
-    
-    KeyAlgorithm(String jwaName, String javaName, int keySizeBits) {
-        this.jwaName = jwaName;
-        this.javaName = javaName;
-        this.keySizeBits = keySizeBits;
-    }
-
-    public String getJwaName() {
-        return jwaName;
-    }
-
-    public String getJavaName() {
-        return javaName == null ? name() : javaName;
-    }
-    
-    public String getJavaAlgoName() {
-        return AlgorithmUtils.stripAlgoProperties(getJavaName());
-    }
-
-    public int getKeySizeBits() {
-        return keySizeBits;
-    }
-    public static KeyAlgorithm getAlgorithm(String algo) {
-        if (algo == null) {
-            return null;
-        }
-        return KeyAlgorithm.valueOf(algo.replace('-', '_')
-                                    .replace('+', '_'));
-        
-    }
-    
-    
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
deleted file mode 100644
index 574e7c5..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-
-
-
-public enum SignatureAlgorithm {
-    HS256(AlgorithmUtils.HMAC_SHA_256_ALGO, AlgorithmUtils.HMAC_SHA_256_JAVA, 256),
-    HS384(AlgorithmUtils.HMAC_SHA_384_ALGO, AlgorithmUtils.HMAC_SHA_384_JAVA, 384),
-    HS512(AlgorithmUtils.HMAC_SHA_512_ALGO, AlgorithmUtils.HMAC_SHA_512_JAVA, 512),
-    
-    RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, 256),
-    RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, 384),
-    RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, 512),
-    
-    PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, 256),
-    PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, 384),
-    PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, 512),
-    
-    ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, 256),
-    ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384),
-    ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512),
-    
-    NONE(AlgorithmUtils.NONE_TEXT_ALGO, null, -1);
-    
-    
-    private final String jwaName;
-    private final String javaName;
-    private final int keySizeBits;
-    
-    SignatureAlgorithm(String jwaName, String javaName, int keySizeBits) {
-        this.jwaName = jwaName;
-        this.javaName = javaName;
-        this.keySizeBits = keySizeBits;
-    }
-
-    public String getJwaName() {
-        return jwaName;
-    }
-
-    public String getJavaName() {
-        return javaName == null ? name() : javaName;
-    }
-    
-    public String getJavaAlgoName() {
-        return AlgorithmUtils.stripAlgoProperties(getJavaName());
-    }
-
-    public int getKeySizeBits() {
-        return keySizeBits;
-    }
-    
-    public static SignatureAlgorithm getAlgorithm(String algo) {
-        if (algo == null) {
-            return null;
-        }
-        if (AlgorithmUtils.NONE_TEXT_ALGO.equals(algo)) {
-            return NONE;
-        }
-        return SignatureAlgorithm.valueOf(algo.replace('-', '_')
-                                        .replace('+', '_'));
-        
-    }
-    
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
deleted file mode 100644
index 355a21b..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.concurrent.atomic.AtomicInteger;
-
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentEncryptionProvider {
-    private static final int DEFAULT_IV_SIZE = 128;
-    private byte[] cek;
-    private byte[] iv;
-    private AtomicInteger providedIvUsageCount;
-    
-    
-    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { 
-        super(algo);
-        this.cek = cek;
-        this.iv = iv;
-        if (iv != null && iv.length > 0) {
-            providedIvUsageCount = new AtomicInteger();
-        }    
-    }
-    
-    public byte[] getContentEncryptionKey(JweHeaders headers) {
-        return cek;
-    }
-    public byte[] getInitVector() {
-        if (iv == null) {
-            return CryptoUtils.generateSecureRandomBytes(getIvSize() / 8);
-        } else if (iv.length > 0 && providedIvUsageCount.addAndGet(1) > 1) {
-            LOG.warning("Custom IV is recommeded to be used once");
-            throw new JweException(JweException.Error.CUSTOM_IV_REUSED);
-        } else {
-            return iv;
-        }
-    }
-    protected int getIvSize() { 
-        return DEFAULT_IV_SIZE;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
deleted file mode 100644
index b683c77..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractContentEncryptionCipherProperties.class);
-    
-    private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
-    private ContentAlgorithm algo;
-    public AbstractContentEncryptionCipherProperties(ContentAlgorithm algo) {
-        this.algo = algo;
-    }
-    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
-    }
-    public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
-        return JweUtils.getAdditionalAuthenticationData(headersJson, aad);
-    }
-    protected int getAuthTagLen() {
-        return authTagLen;
-    }
-    @Override
-    public ContentAlgorithm getAlgorithm() {
-        return algo;    
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
deleted file mode 100644
index 1af9424..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.rt.security.crypto.KeyProperties;
-
-public abstract class AbstractJweDecryption implements JweDecryptionProvider {
-    protected static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class);
-    
-    private KeyDecryptionProvider keyDecryptionAlgo;
-    private ContentDecryptionProvider contentDecryptionAlgo;
-    protected AbstractJweDecryption(KeyDecryptionProvider keyDecryptionAlgo,
-                                    ContentDecryptionProvider contentDecryptionAlgo) {
-        this.keyDecryptionAlgo = keyDecryptionAlgo;
-        this.contentDecryptionAlgo = contentDecryptionAlgo;
-    }
-    
-    protected byte[] getContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-        return keyDecryptionAlgo.getDecryptedContentEncryptionKey(jweDecryptionInput);
-    }
-    
-    public JweDecryptionOutput decrypt(String content) {
-        JweCompactConsumer consumer = new JweCompactConsumer(content);
-        byte[] cek = getContentEncryptionKey(consumer.getJweDecryptionInput());
-        return doDecrypt(consumer.getJweDecryptionInput(), cek);
-    }
-    public byte[] decrypt(JweDecryptionInput jweDecryptionInput) {
-        byte[] cek = getContentEncryptionKey(jweDecryptionInput);
-        return doDecrypt(jweDecryptionInput, cek).getContent();
-    }
-    protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
-        KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
-        keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
-        AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
-        keyProperties.setAlgoSpec(spec);
-        boolean compressionSupported = 
-            JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
-        keyProperties.setCompressionSupported(compressionSupported);
-        byte[] actualCek = getActualCek(cek, 
-                               jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
-        Key secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
-        byte[] bytes = 
-            CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);
-        return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
-    }
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        return consumer.getEncryptedContentEncryptionKey();
-    }
-    protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweDecryptionInput jweDecryptionInput) {
-        return contentDecryptionAlgo.getAlgorithmParameterSpec(
-            getContentEncryptionCipherInitVector(jweDecryptionInput));
-    }
-    protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
-        return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders()
-                                         .getContentEncryptionAlgorithm().getJwaName());
-    }
-    protected byte[] getContentEncryptionCipherAAD(JweDecryptionInput jweDecryptionInput) {
-        return contentDecryptionAlgo.getAdditionalAuthenticationData(
-            jweDecryptionInput.getDecodedJsonHeaders(), jweDecryptionInput.getAad());
-    }
-    protected byte[] getEncryptedContentWithAuthTag(JweDecryptionInput jweDecryptionInput) {
-        return contentDecryptionAlgo.getEncryptedSequence(jweDecryptionInput.getJweHeaders(),
-                                                          jweDecryptionInput.getEncryptedContent(), 
-                                                          getEncryptionAuthenticationTag(jweDecryptionInput));
-    }
-    protected byte[] getContentEncryptionCipherInitVector(JweDecryptionInput jweDecryptionInput) { 
-        return jweDecryptionInput.getInitVector();
-    }
-    protected byte[] getEncryptionAuthenticationTag(JweDecryptionInput jweDecryptionInput) {
-        return jweDecryptionInput.getAuthTag();
-    }
-    protected int getEncryptionAuthenticationTagLenBits(JweDecryptionInput jweDecryptionInput) {
-        return getEncryptionAuthenticationTag(jweDecryptionInput).length * 8;
-    }
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    @Override
-    public KeyAlgorithm getKeyAlgorithm() {
-        return keyDecryptionAlgo.getAlgorithm();
-    }
-    @Override
-    public ContentAlgorithm getContentAlgorithm() {
-        return contentDecryptionAlgo.getAlgorithm();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
deleted file mode 100644
index 07e60c4..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ /dev/null
@@ -1,243 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.logging.Logger;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.rt.security.crypto.KeyProperties;
-
-public abstract class AbstractJweEncryption implements JweEncryptionProvider {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class);
-    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private ContentEncryptionProvider contentEncryptionAlgo;
-    private KeyEncryptionProvider keyEncryptionAlgo;
-    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
-    protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo,
-                                    KeyEncryptionProvider keyEncryptionAlgo) {
-        this.keyEncryptionAlgo = keyEncryptionAlgo;
-        this.contentEncryptionAlgo = contentEncryptionAlgo;
-    }
-    protected ContentEncryptionProvider getContentEncryptionAlgorithm() {
-        return contentEncryptionAlgo;
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return getContentEncryptionAlgorithm().getAlgorithmParameterSpec(theIv);
-    }
-    
-    protected byte[] getContentEncryptionKey(JweHeaders headers) {
-        byte[] cek = getProvidedContentEncryptionKey(headers);
-        if (cek == null) {
-            String algoJava = getContentEncryptionAlgoJava();
-            String algoJwt = getContentEncryptionAlgoJwt();
-            cek = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava), 
-                                           getCekSize(algoJwt)).getEncoded();
-        }
-        return cek;
-    }
-   
-    protected int getCekSize(String algoJwt) {
-        return ContentAlgorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
-    }
-    
-    protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) {
-        return getContentEncryptionAlgorithm().getContentEncryptionKey(headers);
-    }
-    
-    protected byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(headers, theCek);
-    }
-    
-    protected String getContentEncryptionAlgoJwt() {
-        return getContentEncryptionAlgorithm().getAlgorithm().getJwaName();
-    }
-    protected String getContentEncryptionAlgoJava() {
-        return getContentEncryptionAlgorithm().getAlgorithm().getJavaName();
-    }
-    protected byte[] getAAD(String protectedHeaders, byte[] aad) {
-        return getContentEncryptionAlgorithm().getAdditionalAuthenticationData(protectedHeaders, aad);
-    }
-    @Override
-    public String encrypt(byte[] content, JweHeaders jweHeaders) {
-        JweEncryptionInternal state = getInternalState(jweHeaders, null);
-        
-        byte[] encryptedContent = encryptInternal(state, content);
-        byte[] cipher = getActualCipher(encryptedContent);
-        byte[] authTag = getAuthenticationTag(state, encryptedContent);
-        JweCompactProducer producer = new JweCompactProducer(state.protectedHeadersJson, 
-                                                             state.jweContentEncryptionKey,
-                                                             state.theIv,
-                                                             cipher,
-                                                             authTag);
-        return producer.getJweContent();
-    }
-    @Override
-    public JweEncryptionOutput getEncryptionOutput(JweEncryptionInput jweInput) {
-        JweEncryptionInternal state = getInternalState(jweInput.getJweHeaders(), jweInput);
-        Cipher c = null;
-        AuthenticationTagProducer authTagProducer = null;
-        byte[] cipher = null;
-        byte[] authTag = null;
-        if (jweInput.getContent() == null) {
-            c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
-                                              Cipher.ENCRYPT_MODE);
-            authTagProducer = getAuthenticationTagProducer(state);
-        } else {
-            byte[] encryptedContent = encryptInternal(state, jweInput.getContent());
-            cipher = getActualCipher(encryptedContent);
-            authTag = getAuthenticationTag(state, encryptedContent);    
-        }
-        return new JweEncryptionOutput(c, 
-                                      state.theHeaders, 
-                                      state.jweContentEncryptionKey, 
-                                      state.theIv,
-                                      authTagProducer,
-                                      state.keyProps,
-                                      cipher,
-                                      authTag);
-    }
-    protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
-        try {
-            return CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
-        } catch (SecurityException ex) {
-            if (ex.getCause() instanceof NoSuchAlgorithmException) {
-                LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
-                throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-            }
-            throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE);
-        }
-    }
-    protected byte[] getActualCipher(byte[] cipher) {
-        return Arrays.copyOf(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8);
-    }
-    protected byte[] getAuthenticationTag(JweEncryptionInternal state, byte[] cipher) {
-        return Arrays.copyOfRange(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8, cipher.length);
-    }
-    @Override
-    public KeyAlgorithm getKeyAlgorithm() {
-        KeyAlgorithm keyAlgo = getKeyEncryptionAlgo().getAlgorithm();
-        return keyAlgo != null ? keyAlgo : null;
-    }
-    @Override
-    public ContentAlgorithm getContentAlgorithm() {
-        return getContentEncryptionAlgorithm().getAlgorithm();
-    }
-    protected JsonMapObjectReaderWriter getJwtHeadersWriter() {
-        return writer;
-    }
-    
-    protected AuthenticationTagProducer getAuthenticationTagProducer(JweEncryptionInternal state) {
-        return null;
-    }
-    protected SecretKey createCekSecretKey(JweEncryptionInternal state) {
-        return CryptoUtils.createSecretKeySpec(getActualCek(state.secretKey, this.getContentEncryptionAlgoJwt()), 
-                                               state.keyProps.getKeyAlgo());
-    }
-    
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    
-    private JweEncryptionInternal getInternalState(JweHeaders jweInHeaders, JweEncryptionInput jweInput) {
-        JweHeaders theHeaders = new JweHeaders();
-        if (getKeyAlgorithm() != null) {
-            theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm());
-        }
-        theHeaders.setContentEncryptionAlgorithm(getContentEncryptionAlgorithm().getAlgorithm());
-        
-        JweHeaders protectedHeaders = null;
-        if (jweInHeaders != null) {
-            if (jweInHeaders.getKeyEncryptionAlgorithm() != null 
-                && (getKeyAlgorithm() == null 
-                    || !getKeyAlgorithm().equals(jweInHeaders.getKeyEncryptionAlgorithm()))) {
-                LOG.warning("Invalid key encryption algorithm");
-                throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-            }
-            if (jweInHeaders.getContentEncryptionAlgorithm() != null 
-                && !getContentEncryptionAlgoJwt().equals(jweInHeaders.getContentEncryptionAlgorithm().getJwaName())) {
-                LOG.warning("Invalid content encryption algorithm");
-                throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-            }
-            theHeaders.asMap().putAll(jweInHeaders.asMap());
-            protectedHeaders = jweInHeaders.getProtectedHeaders() != null 
-                ? jweInHeaders.getProtectedHeaders() : theHeaders;
-        } else {
-            protectedHeaders = theHeaders;
-        }
-        
-        
-        
-        byte[] theCek = jweInput != null && jweInput.getCek() != null 
-            ? jweInput.getCek() : getContentEncryptionKey(theHeaders);
-        String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
-        KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
-        keyProps.setCompressionSupported(compressionRequired(theHeaders));
-        
-        byte[] theIv = jweInput != null && jweInput.getIv() != null  
-            ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector();
-        AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
-        keyProps.setAlgoSpec(specParams);
-        byte[] jweContentEncryptionKey = 
-            getEncryptedContentEncryptionKey(theHeaders, theCek);
-        
-        
-        String protectedHeadersJson = writer.toJson(protectedHeaders);
-        
-        byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, 
-                                                  jweInput == null ? null : jweInput.getAad());
-        keyProps.setAdditionalData(additionalEncryptionParam);
-        
-        JweEncryptionInternal state = new JweEncryptionInternal();
-        state.theHeaders = theHeaders;
-        state.jweContentEncryptionKey = jweContentEncryptionKey;
-        state.keyProps = keyProps;
-        state.secretKey = theCek; 
-        state.theIv = theIv;
-        state.protectedHeadersJson = protectedHeadersJson;
-        state.aad = jweInput != null ? jweInput.getAad() : null;
-        return state;
-    }
-    private boolean compressionRequired(JweHeaders theHeaders) {
-        return JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm());
-    }
-    protected KeyEncryptionProvider getKeyEncryptionAlgo() {
-        return keyEncryptionAlgo;
-    }
-    protected static class JweEncryptionInternal {
-        JweHeaders theHeaders;
-        byte[] jweContentEncryptionKey;
-        byte[] theIv;
-        KeyProperties keyProps;
-        byte[] secretKey;
-        String protectedHeadersJson;
-        byte[] aad;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index ffb971f..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Set;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.rt.security.crypto.KeyProperties;
-
-public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractWrapKeyEncryptionAlgorithm.class);
-    private Key keyEncryptionKey;
-    private boolean wrap;
-    private KeyAlgorithm algorithm;
-    private Set<String> supportedAlgorithms;
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
-        this(key, null, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
-        this(key, null, wrap, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, Set<String> supportedAlgorithms) {
-        this(key, jweAlgo, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, boolean wrap, 
-                                                 Set<String> supportedAlgorithms) {
-        this.keyEncryptionKey = key;
-        this.algorithm = jweAlgo;
-        this.wrap = wrap;
-        this.supportedAlgorithms = supportedAlgorithms;
-    }
-    @Override
-    public KeyAlgorithm getAlgorithm() {
-        return algorithm;
-    }
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        checkAlgorithms(headers);
-        KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); 
-        if (spec != null) {
-            secretKeyProperties.setAlgoSpec(spec);
-        }
-        if (!wrap) {
-            return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties);
-        } else {
-            return CryptoUtils.wrapSecretKey(cek, 
-                                             getContentEncryptionAlgoJava(headers),
-                                             keyEncryptionKey, 
-                                             secretKeyProperties);
-        }
-    }
-    protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-        return AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm().getJwaName());
-    }
-    protected String getContentEncryptionAlgoJava(JweHeaders headers) {
-        return AlgorithmUtils.toJavaName(headers.getContentEncryptionAlgorithm().getJwaName());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        return null;
-    }
-    protected String checkAlgorithm(String algo) {
-        if (algo != null && !supportedAlgorithms.contains(algo)) {
-            LOG.warning("Invalid key encryption algorithm: " + algo);
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-        return algo;
-    }
-    protected void checkAlgorithms(JweHeaders headers) {
-        KeyAlgorithm providedAlgo = headers.getKeyEncryptionAlgorithm();
-        if (providedAlgo != null && !providedAlgo.equals(algorithm)) {
-            LOG.warning("Invalid key encryption algorithm: " + providedAlgo);
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-        if (providedAlgo != null) {
-            checkAlgorithm(providedAlgo.getJwaName());
-        } else {
-            checkAlgorithm(algorithm.getJwaName());
-            headers.setKeyEncryptionAlgorithm(algorithm);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
deleted file mode 100644
index ee7a91f..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-
-public class AesCbcHmacJweDecryption extends JweDecryption {
-    private String supportedAlgo;
-    public AesCbcHmacJweDecryption(KeyDecryptionProvider keyDecryptionAlgo) {
-        this(keyDecryptionAlgo, null);
-    }
-    public AesCbcHmacJweDecryption(KeyDecryptionProvider keyDecryptionAlgo,
-                                   ContentAlgorithm supportedAlgo) {
-        super(keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm(supportedAlgo));
-        this.supportedAlgo = supportedAlgo == null ? null : supportedAlgo.getJwaName();
-    }
-    protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
-        validateAuthenticationTag(jweDecryptionInput, cek);
-        return super.doDecrypt(jweDecryptionInput, cek);
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        validateCekAlgorithm(algoJwt);
-        return AesCbcHmacJweEncryption.doGetActualCek(theCek, algoJwt);
-    }
-    protected void validateAuthenticationTag(JweDecryptionInput jweDecryptionInput, byte[] theCek) {
-        byte[] actualAuthTag = jweDecryptionInput.getAuthTag();
-        
-        final AesCbcHmacJweEncryption.MacState macState = 
-            AesCbcHmacJweEncryption.getInitializedMacState(theCek, 
-                                                           jweDecryptionInput.getInitVector(),
-                                                           jweDecryptionInput.getAad(),
-                                                           jweDecryptionInput.getJweHeaders(),
-                                                           jweDecryptionInput.getDecodedJsonHeaders());
-        macState.mac.update(jweDecryptionInput.getEncryptedContent());
-        byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
-        if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
-            LOG.warning("Invalid authentication tag");
-            throw new JweException(JweException.Error.CONTENT_DECRYPTION_FAILURE);
-        }
-        
-    }
-    private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-        implements ContentDecryptionProvider {
-        AesCbcContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
-            super(supportedAlgo);
-        }
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
-            return null;
-        }
-        @Override
-        public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
-            return cipher;
-        }
-    }
-    private String validateCekAlgorithm(String cekAlgo) {
-        if (!AlgorithmUtils.isAesCbcHmac(cekAlgo) 
-            || supportedAlgo != null && !supportedAlgo.equals(cekAlgo)) {
-            LOG.warning("Invalid content encryption algorithm");
-            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-        }
-        return cekAlgo;
-    }
-}


Mime
View raw message