cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [08/20] cxf git commit: Renaming jose module
Date Wed, 21 Oct 2015 15:13:04 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
deleted file mode 100644
index b683c77..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-
-public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractContentEncryptionCipherProperties.class);
-    
-    private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
-    private ContentAlgorithm algo;
-    public AbstractContentEncryptionCipherProperties(ContentAlgorithm algo) {
-        this.algo = algo;
-    }
-    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
-    }
-    public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
-        return JweUtils.getAdditionalAuthenticationData(headersJson, aad);
-    }
-    protected int getAuthTagLen() {
-        return authTagLen;
-    }
-    @Override
-    public ContentAlgorithm getAlgorithm() {
-        return algo;    
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
deleted file mode 100644
index 8e5d390..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.common.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.rt.security.crypto.KeyProperties;
-
-public abstract class AbstractJweDecryption implements JweDecryptionProvider {
-    protected static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class);
-    
-    private KeyDecryptionProvider keyDecryptionAlgo;
-    private ContentDecryptionProvider contentDecryptionAlgo;
-    protected AbstractJweDecryption(KeyDecryptionProvider keyDecryptionAlgo,
-                                    ContentDecryptionProvider contentDecryptionAlgo) {
-        this.keyDecryptionAlgo = keyDecryptionAlgo;
-        this.contentDecryptionAlgo = contentDecryptionAlgo;
-    }
-    
-    protected byte[] getContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-        return keyDecryptionAlgo.getDecryptedContentEncryptionKey(jweDecryptionInput);
-    }
-    
-    public JweDecryptionOutput decrypt(String content) {
-        JweCompactConsumer consumer = new JweCompactConsumer(content);
-        byte[] cek = getContentEncryptionKey(consumer.getJweDecryptionInput());
-        return doDecrypt(consumer.getJweDecryptionInput(), cek);
-    }
-    public byte[] decrypt(JweDecryptionInput jweDecryptionInput) {
-        byte[] cek = getContentEncryptionKey(jweDecryptionInput);
-        return doDecrypt(jweDecryptionInput, cek).getContent();
-    }
-    protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
-        KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
-        keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
-        AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
-        keyProperties.setAlgoSpec(spec);
-        boolean compressionSupported = 
-            JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
-        keyProperties.setCompressionSupported(compressionSupported);
-        byte[] actualCek = getActualCek(cek, 
-                               jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
-        Key secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
-        byte[] bytes = 
-            CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);
-        return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
-    }
-    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
-        return consumer.getEncryptedContentEncryptionKey();
-    }
-    protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweDecryptionInput jweDecryptionInput) {
-        return contentDecryptionAlgo.getAlgorithmParameterSpec(
-            getContentEncryptionCipherInitVector(jweDecryptionInput));
-    }
-    protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
-        return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders()
-                                         .getContentEncryptionAlgorithm().getJwaName());
-    }
-    protected byte[] getContentEncryptionCipherAAD(JweDecryptionInput jweDecryptionInput) {
-        return contentDecryptionAlgo.getAdditionalAuthenticationData(
-            jweDecryptionInput.getDecodedJsonHeaders(), jweDecryptionInput.getAad());
-    }
-    protected byte[] getEncryptedContentWithAuthTag(JweDecryptionInput jweDecryptionInput) {
-        return contentDecryptionAlgo.getEncryptedSequence(jweDecryptionInput.getJweHeaders(),
-                                                          jweDecryptionInput.getEncryptedContent(), 
-                                                          getEncryptionAuthenticationTag(jweDecryptionInput));
-    }
-    protected byte[] getContentEncryptionCipherInitVector(JweDecryptionInput jweDecryptionInput) { 
-        return jweDecryptionInput.getInitVector();
-    }
-    protected byte[] getEncryptionAuthenticationTag(JweDecryptionInput jweDecryptionInput) {
-        return jweDecryptionInput.getAuthTag();
-    }
-    protected int getEncryptionAuthenticationTagLenBits(JweDecryptionInput jweDecryptionInput) {
-        return getEncryptionAuthenticationTag(jweDecryptionInput).length * 8;
-    }
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    @Override
-    public KeyAlgorithm getKeyAlgorithm() {
-        return keyDecryptionAlgo.getAlgorithm();
-    }
-    @Override
-    public ContentAlgorithm getContentAlgorithm() {
-        return contentDecryptionAlgo.getAlgorithm();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
deleted file mode 100644
index a7117ff..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.logging.Logger;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.common.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.rt.security.crypto.KeyProperties;
-
-public abstract class AbstractJweEncryption implements JweEncryptionProvider {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class);
-    protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
-    private ContentEncryptionProvider contentEncryptionAlgo;
-    private KeyEncryptionProvider keyEncryptionAlgo;
-    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
-    protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo,
-                                    KeyEncryptionProvider keyEncryptionAlgo) {
-        this.keyEncryptionAlgo = keyEncryptionAlgo;
-        this.contentEncryptionAlgo = contentEncryptionAlgo;
-    }
-    protected ContentEncryptionProvider getContentEncryptionAlgorithm() {
-        return contentEncryptionAlgo;
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return getContentEncryptionAlgorithm().getAlgorithmParameterSpec(theIv);
-    }
-    
-    protected byte[] getContentEncryptionKey(JweHeaders headers) {
-        byte[] cek = getProvidedContentEncryptionKey(headers);
-        if (cek == null) {
-            String algoJava = getContentEncryptionAlgoJava();
-            String algoJwt = getContentEncryptionAlgoJwt();
-            cek = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava), 
-                                           getCekSize(algoJwt)).getEncoded();
-        }
-        return cek;
-    }
-   
-    protected int getCekSize(String algoJwt) {
-        return ContentAlgorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
-    }
-    
-    protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) {
-        return getContentEncryptionAlgorithm().getContentEncryptionKey(headers);
-    }
-    
-    protected byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(headers, theCek);
-    }
-    
-    protected String getContentEncryptionAlgoJwt() {
-        return getContentEncryptionAlgorithm().getAlgorithm().getJwaName();
-    }
-    protected String getContentEncryptionAlgoJava() {
-        return getContentEncryptionAlgorithm().getAlgorithm().getJavaName();
-    }
-    protected byte[] getAAD(String protectedHeaders, byte[] aad) {
-        return getContentEncryptionAlgorithm().getAdditionalAuthenticationData(protectedHeaders, aad);
-    }
-    @Override
-    public String encrypt(byte[] content, JweHeaders jweHeaders) {
-        JweEncryptionInternal state = getInternalState(jweHeaders, null);
-        
-        byte[] encryptedContent = encryptInternal(state, content);
-        byte[] cipher = getActualCipher(encryptedContent);
-        byte[] authTag = getAuthenticationTag(state, encryptedContent);
-        JweCompactProducer producer = new JweCompactProducer(state.protectedHeadersJson, 
-                                                             state.jweContentEncryptionKey,
-                                                             state.theIv,
-                                                             cipher,
-                                                             authTag);
-        return producer.getJweContent();
-    }
-    @Override
-    public JweEncryptionOutput getEncryptionOutput(JweEncryptionInput jweInput) {
-        JweEncryptionInternal state = getInternalState(jweInput.getJweHeaders(), jweInput);
-        Cipher c = null;
-        AuthenticationTagProducer authTagProducer = null;
-        byte[] cipher = null;
-        byte[] authTag = null;
-        if (jweInput.getContent() == null) {
-            c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
-                                              Cipher.ENCRYPT_MODE);
-            authTagProducer = getAuthenticationTagProducer(state);
-        } else {
-            byte[] encryptedContent = encryptInternal(state, jweInput.getContent());
-            cipher = getActualCipher(encryptedContent);
-            authTag = getAuthenticationTag(state, encryptedContent);    
-        }
-        return new JweEncryptionOutput(c, 
-                                      state.theHeaders, 
-                                      state.jweContentEncryptionKey, 
-                                      state.theIv,
-                                      authTagProducer,
-                                      state.keyProps,
-                                      cipher,
-                                      authTag);
-    }
-    protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
-        try {
-            return CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
-        } catch (SecurityException ex) {
-            LOG.fine(ex.getMessage());
-            if (ex.getCause() instanceof NoSuchAlgorithmException) {
-                LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
-                throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-            }
-            throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE);
-        }
-    }
-    protected byte[] getActualCipher(byte[] cipher) {
-        return Arrays.copyOf(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8);
-    }
-    protected byte[] getAuthenticationTag(JweEncryptionInternal state, byte[] cipher) {
-        return Arrays.copyOfRange(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8, cipher.length);
-    }
-    @Override
-    public KeyAlgorithm getKeyAlgorithm() {
-        KeyAlgorithm keyAlgo = getKeyEncryptionAlgo().getAlgorithm();
-        return keyAlgo != null ? keyAlgo : null;
-    }
-    @Override
-    public ContentAlgorithm getContentAlgorithm() {
-        return getContentEncryptionAlgorithm().getAlgorithm();
-    }
-    protected JsonMapObjectReaderWriter getJwtHeadersWriter() {
-        return writer;
-    }
-    
-    protected AuthenticationTagProducer getAuthenticationTagProducer(JweEncryptionInternal state) {
-        return null;
-    }
-    protected SecretKey createCekSecretKey(JweEncryptionInternal state) {
-        return CryptoUtils.createSecretKeySpec(getActualCek(state.secretKey, this.getContentEncryptionAlgoJwt()), 
-                                               state.keyProps.getKeyAlgo());
-    }
-    
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return theCek;
-    }
-    
-    private JweEncryptionInternal getInternalState(JweHeaders jweInHeaders, JweEncryptionInput jweInput) {
-        JweHeaders theHeaders = new JweHeaders();
-        if (getKeyAlgorithm() != null) {
-            theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm());
-        }
-        theHeaders.setContentEncryptionAlgorithm(getContentEncryptionAlgorithm().getAlgorithm());
-        
-        JweHeaders protectedHeaders = null;
-        if (jweInHeaders != null) {
-            if (jweInHeaders.getKeyEncryptionAlgorithm() != null 
-                && (getKeyAlgorithm() == null 
-                    || !getKeyAlgorithm().equals(jweInHeaders.getKeyEncryptionAlgorithm()))) {
-                LOG.warning("Invalid key encryption algorithm");
-                throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-            }
-            if (jweInHeaders.getContentEncryptionAlgorithm() != null 
-                && !getContentEncryptionAlgoJwt().equals(jweInHeaders.getContentEncryptionAlgorithm().getJwaName())) {
-                LOG.warning("Invalid content encryption algorithm");
-                throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-            }
-            theHeaders.asMap().putAll(jweInHeaders.asMap());
-            protectedHeaders = jweInHeaders.getProtectedHeaders() != null 
-                ? jweInHeaders.getProtectedHeaders() : theHeaders;
-        } else {
-            protectedHeaders = theHeaders;
-        }
-        
-        
-        
-        byte[] theCek = jweInput != null && jweInput.getCek() != null 
-            ? jweInput.getCek() : getContentEncryptionKey(theHeaders);
-        String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
-        KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
-        keyProps.setCompressionSupported(compressionRequired(theHeaders));
-        
-        byte[] theIv = jweInput != null && jweInput.getIv() != null  
-            ? jweInput.getIv() : getContentEncryptionAlgorithm().getInitVector();
-        AlgorithmParameterSpec specParams = getAlgorithmParameterSpec(theIv);
-        keyProps.setAlgoSpec(specParams);
-        byte[] jweContentEncryptionKey = 
-            getEncryptedContentEncryptionKey(theHeaders, theCek);
-        
-        
-        String protectedHeadersJson = writer.toJson(protectedHeaders);
-        
-        byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, 
-                                                  jweInput == null ? null : jweInput.getAad());
-        keyProps.setAdditionalData(additionalEncryptionParam);
-        
-        JweEncryptionInternal state = new JweEncryptionInternal();
-        state.theHeaders = theHeaders;
-        state.jweContentEncryptionKey = jweContentEncryptionKey;
-        state.keyProps = keyProps;
-        state.secretKey = theCek; 
-        state.theIv = theIv;
-        state.protectedHeadersJson = protectedHeadersJson;
-        state.aad = jweInput != null ? jweInput.getAad() : null;
-        return state;
-    }
-    private boolean compressionRequired(JweHeaders theHeaders) {
-        return JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm());
-    }
-    protected KeyEncryptionProvider getKeyEncryptionAlgo() {
-        return keyEncryptionAlgo;
-    }
-    protected static class JweEncryptionInternal {
-        JweHeaders theHeaders;
-        byte[] jweContentEncryptionKey;
-        byte[] theIv;
-        KeyProperties keyProps;
-        byte[] secretKey;
-        String protectedHeadersJson;
-        byte[] aad;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index ffb971f..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Set;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-import org.apache.cxf.rt.security.crypto.KeyProperties;
-
-public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractWrapKeyEncryptionAlgorithm.class);
-    private Key keyEncryptionKey;
-    private boolean wrap;
-    private KeyAlgorithm algorithm;
-    private Set<String> supportedAlgorithms;
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
-        this(key, null, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
-        this(key, null, wrap, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, Set<String> supportedAlgorithms) {
-        this(key, jweAlgo, true, supportedAlgorithms);
-    }
-    protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, boolean wrap, 
-                                                 Set<String> supportedAlgorithms) {
-        this.keyEncryptionKey = key;
-        this.algorithm = jweAlgo;
-        this.wrap = wrap;
-        this.supportedAlgorithms = supportedAlgorithms;
-    }
-    @Override
-    public KeyAlgorithm getAlgorithm() {
-        return algorithm;
-    }
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        checkAlgorithms(headers);
-        KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); 
-        if (spec != null) {
-            secretKeyProperties.setAlgoSpec(spec);
-        }
-        if (!wrap) {
-            return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties);
-        } else {
-            return CryptoUtils.wrapSecretKey(cek, 
-                                             getContentEncryptionAlgoJava(headers),
-                                             keyEncryptionKey, 
-                                             secretKeyProperties);
-        }
-    }
-    protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-        return AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm().getJwaName());
-    }
-    protected String getContentEncryptionAlgoJava(JweHeaders headers) {
-        return AlgorithmUtils.toJavaName(headers.getContentEncryptionAlgorithm().getJwaName());
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        return null;
-    }
-    protected String checkAlgorithm(String algo) {
-        if (algo != null && !supportedAlgorithms.contains(algo)) {
-            LOG.warning("Invalid key encryption algorithm: " + algo);
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-        return algo;
-    }
-    protected void checkAlgorithms(JweHeaders headers) {
-        KeyAlgorithm providedAlgo = headers.getKeyEncryptionAlgorithm();
-        if (providedAlgo != null && !providedAlgo.equals(algorithm)) {
-            LOG.warning("Invalid key encryption algorithm: " + providedAlgo);
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-        if (providedAlgo != null) {
-            checkAlgorithm(providedAlgo.getJwaName());
-        } else {
-            checkAlgorithm(algorithm.getJwaName());
-            headers.setKeyEncryptionAlgorithm(algorithm);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
deleted file mode 100644
index e713ff0..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-
-public class AesCbcHmacJweDecryption extends JweDecryption {
-    private String supportedAlgo;
-    public AesCbcHmacJweDecryption(KeyDecryptionProvider keyDecryptionAlgo) {
-        this(keyDecryptionAlgo, null);
-    }
-    public AesCbcHmacJweDecryption(KeyDecryptionProvider keyDecryptionAlgo,
-                                   ContentAlgorithm supportedAlgo) {
-        super(keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm(supportedAlgo));
-        this.supportedAlgo = supportedAlgo == null ? null : supportedAlgo.getJwaName();
-    }
-    protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
-        validateAuthenticationTag(jweDecryptionInput, cek);
-        return super.doDecrypt(jweDecryptionInput, cek);
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        validateCekAlgorithm(algoJwt);
-        return AesCbcHmacJweEncryption.doGetActualCek(theCek, algoJwt);
-    }
-    protected void validateAuthenticationTag(JweDecryptionInput jweDecryptionInput, byte[] theCek) {
-        byte[] actualAuthTag = jweDecryptionInput.getAuthTag();
-        
-        final AesCbcHmacJweEncryption.MacState macState = 
-            AesCbcHmacJweEncryption.getInitializedMacState(theCek, 
-                                                           jweDecryptionInput.getInitVector(),
-                                                           jweDecryptionInput.getAad(),
-                                                           jweDecryptionInput.getJweHeaders(),
-                                                           jweDecryptionInput.getDecodedJsonHeaders());
-        macState.mac.update(jweDecryptionInput.getEncryptedContent());
-        byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
-        if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
-            LOG.warning("Invalid authentication tag");
-            throw new JweException(JweException.Error.CONTENT_DECRYPTION_FAILURE);
-        }
-        
-    }
-    private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-        implements ContentDecryptionProvider {
-        public AesCbcContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
-            super(supportedAlgo);
-        }
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
-            return null;
-        }
-        @Override
-        public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
-            return cipher;
-        }
-    }
-    private String validateCekAlgorithm(String cekAlgo) {
-        if (!AlgorithmUtils.isAesCbcHmac(cekAlgo) 
-            || supportedAlgo != null && !supportedAlgo.equals(cekAlgo)) {
-            LOG.warning("Invalid content encryption algorithm");
-            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-        }
-        return cekAlgo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
deleted file mode 100644
index 80a8630..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.nio.ByteBuffer;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Mac;
-import javax.crypto.spec.IvParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rt.security.crypto.HmacUtils;
-
-public class AesCbcHmacJweEncryption extends JweEncryption {
-    private static final Map<String, String> AES_HMAC_MAP;
-    private static final Map<String, Integer> AES_CEK_SIZE_MAP;
-    static {
-        AES_HMAC_MAP = new HashMap<String, String>();
-        AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA);
-        AES_HMAC_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), AlgorithmUtils.HMAC_SHA_384_JAVA);
-        AES_HMAC_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), AlgorithmUtils.HMAC_SHA_512_JAVA);
-        
-        AES_CEK_SIZE_MAP = new HashMap<String, Integer>();
-        AES_CEK_SIZE_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), 32);
-        AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48);
-        AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64);
-    }
-    public AesCbcHmacJweEncryption(String cekAlgo, 
-                                   KeyEncryptionProvider keyEncryptionAlgorithm) {
-        this(ContentAlgorithm.getAlgorithm(cekAlgo), keyEncryptionAlgorithm);
-    }
-    public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, 
-                                   KeyEncryptionProvider keyEncryptionAlgorithm) {
-        this(cekAlgoJwt, null, null, keyEncryptionAlgorithm);
-    }
-    public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek, 
-                                   byte[] iv, KeyEncryptionProvider keyEncryptionAlgorithm) {
-        super(keyEncryptionAlgorithm,
-              new AesCbcContentEncryptionAlgorithm(cek, iv, 
-                                                   validateCekAlgorithm(cekAlgoJwt)));
-        
-    }
-    @Override
-    protected byte[] getActualCek(byte[] theCek, String algoJwt) {
-        return doGetActualCek(theCek, algoJwt);
-    }
-    @Override
-    protected int getCekSize(String algoJwt) {
-        return getFullCekKeySize(algoJwt) * 8;
-    }
-    protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
-        int size = getFullCekKeySize(algoJwt) / 2;
-        byte[] actualCek = new byte[size];
-        System.arraycopy(theCek, size, actualCek, 0, size);
-        return actualCek;
-    }
-    
-    protected static int getFullCekKeySize(String algoJwt) {
-        return AES_CEK_SIZE_MAP.get(algoJwt);
-    }
-    protected byte[] getActualCipher(byte[] cipher) {
-        return cipher;
-    }
-    protected byte[] getAuthenticationTag(JweEncryptionInternal state, byte[] cipher) {
-        final MacState macState = getInitializedMacState(state);
-        macState.mac.update(cipher);
-        return signAndGetTag(macState);
-    }
-    
-    protected static byte[] signAndGetTag(MacState macState) {
-        macState.mac.update(macState.al);
-        byte[] sig = macState.mac.doFinal();
-        
-        int authTagLen = DEFAULT_AUTH_TAG_LENGTH / 8;
-        byte[] authTag = new byte[authTagLen];
-        System.arraycopy(sig, 0, authTag, 0, authTagLen);
-        return authTag;
-    }
-    private MacState getInitializedMacState(final JweEncryptionInternal state) {
-        return getInitializedMacState(state.secretKey, state.theIv, state.aad, 
-                                      state.theHeaders, state.protectedHeadersJson);
-    }
-    protected static MacState getInitializedMacState(byte[] secretKey,
-                                                     byte[] theIv,
-                                                     byte[] extraAad,
-                                                     JweHeaders theHeaders,
-                                                     String protectedHeadersJson) {
-        String algoJwt = theHeaders.getContentEncryptionAlgorithm().getJwaName();
-        int size = getFullCekKeySize(algoJwt) / 2;
-        byte[] macKey = new byte[size];
-        System.arraycopy(secretKey, 0, macKey, 0, size);
-        
-        String hmacAlgoJava = AES_HMAC_MAP.get(algoJwt);
-        Mac mac = HmacUtils.getInitializedMac(macKey, hmacAlgoJava, null);
-        
-        byte[] aad = JweUtils.getAdditionalAuthenticationData(protectedHeadersJson, extraAad);
-        ByteBuffer buf = ByteBuffer.allocate(8);
-        final byte[] al = buf.putInt(0).putInt(aad.length * 8).array();
-        
-        mac.update(aad);
-        mac.update(theIv);
-        MacState macState = new MacState();
-        macState.mac = mac;
-        macState.al = al;
-        return macState;
-    }
-    
-    protected AuthenticationTagProducer getAuthenticationTagProducer(final JweEncryptionInternal state) {
-        final MacState macState = getInitializedMacState(state);
-        
-        
-        return new AuthenticationTagProducer() {
-
-            @Override
-            public void update(byte[] cipher, int off, int len) {
-                macState.mac.update(cipher, off, len);
-            }
-
-            @Override
-            public byte[] getTag() {
-                return signAndGetTag(macState);
-            }
-        };
-    }
-    @Override
-    protected byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        return getKeyEncryptionAlgo().getEncryptedContentEncryptionKey(headers, theCek);
-    }
-    
-    private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { 
-            super(cek, iv, algo);    
-        }
-        @Override
-        public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-            return new IvParameterSpec(theIv);
-        }
-        @Override
-        public byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad) {
-            return null;
-        }
-    }
-    
-    protected static class MacState {
-        protected Mac mac;
-        private byte[] al;
-    }
-    
-    private static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm cekAlgo) {
-        if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) {
-            LOG.warning("Invalid content encryption algorithm");
-            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-        }
-        return cekAlgo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
deleted file mode 100644
index 64206b7..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-
-
-
-public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
-    implements ContentDecryptionProvider {
-    public AesGcmContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
-        super(supportedAlgo);
-    }
-
-    @Override
-    public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
-        String algo = headers.getContentEncryptionAlgorithm().getJwaName();
-        if (!AlgorithmUtils.isAesGcm(algo) || !getAlgorithm().getJwaName().equals(algo)) {
-            LOG.warning("Invalid content encryption algorithm");
-            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-        }
-        return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
deleted file mode 100644
index 4f87829..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-
-public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
-    private static final int DEFAULT_IV_SIZE = 96;
-    public AesGcmContentEncryptionAlgorithm(ContentAlgorithm algo) {
-        this((byte[])null, null, algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, ContentAlgorithm algo) {
-        this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(String encodedCek, ContentAlgorithm algo) {
-        this((byte[])CryptoUtils.decodeSequence(encodedCek), null, algo);
-    }
-    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo) { 
-        this(key.getEncoded(), iv, algo);    
-    }
-    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { 
-        super(cek, iv, checkAlgorithm(algo));    
-    }
-    protected int getIvSize() { 
-        return DEFAULT_IV_SIZE;
-    }
-    private static ContentAlgorithm checkAlgorithm(ContentAlgorithm algo) {
-        if (AlgorithmUtils.isAesGcm(algo.getJwaName())) {       
-            return algo;
-        }
-        LOG.warning("Invalid content encryption algorithm");
-        throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 42472df..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.logging.Logger;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.common.JoseException;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    protected static final Logger LOG = LogUtils.getL7dLogger(AesGcmWrapKeyDecryptionAlgorithm.class);
-    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {    
-        this(encodedKey, null);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) {    
-        this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
-        this(secretKey, KeyAlgorithm.A128GCMKW);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES), supportedAlgo);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) {    
-        this(secretKey, null);
-    }
-    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) {    
-        super(secretKey, supportedAlgo);
-    }
-    @Override
-    protected byte[] getEncryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-        byte[] encryptedCekKey = super.getEncryptedContentEncryptionKey(jweDecryptionInput);
-        byte[] tag = getDecodedBytes(jweDecryptionInput, "tag");
-        return JweCompactConsumer.getCipherWithAuthTag(encryptedCekKey, tag);
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweDecryptionInput jweDecryptionInput) {
-        byte[] iv = getDecodedBytes(jweDecryptionInput, "iv");
-        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
-    }
-    private byte[] getDecodedBytes(JweDecryptionInput jweDecryptionInput, String headerName) {
-        try {
-            Object ivHeader = jweDecryptionInput.getJweHeaders().getHeader(headerName);
-            return Base64UrlUtility.decode(ivHeader.toString());
-        } catch (Exception ex) {
-            throw new JoseException(ex);
-        }
-    }
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!AlgorithmUtils.isAesGcmKeyWrap(keyAlgo)) {
-            LOG.warning("Invalid key encryption algorithm");
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 6349b7d..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(KeyAlgorithm.A128GCMKW.getJwaName(),
-                      KeyAlgorithm.A192GCMKW.getJwaName(),
-                      KeyAlgorithm.A256GCMKW.getJwaName()));
-    public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) {    
-        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
-    }
-    public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, AlgorithmUtils.AES),
-             keyAlgoJwt);
-    }
-    public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) {
-        super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS);
-    }
-    
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        byte[] wrappedKeyAndTag = super.getEncryptedContentEncryptionKey(headers, cek);
-        byte[] wrappedKey = new byte[wrappedKeyAndTag.length - 128 / 8]; 
-        System.arraycopy(wrappedKeyAndTag, 0, wrappedKey, 0, wrappedKeyAndTag.length - 128 / 8);
-        String encodedTag = Base64UrlUtility.encodeChunk(wrappedKeyAndTag, 
-                                                         wrappedKeyAndTag.length - 128 / 8, 128 / 8);
-        headers.setHeader("tag", encodedTag);
-        return wrappedKey;
-    }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
-        byte[] iv = CryptoUtils.generateSecureRandomBytes(96 / 8);
-        String encodedIv = Base64UrlUtility.encode(iv);
-        headers.setHeader("iv", encodedIv);
-        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 11350a2..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
-    public AesWrapKeyDecryptionAlgorithm(String encodedKey) {    
-        this(encodedKey, KeyAlgorithm.A128KW);
-    }
-    public AesWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) {    
-        this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
-    }
-    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
-        this(secretKey, KeyAlgorithm.A128KW);
-    }
-    public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {    
-        this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES_WRAP_ALGO_JAVA), 
-             supportedAlgo);
-    }
-    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey) {
-        this(secretKey, null);
-    }
-    public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) {    
-        super(secretKey, supportedAlgo);
-    }
-    @Override
-    protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
-        super.validateKeyEncryptionAlgorithm(keyAlgo);
-        if (!isValidAlgorithmFamily(keyAlgo)) {
-            reportInvalidKeyAlgorithm(keyAlgo);
-        }
-    }
-    
-    protected boolean isValidAlgorithmFamily(String keyAlgo) {
-        return AlgorithmUtils.isAesKeyWrap(keyAlgo);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 3fe85e3..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
-    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
-        Arrays.asList(KeyAlgorithm.A128KW.getJwaName(),
-                      KeyAlgorithm.A192KW.getJwaName(),
-                      KeyAlgorithm.A256KW.getJwaName()));
-    public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) {    
-        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
-    }
-    public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
-        this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()),
-             keyAlgoJwt);
-    }
-    public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) {
-        super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
-    }
-    
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
deleted file mode 100644
index 897e68c..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AuthenticationTagProducer.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-public interface AuthenticationTagProducer {
-    void update(byte[] cipher, int off, int len);
-    byte[] getTag();
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java
deleted file mode 100644
index 6c79019..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-public interface ContentDecryptionProvider extends ContentEncryptionCipherProperties {
-    byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
deleted file mode 100644
index 055d602..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-
-
-public interface ContentEncryptionCipherProperties {
-    ContentAlgorithm getAlgorithm();
-    byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad);
-    AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java
deleted file mode 100644
index 940455a..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface ContentEncryptionProvider extends ContentEncryptionCipherProperties {
-    byte[] getInitVector();
-    byte[] getContentEncryptionKey(JweHeaders headers);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
deleted file mode 100644
index 3883dcd..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Key;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-public class DirectKeyDecryptionAlgorithm implements KeyDecryptionProvider {
-    private static final Logger LOG = LogUtils.getL7dLogger(DirectKeyDecryptionAlgorithm.class);
-    private byte[] contentDecryptionKey;
-    public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) {    
-        this(contentDecryptionKey.getEncoded());
-    }
-    public DirectKeyDecryptionAlgorithm(String encodedContentDecryptionKey) {    
-        this(CryptoUtils.decodeSequence(encodedContentDecryptionKey));
-    }
-    public DirectKeyDecryptionAlgorithm(byte[] contentDecryptionKey) {    
-        this.contentDecryptionKey = contentDecryptionKey;
-    }
-    @Override
-    public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-        validateKeyEncryptionKey(jweDecryptionInput);
-        return contentDecryptionKey;
-    }
-    @Override
-    public KeyAlgorithm getAlgorithm() {
-        return null;
-    }
-    protected void validateKeyEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-        byte[] encryptedCEK = jweDecryptionInput.getEncryptedCEK();
-        if (encryptedCEK != null && encryptedCEK.length > 0) {
-            LOG.warning("Unexpected content encryption key");
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
deleted file mode 100644
index 2f038a9..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-
-public class DirectKeyEncryptionAlgorithm implements KeyEncryptionProvider {
-    private static final Logger LOG = LogUtils.getL7dLogger(DirectKeyEncryptionAlgorithm.class);
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) {
-        checkKeyEncryptionAlgorithm(headers);
-        return new byte[0];
-    }
-    protected void checkKeyEncryptionAlgorithm(JweHeaders headers) {
-        if (headers.getKeyEncryptionAlgorithm() != null) {
-            LOG.warning("Key encryption algorithm header is set");
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
-        }
-    }
-    @Override
-    public KeyAlgorithm getAlgorithm() {
-        return null;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
deleted file mode 100644
index 7434acf..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweDecryption.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public class DirectKeyJweDecryption extends JweDecryption {
-    public DirectKeyJweDecryption(String encodedKey, ContentDecryptionProvider ctAlgo) {
-        super(new DirectKeyDecryptionAlgorithm(encodedKey), 
-              ctAlgo);
-    }
-    public DirectKeyJweDecryption(byte[] key, ContentDecryptionProvider ctAlgo) {
-        super(new DirectKeyDecryptionAlgorithm(key), 
-              ctAlgo);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
deleted file mode 100644
index 3c83466..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public class DirectKeyJweEncryption extends JweEncryption {
-    public DirectKeyJweEncryption(ContentEncryptionProvider contentEncryptionAlgo) {
-        super(new DirectKeyEncryptionAlgorithm(), contentEncryptionAlgo);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
deleted file mode 100644
index 4860904..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.ECPrivateKey;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-
-public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider {
-    private ECPrivateKey key;
-    private KeyAlgorithm algo;
-    public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key) {    
-        this(key, KeyAlgorithm.ECDH_ES_A128KW);
-    }
-    public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key, KeyAlgorithm algo) {    
-        this.key = key;
-        this.algo = algo;
-    }
-    @Override
-    public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-        byte[] derivedKey = 
-            EcdhDirectKeyJweDecryption.getDecryptedContentEncryptionKeyFromHeaders(
-                jweDecryptionInput.getJweHeaders(), key);
-        KeyDecryptionProvider aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) {
-            protected boolean isValidAlgorithmFamily(String wrapAlgo) {
-                return AlgorithmUtils.isEcdhEsWrap(wrapAlgo);
-            }    
-        };
-        return aesWrap.getDecryptedContentEncryptionKey(jweDecryptionInput);
-    }    
-    
-    @Override
-    public KeyAlgorithm getAlgorithm() {
-        return algo;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
deleted file mode 100644
index 6ebf791..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.ECPublicKey;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.EcdhDirectKeyJweEncryption.EcdhHelper;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-
-public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
-    
-    private static final Map<String, String> ECDH_AES_MAP;
-    static {
-        ECDH_AES_MAP = new HashMap<String, String>();
-        ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A128KW.getJwaName(), KeyAlgorithm.A128KW.getJwaName());
-        ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A192KW.getJwaName(), KeyAlgorithm.A192KW.getJwaName());
-        ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A256KW.getJwaName(), KeyAlgorithm.A256KW.getJwaName());
-    }
-    private KeyAlgorithm keyAlgo;
-    private EcdhHelper helper;
-    
-    public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey,
-                                             KeyAlgorithm keyAlgo) {
-        this(peerPublicKey, JsonWebKey.EC_CURVE_P256, keyAlgo);
-    }
-    public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey,
-                                             String curve,
-                                             KeyAlgorithm keyAlgo) {
-        
-        this(peerPublicKey, curve, null, null, keyAlgo, ContentAlgorithm.A128GCM);
-    }
-    public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey,
-                                             String curve,
-                                             KeyAlgorithm keyAlgo,
-                                             ContentAlgorithm ctAlgo) {
-        
-        this(peerPublicKey, curve, null, null, keyAlgo, ctAlgo);
-    }
-    public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey,
-                                             String curve,
-                                             String apuString,
-                                             String apvString,
-                                             KeyAlgorithm keyAlgo,
-                                             ContentAlgorithm ctAlgo) {
-        
-        this.keyAlgo = keyAlgo;
-        helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, 
-                                ctAlgo.getJwaName());
-    }
-    
-    @Override
-    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        final byte[] derivedKey = helper.getDerivedKey(headers);
-        KeyEncryptionProvider aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, 
-                                                                           keyAlgo) {
-            protected void checkAlgorithms(JweHeaders headers) {
-                // complete
-            }
-            protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
-                return AlgorithmUtils.AES_WRAP_ALGO_JAVA;
-            }
-        };
-        return aesWrap.getEncryptedContentEncryptionKey(headers, cek);
-    }
-    
-    @Override
-    public KeyAlgorithm getAlgorithm() {
-        return keyAlgo;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/532c52a7/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
deleted file mode 100644
index 85485e0..0000000
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.ECPrivateKey;
-
-import org.apache.cxf.rs.security.jose.common.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-
-
-public class EcdhDirectKeyJweDecryption extends JweDecryption {
-    public EcdhDirectKeyJweDecryption(ECPrivateKey privateKey, ContentAlgorithm supportedCtAlgo) {
-        super(new EcdhDirectKeyDecryptionAlgorithm(privateKey), 
-              new AesGcmContentDecryptionAlgorithm(supportedCtAlgo));
-    }
-    protected static byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers,
-                                                                        ECPrivateKey privateKey) {
-        ContentAlgorithm jwtAlgo = headers.getContentEncryptionAlgorithm();
-        JsonWebKey publicJwk = headers.getJsonWebKey("epv");
-        String apuHeader = (String)headers.getHeader("apu");
-        byte[] apuBytes = apuHeader == null ? null : JoseUtils.decode(apuHeader);
-        String apvHeader = (String)headers.getHeader("apv");
-        byte[] apvBytes = apvHeader == null ? null : JoseUtils.decode(apvHeader);
-        return JweUtils.getECDHKey(privateKey, JwkUtils.toECPublicKey(publicJwk), 
-                                   apuBytes, apvBytes, jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits());
-    }
-    protected static class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm {
-        private ECPrivateKey privateKey;
-        public EcdhDirectKeyDecryptionAlgorithm(ECPrivateKey privateKey) {    
-            super((byte[])null);
-            this.privateKey = privateKey;
-        }
-        @Override
-        public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) {
-            super.validateKeyEncryptionKey(jweDecryptionInput);
-            
-            return getDecryptedContentEncryptionKeyFromHeaders(jweDecryptionInput.getJweHeaders(), privateKey);
-        }
-    }
-}


Mime
View raw message