cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [03/22] cxf git commit: Splitting current jose module into jose-core + jose-jaxrs
Date Tue, 13 Oct 2015 10:34:56 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
deleted file mode 100644
index e959e6e..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ /dev/null
@@ -1,396 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Properties;
-import java.util.logging.Logger;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.jose.jwk.KeyOperation;
-import org.apache.cxf.rs.security.jose.jwk.KeyType;
-
-public final class JwsUtils {
-    private static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class);
-    private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
-    private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
-    private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
-    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    private static final String RSSEC_REPORT_KEY_PROP = "rs.security.jws.report.public.key";
-    private static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.jws.report.public.key.id";
-    private JwsUtils() {
-        
-    }
-    public static String sign(PrivateKey key, SignatureAlgorithm algo, String content) {
-        return sign(key, algo, content, null);
-    }
-    
-    
-    public static String sign(PrivateKey key, SignatureAlgorithm algo, String content, String ct) {
-        return sign(getPrivateKeySignatureProvider(key, algo), content, ct);
-    }
-    public static String sign(byte[] key, SignatureAlgorithm algo, String content) {
-        return sign(key, algo, content, null);
-    }
-    public static String sign(byte[] key, SignatureAlgorithm algo, String content, String ct) {
-        return sign(getHmacSignatureProvider(key, algo), content, ct);
-    }
-    public static String verify(PublicKey key, SignatureAlgorithm algo, String content) {
-        JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content);
-        return jws.getDecodedJwsPayload();
-    }
-    public static String verify(byte[] key, SignatureAlgorithm algo, String content) {
-        JwsCompactConsumer jws = verify(getHmacSignatureVerifier(key, algo), content);
-        return jws.getDecodedJwsPayload();
-    }
-    public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) {
-        return getSignatureProvider(jwk, null);
-    }
-    public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, 
-                                                            SignatureAlgorithm defaultAlgorithm) {
-        SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm 
-            : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
-        JwsSignatureProvider theSigProvider = null;
-        KeyType keyType = jwk.getKeyType();
-        if (KeyType.RSA == keyType) {
-            theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
-                                                            sigAlgo);
-        } else if (KeyType.OCTET == keyType) { 
-            byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-            theSigProvider = getHmacSignatureProvider(key, sigAlgo);
-        } else if (KeyType.EC == jwk.getKeyType()) {
-            theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk),
-                                                            sigAlgo);
-        }
-        return theSigProvider;
-    }
-    public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, SignatureAlgorithm algo) {
-        if (algo == null) {
-            LOG.warning("No signature algorithm was defined");
-            throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
-        }
-        if (key instanceof ECPrivateKey) {
-            return new EcDsaJwsSignatureProvider((ECPrivateKey)key, algo);
-        } else if (key instanceof RSAPrivateKey) {
-            return new PrivateKeyJwsSignatureProvider(key, algo);
-        }
-        
-        return null;
-    }
-    public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, SignatureAlgorithm algo) {
-        if (algo == null) {
-            LOG.warning("No signature algorithm was defined");
-            throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
-        }
-        if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
-            return new HmacJwsSignatureProvider(key, algo);
-        }
-        return null;
-    }
-    public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) {
-        return getSignatureVerifier(jwk, null);
-    }
-    public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, SignatureAlgorithm defaultAlgorithm) {
-        SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm 
-            : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
-        JwsSignatureVerifier theVerifier = null;
-        KeyType keyType = jwk.getKeyType();
-        if (KeyType.RSA == keyType) {
-            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), sigAlgo);
-        } else if (KeyType.OCTET == keyType) { 
-            byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-            theVerifier = getHmacSignatureVerifier(key, sigAlgo);
-        } else if (KeyType.EC == keyType) {
-            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), sigAlgo);
-        }
-        return theVerifier;
-    }
-    public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, SignatureAlgorithm algo) {
-        return getPublicKeySignatureVerifier(cert.getPublicKey(), algo);
-    }
-    public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, SignatureAlgorithm algo) {
-        if (algo == null) {
-            LOG.warning("No signature algorithm was defined");
-            throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
-        }
-        
-        if (key instanceof RSAPublicKey) {
-            return new PublicKeyJwsSignatureVerifier(key, algo);
-        } else if (key instanceof ECPublicKey) {
-            return new EcDsaJwsSignatureVerifier(key, algo);
-        }
-        
-        return null;
-    }
-    public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, SignatureAlgorithm algo) {
-        if (algo == null) {
-            LOG.warning("No signature algorithm was defined");
-            throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
-        }
-        
-        if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
-            return new HmacJwsSignatureVerifier(key, algo);
-        }
-        return null;
-    }
-    public static MultivaluedMap<SignatureAlgorithm, JwsJsonSignatureEntry> getJwsJsonSignatureMap(
-        List<JwsJsonSignatureEntry> signatures) {
-        MultivaluedMap<SignatureAlgorithm, JwsJsonSignatureEntry> map = 
-            new MetadataMap<SignatureAlgorithm, JwsJsonSignatureEntry>();
-        for (JwsJsonSignatureEntry entry : signatures) {
-            map.add(entry.getUnionHeader().getSignatureAlgorithm(), entry);
-        }
-        return map;
-    }
-    public static JwsSignatureProvider loadSignatureProvider(boolean required) {
-        return loadSignatureProvider(null, required);    
-    }
-    public static JwsSignatureProvider loadSignatureProvider(JwsHeaders headers, boolean required) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
-                                                                  RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS);
-        if (props == null) {
-            return null;
-        }
-        JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, headers, false);
-        if (headers != null) {
-            headers.setSignatureAlgorithm(theSigProvider.getAlgorithm());
-        }
-        return theSigProvider;
-    }
-    public static JwsSignatureVerifier loadSignatureVerifier(boolean required) {
-        return loadSignatureVerifier(null, required);
-    }
-    public static JwsSignatureVerifier loadSignatureVerifier(JwsHeaders headers, boolean required) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
-                                                                  RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS);
-        if (props == null) {
-            return null;
-        }
-        return loadSignatureVerifier(m, props, headers, false);
-    }
-    public static List<JwsSignatureProvider> loadSignatureProviders(String propLoc, Message m) {
-        Properties props = loadJwsProperties(m, propLoc);
-        JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, null, true);
-        if (theSigProvider != null) {
-            return Collections.singletonList(theSigProvider);
-        }
-        List<JwsSignatureProvider> theSigProviders = null; 
-        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-            List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN);
-            if (jwks != null) {
-                theSigProviders = new ArrayList<JwsSignatureProvider>(jwks.size());
-                for (JsonWebKey jwk : jwks) {
-                    theSigProviders.add(JwsUtils.getSignatureProvider(jwk));
-                }
-            }
-        }
-        if (theSigProviders == null) {
-            LOG.warning("Providers are not available");
-            throw new JwsException(JwsException.Error.NO_PROVIDER);
-        }
-        return theSigProviders;
-    }
-    
-    public static List<JwsSignatureVerifier> loadSignatureVerifiers(String propLoc, Message m) {
-        Properties props = loadJwsProperties(m, propLoc);
-        JwsSignatureVerifier theVerifier = loadSignatureVerifier(m, props, null, true);
-        if (theVerifier != null) {
-            return Collections.singletonList(theVerifier);
-        }
-        List<JwsSignatureVerifier> theVerifiers = null; 
-        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-            List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.VERIFY);
-            if (jwks != null) {
-                theVerifiers = new ArrayList<JwsSignatureVerifier>(jwks.size());
-                for (JsonWebKey jwk : jwks) {
-                    theVerifiers.add(JwsUtils.getSignatureVerifier(jwk));
-                }
-            }
-        }
-        if (theVerifiers == null) {
-            LOG.warning("Verifiers are not available");
-            throw new JwsException(JwsException.Error.NO_VERIFIER);
-        }
-        return theVerifiers;
-    }
-    public static boolean validateCriticalHeaders(JoseHeaders headers) {
-        //TODO: validate JWS specific constraints
-        return JoseUtils.validateCriticalHeaders(headers);
-    }
-    private static JwsSignatureProvider loadSignatureProvider(Message m, 
-                                                              Properties props,
-                                                              JoseHeaders headers,
-                                                              boolean ignoreNullProvider) {
-        JwsSignatureProvider theSigProvider = null;
-        
-        boolean reportPublicKey = headers != null && MessageUtils.isTrue(
-                MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_PROP, 
-                                                   KeyManagementUtils.RSSEC_REPORT_KEY_PROP));
-        boolean reportPublicKeyId = 
-            headers != null && MessageUtils.isTrue(
-                MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_ID_PROP,
-                                                   KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP));
-        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
-            if (jwk != null) {
-                String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
-                if (reportPublicKey || reportPublicKeyId) {
-                    JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo, reportPublicKey, reportPublicKeyId);
-                }
-            }
-        } else {
-            String signatureAlgo = getSignatureAlgo(m, props, null, null);
-            PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
-            theSigProvider = getPrivateKeySignatureProvider(pk, 
-                                                            SignatureAlgorithm.getAlgorithm(signatureAlgo));
-            if (reportPublicKey) {
-                headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
-            }
-        }
-        if (theSigProvider == null && !ignoreNullProvider) {
-            LOG.warning("Provider is not available");
-            throw new JwsException(JwsException.Error.NO_PROVIDER);
-        }
-        return theSigProvider;
-    }
-    private static JwsSignatureVerifier loadSignatureVerifier(Message m, 
-                                                              Properties props,
-                                                              JwsHeaders inHeaders, 
-                                                              boolean ignoreNullVerifier) {
-        JwsSignatureVerifier theVerifier = null;
-        String inHeaderKid = null;
-        if (inHeaders != null) {
-            inHeaderKid = inHeaders.getKeyId();
-            //TODO: optionally validate inHeaders.getAlgorithm against a property in props
-            if (inHeaders.getHeader(JoseConstants.HEADER_JSON_WEB_KEY) != null) {
-                JsonWebKey publicJwk = inHeaders.getJsonWebKey();
-                if (inHeaderKid != null && !inHeaderKid.equals(publicJwk.getKeyId())
-                    || !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) {
-                    throw new JwsException(JwsException.Error.INVALID_KEY);
-                }
-                return getSignatureVerifier(publicJwk, 
-                                            inHeaders.getSignatureAlgorithm());
-            } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
-                List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
-                KeyManagementUtils.validateCertificateChain(props, chain);
-                return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), 
-                                                     inHeaders.getSignatureAlgorithm());
-            }
-        }
-        
-        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
-            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid);
-            if (jwk != null) {
-                String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theVerifier = getSignatureVerifier(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
-            }
-            
-        } else {
-            String signatureAlgo = getSignatureAlgo(m, props, null, null);
-            theVerifier = getPublicKeySignatureVerifier(
-                              KeyManagementUtils.loadPublicKey(m, props), 
-                              SignatureAlgorithm.getAlgorithm(signatureAlgo));
-        }
-        if (theVerifier == null && !ignoreNullVerifier) {
-            LOG.warning("Verifier is not available");
-            throw new JwsException(JwsException.Error.NO_VERIFIER);
-        }
-        return theVerifier;
-    }
-    private static Properties loadJwsProperties(Message m, String propLoc) {
-        try {
-            return ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
-        } catch (Exception ex) {
-            LOG.warning("JWS init properties are not available");
-            throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
-        }
-    }
-    private static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) {
-        if (algo == null) {
-            if (defaultAlgo == null) {
-                defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO;
-            }
-            return KeyManagementUtils.getKeyAlgorithm(m, props, JSON_WEB_SIGNATURE_ALGO_PROP, defaultAlgo);
-        }
-        return algo;
-    }
-    private static String getDefaultKeyAlgo(JsonWebKey jwk) {
-        KeyType keyType = jwk.getKeyType();
-        if (KeyType.OCTET == keyType) {
-            return AlgorithmUtils.HMAC_SHA_256_ALGO;
-        } else if (KeyType.EC == keyType) {
-            return AlgorithmUtils.ES_SHA_256_ALGO;
-        } else {
-            return AlgorithmUtils.RS_SHA_256_ALGO;
-        }
-    }
-    public static JwsCompactConsumer verify(JwsSignatureVerifier v, String content) {
-        JwsCompactConsumer jws = new JwsCompactConsumer(content);
-        if (!jws.verifySignatureWith(v)) {
-            throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
-        }
-        return jws;
-    }
-    public static String sign(JwsSignatureProvider jwsSig, String content, String ct) {
-        JwsHeaders headers = new JwsHeaders();
-        if (ct != null) {
-            headers.setContentType(ct);
-        }
-        JwsCompactProducer jws = new JwsCompactProducer(headers, content);
-        jws.signWith(jwsSig);
-        return jws.getSignedEncodedJws();
-    }
-    public static void validateJwsCertificateChain(List<X509Certificate> certs) {
-        
-        Message m = JAXRSUtils.getCurrentMessage();        
-        Properties props = KeyManagementUtils.loadStoreProperties(m, true, 
-                                                                  RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS);
-        KeyManagementUtils.validateCertificateChain(props, certs);
-    }
-    public static boolean isPayloadUnencoded(JwsHeaders jwsHeaders) {
-        return jwsHeaders.getPayloadEncodingStatus() == Boolean.FALSE;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
deleted file mode 100644
index 6ed31fd..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-
-public class NoneJwsSignatureProvider implements JwsSignatureProvider {
-
-    @Override
-    public SignatureAlgorithm getAlgorithm() {
-        return SignatureAlgorithm.NONE;
-    }
-
-    @Override
-    public JwsSignature createJwsSignature(JwsHeaders headers) {
-        return new NoneJwsSignature();
-    }
-
-    @Override
-    public byte[] sign(JwsHeaders headers, byte[] content) {
-        JwsSignature sig = createJwsSignature(headers);
-        sig.update(content, 0, content.length);
-        return sig.sign();
-    }
-    private static class NoneJwsSignature implements JwsSignature {
-
-        @Override
-        public void update(byte[] src, int off, int len) {
-            // complete
-        }
-
-        @Override
-        public byte[] sign() {
-            return new byte[]{};
-        }
-        
-    }
-}
-

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
deleted file mode 100644
index 441261b..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-
-public class NoneJwsSignatureVerifier implements JwsSignatureVerifier {
-
-    @Override
-    public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) {
-        return headers.getSignatureAlgorithm() == getAlgorithm() 
-            && signature.length == 0;
-    }
-
-    @Override
-    public SignatureAlgorithm getAlgorithm() {
-        return SignatureAlgorithm.NONE;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
deleted file mode 100644
index 476d90f..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider {
-    private PrivateKey key;
-    private SecureRandom random; 
-    private AlgorithmParameterSpec signatureSpec;
-    
-    public PrivateKeyJwsSignatureProvider(PrivateKey key, SignatureAlgorithm algo) {
-        this(key, null, algo);
-    }
-    public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) {
-        this(key, null, spec, algo);
-    }
-    public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, 
-                                          AlgorithmParameterSpec spec, SignatureAlgorithm algo) {
-        super(algo);
-        this.key = key;
-        this.random = random;
-        this.signatureSpec = spec;
-    }
-    protected JwsSignature doCreateJwsSignature(JwsHeaders headers) {
-        final String sigAlgo = headers.getSignatureAlgorithm().getJwaName();
-        final Signature s = CryptoUtils.getSignature(key, 
-                                                     AlgorithmUtils.toJavaName(sigAlgo),
-                                                     random,
-                                                     signatureSpec);
-        return doCreateJwsSignature(s);
-    }
-    protected JwsSignature doCreateJwsSignature(Signature s) {
-        return new PrivateKeyJwsSignature(s);
-    }
-    
-    @Override
-    protected boolean isValidAlgorithmFamily(String algo) {
-        return AlgorithmUtils.isRsaSign(algo);
-    }
-
-    protected static class PrivateKeyJwsSignature implements JwsSignature {
-        private Signature s;
-        public PrivateKeyJwsSignature(Signature s) {
-            this.s = s;
-        }
-        @Override
-        public void update(byte[] src, int off, int len) {
-            try {
-                s.update(src, off, len);
-            } catch (SignatureException ex) {
-                throw new JwsException(JwsException.Error.SIGNATURE_FAILURE, ex);
-            }
-        }
-
-        @Override
-        public byte[] sign() {
-            try {
-                return s.sign();
-            } catch (SignatureException ex) {
-                throw new JwsException(JwsException.Error.SIGNATURE_FAILURE, ex);
-            }
-        }
-        
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
deleted file mode 100644
index 917890f..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
-    protected static final Logger LOG = LogUtils.getL7dLogger(PublicKeyJwsSignatureVerifier.class);
-    private PublicKey key;
-    private AlgorithmParameterSpec signatureSpec;
-    private SignatureAlgorithm supportedAlgo;
-    
-    public PublicKeyJwsSignatureVerifier(PublicKey key, SignatureAlgorithm supportedAlgorithm) {
-        this(key, null, supportedAlgorithm);
-    }
-    public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) {
-        this.key = key;
-        this.signatureSpec = spec;
-        this.supportedAlgo = supportedAlgo;
-    }
-    @Override
-    public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) {
-        try {
-            return CryptoUtils.verifySignature(StringUtils.toBytesUTF8(unsignedText), 
-                                               signature, 
-                                               key, 
-                                               AlgorithmUtils.toJavaName(checkAlgorithm(
-                                                                              headers.getSignatureAlgorithm())),
-                                               signatureSpec);
-        } catch (Exception ex) {
-            LOG.warning("Invalid signature: " + ex.getMessage());
-            throw new JwsException(JwsException.Error.INVALID_SIGNATURE, ex);
-        }
-    }
-    protected String checkAlgorithm(SignatureAlgorithm sigAlgo) {
-        String algo = sigAlgo.getJwaName();
-        if (algo == null) {
-            LOG.warning("Signature algorithm is not set");
-            throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
-        }
-        if (!isValidAlgorithmFamily(algo)
-            || !algo.equals(supportedAlgo.getJwaName())) {
-            LOG.warning("Invalid signature algorithm: " + algo);
-            throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
-        }
-        return algo;
-    }
-    protected boolean isValidAlgorithmFamily(String algo) {
-        return AlgorithmUtils.isRsaSign(algo);
-    }
-    @Override
-    public SignatureAlgorithm getAlgorithm() {
-        return supportedAlgo;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
deleted file mode 100644
index d4cdf48..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.rs.security.jose.AbstractJoseConsumer;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-
-public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
-    private boolean jwsRequired = true;
-    private boolean jweRequired;
-    
-    
-    protected JwtToken getJwtToken(String wrappedJwtToken) {
-        return getJwtToken(wrappedJwtToken, null, null);
-    }
-    protected JwtToken getJwtToken(String wrappedJwtToken,
-                                   JweDecryptionProvider jweDecryptor,
-                                   JwsSignatureVerifier theSigVerifier) {
-        if (!isJwsRequired() && !isJweRequired()) {
-            throw new JwtException("Unable to process JWT");
-        }
-        
-        if (isJweRequired()) {
-            if (jweDecryptor == null) {
-                jweDecryptor = getInitializedDecryptionProvider();
-            }
-            if (jweDecryptor == null) {
-                throw new JwtException("Unable to decrypt JWT");
-            }
-            
-            if (!isJwsRequired()) {
-                return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor);    
-            }
-            wrappedJwtToken = jweDecryptor.decrypt(wrappedJwtToken).getContentText();
-        }
-        
-
-        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
-        JwtToken jwt = jwtConsumer.getJwtToken();
-        if (isJwsRequired()) {
-            if (theSigVerifier == null) {
-                theSigVerifier = getInitializedSignatureVerifier(jwt);
-            }
-            if (theSigVerifier == null) {
-                throw new JwtException("Unable to validate JWT");
-            }
-            
-            if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
-                throw new JwtException("Invalid Signature");
-            }
-        }
-        
-        validateToken(jwt);
-        return jwt; 
-    }
-    protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
-        return super.getInitializedSignatureVerifier();
-    }
-    protected void validateToken(JwtToken jwt) {
-    }
-    public boolean isJwsRequired() {
-        return jwsRequired;
-    }
-
-    public void setJwsRequired(boolean jwsRequired) {
-        this.jwsRequired = jwsRequired;
-    }
-
-    public boolean isJweRequired() {
-        return jweRequired;
-    }
-
-    public void setJweRequired(boolean jweRequired) {
-        this.jweRequired = jweRequired;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
deleted file mode 100644
index cb7d394..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.AbstractJoseProducer;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-
-public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
-    private boolean jwsRequired = true;
-    private boolean jweRequired;
-    
-    protected String processJwt(JwtToken jwt) {
-        return processJwt(jwt, null, null);
-    }
-    protected String processJwt(JwtToken jwt,
-                                JweEncryptionProvider theEncProvider,
-                                JwsSignatureProvider theSigProvider) {
-        if (!isJwsRequired() && !isJweRequired()) {
-            throw new JwtException("Unable to secure JWT");
-        }
-        String data = null;
-        
-        if (isJweRequired() && theEncProvider == null) {
-            theEncProvider = getInitializedEncryptionProvider();
-            if (theEncProvider == null) {
-                throw new JwtException("Unable to encrypt JWT");
-            }
-        }
-        
-        if (isJwsRequired()) {
-            if (theSigProvider == null) {
-                theSigProvider = getInitializedSignatureProvider();
-            }
-            if (theSigProvider == null) {
-                throw new JwtException("Unable to sign JWT");
-            }
-            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwt); 
-            data = jws.signWith(theSigProvider);
-            if (theEncProvider != null) {
-                data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), null);
-            }
-        } else {
-            JweJwtCompactProducer jwe = new JweJwtCompactProducer(jwt);
-            data = jwe.encryptWith(theEncProvider);
-        }
-        return data;
-    }
-
-    public boolean isJwsRequired() {
-        return jwsRequired;
-    }
-
-    public void setJwsRequired(boolean jwsRequired) {
-        this.jwsRequired = jwsRequired;
-    }
-
-    public boolean isJweRequired() {
-        return jweRequired;
-    }
-
-    public void setJweRequired(boolean jweRequired) {
-        this.jweRequired = jweRequired;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
deleted file mode 100644
index 871e57a..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwt;
-
-import java.util.Map;
-
-import org.apache.cxf.jaxrs.provider.json.JsonMapObject;
-
-
-
-
-public class JwtClaims extends JsonMapObject {
-    
-    public JwtClaims() {
-    }
-    
-    public JwtClaims(Map<String, Object> values) {
-        super(values);
-    }
-    
-    public void setIssuer(String issuer) {
-        setClaim(JwtConstants.CLAIM_ISSUER, issuer);
-    }
-    
-    public String getIssuer() {
-        return (String)getClaim(JwtConstants.CLAIM_ISSUER);
-    }
-    
-    public void setSubject(String subject) {
-        setClaim(JwtConstants.CLAIM_SUBJECT, subject);
-    }
-    
-    public String getSubject() {
-        return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
-    }
-    
-    public void setAudience(String audience) {
-        setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
-    }
-    
-    public String getAudience() {
-        return (String)getClaim(JwtConstants.CLAIM_AUDIENCE);
-    }
-    
-    public void setExpiryTime(Long expiresIn) {
-        setClaim(JwtConstants.CLAIM_EXPIRY, expiresIn);
-    }
-    
-    public Long getExpiryTime() {
-        return getLongProperty(JwtConstants.CLAIM_EXPIRY);
-    }
-    
-    public void setNotBefore(Long notBefore) {
-        setClaim(JwtConstants.CLAIM_NOT_BEFORE, notBefore);
-    }
-    
-    public Long getNotBefore() {
-        return getLongProperty(JwtConstants.CLAIM_NOT_BEFORE);
-    }
-    
-    public void setIssuedAt(Long issuedAt) {
-        setClaim(JwtConstants.CLAIM_ISSUED_AT, issuedAt);
-    }
-    
-    public Long getIssuedAt() {
-        return getLongProperty(JwtConstants.CLAIM_ISSUED_AT);
-    }
-    
-    public void setTokenId(String id) {
-        setClaim(JwtConstants.CLAIM_JWT_ID, id);
-    }
-    
-    public String getTokenId() {
-        return (String)getClaim(JwtConstants.CLAIM_JWT_ID);
-    }
-    
-    public JwtClaims setClaim(String name, Object value) {
-        setProperty(name, value);
-        return this;
-    }
-    
-    public Object getClaim(String name) {
-        return getProperty(name);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
deleted file mode 100644
index bdbb544..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwt;
-
-public final class JwtConstants {
-    
-    public static final String CLAIM_ISSUER = "iss";
-    public static final String CLAIM_SUBJECT = "sub";
-    public static final String CLAIM_AUDIENCE = "aud";
-    public static final String CLAIM_EXPIRY = "exp";
-    public static final String CLAIM_NOT_BEFORE = "nbf";
-    public static final String CLAIM_ISSUED_AT = "iat";
-    public static final String CLAIM_JWT_ID = "jti";
-    
-    public static final String JWT_TOKEN = "jwt.token";
-    
-        
-    private JwtConstants() {
-        
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtException.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtException.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtException.java
deleted file mode 100644
index 84314bd..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.rs.security.jose.JoseException;
-
-public class JwtException extends JoseException {
-
-    private static final long serialVersionUID = 4118589816228511524L;
-    public JwtException() {
-
-    }
-    public JwtException(String error) {
-        super(error);
-    }
-    public JwtException(Throwable cause) {
-        super(cause);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
deleted file mode 100644
index f8be716..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-
-
-
-public class JwtToken {
-    private JoseHeaders headers;
-    private JwtClaims claims;
-    public JwtToken(JwtClaims claims) {
-        this(new JoseHeaders() { }, claims);
-    }
-    public JwtToken(JoseHeaders headers, JwtClaims claims) {
-        this.headers = headers;
-        this.claims = claims;
-    }
-    public JoseHeaders getHeaders() {
-        return headers;
-    }
-    public JwtClaims getClaims() {
-        return claims;
-    }
-    public Object getHeader(String name) {
-        return headers.getHeader(name);
-    }
-    public Object getClaim(String name) {
-        return claims.getClaim(name);
-    }
-    public int hashCode() { 
-        return headers.hashCode() + 37 * claims.hashCode();
-    }
-    
-    public boolean equals(Object obj) {
-        return obj instanceof JwtToken 
-            && ((JwtToken)obj).headers.equals(this.headers)
-            && ((JwtToken)obj).claims.equals(this.claims);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java
deleted file mode 100644
index 0ebf8a3..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-
-
-
-
-public class JwtTokenReaderWriter extends JsonMapObjectReaderWriter {
-    private static final Set<String> DATE_PROPERTIES = 
-        new HashSet<String>(Arrays.asList(JwtConstants.CLAIM_EXPIRY, 
-                                          JwtConstants.CLAIM_ISSUED_AT, 
-                                          JwtConstants.CLAIM_NOT_BEFORE));
-
-    public String claimsToJson(JwtClaims claims) {
-        return toJson(claims);
-    }
-
-    public JwtClaims fromJsonClaims(String claimsJson) {
-        JwtClaims claims = new JwtClaims();
-        fromJson(claims, claimsJson);
-        return claims;
-        
-    }
-    
-    @Override
-    protected Object readPrimitiveValue(String name, String json, int from, int to) {
-        Object value = super.readPrimitiveValue(name, json, from, to);
-        if (DATE_PROPERTIES.contains(name)) {
-            value = Long.valueOf(value.toString());
-        }
-        return value;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
deleted file mode 100644
index 3f0a27e..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import java.util.Date;
-
-public final class JwtUtils {
-    private JwtUtils() {
-        
-    }
-    public static String claimsToJson(JwtClaims claims) {
-        return claimsToJson(claims, null);
-    }
-    public static String claimsToJson(JwtClaims claims, JwtTokenReaderWriter writer) {
-        if (writer == null) {
-            writer = new JwtTokenReaderWriter();
-        }
-        return writer.claimsToJson(claims);
-    }
-    public static JwtClaims jsonToClaims(String json) {
-        return new JwtTokenReaderWriter().fromJsonClaims(json);
-    }
-    
-    public static void validateJwtExpiry(JwtClaims claims, int clockOffset, boolean claimRequired) {
-        Long expiryTime = claims.getExpiryTime();
-        if (expiryTime == null) {
-            if (claimRequired) {
-                throw new JwtException("The token has expired");
-            }
-            return;
-        }
-        Date rightNow = new Date();
-        Date expiresDate = new Date(expiryTime * 1000L);
-        if (clockOffset != 0) {
-            expiresDate.setTime(expiresDate.getTime() + (long)clockOffset * 1000L);
-        }
-        if (expiresDate.before(rightNow)) {
-            throw new JwtException("The token has expired");
-        }
-    }
-    
-    public static void validateJwtNotBefore(JwtClaims claims, int clockOffset, boolean claimRequired) {
-        Long notBeforeTime = claims.getNotBefore();
-        if (notBeforeTime == null) {
-            if (claimRequired) {
-                throw new JwtException("The token cannot be accepted yet");
-            }
-            return;
-        }
-        
-        Date validCreation = new Date();
-        long currentTime = validCreation.getTime();
-        if (clockOffset != 0) {
-            validCreation.setTime(currentTime + (long)clockOffset * 1000L);
-        }
-        Date notBeforeDate = new Date(notBeforeTime * 1000L);
-
-        // Check to see if the not before time is in the future
-        if (notBeforeDate.after(validCreation)) {
-            throw new JwtException("The token cannot be accepted yet");
-        }
-    }
-    
-    public static void validateJwtIssuedAt(JwtClaims claims, int timeToLive, int clockOffset, boolean claimRequired) {
-        Long issuedAtInSecs = claims.getIssuedAt();
-        if (issuedAtInSecs == null) {
-            if (claimRequired) {
-                throw new JwtException("Invalid issuedAt");
-            }
-            return;
-        }
-        
-        Date createdDate = new Date(issuedAtInSecs * 1000L);
-        if (clockOffset != 0) {
-            // Calculate the time that is allowed for the message to travel
-            createdDate.setTime(createdDate.getTime() - (long)clockOffset * 1000L);
-        }
-        
-        Date validCreation = new Date();
-        if (timeToLive != 0) {
-            long currentTime = validCreation.getTime();
-            currentTime -= (long)timeToLive * 1000L;
-            validCreation.setTime(currentTime);
-        }
-        
-        if (createdDate.after(validCreation)) {
-            throw new JwtException("Invalid issuedAt");
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/66a81773/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
deleted file mode 100644
index b9cb8bf..0000000
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.cookbook;
-
-import java.io.InputStream;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.jose.jwk.KeyType;
-import org.apache.cxf.rs.security.jose.jwk.PublicKeyUse;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class JwkJoseCookBookTest extends Assert {
-
-    private static final String EC_X_COORDINATE_VALUE = "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9"
-        + "A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt";
-    private static final String EC_Y_COORDINATE_VALUE = "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy"
-        + "SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1";
-    private static final String EC_KID_VALUE = "bilbo.baggins@hobbiton.example";
-    private static final String EC_CURVE_VALUE = "P-521";
-    private static final String EC_PRIVATE_KEY_VALUE = "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb"
-        + "KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt";
-    private static final String RSA_MODULUS_VALUE = "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT"
-        + "-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV"
-        + "wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-"
-        + "oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde"
-        + "3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC"
-        + "LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g"
-        + "HdrNP5zw";
-    private static final String RSA_PUBLIC_EXP_VALUE = "AQAB";
-    private static final String RSA_KID_VALUE = "bilbo.baggins@hobbiton.example";
-    private static final String RSA_PRIVATE_EXP_VALUE = "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e"
-        + "iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld"
-        + "Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b"
-        + "MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU"
-        + "6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj"
-        + "d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc"
-        + "OpBrQzwQ";
-    private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR"
-        + "aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG"
-        + "peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8"
-        + "bUq0k";
-    private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT"
-        + "8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an"
-        + "V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0"
-        + "s7pFc";
-    private static final String RSA_FIRST_PRIME_CRT_VALUE = "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q"
-        + "1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn"
-        + "-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX"
-        + "59ehik";
-    private static final String RSA_SECOND_PRIME_CRT_VALUE = "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr"
-        + "AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK"
-        + "bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK"
-        + "T1cYF8";
-    private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE =
-          "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N"
-        + "ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh"
-        + "jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP"
-        + "z8aaI4";
-    private static final String SIGN_SECRET_VALUE = "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg";
-    private static final String SIGN_KID_VALUE = "018c0ae5-4d9b-471b-bfd6-eef314bc7037";
-    private static final String ENCRYPTION_SECRET_VALUE = "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8";
-    private static final String ENCRYPTION_KID_VALUE = "1e571774-2e08-40da-8308-e8d68773842d";
-    @Test
-    public void testPublicSetAsList() throws Exception {
-        JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt");
-        List<JsonWebKey> keys = jwks.getKeys();
-        assertEquals(2, keys.size());
-        JsonWebKey ecKey = keys.get(0);
-        assertEquals(6, ecKey.asMap().size());
-        validatePublicEcKey(ecKey);
-        JsonWebKey rsaKey = keys.get(1);
-        assertEquals(5, rsaKey.asMap().size());
-        validatePublicRsaKey(rsaKey);
-    }
-    @Test
-    public void testPublicSetAsMap() throws Exception {
-        JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt");
-        Map<KeyType, List<JsonWebKey>> keysMap = jwks.getKeyTypeMap();
-        assertEquals(2, keysMap.size());
-        List<JsonWebKey> rsaKeys = keysMap.get(KeyType.RSA);
-        assertEquals(1, rsaKeys.size());
-        assertEquals(5, rsaKeys.get(0).asMap().size());
-        validatePublicRsaKey(rsaKeys.get(0));
-        List<JsonWebKey> ecKeys = keysMap.get(KeyType.EC);
-        assertEquals(1, ecKeys.size());
-        assertEquals(6, ecKeys.get(0).asMap().size());
-        validatePublicEcKey(ecKeys.get(0));
-    }
-    @Test
-    public void testPrivateSetAsList() throws Exception {
-        JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
-        validatePrivateSet(jwks);
-    }
-    private void validatePrivateSet(JsonWebKeys jwks) throws Exception {
-        List<JsonWebKey> keys = jwks.getKeys();
-        assertEquals(2, keys.size());
-        JsonWebKey ecKey = keys.get(0);
-        assertEquals(7, ecKey.asMap().size());
-        validatePrivateEcKey(ecKey);
-        JsonWebKey rsaKey = keys.get(1);
-        assertEquals(11, rsaKey.asMap().size());
-        validatePrivateRsaKey(rsaKey);
-    }
-    @Test
-    public void testSecretSetAsList() throws Exception {
-        JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
-        List<JsonWebKey> keys = jwks.getKeys();
-        assertEquals(2, keys.size());
-        JsonWebKey signKey = keys.get(0);
-        assertEquals(5, signKey.asMap().size());
-        validateSecretSignKey(signKey);
-        JsonWebKey encKey = keys.get(1);
-        assertEquals(5, encKey.asMap().size());
-        validateSecretEncKey(encKey);
-    }
-    private void validateSecretSignKey(JsonWebKey key) {
-        assertEquals(SIGN_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(SIGN_KID_VALUE, key.getKeyId());
-        assertEquals(KeyType.OCTET, key.getKeyType());
-        assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm());
-    }
-    private void validateSecretEncKey(JsonWebKey key) {
-        assertEquals(ENCRYPTION_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-        assertEquals(ENCRYPTION_KID_VALUE, key.getKeyId());
-        assertEquals(KeyType.OCTET, key.getKeyType());
-        assertEquals(AlgorithmUtils.A256GCM_ALGO, key.getAlgorithm());
-    }
-    private void validatePublicRsaKey(JsonWebKey key) {
-        assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));
-        assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
-        assertEquals(RSA_KID_VALUE, key.getKeyId());
-        assertEquals(KeyType.RSA, key.getKeyType());
-    }
-    private void validatePrivateRsaKey(JsonWebKey key) {
-        validatePublicRsaKey(key);
-        assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP));
-        assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR));
-        assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR));
-        assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT));
-        assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT));
-        assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT));
-    }
-    private void validatePublicEcKey(JsonWebKey key) {
-        assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE));
-        assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE));
-        assertEquals(EC_KID_VALUE, key.getKeyId());
-        assertEquals(KeyType.EC, key.getKeyType());
-        assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE));
-        assertEquals(PublicKeyUse.SIGN, key.getPublicKeyUse());
-    }
-    private void validatePrivateEcKey(JsonWebKey key) {
-        validatePublicEcKey(key);
-        assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY));
-    }
-    public JsonWebKeys readKeySet(String fileName) throws Exception {
-        InputStream is = JwkJoseCookBookTest.class.getResourceAsStream(fileName);
-        String s = IOUtils.readStringFromStream(is);
-        return JwkUtils.readJwkSet(s);
-    }
-    public JsonWebKey readKey(String key) throws Exception {
-        return JwkUtils.readJwkKey(key);
-    }
-}
\ No newline at end of file


Mime
View raw message