cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [18/18] cxf git commit: Renaming jose module
Date Wed, 21 Oct 2015 13:27:58 GMT
Renaming jose module


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b33b7d7a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b33b7d7a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b33b7d7a

Branch: refs/heads/master
Commit: b33b7d7ab68f4002b4302a26e6fb339cd495765b
Parents: 07297f3
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 21 14:26:24 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 21 14:26:24 2015 +0100

----------------------------------------------------------------------
 rt/rs/security/jose-parent/jose-jaxrs/pom.xml   |  61 ++
 .../jose/jaxrs/AbstractJweDecryptingFilter.java |  62 ++
 .../jaxrs/AbstractJwsJsonReaderProvider.java    |  91 +++
 .../jaxrs/AbstractJwsJsonWriterProvider.java    |  86 +++
 .../jose/jaxrs/AbstractJwsReaderProvider.java   |  48 ++
 .../jose/jaxrs/AbstractJwsWriterProvider.java   |  58 ++
 .../jose/jaxrs/JsonWebKeysProvider.java         |  48 ++
 .../jose/jaxrs/JweClientResponseFilter.java     |  46 ++
 .../jose/jaxrs/JweContainerRequestFilter.java   |  50 ++
 .../jose/jaxrs/JweWriterInterceptor.java        | 133 ++++
 .../jose/jaxrs/JwsClientResponseFilter.java     |  53 ++
 .../jose/jaxrs/JwsContainerRequestFilter.java   |  61 ++
 .../jose/jaxrs/JwsJsonClientResponseFilter.java |  59 ++
 .../jaxrs/JwsJsonContainerRequestFilter.java    |  65 ++
 .../jose/jaxrs/JwsJsonWriterInterceptor.java    | 138 ++++
 .../jose/jaxrs/JwsWriterInterceptor.java        | 107 +++
 .../jaxrs/JwtAuthenticationClientFilter.java    | 109 +++
 .../jose/jaxrs/JwtAuthenticationFilter.java     | 135 ++++
 .../jose/jaxrs/JwtTokenSecurityContext.java     |  81 +++
 .../cxf/rs/security/jose/jaxrs/Priorities.java  |  34 +
 rt/rs/security/jose-parent/jose/pom.xml         |  63 ++
 .../jose/common/AbstractJoseConsumer.java       |  60 ++
 .../jose/common/AbstractJoseProducer.java       |  51 ++
 .../rs/security/jose/common/JoseConstants.java  | 229 +++++++
 .../rs/security/jose/common/JoseException.java  |  33 +
 .../rs/security/jose/common/JoseHeaders.java    | 179 +++++
 .../cxf/rs/security/jose/common/JoseType.java   |  43 ++
 .../cxf/rs/security/jose/common/JoseUtils.java  | 200 ++++++
 .../jose/common/KeyManagementUtils.java         | 366 ++++++++++
 .../jose/common/PrivateKeyPasswordProvider.java |  25 +
 .../rs/security/jose/jwa/AlgorithmUtils.java    | 271 ++++++++
 .../rs/security/jose/jwa/ContentAlgorithm.java  |  70 ++
 .../cxf/rs/security/jose/jwa/KeyAlgorithm.java  |  78 +++
 .../security/jose/jwa/SignatureAlgorithm.java   |  92 +++
 .../jwe/AbstractContentEncryptionAlgorithm.java |  60 ++
 ...stractContentEncryptionCipherProperties.java |  51 ++
 .../jose/jwe/AbstractJweDecryption.java         | 113 ++++
 .../jose/jwe/AbstractJweEncryption.java         | 244 +++++++
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 105 +++
 .../jose/jwe/AesCbcHmacJweDecryption.java       |  91 +++
 .../jose/jwe/AesCbcHmacJweEncryption.java       | 175 +++++
 .../jwe/AesGcmContentDecryptionAlgorithm.java   |  41 ++
 .../jwe/AesGcmContentEncryptionAlgorithm.java   |  55 ++
 .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java   |  78 +++
 .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java   |  65 ++
 .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java |  59 ++
 .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java |  48 ++
 .../jose/jwe/AuthenticationTagProducer.java     |  24 +
 .../jose/jwe/ContentDecryptionProvider.java     |  24 +
 .../jwe/ContentEncryptionCipherProperties.java  |  30 +
 .../jose/jwe/ContentEncryptionProvider.java     |  26 +
 .../jose/jwe/DirectKeyDecryptionAlgorithm.java  |  56 ++
 .../jose/jwe/DirectKeyEncryptionAlgorithm.java  |  42 ++
 .../jose/jwe/DirectKeyJweDecryption.java        |  32 +
 .../jose/jwe/DirectKeyJweEncryption.java        |  27 +
 .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java  |  54 ++
 .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java  |  91 +++
 .../jose/jwe/EcdhDirectKeyJweDecryption.java    |  58 ++
 .../jose/jwe/EcdhDirectKeyJweEncryption.java    | 118 ++++
 .../security/jose/jwe/JweCompactConsumer.java   | 125 ++++
 .../security/jose/jwe/JweCompactProducer.java   | 129 ++++
 .../cxf/rs/security/jose/jwe/JweDecryption.java |  28 +
 .../security/jose/jwe/JweDecryptionInput.java   |  68 ++
 .../security/jose/jwe/JweDecryptionOutput.java  |  45 ++
 .../jose/jwe/JweDecryptionProvider.java         |  26 +
 .../cxf/rs/security/jose/jwe/JweEncryption.java |  29 +
 .../security/jose/jwe/JweEncryptionInput.java   |  90 +++
 .../security/jose/jwe/JweEncryptionOutput.java  |  78 +++
 .../jose/jwe/JweEncryptionProvider.java         |  33 +
 .../cxf/rs/security/jose/jwe/JweException.java  |  53 ++
 .../cxf/rs/security/jose/jwe/JweHeaders.java    | 118 ++++
 .../rs/security/jose/jwe/JweJsonConsumer.java   | 191 ++++++
 .../jose/jwe/JweJsonEncryptionEntry.java        |  60 ++
 .../rs/security/jose/jwe/JweJsonProducer.java   | 192 ++++++
 .../jose/jwe/JweJwtCompactConsumer.java         |  63 ++
 .../jose/jwe/JweJwtCompactProducer.java         |  60 ++
 .../rs/security/jose/jwe/JweKeyProperties.java  |  29 +
 .../rs/security/jose/jwe/JweOutputStream.java   | 148 ++++
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 671 +++++++++++++++++++
 .../jose/jwe/KeyDecryptionProvider.java         |  27 +
 .../jose/jwe/KeyEncryptionProvider.java         |  27 +
 .../PbesHmacAesWrapKeyDecryptionAlgorithm.java  |  77 +++
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  | 192 ++++++
 .../jose/jwe/RSAKeyDecryptionAlgorithm.java     |  47 ++
 .../jose/jwe/RSAKeyEncryptionAlgorithm.java     |  34 +
 .../jose/jwe/WrappedKeyDecryptionAlgorithm.java |  97 +++
 .../jose/jwk/DefaultJwkReaderWriter.java        |  49 ++
 .../cxf/rs/security/jose/jwk/JsonWebKey.java    | 180 +++++
 .../cxf/rs/security/jose/jwk/JsonWebKeys.java   | 130 ++++
 .../cxf/rs/security/jose/jwk/JwkException.java  |  35 +
 .../rs/security/jose/jwk/JwkReaderWriter.java   |  27 +
 .../cxf/rs/security/jose/jwk/JwkUtils.java      | 531 +++++++++++++++
 .../cxf/rs/security/jose/jwk/KeyOperation.java  |  46 ++
 .../cxf/rs/security/jose/jwk/KeyType.java       |  44 ++
 .../cxf/rs/security/jose/jwk/PublicKeyUse.java  |  46 ++
 .../jose/jws/AbstractJwsSignatureProvider.java  |  76 +++
 .../jose/jws/EcDsaJwsSignatureProvider.java     | 110 +++
 .../jose/jws/EcDsaJwsSignatureVerifier.java     |  81 +++
 .../jose/jws/HmacJwsSignatureProvider.java      |  76 +++
 .../jose/jws/HmacJwsSignatureVerifier.java      |  85 +++
 .../security/jose/jws/JwsCompactConsumer.java   | 149 ++++
 .../security/jose/jws/JwsCompactProducer.java   | 153 +++++
 .../cxf/rs/security/jose/jws/JwsException.java  |  49 ++
 .../cxf/rs/security/jose/jws/JwsHeaders.java    |  66 ++
 .../rs/security/jose/jws/JwsJsonConsumer.java   | 189 ++++++
 .../security/jose/jws/JwsJsonOutputStream.java  | 100 +++
 .../rs/security/jose/jws/JwsJsonProducer.java   | 212 ++++++
 .../jose/jws/JwsJsonSignatureEntry.java         | 163 +++++
 .../jose/jws/JwsJwtCompactConsumer.java         |  43 ++
 .../jose/jws/JwsJwtCompactProducer.java         |  44 ++
 .../rs/security/jose/jws/JwsOutputStream.java   |  59 ++
 .../cxf/rs/security/jose/jws/JwsSignature.java  |  25 +
 .../security/jose/jws/JwsSignatureProvider.java |  31 +
 .../security/jose/jws/JwsSignatureVerifier.java |  26 +
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 425 ++++++++++++
 .../jose/jws/NoneJwsSignatureProvider.java      |  55 ++
 .../jose/jws/NoneJwsSignatureVerifier.java      |  36 +
 .../jws/PrivateKeyJwsSignatureProvider.java     |  91 +++
 .../jose/jws/PublicKeyJwsSignatureVerifier.java |  81 +++
 .../jose/jwt/AbstractJoseJwtConsumer.java       | 106 +++
 .../jose/jwt/AbstractJoseJwtProducer.java       |  90 +++
 .../cxf/rs/security/jose/jwt/JwtClaims.java     | 102 +++
 .../cxf/rs/security/jose/jwt/JwtConstants.java  |  39 ++
 .../cxf/rs/security/jose/jwt/JwtException.java  |  35 +
 .../cxf/rs/security/jose/jwt/JwtToken.java      |  56 ++
 .../security/jose/jwt/JwtTokenReaderWriter.java |  55 ++
 .../cxf/rs/security/jose/jwt/JwtUtils.java      | 107 +++
 .../jose/cookbook/JwkJoseCookBookTest.java      | 187 ++++++
 .../jose/cookbook/JwsJoseCookBookTest.java      | 665 ++++++++++++++++++
 .../jose/cookbook/cookbookPrivateSet.txt        |  24 +
 .../jose/cookbook/cookbookPublicSet.txt         |  16 +
 .../jose/cookbook/cookbookSecretSet.txt         |  16 +
 .../jose/jwe/JweCompactReaderWriterTest.java    | 264 ++++++++
 .../security/jose/jwe/JweJsonConsumerTest.java  | 167 +++++
 .../security/jose/jwe/JweJsonProducerTest.java  | 310 +++++++++
 .../jose/jwe/JwePbeHmacAesWrapTest.java         |  77 +++
 .../rs/security/jose/jwk/JsonWebKeyTest.java    | 231 +++++++
 .../cxf/rs/security/jose/jwk/JwkUtilsTest.java  |  94 +++
 .../cxf/rs/security/jose/jwk/jwkPrivateSet.txt  |  23 +
 .../cxf/rs/security/jose/jwk/jwkPublicSet.txt   |  27 +
 .../cxf/rs/security/jose/jwk/jwkSecretSet.txt   |  13 +
 .../security/jose/jws/JwsCompactHeaderTest.java | 203 ++++++
 .../jose/jws/JwsCompactReaderWriterTest.java    | 307 +++++++++
 .../security/jose/jws/JwsJsonConsumerTest.java  |  89 +++
 .../security/jose/jws/JwsJsonProducerTest.java  | 126 ++++
 .../jose/jws/jwkPublicJsonConsumerSet.txt       |  18 +
 rt/rs/security/jose-parent/pom.xml              |  36 +
 rt/rs/security/jose/jose-core/pom.xml           |  63 --
 .../jose/common/AbstractJoseConsumer.java       |  60 --
 .../jose/common/AbstractJoseProducer.java       |  51 --
 .../rs/security/jose/common/JoseConstants.java  | 229 -------
 .../rs/security/jose/common/JoseException.java  |  33 -
 .../rs/security/jose/common/JoseHeaders.java    | 179 -----
 .../cxf/rs/security/jose/common/JoseType.java   |  43 --
 .../cxf/rs/security/jose/common/JoseUtils.java  | 200 ------
 .../jose/common/KeyManagementUtils.java         | 366 ----------
 .../jose/common/PrivateKeyPasswordProvider.java |  25 -
 .../rs/security/jose/jwa/AlgorithmUtils.java    | 271 --------
 .../rs/security/jose/jwa/ContentAlgorithm.java  |  70 --
 .../cxf/rs/security/jose/jwa/KeyAlgorithm.java  |  78 ---
 .../security/jose/jwa/SignatureAlgorithm.java   |  92 ---
 .../jwe/AbstractContentEncryptionAlgorithm.java |  60 --
 ...stractContentEncryptionCipherProperties.java |  51 --
 .../jose/jwe/AbstractJweDecryption.java         | 113 ----
 .../jose/jwe/AbstractJweEncryption.java         | 244 -------
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 105 ---
 .../jose/jwe/AesCbcHmacJweDecryption.java       |  91 ---
 .../jose/jwe/AesCbcHmacJweEncryption.java       | 175 -----
 .../jwe/AesGcmContentDecryptionAlgorithm.java   |  41 --
 .../jwe/AesGcmContentEncryptionAlgorithm.java   |  55 --
 .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java   |  78 ---
 .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java   |  65 --
 .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java |  59 --
 .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java |  48 --
 .../jose/jwe/AuthenticationTagProducer.java     |  24 -
 .../jose/jwe/ContentDecryptionProvider.java     |  24 -
 .../jwe/ContentEncryptionCipherProperties.java  |  30 -
 .../jose/jwe/ContentEncryptionProvider.java     |  26 -
 .../jose/jwe/DirectKeyDecryptionAlgorithm.java  |  56 --
 .../jose/jwe/DirectKeyEncryptionAlgorithm.java  |  42 --
 .../jose/jwe/DirectKeyJweDecryption.java        |  32 -
 .../jose/jwe/DirectKeyJweEncryption.java        |  27 -
 .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java  |  54 --
 .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java  |  91 ---
 .../jose/jwe/EcdhDirectKeyJweDecryption.java    |  58 --
 .../jose/jwe/EcdhDirectKeyJweEncryption.java    | 118 ----
 .../security/jose/jwe/JweCompactConsumer.java   | 125 ----
 .../security/jose/jwe/JweCompactProducer.java   | 129 ----
 .../cxf/rs/security/jose/jwe/JweDecryption.java |  28 -
 .../security/jose/jwe/JweDecryptionInput.java   |  68 --
 .../security/jose/jwe/JweDecryptionOutput.java  |  45 --
 .../jose/jwe/JweDecryptionProvider.java         |  26 -
 .../cxf/rs/security/jose/jwe/JweEncryption.java |  29 -
 .../security/jose/jwe/JweEncryptionInput.java   |  90 ---
 .../security/jose/jwe/JweEncryptionOutput.java  |  78 ---
 .../jose/jwe/JweEncryptionProvider.java         |  33 -
 .../cxf/rs/security/jose/jwe/JweException.java  |  53 --
 .../cxf/rs/security/jose/jwe/JweHeaders.java    | 118 ----
 .../rs/security/jose/jwe/JweJsonConsumer.java   | 191 ------
 .../jose/jwe/JweJsonEncryptionEntry.java        |  60 --
 .../rs/security/jose/jwe/JweJsonProducer.java   | 192 ------
 .../jose/jwe/JweJwtCompactConsumer.java         |  63 --
 .../jose/jwe/JweJwtCompactProducer.java         |  60 --
 .../rs/security/jose/jwe/JweKeyProperties.java  |  29 -
 .../rs/security/jose/jwe/JweOutputStream.java   | 148 ----
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 671 -------------------
 .../jose/jwe/KeyDecryptionProvider.java         |  27 -
 .../jose/jwe/KeyEncryptionProvider.java         |  27 -
 .../PbesHmacAesWrapKeyDecryptionAlgorithm.java  |  77 ---
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  | 192 ------
 .../jose/jwe/RSAKeyDecryptionAlgorithm.java     |  47 --
 .../jose/jwe/RSAKeyEncryptionAlgorithm.java     |  34 -
 .../jose/jwe/WrappedKeyDecryptionAlgorithm.java |  97 ---
 .../jose/jwk/DefaultJwkReaderWriter.java        |  49 --
 .../cxf/rs/security/jose/jwk/JsonWebKey.java    | 180 -----
 .../cxf/rs/security/jose/jwk/JsonWebKeys.java   | 130 ----
 .../cxf/rs/security/jose/jwk/JwkException.java  |  35 -
 .../rs/security/jose/jwk/JwkReaderWriter.java   |  27 -
 .../cxf/rs/security/jose/jwk/JwkUtils.java      | 531 ---------------
 .../cxf/rs/security/jose/jwk/KeyOperation.java  |  46 --
 .../cxf/rs/security/jose/jwk/KeyType.java       |  44 --
 .../cxf/rs/security/jose/jwk/PublicKeyUse.java  |  46 --
 .../jose/jws/AbstractJwsSignatureProvider.java  |  76 ---
 .../jose/jws/EcDsaJwsSignatureProvider.java     | 110 ---
 .../jose/jws/EcDsaJwsSignatureVerifier.java     |  81 ---
 .../jose/jws/HmacJwsSignatureProvider.java      |  76 ---
 .../jose/jws/HmacJwsSignatureVerifier.java      |  85 ---
 .../security/jose/jws/JwsCompactConsumer.java   | 149 ----
 .../security/jose/jws/JwsCompactProducer.java   | 153 -----
 .../cxf/rs/security/jose/jws/JwsException.java  |  49 --
 .../cxf/rs/security/jose/jws/JwsHeaders.java    |  66 --
 .../rs/security/jose/jws/JwsJsonConsumer.java   | 189 ------
 .../security/jose/jws/JwsJsonOutputStream.java  | 100 ---
 .../rs/security/jose/jws/JwsJsonProducer.java   | 212 ------
 .../jose/jws/JwsJsonSignatureEntry.java         | 163 -----
 .../jose/jws/JwsJwtCompactConsumer.java         |  43 --
 .../jose/jws/JwsJwtCompactProducer.java         |  44 --
 .../rs/security/jose/jws/JwsOutputStream.java   |  59 --
 .../cxf/rs/security/jose/jws/JwsSignature.java  |  25 -
 .../security/jose/jws/JwsSignatureProvider.java |  31 -
 .../security/jose/jws/JwsSignatureVerifier.java |  26 -
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 425 ------------
 .../jose/jws/NoneJwsSignatureProvider.java      |  55 --
 .../jose/jws/NoneJwsSignatureVerifier.java      |  36 -
 .../jws/PrivateKeyJwsSignatureProvider.java     |  91 ---
 .../jose/jws/PublicKeyJwsSignatureVerifier.java |  81 ---
 .../jose/jwt/AbstractJoseJwtConsumer.java       | 106 ---
 .../jose/jwt/AbstractJoseJwtProducer.java       |  90 ---
 .../cxf/rs/security/jose/jwt/JwtClaims.java     | 102 ---
 .../cxf/rs/security/jose/jwt/JwtConstants.java  |  39 --
 .../cxf/rs/security/jose/jwt/JwtException.java  |  35 -
 .../cxf/rs/security/jose/jwt/JwtToken.java      |  56 --
 .../security/jose/jwt/JwtTokenReaderWriter.java |  55 --
 .../cxf/rs/security/jose/jwt/JwtUtils.java      | 107 ---
 .../jose/cookbook/JwkJoseCookBookTest.java      | 187 ------
 .../jose/cookbook/JwsJoseCookBookTest.java      | 665 ------------------
 .../jose/cookbook/cookbookPrivateSet.txt        |  24 -
 .../jose/cookbook/cookbookPublicSet.txt         |  16 -
 .../jose/cookbook/cookbookSecretSet.txt         |  16 -
 .../jose/jwe/JweCompactReaderWriterTest.java    | 264 --------
 .../security/jose/jwe/JweJsonConsumerTest.java  | 167 -----
 .../security/jose/jwe/JweJsonProducerTest.java  | 310 ---------
 .../jose/jwe/JwePbeHmacAesWrapTest.java         |  77 ---
 .../rs/security/jose/jwk/JsonWebKeyTest.java    | 231 -------
 .../cxf/rs/security/jose/jwk/JwkUtilsTest.java  |  94 ---
 .../cxf/rs/security/jose/jwk/jwkPrivateSet.txt  |  23 -
 .../cxf/rs/security/jose/jwk/jwkPublicSet.txt   |  27 -
 .../cxf/rs/security/jose/jwk/jwkSecretSet.txt   |  13 -
 .../security/jose/jws/JwsCompactHeaderTest.java | 203 ------
 .../jose/jws/JwsCompactReaderWriterTest.java    | 307 ---------
 .../security/jose/jws/JwsJsonConsumerTest.java  |  89 ---
 .../security/jose/jws/JwsJsonProducerTest.java  | 126 ----
 .../jose/jws/jwkPublicJsonConsumerSet.txt       |  18 -
 rt/rs/security/jose/jose-jaxrs/pom.xml          |  61 --
 .../jose/jaxrs/AbstractJweDecryptingFilter.java |  62 --
 .../jaxrs/AbstractJwsJsonReaderProvider.java    |  91 ---
 .../jaxrs/AbstractJwsJsonWriterProvider.java    |  86 ---
 .../jose/jaxrs/AbstractJwsReaderProvider.java   |  48 --
 .../jose/jaxrs/AbstractJwsWriterProvider.java   |  58 --
 .../jose/jaxrs/JsonWebKeysProvider.java         |  48 --
 .../jose/jaxrs/JweClientResponseFilter.java     |  46 --
 .../jose/jaxrs/JweContainerRequestFilter.java   |  50 --
 .../jose/jaxrs/JweWriterInterceptor.java        | 133 ----
 .../jose/jaxrs/JwsClientResponseFilter.java     |  53 --
 .../jose/jaxrs/JwsContainerRequestFilter.java   |  61 --
 .../jose/jaxrs/JwsJsonClientResponseFilter.java |  59 --
 .../jaxrs/JwsJsonContainerRequestFilter.java    |  65 --
 .../jose/jaxrs/JwsJsonWriterInterceptor.java    | 138 ----
 .../jose/jaxrs/JwsWriterInterceptor.java        | 107 ---
 .../jaxrs/JwtAuthenticationClientFilter.java    | 109 ---
 .../jose/jaxrs/JwtAuthenticationFilter.java     | 135 ----
 .../jose/jaxrs/JwtTokenSecurityContext.java     |  81 ---
 .../cxf/rs/security/jose/jaxrs/Priorities.java  |  34 -
 rt/rs/security/jose/pom.xml                     |  36 -
 rt/rs/security/pom.xml                          |   2 +-
 295 files changed, 14786 insertions(+), 14786 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/pom.xml
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/pom.xml b/rt/rs/security/jose-parent/jose-jaxrs/pom.xml
new file mode 100644
index 0000000..241d30a
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
+    <packaging>bundle</packaging>
+    <name>Apache CXF Runtime JOSE JAX-RS</name>
+    <description>Apache CXF Runtime JOSE JAX-RS</description>
+    <url>http://cxf.apache.org</url>
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>3.1.4-SNAPSHOT</version>
+        <relativePath>../../../../../parent/pom.xml</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-security</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-jose</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <!--test dependencies-->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
new file mode 100644
index 0000000..0d7d915
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+
+public class AbstractJweDecryptingFilter {
+    private JweDecryptionProvider decryption;
+    private String defaultMediaType;
+    protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
+        JweCompactConsumer jwe = new JweCompactConsumer(new String(IOUtils.readBytesFromStream(is), "UTF-8"));
+        JweDecryptionProvider theDecryptor = getInitializedDecryptionProvider(jwe.getJweHeaders());
+        JweDecryptionOutput out = new JweDecryptionOutput(jwe.getJweHeaders(), jwe.getDecryptedContent(theDecryptor));
+        validateHeaders(out.getHeaders());
+        return out;
+    }
+
+    protected void validateHeaders(JweHeaders headers) {
+        // complete
+    }
+    public void setDecryptionProvider(JweDecryptionProvider decryptor) {
+        this.decryption = decryptor;
+    }
+    protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
+        if (decryption != null) {
+            return decryption;    
+        } 
+        return JweUtils.loadDecryptionProvider(headers, true);
+    }
+    public String getDefaultMediaType() {
+        return defaultMediaType;
+    }
+
+    public void setDefaultMediaType(String defaultMediaType) {
+        this.defaultMediaType = defaultMediaType;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
new file mode 100644
index 0000000..094991e
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonReaderProvider.java
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsException;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+
+public class AbstractJwsJsonReaderProvider {
+    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJwsJsonReaderProvider.class);
+    private static final String RSSEC_SIGNATURE_IN_LIST_PROPS = "rs.security.signature.in.list.properties";
+    private static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties";
+    
+    private List<JwsSignatureVerifier> sigVerifiers;
+    private String defaultMediaType;
+    private boolean strictVerification;
+    
+    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
+        setSignatureVerifiers(Collections.singletonList(signatureVerifier));
+    }
+    public void setSignatureVerifiers(List<JwsSignatureVerifier> signatureVerifiers) {
+        this.sigVerifiers = signatureVerifiers;
+    }
+
+    protected List<JwsSignatureVerifier> getInitializedSigVerifiers() {
+        if (sigVerifiers != null) {
+            return sigVerifiers;    
+        }
+        Message m = JAXRSUtils.getCurrentMessage();
+        Object propLocsProp = 
+            MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_LIST_PROPS, RSSEC_SIGNATURE_LIST_PROPS);
+        if (propLocsProp == null) {
+            LOG.warning("JWS JSON init properties resource is not identified");
+            throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
+        }
+        List<String> propLocs = null;
+        if (propLocsProp instanceof String) { 
+            String[] props = ((String)propLocsProp).split(",");
+            propLocs = Arrays.asList(props);
+        } else {
+            propLocs = CastUtils.cast((List<?>)propLocsProp);
+        }
+        List<JwsSignatureVerifier> theSigVerifiers = new LinkedList<JwsSignatureVerifier>();
+        for (String propLoc : propLocs) {
+            theSigVerifiers.addAll(JwsUtils.loadSignatureVerifiers(propLoc, m));
+        }
+        return theSigVerifiers;
+    }
+
+    public String getDefaultMediaType() {
+        return defaultMediaType;
+    }
+
+    public void setDefaultMediaType(String defaultMediaType) {
+        this.defaultMediaType = defaultMediaType;
+    }
+    public boolean isStrictVerification() {
+        return strictVerification;
+    }
+    public void setStrictVerification(boolean strictVerification) {
+        this.strictVerification = strictVerification;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
new file mode 100644
index 0000000..d5068e2
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsException;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+
+public class AbstractJwsJsonWriterProvider {
+    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJwsJsonWriterProvider.class);
+    private static final String RSSEC_SIGNATURE_OUT_LIST_PROPS = "rs.security.signature.out.list.properties";
+    private static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties";
+    
+    private List<JwsSignatureProvider> sigProviders;
+    
+    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+        setSignatureProviders(Collections.singletonList(signatureProvider));
+    }
+    public void setSignatureProviders(List<JwsSignatureProvider> signatureProviders) {
+        this.sigProviders = signatureProviders;
+    }
+    
+    protected List<JwsSignatureProvider> getInitializedSigProviders() {
+        if (sigProviders != null) {
+            return sigProviders;    
+        } 
+        Message m = JAXRSUtils.getCurrentMessage();
+        Object propLocsProp = 
+            MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_LIST_PROPS, RSSEC_SIGNATURE_LIST_PROPS);
+        if (propLocsProp == null) {
+            LOG.warning("JWS JSON init properties resource is not identified");
+            throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
+        }
+        List<String> propLocs = null;
+        if (propLocsProp instanceof String) {
+            String[] props = ((String)propLocsProp).split(",");
+            propLocs = Arrays.asList(props);
+        } else {
+            propLocs = CastUtils.cast((List<?>)propLocsProp);
+        }
+        List<JwsSignatureProvider> theSigProviders = new LinkedList<JwsSignatureProvider>();
+        for (String propLoc : propLocs) {
+            theSigProviders.addAll(JwsUtils.loadSignatureProviders(propLoc, m));
+        }
+        return theSigProviders;
+    }
+    protected void writeJws(JwsJsonProducer p, OutputStream os) 
+        throws IOException {
+        byte[] bytes = StringUtils.toBytesUTF8(p.getJwsJsonSignedDocument());
+        IOUtils.copy(new ByteArrayInputStream(bytes), os);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
new file mode 100644
index 0000000..0e8b0d0
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+
+public class AbstractJwsReaderProvider {
+    private JwsSignatureVerifier sigVerifier;
+    private String defaultMediaType;
+    
+    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
+        this.sigVerifier = signatureVerifier;
+    }
+
+    protected JwsSignatureVerifier getInitializedSigVerifier(JwsHeaders headers) {
+        if (sigVerifier != null) {
+            return sigVerifier;    
+        } 
+        return JwsUtils.loadSignatureVerifier(headers, true);
+    }
+
+    public String getDefaultMediaType() {
+        return defaultMediaType;
+    }
+
+    public void setDefaultMediaType(String defaultMediaType) {
+        this.defaultMediaType = defaultMediaType;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
new file mode 100644
index 0000000..7aef6d1
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.jose.common.JoseHeaders;
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+
+public class AbstractJwsWriterProvider {
+    private JwsSignatureProvider sigProvider;
+    
+    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+        this.sigProvider = signatureProvider;
+    }
+    
+    protected JwsSignatureProvider getInitializedSigProvider(JwsHeaders headers) {
+        setRequestContextProperty(headers);
+        if (sigProvider != null) {
+            return sigProvider;    
+        } 
+        return JwsUtils.loadSignatureProvider(headers, true); 
+    }
+    protected void setRequestContextProperty(JoseHeaders headers) {    
+        JoseUtils.setJoseContextProperty(headers);
+    }
+    protected void writeJws(JwsCompactProducer p, JwsSignatureProvider theSigProvider, OutputStream os) 
+        throws IOException {
+        p.signWith(theSigProvider);
+        byte[] bytes = StringUtils.toBytesUTF8(p.getSignedEncodedJws());
+        IOUtils.copy(new ByteArrayInputStream(bytes), os);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JsonWebKeysProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JsonWebKeysProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JsonWebKeysProvider.java
new file mode 100644
index 0000000..a877925
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JsonWebKeysProvider.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Type;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.ext.MessageBodyReader;
+
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
+import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+
+public class JsonWebKeysProvider implements MessageBodyReader<JsonWebKeys> {
+    
+    @Override
+    public boolean isReadable(Class<?> cls, Type type, Annotation[] anns, MediaType mt) {
+        return cls == JsonWebKeys.class;
+    }
+
+    @Override
+    public JsonWebKeys readFrom(Class<JsonWebKeys> cls, Type t, Annotation[] anns, MediaType mt,
+                             MultivaluedMap<String, String> headers, InputStream is) throws IOException,
+        WebApplicationException {
+        return JwkUtils.readJwkSet(is);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
new file mode 100644
index 0000000..176973b
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweClientResponseFilter.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientResponseContext;
+import javax.ws.rs.client.ClientResponseFilter;
+
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+
+@Priority(Priorities.JWE_CLIENT_READ_PRIORITY)
+public class JweClientResponseFilter extends AbstractJweDecryptingFilter implements ClientResponseFilter {
+    @Override
+    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+        JweDecryptionOutput out = decrypt(res.getEntityStream());
+        byte[] bytes = out.getContent();
+        res.setEntityStream(new ByteArrayInputStream(bytes));
+        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            res.getHeaders().putSingle("Content-Type", ct);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
new file mode 100644
index 0000000..9f0d831
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweContainerRequestFilter.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.PreMatching;
+
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+
+@PreMatching
+@Priority(Priorities.JWE_SERVER_READ_PRIORITY)
+public class JweContainerRequestFilter extends AbstractJweDecryptingFilter implements ContainerRequestFilter {
+    @Override
+    public void filter(ContainerRequestContext context) throws IOException {
+        if (HttpMethod.GET.equals(context.getMethod())) {
+            return;
+        }
+        JweDecryptionOutput out = decrypt(context.getEntityStream());
+        byte[] bytes = out.getContent();
+        context.setEntityStream(new ByteArrayInputStream(bytes));
+        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            context.getHeaders().putSingle("Content-Type", ct);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
new file mode 100644
index 0000000..e4e0e33
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.logging.Logger;
+import java.util.zip.DeflaterOutputStream;
+
+import javax.annotation.Priority;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.ext.WriterInterceptor;
+import javax.ws.rs.ext.WriterInterceptorContext;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.io.CachedOutputStream;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweException;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+
+@Priority(Priorities.JWE_WRITE_PRIORITY)
+public class JweWriterInterceptor implements WriterInterceptor {
+    protected static final Logger LOG = LogUtils.getL7dLogger(JweWriterInterceptor.class);
+    private JweEncryptionProvider encryptionProvider;
+    private boolean contentTypeRequired = true;
+    private boolean useJweOutputStream;
+    @Override
+    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
+        if (ctx.getEntity() == null) {
+            ctx.proceed();
+            return;
+        }
+        OutputStream actualOs = ctx.getOutputStream();
+        JweHeaders jweHeaders = new JweHeaders();
+        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider(jweHeaders);
+        
+        String ctString = null;
+        MediaType contentMediaType = ctx.getMediaType();
+        if (contentTypeRequired && contentMediaType != null) {
+            if ("application".equals(contentMediaType.getType())) {
+                ctString = contentMediaType.getSubtype();
+            } else {
+                ctString = JAXRSUtils.mediaTypeToString(contentMediaType);
+            }
+        }
+        if (ctString != null) {
+            jweHeaders.setContentType(ctString);
+        }
+        
+        if (useJweOutputStream) {
+            JweEncryptionOutput encryption = 
+                theEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders));
+            try {
+                JweCompactProducer.startJweContent(actualOs,
+                                                   encryption.getHeaders(), 
+                                                   encryption.getContentEncryptionKey(), 
+                                                   encryption.getIv());
+            } catch (IOException ex) {
+                LOG.warning("JWE encryption error");
+                throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
+            }
+            OutputStream wrappedStream = null;
+            JweOutputStream jweOutputStream = new JweOutputStream(actualOs, encryption.getCipher(), 
+                                                         encryption.getAuthTagProducer());
+            wrappedStream = jweOutputStream;
+            if (encryption.isCompressionSupported()) {
+                wrappedStream = new DeflaterOutputStream(jweOutputStream);
+            }
+            
+            ctx.setOutputStream(wrappedStream);
+            ctx.proceed();
+            setJoseMediaType(ctx);
+            jweOutputStream.finalFlush();
+        } else {
+            CachedOutputStream cos = new CachedOutputStream(); 
+            ctx.setOutputStream(cos);
+            ctx.proceed();
+            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), jweHeaders);
+            setJoseMediaType(ctx);
+            IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), 
+                         actualOs);
+            actualOs.flush();
+        }
+    }
+    
+    private void setJoseMediaType(WriterInterceptorContext ctx) {
+        MediaType joseMediaType = JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE);
+        ctx.setMediaType(joseMediaType);
+    }
+    
+    protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders headers) {
+        if (encryptionProvider != null) {
+            return encryptionProvider;    
+        } 
+        return JweUtils.loadEncryptionProvider(headers, true);
+    }
+    
+    public void setUseJweOutputStream(boolean useJweOutputStream) {
+        this.useJweOutputStream = useJweOutputStream;
+    }
+
+    public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
+        this.encryptionProvider = encryptionProvider;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
new file mode 100644
index 0000000..bf9bbba
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientResponseContext;
+import javax.ws.rs.client.ClientResponseFilter;
+
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsException;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+
+@Priority(Priorities.JWS_CLIENT_READ_PRIORITY)
+public class JwsClientResponseFilter extends AbstractJwsReaderProvider implements ClientResponseFilter {
+    @Override
+    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
+        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
+        if (!p.verifySignatureWith(theSigVerifier)) {
+            throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
+        }
+        byte[] bytes = p.getDecodedJwsPayloadBytes();
+        res.setEntityStream(new ByteArrayInputStream(bytes));
+        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            res.getHeaders().putSingle("Content-Type", ct);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
new file mode 100644
index 0000000..ab2698f
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.PreMatching;
+
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+
+@PreMatching
+@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
+public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter {
+    @Override
+    public void filter(ContainerRequestContext context) throws IOException {
+        if (HttpMethod.GET.equals(context.getMethod())) {
+            return;
+        }
+        JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
+        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
+        if (!p.verifySignatureWith(theSigVerifier)) {
+            context.abortWith(JAXRSUtils.toResponse(400));
+            return;
+        }
+        JoseUtils.validateRequestContextProperty(p.getJwsHeaders());
+        byte[] bytes = p.getDecodedJwsPayloadBytes();
+        context.setEntityStream(new ByteArrayInputStream(bytes));
+        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        
+        String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            context.getHeaders().putSingle("Content-Type", ct);
+        }
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
new file mode 100644
index 0000000..b9550e4
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonClientResponseFilter.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.List;
+
+import javax.annotation.Priority;
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientResponseContext;
+import javax.ws.rs.client.ClientResponseFilter;
+
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsException;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+
+@Priority(Priorities.JWS_CLIENT_READ_PRIORITY)
+public class JwsJsonClientResponseFilter extends AbstractJwsJsonReaderProvider implements ClientResponseFilter {
+    @Override
+    public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
+        List<JwsSignatureVerifier> theSigVerifiers = getInitializedSigVerifiers();
+        JwsJsonConsumer p = new JwsJsonConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
+        if (isStrictVerification() && p.getSignatureEntries().size() != theSigVerifiers.size()
+            || !p.verifySignatureWith(theSigVerifiers)) {
+            throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
+        }
+        byte[] bytes = p.getDecodedJwsPayloadBytes();
+        res.setEntityStream(new ByteArrayInputStream(bytes));
+        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        
+        // the list is guaranteed to be non-empty
+        JwsJsonSignatureEntry sigEntry = p.getSignatureEntries().get(0);
+        String ct = JoseUtils.checkContentType(sigEntry.getUnionHeader().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            res.getHeaders().putSingle("Content-Type", ct);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
new file mode 100644
index 0000000..d35ec19
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.List;
+
+import javax.annotation.Priority;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.PreMatching;
+
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+
+@PreMatching
+@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
+public class JwsJsonContainerRequestFilter extends AbstractJwsJsonReaderProvider implements ContainerRequestFilter {
+    @Override
+    public void filter(ContainerRequestContext context) throws IOException {
+        if (HttpMethod.GET.equals(context.getMethod())) {
+            return;
+        }
+        List<JwsSignatureVerifier> theSigVerifiers = getInitializedSigVerifiers();
+        JwsJsonConsumer p = new JwsJsonConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
+        
+        if (isStrictVerification() && p.getSignatureEntries().size() != theSigVerifiers.size() 
+            || !p.verifySignatureWith(theSigVerifiers)) {
+            context.abortWith(JAXRSUtils.toResponse(400));
+            return;
+        }
+        byte[] bytes = p.getDecodedJwsPayloadBytes();
+        context.setEntityStream(new ByteArrayInputStream(bytes));
+        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        
+        // the list is guaranteed to be non-empty
+        JwsJsonSignatureEntry sigEntry = p.getSignatureEntries().get(0);
+        String ct = JoseUtils.checkContentType(sigEntry.getUnionHeader().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            context.getHeaders().putSingle("Content-Type", ct);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
new file mode 100644
index 0000000..9522b9b
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.annotation.Priority;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.ext.WriterInterceptor;
+import javax.ws.rs.ext.WriterInterceptorContext;
+
+import org.apache.cxf.common.util.Base64UrlOutputStream;
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.io.CachedOutputStream;
+import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.common.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream;
+import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignature;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+
+@Priority(Priorities.JWS_WRITE_PRIORITY)
+public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider implements WriterInterceptor {
+    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
+    private boolean contentTypeRequired = true;
+    private boolean useJwsOutputStream;
+    private boolean encodePayload = true;
+    @Override
+    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
+        if (ctx.getEntity() == null) {
+            ctx.proceed();
+            return;
+        }
+        List<JwsSignatureProvider> sigProviders = getInitializedSigProviders();
+        OutputStream actualOs = ctx.getOutputStream();
+        if (useJwsOutputStream) {
+            List<String> protectedHeaders = new ArrayList<String>(sigProviders.size());
+            List<JwsSignature> signatures = new ArrayList<JwsSignature>(sigProviders.size());
+            for (JwsSignatureProvider signer : sigProviders) {
+                JwsHeaders protectedHeader = prepareProtectedHeader(ctx, signer);
+                String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
+                protectedHeaders.add(encoded);
+                JwsSignature signature = signer.createJwsSignature(protectedHeader);
+                byte[] start = StringUtils.toBytesUTF8(encoded + ".");
+                signature.update(start, 0, start.length);
+                signatures.add(signature);
+            }    
+            ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
+            actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
+            JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, protectedHeaders, signatures);
+            
+            Base64UrlOutputStream base64Stream = null;
+            if (encodePayload) {
+                base64Stream = new Base64UrlOutputStream(jwsStream);
+                ctx.setOutputStream(base64Stream);
+            } else {
+                ctx.setOutputStream(jwsStream);
+            }
+            ctx.proceed();
+            if (encodePayload) {
+                base64Stream.flush();
+            }
+            jwsStream.flush();
+        } else {
+            CachedOutputStream cos = new CachedOutputStream(); 
+            ctx.setOutputStream(cos);
+            ctx.proceed();
+            JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), "UTF-8"));
+            for (JwsSignatureProvider signer : sigProviders) {
+                JwsHeaders protectedHeader = prepareProtectedHeader(ctx, signer);
+                p.signWith(signer, protectedHeader, null);    
+            }
+            ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
+            writeJws(p, actualOs);
+        }
+        
+    }
+    
+    private JwsHeaders prepareProtectedHeader(WriterInterceptorContext ctx, 
+                                              JwsSignatureProvider signer) {
+        JwsHeaders headers = new JwsHeaders();
+        headers.setSignatureAlgorithm(signer.getAlgorithm());
+        setContentTypeIfNeeded(headers, ctx);
+        if (!encodePayload) {
+            headers.setPayloadEncodingStatus(false);
+        }
+        return headers;
+    }
+    
+    public void setContentTypeRequired(boolean contentTypeRequired) {
+        this.contentTypeRequired = contentTypeRequired;
+    }
+    public void setUseJwsJsonOutputStream(boolean useJwsJsonOutputStream) {
+        this.useJwsOutputStream = useJwsJsonOutputStream;
+    }
+    private void setContentTypeIfNeeded(JoseHeaders headers, WriterInterceptorContext ctx) {    
+        if (contentTypeRequired) {
+            MediaType mt = ctx.getMediaType();
+            if (mt != null 
+                && !JAXRSUtils.mediaTypeToString(mt).equals(JoseConstants.MEDIA_TYPE_JOSE_JSON)) {
+                if ("application".equals(mt.getType())) {
+                    headers.setContentType(mt.getSubtype());
+                } else {
+                    headers.setContentType(JAXRSUtils.mediaTypeToString(mt));
+                }
+            }
+        }
+    }
+
+    public void setEncodePayload(boolean encodePayload) {
+        this.encodePayload = encodePayload;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
new file mode 100644
index 0000000..1104a2d
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.annotation.Priority;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.ext.WriterInterceptor;
+import javax.ws.rs.ext.WriterInterceptorContext;
+
+import org.apache.cxf.common.util.Base64UrlOutputStream;
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.io.CachedOutputStream;
+import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.common.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsOutputStream;
+import org.apache.cxf.rs.security.jose.jws.JwsSignature;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+
+@Priority(Priorities.JWS_WRITE_PRIORITY)
+public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor {
+    private boolean contentTypeRequired = true;
+    private boolean useJwsOutputStream;
+    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
+    @Override
+    public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
+        if (ctx.getEntity() == null) {
+            ctx.proceed();
+            return;
+        }
+        JwsHeaders headers = new JwsHeaders();
+        JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
+        setContentTypeIfNeeded(headers, ctx);
+        OutputStream actualOs = ctx.getOutputStream();
+        if (useJwsOutputStream) {
+            JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
+            JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature);
+            byte[] headerBytes = StringUtils.toBytesUTF8(writer.toJson(headers));
+            Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
+            jwsStream.write(new byte[]{'.'});
+                        
+            Base64UrlOutputStream base64Stream = new Base64UrlOutputStream(jwsStream);
+            ctx.setOutputStream(base64Stream);
+            ctx.proceed();
+            setJoseMediaType(ctx);
+            base64Stream.flush();
+            jwsStream.flush();
+        } else {
+            CachedOutputStream cos = new CachedOutputStream(); 
+            ctx.setOutputStream(cos);
+            ctx.proceed();
+            JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), "UTF-8"));
+            setJoseMediaType(ctx);
+            writeJws(p, sigProvider, actualOs);
+        }
+    }
+    
+    public void setContentTypeRequired(boolean contentTypeRequired) {
+        this.contentTypeRequired = contentTypeRequired;
+    }
+    
+    public void setUseJwsOutputStream(boolean useJwsOutputStream) {
+        this.useJwsOutputStream = useJwsOutputStream;
+    }
+    private void setContentTypeIfNeeded(JoseHeaders headers, WriterInterceptorContext ctx) {    
+        if (contentTypeRequired) {
+            MediaType mt = ctx.getMediaType();
+            if (mt != null 
+                && !JAXRSUtils.mediaTypeToString(mt).equals(JoseConstants.MEDIA_TYPE_JOSE)) {
+                if ("application".equals(mt.getType())) {
+                    headers.setContentType(mt.getSubtype());
+                } else {
+                    headers.setContentType(JAXRSUtils.mediaTypeToString(mt));
+                }
+            }
+        }
+    }
+    
+    private void setJoseMediaType(WriterInterceptorContext ctx) {
+        MediaType joseMediaType = JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE);
+        ctx.setMediaType(joseMediaType);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b33b7d7a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
new file mode 100644
index 0000000..8fd87ab
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -0,0 +1,109 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.Priorities;
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientRequestFilter;
+import javax.ws.rs.core.HttpHeaders;
+
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.rs.security.jose.common.JoseException;
+import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+
+@Priority(Priorities.AUTHENTICATION)
+public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer 
+    implements ClientRequestFilter {
+
+    private static final String DEFAULT_AUTH_SCHEME = "JWT";
+    private String authScheme = DEFAULT_AUTH_SCHEME;
+    @Override
+    public void filter(ClientRequestContext requestContext) throws IOException {
+        JwtToken jwt = getJwtToken(requestContext);
+        if (jwt == null && super.isJweRequired()) {
+            AuthorizationPolicy ap = JAXRSUtils.getCurrentMessage().getExchange()
+                .getEndpoint().getEndpointInfo().getExtensor(AuthorizationPolicy.class);
+            if (ap != null && ap.getUserName() != null) {
+                JwtClaims claims = new JwtClaims();
+                claims.setSubject(ap.getUserName());
+                claims.setClaim("password", ap.getPassword());
+                claims.setIssuedAt(System.currentTimeMillis() / 1000L);
+                jwt = new JwtToken(new JweHeaders(), claims);
+            }
+        }
+        if (jwt == null) {
+            throw new JoseException("JWT token is not available");
+        }
+        JoseUtils.setJoseMessageContextProperty(jwt.getHeaders(),
+                                                getContextPropertyValue());
+        String data = super.processJwt(jwt);
+        requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, 
+                                              authScheme + " " + data);
+    }
+    
+    protected JwtToken getJwtToken(ClientRequestContext requestContext) {
+        // Try the filter properties first, then the message properties
+        JwtToken token = (JwtToken)requestContext.getProperty(JwtConstants.JWT_TOKEN);
+        if (token == null) {
+            Message m = PhaseInterceptorChain.getCurrentMessage();
+            token = (JwtToken)m.getContextualProperty(JwtConstants.JWT_TOKEN);
+        }
+        
+        if (token != null) {
+            return token;
+        }
+        
+        // Otherwise check to see if we have some claims + construct the header ourselves
+        JwtClaims claims = (JwtClaims)requestContext.getProperty(JwtConstants.JWT_CLAIMS);
+        if (claims == null) {
+            Message m = PhaseInterceptorChain.getCurrentMessage();
+            claims = (JwtClaims)m.getContextualProperty(JwtConstants.JWT_CLAIMS);
+        }
+        
+        if (claims != null) {
+            token = new JwtToken(claims);
+        }
+        
+        return token;
+    }
+    
+    protected String getContextPropertyValue() {
+        return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(16));
+    }
+    
+    public void setAuthScheme(String authScheme) {
+        this.authScheme = authScheme;
+    }
+    
+    
+    
+}


Mime
View raw message