You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/30 10:19:00 UTC
[1/4] cxf git commit: Move CryptoUtils into rt-security
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes c1cc2248a -> 26818515c
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
index 61661e9..9dc64e8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
@@ -19,7 +19,7 @@
package org.apache.cxf.rs.security.oauth2.grants.code;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
public class DigestCodeVerifier implements CodeVerifierTransformer {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 9c5d233..cdbf2e1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -25,7 +25,6 @@ import java.util.Map;
import javax.crypto.SecretKey;
import javax.ws.rs.core.MultivaluedMap;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
@@ -40,6 +39,7 @@ import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
private static final String REQUEST_PARAM = "request";
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
index 77a63b9..7fb8e1a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
@@ -24,7 +24,6 @@ import javax.crypto.SecretKey;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
@@ -33,6 +32,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
index 428a818..951e92d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java
@@ -20,8 +20,8 @@
package org.apache.cxf.rs.security.oauth2.provider;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
/**
* ClientSecretVerifier which checks the passwords against hashes
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
index f139632..5750a3e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -27,12 +27,12 @@ import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvider
implements ClientRegistrationProvider {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
index 9a2e25d..d9d70a5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
@@ -29,7 +29,6 @@ import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
@@ -37,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator {
protected static final String HTTP_VERB = "http.verb";
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
index c711092..65a86a4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java
@@ -18,12 +18,12 @@
*/
package org.apache.cxf.rs.security.oauth2.tokens.hawk;
-import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
//https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
//->
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
index 64c7959..ce02419 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java
@@ -23,10 +23,10 @@ import java.util.Map;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
import org.apache.cxf.rs.security.oauth2.common.AccessToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
// https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
// ->
// https://github.com/hueniverse/hawk/blob/master/README.md
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 1d4088f..bd4ec9f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -28,7 +28,11 @@ import java.util.Set;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
+<<<<<<< HEAD
import org.apache.cxf.common.util.crypto.CryptoUtils;
+=======
+import org.apache.cxf.jaxrs.ext.MessageContext;
+>>>>>>> b9e4fcf... Move CryptoUtils into rt-security
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.model.URITemplate;
import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -37,6 +41,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.security.LoginSecurityContext;
import org.apache.cxf.security.SecurityContext;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index 4e8face..4360e14 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -29,8 +29,6 @@ import java.util.Map;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -38,6 +36,8 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
index 72dede2..d1bb6e6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java
@@ -31,8 +31,6 @@ import java.util.List;
import javax.crypto.SecretKey;
import javax.ws.rs.core.MediaType;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.provider.json.JSONProvider;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
@@ -44,7 +42,8 @@ import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistrati
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
index fdd3f1b..0fd6179 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
@@ -27,7 +27,6 @@ import java.util.Set;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -38,6 +37,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class EncryptingDataProvider implements OAuthDataProvider {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
index 5f8bd8c..d6f0b68 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java
@@ -23,13 +23,13 @@ import java.security.interfaces.RSAPublicKey;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public abstract class AbstractJwsJweProducer {
private JwsSignatureProvider sigProvider;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 42e94da..1a0c3de 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -26,10 +26,10 @@ import java.util.Map;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
public final class OidcUtils {
public static final String ID_TOKEN = "id_token";
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
new file mode 100644
index 0000000..4893137
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -0,0 +1,724 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.CompressionUtils;
+import org.apache.cxf.helpers.IOUtils;
+
+
+/**
+ * Encryption helpers
+ */
+public final class CryptoUtils {
+
+ private CryptoUtils() {
+ }
+
+ public static String encodeSecretKey(SecretKey key) throws SecurityException {
+ return encodeBytes(key.getEncoded());
+ }
+
+ public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey)
+ throws SecurityException {
+ KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
+ return encryptSecretKey(secretKey, publicKey, props);
+ }
+
+ public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
+ KeyProperties props) throws SecurityException {
+ byte[] encryptedBytes = wrapSecretKey(secretKey, publicKey, props);
+ return encodeBytes(encryptedBytes);
+ }
+
+ public static byte[] generateSecureRandomBytes(int size) {
+ SecureRandom sr = new SecureRandom();
+ byte[] bytes = new byte[size];
+ sr.nextBytes(bytes);
+ return bytes;
+ }
+
+ public static RSAPublicKey getRSAPublicKey(String encodedModulus,
+ String encodedPublicExponent) {
+ try {
+ return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus),
+ CryptoUtils.decodeSequence(encodedPublicExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
+ byte[] publicExponentBytes) {
+ try {
+ return getRSAPublicKey(KeyFactory.getInstance("RSA"),
+ modulusBytes,
+ publicExponentBytes);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
+ byte[] modulusBytes,
+ byte[] publicExponentBytes) {
+ BigInteger modulus = toBigInteger(modulusBytes);
+ BigInteger publicExponent = toBigInteger(publicExponentBytes);
+ try {
+ return (RSAPublicKey)factory.generatePublic(
+ new RSAPublicKeySpec(modulus, publicExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+ String encodedPrivateExponent) {
+ try {
+ return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
+ CryptoUtils.decodeSequence(encodedPrivateExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+ byte[] privateExponentBytes) {
+ BigInteger modulus = toBigInteger(modulusBytes);
+ BigInteger privateExponent = toBigInteger(privateExponentBytes);
+ try {
+ KeyFactory factory = KeyFactory.getInstance("RSA");
+ return (RSAPrivateKey)factory.generatePrivate(
+ new RSAPrivateKeySpec(modulus, privateExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ //CHECKSTYLE:OFF
+ public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+ String encodedPublicExponent,
+ String encodedPrivateExponent,
+ String encodedPrimeP,
+ String encodedPrimeQ,
+ String encodedPrimeExpP,
+ String encodedPrimeExpQ,
+ String encodedCrtCoefficient) {
+ //CHECKSTYLE:ON
+ try {
+ return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
+ CryptoUtils.decodeSequence(encodedPublicExponent),
+ CryptoUtils.decodeSequence(encodedPrivateExponent),
+ CryptoUtils.decodeSequence(encodedPrimeP),
+ CryptoUtils.decodeSequence(encodedPrimeQ),
+ CryptoUtils.decodeSequence(encodedPrimeExpP),
+ CryptoUtils.decodeSequence(encodedPrimeExpQ),
+ CryptoUtils.decodeSequence(encodedCrtCoefficient));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ //CHECKSTYLE:OFF
+ public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+ byte[] publicExponentBytes,
+ byte[] privateExponentBytes,
+ byte[] primePBytes,
+ byte[] primeQBytes,
+ byte[] primeExpPBytes,
+ byte[] primeExpQBytes,
+ byte[] crtCoefficientBytes) {
+ //CHECKSTYLE:ON
+ BigInteger modulus = toBigInteger(modulusBytes);
+ BigInteger publicExponent = toBigInteger(publicExponentBytes);
+ BigInteger privateExponent = toBigInteger(privateExponentBytes);
+ BigInteger primeP = toBigInteger(primePBytes);
+ BigInteger primeQ = toBigInteger(primeQBytes);
+ BigInteger primeExpP = toBigInteger(primeExpPBytes);
+ BigInteger primeExpQ = toBigInteger(primeExpQBytes);
+ BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes);
+ try {
+ KeyFactory factory = KeyFactory.getInstance("RSA");
+ return (RSAPrivateKey)factory.generatePrivate(
+ new RSAPrivateCrtKeySpec(modulus,
+ publicExponent,
+ privateExponent,
+ primeP,
+ primeQ,
+ primeExpP,
+ primeExpQ,
+ crtCoefficient));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) {
+ try {
+ return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) {
+ try {
+ ECParameterSpec params = getECParameterSpec(curve, true);
+ ECPrivateKeySpec keySpec = new ECPrivateKeySpec(
+ toBigInteger(privateKey), params);
+ KeyFactory kf = KeyFactory.getInstance("EC");
+ return (ECPrivateKey) kf.generatePrivate(keySpec);
+
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate)
+ throws Exception {
+ KeyPair pair = generateECKeyPair(curve);
+ return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams()
+ : ((ECPrivateKey) pair.getPrivate()).getParams();
+ }
+
+ public static KeyPair generateECKeyPair(String curve) {
+ try {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
+ ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec"
+ + curve.toLowerCase().replace("-", "")
+ + "r1");
+ kpg.initialize(kpgparams);
+ return kpg.generateKeyPair();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) {
+ try {
+ return getECPublicKey(curve,
+ CryptoUtils.decodeSequence(encodedXPoint),
+ CryptoUtils.decodeSequence(encodedYPoint));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) {
+ try {
+ ECParameterSpec params = getECParameterSpec(curve, false);
+
+ ECPoint ecPoint = new ECPoint(toBigInteger(xPoint),
+ toBigInteger(yPoint));
+ ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params);
+ KeyFactory kf = KeyFactory.getInstance("EC");
+ return (ECPublicKey) kf.generatePublic(keySpec);
+
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ private static BigInteger toBigInteger(byte[] bytes) {
+ if (bytes[0] == -128) {
+ return new BigInteger(bytes);
+ } else {
+ return new BigInteger(1, bytes);
+ }
+ }
+ public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) {
+ // this can be overridden if needed
+ if (authTagLength > 0) {
+ return CryptoUtils.getGCMParameterSpec(authTagLength, iv);
+ } else if (iv.length > 0) {
+ return new IvParameterSpec(iv);
+ } else {
+ return null;
+ }
+ }
+
+ public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) {
+ try {
+ // In case Java 6 compiler is used
+ Class<?> c = ClassLoaderUtils.loadClass("javax.crypto.spec.GCMParameterSpec", CryptoUtils.class);
+ Constructor<?> ctr = c.getConstructor(new Class[]{int.class, byte[].class});
+ return (AlgorithmParameterSpec)ctr.newInstance(new Object[]{authTagLength, iv});
+ } catch (Throwable t) {
+ throw new SecurityException(t);
+ }
+ }
+
+ public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) {
+ return signData(data, key, signAlgo, null, null);
+ }
+
+ public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random,
+ AlgorithmParameterSpec params) {
+ try {
+ Signature s = getSignature(key, signAlgo, random, params);
+ s.update(data);
+ return s.sign();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random,
+ AlgorithmParameterSpec params) {
+ try {
+ Signature s = Signature.getInstance(signAlgo);
+ if (random == null) {
+ s.initSign(key);
+ } else {
+ s.initSign(key, random);
+ }
+ if (params != null) {
+ s.setParameter(params);
+ }
+ return s;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) {
+ return verifySignature(data, signature, key, signAlgo, null);
+ }
+
+ public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo,
+ AlgorithmParameterSpec params) {
+ try {
+ Signature s = Signature.getInstance(signAlgo);
+ s.initVerify(key);
+ if (params != null) {
+ s.setParameter(params);
+ }
+ s.update(data);
+ return s.verify(signature);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException {
+ return getSecretKey(new KeyProperties(symEncAlgo));
+ }
+
+ public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException {
+ return getSecretKey(new KeyProperties(symEncAlgo, keySize));
+ }
+
+ public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
+ try {
+ KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
+ AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
+ SecureRandom random = props.getSecureRandom();
+ if (algoSpec != null) {
+ if (random != null) {
+ keyGen.init(algoSpec, random);
+ } else {
+ keyGen.init(algoSpec);
+ }
+ } else {
+ int keySize = props.getKeySize();
+ if (keySize == -1) {
+ keySize = 128;
+ }
+ if (random != null) {
+ keyGen.init(keySize, random);
+ } else {
+ keyGen.init(keySize);
+ }
+ }
+
+ return keyGen.generateKey();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static String decryptSequence(String encodedToken, String encodedSecretKey)
+ throws SecurityException {
+ return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
+ }
+
+ public static String decryptSequence(String encodedData, String encodedSecretKey,
+ KeyProperties props) throws SecurityException {
+ SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+ return decryptSequence(encodedData, key, props);
+ }
+
+ public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException {
+ return decryptSequence(encodedData, secretKey, null);
+ }
+
+ public static String decryptSequence(String encodedData, Key secretKey,
+ KeyProperties props) throws SecurityException {
+ byte[] encryptedBytes = decodeSequence(encodedData);
+ byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
+ try {
+ return new String(bytes, "UTF-8");
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static String encryptSequence(String sequence, Key secretKey) throws SecurityException {
+ return encryptSequence(sequence, secretKey, null);
+ }
+
+ public static String encryptSequence(String sequence, Key secretKey,
+ KeyProperties keyProps) throws SecurityException {
+ try {
+ byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
+ return encodeBytes(bytes);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static String encodeBytes(byte[] bytes) throws SecurityException {
+ try {
+ return Base64UrlUtility.encode(bytes);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+ return encryptBytes(bytes, secretKey, null);
+ }
+
+ public static byte[] encryptBytes(byte[] bytes, Key secretKey,
+ KeyProperties keyProps) throws SecurityException {
+ return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
+ }
+
+ public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+ return decryptBytes(bytes, secretKey, null);
+ }
+
+ public static byte[] decryptBytes(byte[] bytes, Key secretKey,
+ KeyProperties keyProps) throws SecurityException {
+ return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
+ }
+
+ public static byte[] wrapSecretKey(byte[] keyBytes,
+ String keyAlgo,
+ Key wrapperKey,
+ KeyProperties wrapperKeyProps) throws SecurityException {
+ return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)),
+ wrapperKey,
+ wrapperKeyProps);
+ }
+
+ public static byte[] wrapSecretKey(Key secretKey,
+ Key wrapperKey,
+ KeyProperties keyProps) throws SecurityException {
+ try {
+ Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
+ return c.wrap(secretKey);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+ String wrappedKeyAlgo,
+ Key unwrapperKey,
+ String unwrapperKeyAlgo) throws SecurityException {
+ return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey,
+ new KeyProperties(unwrapperKeyAlgo));
+ }
+
+ public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+ String wrappedKeyAlgo,
+ Key unwrapperKey,
+ KeyProperties keyProps) throws SecurityException {
+ return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY);
+ }
+
+ public static Key unwrapKey(byte[] wrappedBytes,
+ String wrappedKeyAlgo,
+ Key unwrapperKey,
+ KeyProperties keyProps,
+ int wrappedKeyType) throws SecurityException {
+ try {
+ Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
+ return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ private static byte[] processBytes(byte[] bytes,
+ Key secretKey,
+ KeyProperties keyProps,
+ int mode) throws SecurityException {
+ boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
+ if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
+ bytes = CompressionUtils.deflate(bytes, false);
+ }
+ try {
+ Cipher c = initCipher(secretKey, keyProps, mode);
+ byte[] result = new byte[0];
+ int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
+ if (secretKey instanceof SecretKey && blockSize == -1) {
+ result = c.doFinal(bytes);
+ } else {
+ if (blockSize == -1) {
+ blockSize = secretKey instanceof PublicKey ? 117 : 128;
+ }
+ boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null;
+ int offset = 0;
+ for (; offset + blockSize < bytes.length; offset += blockSize) {
+ byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize)
+ : c.update(bytes, offset, blockSize);
+ result = addToResult(result, next);
+ }
+ if (offset < bytes.length) {
+ result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
+ } else {
+ result = addToResult(result, c.doFinal());
+ }
+ }
+ if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
+ result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
+ }
+ return result;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode) throws SecurityException {
+ try {
+ String algorithm = keyProps != null && keyProps.getKeyAlgo() != null
+ ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
+ Cipher c = Cipher.getInstance(algorithm);
+ if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
+ c.init(mode, secretKey);
+ } else {
+ AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
+ SecureRandom random = keyProps.getSecureRandom();
+ if (algoSpec == null) {
+ c.init(mode, secretKey, random);
+ } else if (random == null) {
+ c.init(mode, secretKey, algoSpec);
+ } else {
+ c.init(mode, secretKey, algoSpec, random);
+ }
+ }
+ if (keyProps != null && keyProps.getAdditionalData() != null) {
+ // TODO: call updateAAD directly after switching to Java7
+ try {
+ Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
+ m.invoke(c, new Object[]{keyProps.getAdditionalData()});
+ } catch (NoSuchMethodException ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ return c;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ private static byte[] addToResult(byte[] prefix, byte[] suffix) {
+ if (suffix == null || suffix.length == 0) {
+ return prefix;
+ } else if (prefix.length == 0) {
+ return suffix;
+ } else {
+ byte[] result = new byte[prefix.length + suffix.length];
+ System.arraycopy(prefix, 0, result, 0, prefix.length);
+ System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
+ return result;
+ }
+ }
+
+ public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException {
+ return decodeSecretKey(encodedSecretKey, "AES");
+ }
+
+ public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo)
+ throws SecurityException {
+ byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
+ return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
+ }
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ PrivateKey privateKey) {
+ return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
+ }
+
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ String secretKeyAlgo,
+ PrivateKey privateKey)
+ throws SecurityException {
+ KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
+ return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
+ }
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ String secretKeyAlgo,
+ KeyProperties props,
+ PrivateKey privateKey) throws SecurityException {
+ byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
+ return unwrapSecretKey(encryptedBytes, secretKeyAlgo, privateKey, props);
+ }
+
+ public static SecretKey createSecretKeySpec(String encodedBytes, String algo) {
+ return new SecretKeySpec(decodeSequence(encodedBytes), algo);
+ }
+ public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
+ return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo));
+ }
+ public static byte[] decodeSequence(String encodedSequence) throws SecurityException {
+ try {
+ return Base64UrlUtility.decode(encodedSequence);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ private static String convertJCECipherToSecretKeyName(String jceCipherName) {
+ if (jceCipherName != null) {
+ if (jceCipherName.startsWith("AES")) {
+ return "AES";
+ } else if (jceCipherName.startsWith("DESede")) {
+ return "DESede";
+ } else if (jceCipherName.startsWith("SEED")) {
+ return "SEED";
+ } else if (jceCipherName.startsWith("Camellia")) {
+ return "Camellia";
+ }
+ }
+ return null;
+ }
+ public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
+ String storeType) {
+ KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+ return loadCertificate(keyStore, alias);
+ }
+ public static Certificate loadCertificate(KeyStore keyStore, String alias) {
+ try {
+ if (alias == null) {
+ throw new SecurityException("No keystore alias was defined");
+ }
+ if (!keyStore.containsAlias(alias)) {
+ throw new SecurityException("No alias exists in the keystore for: " + alias);
+ }
+ return keyStore.getCertificate(alias);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static String encodeCertificate(Certificate cert) {
+ try {
+ return Base64Utility.encode(cert.getEncoded());
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static Certificate decodeCertificate(String encodedCert) {
+ try {
+ byte[] decoded = Base64Utility.decode(encodedCert);
+ return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
+ String storeType) {
+ return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
+ }
+ public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
+ return loadCertificate(keyStore, alias).getPublicKey();
+ }
+ public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) {
+ try {
+ KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
+ ks.load(storeLocation, storePassword);
+ return ks;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static PrivateKey loadPrivateKey(InputStream storeLocation,
+ char[] storePassword,
+ char[] keyPassword,
+ String alias,
+ String storeType) {
+ KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+ return loadPrivateKey(keyStore, keyPassword, alias);
+ }
+
+ public static PrivateKey loadPrivateKey(KeyStore keyStore,
+ char[] keyPassword,
+ String alias) {
+ try {
+ if (alias == null) {
+ throw new SecurityException("No keystore alias was defined");
+ }
+ if (!keyStore.containsAlias(alias)) {
+ throw new SecurityException("No alias exists in the keystore for: " + alias);
+ }
+ KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
+ keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
+ return pkEntry.getPrivateKey();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
new file mode 100644
index 0000000..bf50224
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java
@@ -0,0 +1,145 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.Base64Utility;
+
+public final class HmacUtils {
+
+ private HmacUtils() {
+
+ }
+
+ public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
+ return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
+ }
+
+ public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
+ byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
+ return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
+ }
+
+ public static Mac getMac(String macAlgoJavaName) {
+ return getMac(macAlgoJavaName, (String)null);
+ }
+
+ public static Mac getMac(String macAlgoJavaName, String provider) {
+ try {
+ return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ } catch (NoSuchProviderException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static Mac getMac(String macAlgoJavaName, Provider provider) {
+ try {
+ return Mac.getInstance(macAlgoJavaName, provider);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
+ Mac mac = getMac(macAlgoJavaName);
+ return computeHmac(key, mac, data);
+ }
+
+ public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
+ return computeHmac(key, macAlgoJavaName, null, data);
+ }
+ public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec,
+ String data) {
+ Mac mac = getMac(macAlgoJavaName);
+ return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data);
+ }
+
+ public static byte[] computeHmac(String key, Mac hmac, String data) {
+ try {
+ return computeHmac(key.getBytes("UTF-8"), hmac, data);
+ } catch (UnsupportedEncodingException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
+ SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
+ return computeHmac(secretKey, hmac, data);
+ }
+
+ public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
+ return computeHmac(secretKey, hmac, null, data);
+ }
+
+ public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
+ initMac(hmac, secretKey, spec);
+ return hmac.doFinal(data.getBytes());
+ }
+
+ public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) {
+ Mac hmac = getMac(algo);
+ initMac(hmac, key, spec);
+ return hmac;
+ }
+
+ private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) {
+ initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec);
+
+ }
+ private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) {
+ try {
+ if (spec == null) {
+ hmac.init(secretKey);
+ } else {
+ hmac.init(secretKey, spec);
+ }
+ } catch (InvalidKeyException e) {
+ throw new SecurityException(e);
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static String generateKey(String algo) {
+ try {
+ KeyGenerator keyGen = KeyGenerator.getInstance(algo);
+ return Base64Utility.encode(keyGen.generateKey().getEncoded());
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java
new file mode 100644
index 0000000..45ca188
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+public class KeyProperties {
+ private String keyAlgo;
+ private int keySize;
+ private int blockSize = -1;
+ private byte[] additionalData;
+ private SecureRandom secureRandom;
+ private AlgorithmParameterSpec algoSpec;
+ private boolean compressionSupported;
+
+ public KeyProperties() {
+ }
+
+ public KeyProperties(String keyAlgo) {
+ this(keyAlgo, -1);
+ }
+ public KeyProperties(String keyAlgo, int keySize) {
+ this.keyAlgo = keyAlgo;
+ this.keySize = keySize;
+ }
+ public String getKeyAlgo() {
+ return keyAlgo;
+ }
+ public void setKeyAlgo(String keyAlgo) {
+ this.keyAlgo = keyAlgo;
+ }
+ public int getKeySize() {
+ return keySize;
+ }
+ public void setKeySize(int keySize) {
+ this.keySize = keySize;
+ }
+ public SecureRandom getSecureRandom() {
+ return secureRandom;
+ }
+ public void setSecureRandom(SecureRandom secureRandom) {
+ this.secureRandom = secureRandom;
+ }
+ public AlgorithmParameterSpec getAlgoSpec() {
+ return algoSpec;
+ }
+ public void setAlgoSpec(AlgorithmParameterSpec algoSpec) {
+ this.algoSpec = algoSpec;
+ }
+ public int getBlockSize() {
+ return blockSize;
+ }
+ public void setBlockSize(int blockSize) {
+ this.blockSize = blockSize;
+ }
+ public boolean isCompressionSupported() {
+ return compressionSupported;
+ }
+ public void setCompressionSupported(boolean compressionSupported) {
+ this.compressionSupported = compressionSupported;
+ }
+ public byte[] getAdditionalData() {
+ return additionalData;
+ }
+ public void setAdditionalData(byte[] additionalData) {
+ this.additionalData = additionalData;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java
new file mode 100644
index 0000000..1c18df2
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * The utility Message Digest generator which can be used for generating
+ * random values
+ */
+public final class MessageDigestUtils {
+
+ public static final String ALGO_SHA_1 = "SHA-1";
+ public static final String ALGO_SHA_256 = "SHA-256";
+ public static final String ALGO_MD5 = "MD5";
+
+ private MessageDigestUtils() {
+
+ }
+
+ public static String generate(byte[] input) {
+ return generate(input, ALGO_SHA_256);
+ }
+
+ public static String generate(byte[] input, String algo) {
+ try {
+ byte[] messageDigest = createDigest(input, algo);
+ return StringUtils.toHexString(messageDigest);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] createDigest(String input, String algo) {
+ try {
+ return createDigest(input.getBytes("UTF-8"), algo);
+ } catch (UnsupportedEncodingException e) {
+ throw new SecurityException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException {
+ MessageDigest md = MessageDigest.getInstance(algo);
+ return md.digest(input);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
index ed78743..ce89320 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
@@ -26,7 +26,6 @@ import java.util.List;
import java.util.Map;
import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -36,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.saml.Constants;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class OAuthDataProviderImpl implements OAuthDataProvider {
[3/4] cxf git commit: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
Recording .gitmergeinfo Changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/14329376
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/14329376
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/14329376
Branch: refs/heads/3.0.x-fixes
Commit: 143293760b2228a8d8e67f04d8f5c63dc27e5261
Parents: 179c1d4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Apr 29 20:57:06 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Apr 29 20:57:06 2015 +0100
----------------------------------------------------------------------
.gitmergeinfo | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/14329376/.gitmergeinfo
----------------------------------------------------------------------
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 21232d0..a163149 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -388,6 +388,7 @@ M a9555675b829acdfb1672bc2157d6f3c08fdd652
M a97f886f36c8aea2a49860ec8cd33b0021b7b9e2
M aaad96fdf931cdc619a60fbffe3c9c894ae8ea43
M af2f7d3a52076f60d0f98a2635e2adef256a9efe
+M b9e4fcf44fc690c328afbfa166acca26ecb4c16a
M bc5e828cd8a25c4c4107c76e1582f807e75c9a77
M bd1d31f195caab56fbe565fbfb63d9170a0c9406
M bd7babd656fc06f3e5839bf11e186ec12fdeb6fa
[2/4] cxf git commit: Move CryptoUtils into rt-security
Posted by co...@apache.org.
Move CryptoUtils into rt-security
Conflicts:
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/179c1d41
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/179c1d41
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/179c1d41
Branch: refs/heads/3.0.x-fixes
Commit: 179c1d418e870de16c60630255cae204c5b50664
Parents: c1cc224
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Apr 29 20:56:10 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Apr 29 20:57:05 2015 +0100
----------------------------------------------------------------------
.../common/util/MessageDigestInputStream.java | 6 +-
.../cxf/common/util/crypto/CryptoUtils.java | 724 -------------------
.../cxf/common/util/crypto/HmacUtils.java | 145 ----
.../cxf/common/util/crypto/KeyProperties.java | 88 ---
.../common/util/crypto/MessageDigestUtils.java | 69 --
.../features/src/main/resources/features.xml | 1 +
rt/rs/security/jose/pom.xml | 5 +
.../apache/cxf/rs/security/jose/JoseUtils.java | 2 +-
.../jaxrs/JwtAuthenticationClientFilter.java | 2 +-
.../security/jose/jaxrs/KeyManagementUtils.java | 2 +-
.../jwe/AbstractContentEncryptionAlgorithm.java | 2 +-
...stractContentEncryptionCipherProperties.java | 2 +-
.../jose/jwe/AbstractJweDecryption.java | 4 +-
.../jose/jwe/AbstractJweEncryption.java | 4 +-
.../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 4 +-
.../jose/jwe/AesCbcHmacJweEncryption.java | 2 +-
.../jwe/AesGcmContentEncryptionAlgorithm.java | 2 +-
.../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 2 +-
.../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 2 +-
.../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 2 +-
.../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 2 +-
.../jose/jwe/EcdhDirectKeyJweEncryption.java | 2 +-
.../security/jose/jwe/JweEncryptionOutput.java | 2 +-
.../cxf/rs/security/jose/jwe/JweUtils.java | 2 +-
.../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 4 +-
.../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 4 +-
.../cxf/rs/security/jose/jwk/JwkUtils.java | 2 +-
.../jose/jws/HmacJwsSignatureProvider.java | 2 +-
.../jose/jws/HmacJwsSignatureVerifier.java | 2 +-
.../jws/PrivateKeyJwsSignatureProvider.java | 2 +-
.../jose/jws/PublicKeyJwsSignatureVerifier.java | 2 +-
.../jose/jwe/JweCompactReaderWriterTest.java | 3 +-
.../security/jose/jwe/JweJsonConsumerTest.java | 3 +-
.../security/jose/jwe/JweJsonProducerTest.java | 3 +-
.../jose/jws/JwsCompactReaderWriterTest.java | 3 +-
.../code/DefaultEncryptingCodeDataProvider.java | 2 +-
.../oauth2/grants/code/DigestCodeVerifier.java | 2 +-
.../grants/code/JwtRequestCodeFilter.java | 2 +-
.../oauth2/grants/code/JwtRequestCodeGrant.java | 2 +-
.../provider/ClientSecretHashVerifier.java | 2 +-
.../DefaultEncryptingOAuthDataProvider.java | 4 +-
.../hawk/AbstractHawkAccessTokenValidator.java | 2 +-
.../oauth2/tokens/hawk/HawkAccessToken.java | 2 +-
.../tokens/hawk/HawkAuthorizationScheme.java | 2 +-
.../rs/security/oauth2/utils/OAuthUtils.java | 5 +
.../utils/crypto/ModelEncryptionSupport.java | 4 +-
.../oauth2/utils/crypto/CryptoUtilsTest.java | 5 +-
.../utils/crypto/EncryptingDataProvider.java | 2 +-
.../oidc/idp/AbstractJwsJweProducer.java | 2 +-
.../cxf/rs/security/oidc/utils/OidcUtils.java | 2 +-
.../cxf/rt/security/crypto/CryptoUtils.java | 724 +++++++++++++++++++
.../cxf/rt/security/crypto/HmacUtils.java | 145 ++++
.../cxf/rt/security/crypto/KeyProperties.java | 88 +++
.../rt/security/crypto/MessageDigestUtils.java | 69 ++
.../security/oauth2/OAuthDataProviderImpl.java | 2 +-
55 files changed, 1091 insertions(+), 1085 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java b/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
index 0237b8d..d089403 100644
--- a/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
+++ b/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java
@@ -22,11 +22,11 @@ import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
-
public class MessageDigestInputStream extends java.security.DigestInputStream {
+ public static final String ALGO_SHA_256 = "SHA-256";
+
public MessageDigestInputStream(InputStream is) {
- super(is, getDigestInstance(MessageDigestUtils.ALGO_SHA_256));
+ super(is, getDigestInstance(ALGO_SHA_256));
}
private static MessageDigest getDigestInstance(String algo) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
deleted file mode 100644
index 2c22adf..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
+++ /dev/null
@@ -1,724 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.common.util.crypto;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.ECGenParameterSpec;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.ECPrivateKeySpec;
-import java.security.spec.ECPublicKeySpec;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPrivateKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.CompressionUtils;
-import org.apache.cxf.helpers.IOUtils;
-
-
-/**
- * Encryption helpers
- */
-public final class CryptoUtils {
-
- private CryptoUtils() {
- }
-
- public static String encodeSecretKey(SecretKey key) throws SecurityException {
- return encodeBytes(key.getEncoded());
- }
-
- public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey)
- throws SecurityException {
- KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
- return encryptSecretKey(secretKey, publicKey, props);
- }
-
- public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
- KeyProperties props) throws SecurityException {
- byte[] encryptedBytes = wrapSecretKey(secretKey, publicKey, props);
- return encodeBytes(encryptedBytes);
- }
-
- public static byte[] generateSecureRandomBytes(int size) {
- SecureRandom sr = new SecureRandom();
- byte[] bytes = new byte[size];
- sr.nextBytes(bytes);
- return bytes;
- }
-
- public static RSAPublicKey getRSAPublicKey(String encodedModulus,
- String encodedPublicExponent) {
- try {
- return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus),
- CryptoUtils.decodeSequence(encodedPublicExponent));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
- byte[] publicExponentBytes) {
- try {
- return getRSAPublicKey(KeyFactory.getInstance("RSA"),
- modulusBytes,
- publicExponentBytes);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
- byte[] modulusBytes,
- byte[] publicExponentBytes) {
- BigInteger modulus = toBigInteger(modulusBytes);
- BigInteger publicExponent = toBigInteger(publicExponentBytes);
- try {
- return (RSAPublicKey)factory.generatePublic(
- new RSAPublicKeySpec(modulus, publicExponent));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
- String encodedPrivateExponent) {
- try {
- return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
- CryptoUtils.decodeSequence(encodedPrivateExponent));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
- byte[] privateExponentBytes) {
- BigInteger modulus = toBigInteger(modulusBytes);
- BigInteger privateExponent = toBigInteger(privateExponentBytes);
- try {
- KeyFactory factory = KeyFactory.getInstance("RSA");
- return (RSAPrivateKey)factory.generatePrivate(
- new RSAPrivateKeySpec(modulus, privateExponent));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- //CHECKSTYLE:OFF
- public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
- String encodedPublicExponent,
- String encodedPrivateExponent,
- String encodedPrimeP,
- String encodedPrimeQ,
- String encodedPrimeExpP,
- String encodedPrimeExpQ,
- String encodedCrtCoefficient) {
- //CHECKSTYLE:ON
- try {
- return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
- CryptoUtils.decodeSequence(encodedPublicExponent),
- CryptoUtils.decodeSequence(encodedPrivateExponent),
- CryptoUtils.decodeSequence(encodedPrimeP),
- CryptoUtils.decodeSequence(encodedPrimeQ),
- CryptoUtils.decodeSequence(encodedPrimeExpP),
- CryptoUtils.decodeSequence(encodedPrimeExpQ),
- CryptoUtils.decodeSequence(encodedCrtCoefficient));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- //CHECKSTYLE:OFF
- public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
- byte[] publicExponentBytes,
- byte[] privateExponentBytes,
- byte[] primePBytes,
- byte[] primeQBytes,
- byte[] primeExpPBytes,
- byte[] primeExpQBytes,
- byte[] crtCoefficientBytes) {
- //CHECKSTYLE:ON
- BigInteger modulus = toBigInteger(modulusBytes);
- BigInteger publicExponent = toBigInteger(publicExponentBytes);
- BigInteger privateExponent = toBigInteger(privateExponentBytes);
- BigInteger primeP = toBigInteger(primePBytes);
- BigInteger primeQ = toBigInteger(primeQBytes);
- BigInteger primeExpP = toBigInteger(primeExpPBytes);
- BigInteger primeExpQ = toBigInteger(primeExpQBytes);
- BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes);
- try {
- KeyFactory factory = KeyFactory.getInstance("RSA");
- return (RSAPrivateKey)factory.generatePrivate(
- new RSAPrivateCrtKeySpec(modulus,
- publicExponent,
- privateExponent,
- primeP,
- primeQ,
- primeExpP,
- primeExpQ,
- crtCoefficient));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) {
- try {
- return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) {
- try {
- ECParameterSpec params = getECParameterSpec(curve, true);
- ECPrivateKeySpec keySpec = new ECPrivateKeySpec(
- toBigInteger(privateKey), params);
- KeyFactory kf = KeyFactory.getInstance("EC");
- return (ECPrivateKey) kf.generatePrivate(keySpec);
-
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate)
- throws Exception {
- KeyPair pair = generateECKeyPair(curve);
- return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams()
- : ((ECPrivateKey) pair.getPrivate()).getParams();
- }
-
- public static KeyPair generateECKeyPair(String curve) {
- try {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
- ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec"
- + curve.toLowerCase().replace("-", "")
- + "r1");
- kpg.initialize(kpgparams);
- return kpg.generateKeyPair();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) {
- try {
- return getECPublicKey(curve,
- CryptoUtils.decodeSequence(encodedXPoint),
- CryptoUtils.decodeSequence(encodedYPoint));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) {
- try {
- ECParameterSpec params = getECParameterSpec(curve, false);
-
- ECPoint ecPoint = new ECPoint(toBigInteger(xPoint),
- toBigInteger(yPoint));
- ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params);
- KeyFactory kf = KeyFactory.getInstance("EC");
- return (ECPublicKey) kf.generatePublic(keySpec);
-
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- private static BigInteger toBigInteger(byte[] bytes) {
- if (bytes[0] == -128) {
- return new BigInteger(bytes);
- } else {
- return new BigInteger(1, bytes);
- }
- }
- public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) {
- // this can be overridden if needed
- if (authTagLength > 0) {
- return CryptoUtils.getGCMParameterSpec(authTagLength, iv);
- } else if (iv.length > 0) {
- return new IvParameterSpec(iv);
- } else {
- return null;
- }
- }
-
- public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) {
- try {
- // In case Java 6 compiler is used
- Class<?> c = ClassLoaderUtils.loadClass("javax.crypto.spec.GCMParameterSpec", CryptoUtils.class);
- Constructor<?> ctr = c.getConstructor(new Class[]{int.class, byte[].class});
- return (AlgorithmParameterSpec)ctr.newInstance(new Object[]{authTagLength, iv});
- } catch (Throwable t) {
- throw new SecurityException(t);
- }
- }
-
- public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) {
- return signData(data, key, signAlgo, null, null);
- }
-
- public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random,
- AlgorithmParameterSpec params) {
- try {
- Signature s = getSignature(key, signAlgo, random, params);
- s.update(data);
- return s.sign();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random,
- AlgorithmParameterSpec params) {
- try {
- Signature s = Signature.getInstance(signAlgo);
- if (random == null) {
- s.initSign(key);
- } else {
- s.initSign(key, random);
- }
- if (params != null) {
- s.setParameter(params);
- }
- return s;
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) {
- return verifySignature(data, signature, key, signAlgo, null);
- }
-
- public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo,
- AlgorithmParameterSpec params) {
- try {
- Signature s = Signature.getInstance(signAlgo);
- s.initVerify(key);
- if (params != null) {
- s.setParameter(params);
- }
- s.update(data);
- return s.verify(signature);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException {
- return getSecretKey(new KeyProperties(symEncAlgo));
- }
-
- public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException {
- return getSecretKey(new KeyProperties(symEncAlgo, keySize));
- }
-
- public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
- try {
- KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
- AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
- SecureRandom random = props.getSecureRandom();
- if (algoSpec != null) {
- if (random != null) {
- keyGen.init(algoSpec, random);
- } else {
- keyGen.init(algoSpec);
- }
- } else {
- int keySize = props.getKeySize();
- if (keySize == -1) {
- keySize = 128;
- }
- if (random != null) {
- keyGen.init(keySize, random);
- } else {
- keyGen.init(keySize);
- }
- }
-
- return keyGen.generateKey();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static String decryptSequence(String encodedToken, String encodedSecretKey)
- throws SecurityException {
- return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
- }
-
- public static String decryptSequence(String encodedData, String encodedSecretKey,
- KeyProperties props) throws SecurityException {
- SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
- return decryptSequence(encodedData, key, props);
- }
-
- public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException {
- return decryptSequence(encodedData, secretKey, null);
- }
-
- public static String decryptSequence(String encodedData, Key secretKey,
- KeyProperties props) throws SecurityException {
- byte[] encryptedBytes = decodeSequence(encodedData);
- byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
- try {
- return new String(bytes, "UTF-8");
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static String encryptSequence(String sequence, Key secretKey) throws SecurityException {
- return encryptSequence(sequence, secretKey, null);
- }
-
- public static String encryptSequence(String sequence, Key secretKey,
- KeyProperties keyProps) throws SecurityException {
- try {
- byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
- return encodeBytes(bytes);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static String encodeBytes(byte[] bytes) throws SecurityException {
- try {
- return Base64UrlUtility.encode(bytes);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
- return encryptBytes(bytes, secretKey, null);
- }
-
- public static byte[] encryptBytes(byte[] bytes, Key secretKey,
- KeyProperties keyProps) throws SecurityException {
- return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
- }
-
- public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
- return decryptBytes(bytes, secretKey, null);
- }
-
- public static byte[] decryptBytes(byte[] bytes, Key secretKey,
- KeyProperties keyProps) throws SecurityException {
- return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
- }
-
- public static byte[] wrapSecretKey(byte[] keyBytes,
- String keyAlgo,
- Key wrapperKey,
- KeyProperties wrapperKeyProps) throws SecurityException {
- return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)),
- wrapperKey,
- wrapperKeyProps);
- }
-
- public static byte[] wrapSecretKey(Key secretKey,
- Key wrapperKey,
- KeyProperties keyProps) throws SecurityException {
- try {
- Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
- return c.wrap(secretKey);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
- String wrappedKeyAlgo,
- Key unwrapperKey,
- String unwrapperKeyAlgo) throws SecurityException {
- return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey,
- new KeyProperties(unwrapperKeyAlgo));
- }
-
- public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
- String wrappedKeyAlgo,
- Key unwrapperKey,
- KeyProperties keyProps) throws SecurityException {
- return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY);
- }
-
- public static Key unwrapKey(byte[] wrappedBytes,
- String wrappedKeyAlgo,
- Key unwrapperKey,
- KeyProperties keyProps,
- int wrappedKeyType) throws SecurityException {
- try {
- Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
- return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- private static byte[] processBytes(byte[] bytes,
- Key secretKey,
- KeyProperties keyProps,
- int mode) throws SecurityException {
- boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
- if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
- bytes = CompressionUtils.deflate(bytes, false);
- }
- try {
- Cipher c = initCipher(secretKey, keyProps, mode);
- byte[] result = new byte[0];
- int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
- if (secretKey instanceof SecretKey && blockSize == -1) {
- result = c.doFinal(bytes);
- } else {
- if (blockSize == -1) {
- blockSize = secretKey instanceof PublicKey ? 117 : 128;
- }
- boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null;
- int offset = 0;
- for (; offset + blockSize < bytes.length; offset += blockSize) {
- byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize)
- : c.update(bytes, offset, blockSize);
- result = addToResult(result, next);
- }
- if (offset < bytes.length) {
- result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
- } else {
- result = addToResult(result, c.doFinal());
- }
- }
- if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
- result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
- }
- return result;
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode) throws SecurityException {
- try {
- String algorithm = keyProps != null && keyProps.getKeyAlgo() != null
- ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
- Cipher c = Cipher.getInstance(algorithm);
- if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
- c.init(mode, secretKey);
- } else {
- AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
- SecureRandom random = keyProps.getSecureRandom();
- if (algoSpec == null) {
- c.init(mode, secretKey, random);
- } else if (random == null) {
- c.init(mode, secretKey, algoSpec);
- } else {
- c.init(mode, secretKey, algoSpec, random);
- }
- }
- if (keyProps != null && keyProps.getAdditionalData() != null) {
- // TODO: call updateAAD directly after switching to Java7
- try {
- Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
- m.invoke(c, new Object[]{keyProps.getAdditionalData()});
- } catch (NoSuchMethodException ex) {
- throw new SecurityException(ex);
- }
- }
- return c;
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- private static byte[] addToResult(byte[] prefix, byte[] suffix) {
- if (suffix == null || suffix.length == 0) {
- return prefix;
- } else if (prefix.length == 0) {
- return suffix;
- } else {
- byte[] result = new byte[prefix.length + suffix.length];
- System.arraycopy(prefix, 0, result, 0, prefix.length);
- System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
- return result;
- }
- }
-
- public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException {
- return decodeSecretKey(encodedSecretKey, "AES");
- }
-
- public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo)
- throws SecurityException {
- byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
- return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
- }
-
- public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
- PrivateKey privateKey) {
- return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
- }
-
-
- public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
- String secretKeyAlgo,
- PrivateKey privateKey)
- throws SecurityException {
- KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
- return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
- }
-
- public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
- String secretKeyAlgo,
- KeyProperties props,
- PrivateKey privateKey) throws SecurityException {
- byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
- return unwrapSecretKey(encryptedBytes, secretKeyAlgo, privateKey, props);
- }
-
- public static SecretKey createSecretKeySpec(String encodedBytes, String algo) {
- return new SecretKeySpec(decodeSequence(encodedBytes), algo);
- }
- public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
- return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo));
- }
- public static byte[] decodeSequence(String encodedSequence) throws SecurityException {
- try {
- return Base64UrlUtility.decode(encodedSequence);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-
- private static String convertJCECipherToSecretKeyName(String jceCipherName) {
- if (jceCipherName != null) {
- if (jceCipherName.startsWith("AES")) {
- return "AES";
- } else if (jceCipherName.startsWith("DESede")) {
- return "DESede";
- } else if (jceCipherName.startsWith("SEED")) {
- return "SEED";
- } else if (jceCipherName.startsWith("Camellia")) {
- return "Camellia";
- }
- }
- return null;
- }
- public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
- String storeType) {
- KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
- return loadCertificate(keyStore, alias);
- }
- public static Certificate loadCertificate(KeyStore keyStore, String alias) {
- try {
- if (alias == null) {
- throw new SecurityException("No keystore alias was defined");
- }
- if (!keyStore.containsAlias(alias)) {
- throw new SecurityException("No alias exists in the keystore for: " + alias);
- }
- return keyStore.getCertificate(alias);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static String encodeCertificate(Certificate cert) {
- try {
- return Base64Utility.encode(cert.getEncoded());
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static Certificate decodeCertificate(String encodedCert) {
- try {
- byte[] decoded = Base64Utility.decode(encodedCert);
- return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
- String storeType) {
- return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
- }
- public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
- return loadCertificate(keyStore, alias).getPublicKey();
- }
- public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) {
- try {
- KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
- ks.load(storeLocation, storePassword);
- return ks;
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static PrivateKey loadPrivateKey(InputStream storeLocation,
- char[] storePassword,
- char[] keyPassword,
- String alias,
- String storeType) {
- KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
- return loadPrivateKey(keyStore, keyPassword, alias);
- }
-
- public static PrivateKey loadPrivateKey(KeyStore keyStore,
- char[] keyPassword,
- String alias) {
- try {
- if (alias == null) {
- throw new SecurityException("No keystore alias was defined");
- }
- if (!keyStore.containsAlias(alias)) {
- throw new SecurityException("No alias exists in the keystore for: " + alias);
- }
- KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
- keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
- return pkEntry.getPrivateKey();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
deleted file mode 100644
index 4a07edc..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.common.util.crypto;
-
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.Base64Utility;
-
-public final class HmacUtils {
-
- private HmacUtils() {
-
- }
-
- public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
- return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
- }
-
- public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
- byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
- return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
- }
-
- public static Mac getMac(String macAlgoJavaName) {
- return getMac(macAlgoJavaName, (String)null);
- }
-
- public static Mac getMac(String macAlgoJavaName, String provider) {
- try {
- return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
- } catch (NoSuchAlgorithmException e) {
- throw new SecurityException(e);
- } catch (NoSuchProviderException e) {
- throw new SecurityException(e);
- }
- }
-
- public static Mac getMac(String macAlgoJavaName, Provider provider) {
- try {
- return Mac.getInstance(macAlgoJavaName, provider);
- } catch (NoSuchAlgorithmException e) {
- throw new SecurityException(e);
- }
- }
-
- public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
- Mac mac = getMac(macAlgoJavaName);
- return computeHmac(key, mac, data);
- }
-
- public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
- return computeHmac(key, macAlgoJavaName, null, data);
- }
- public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec,
- String data) {
- Mac mac = getMac(macAlgoJavaName);
- return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data);
- }
-
- public static byte[] computeHmac(String key, Mac hmac, String data) {
- try {
- return computeHmac(key.getBytes("UTF-8"), hmac, data);
- } catch (UnsupportedEncodingException e) {
- throw new SecurityException(e);
- }
- }
-
- public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
- SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
- return computeHmac(secretKey, hmac, data);
- }
-
- public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
- return computeHmac(secretKey, hmac, null, data);
- }
-
- public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
- initMac(hmac, secretKey, spec);
- return hmac.doFinal(data.getBytes());
- }
-
- public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) {
- Mac hmac = getMac(algo);
- initMac(hmac, key, spec);
- return hmac;
- }
-
- private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) {
- initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec);
-
- }
- private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) {
- try {
- if (spec == null) {
- hmac.init(secretKey);
- } else {
- hmac.init(secretKey, spec);
- }
- } catch (InvalidKeyException e) {
- throw new SecurityException(e);
- } catch (InvalidAlgorithmParameterException e) {
- throw new SecurityException(e);
- }
- }
-
- public static String generateKey(String algo) {
- try {
- KeyGenerator keyGen = KeyGenerator.getInstance(algo);
- return Base64Utility.encode(keyGen.generateKey().getEncoded());
- } catch (NoSuchAlgorithmException e) {
- throw new SecurityException(e);
- }
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java b/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
deleted file mode 100644
index 1d4f75c..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.common.util.crypto;
-
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-public class KeyProperties {
- private String keyAlgo;
- private int keySize;
- private int blockSize = -1;
- private byte[] additionalData;
- private SecureRandom secureRandom;
- private AlgorithmParameterSpec algoSpec;
- private boolean compressionSupported;
-
- public KeyProperties() {
- }
-
- public KeyProperties(String keyAlgo) {
- this(keyAlgo, -1);
- }
- public KeyProperties(String keyAlgo, int keySize) {
- this.keyAlgo = keyAlgo;
- this.keySize = keySize;
- }
- public String getKeyAlgo() {
- return keyAlgo;
- }
- public void setKeyAlgo(String keyAlgo) {
- this.keyAlgo = keyAlgo;
- }
- public int getKeySize() {
- return keySize;
- }
- public void setKeySize(int keySize) {
- this.keySize = keySize;
- }
- public SecureRandom getSecureRandom() {
- return secureRandom;
- }
- public void setSecureRandom(SecureRandom secureRandom) {
- this.secureRandom = secureRandom;
- }
- public AlgorithmParameterSpec getAlgoSpec() {
- return algoSpec;
- }
- public void setAlgoSpec(AlgorithmParameterSpec algoSpec) {
- this.algoSpec = algoSpec;
- }
- public int getBlockSize() {
- return blockSize;
- }
- public void setBlockSize(int blockSize) {
- this.blockSize = blockSize;
- }
- public boolean isCompressionSupported() {
- return compressionSupported;
- }
- public void setCompressionSupported(boolean compressionSupported) {
- this.compressionSupported = compressionSupported;
- }
- public byte[] getAdditionalData() {
- return additionalData;
- }
- public void setAdditionalData(byte[] additionalData) {
- this.additionalData = additionalData;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
deleted file mode 100644
index b8e84e2..0000000
--- a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.common.util.crypto;
-
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-import org.apache.cxf.common.util.StringUtils;
-
-/**
- * The utility Message Digest generator which can be used for generating
- * random values
- */
-public final class MessageDigestUtils {
-
- public static final String ALGO_SHA_1 = "SHA-1";
- public static final String ALGO_SHA_256 = "SHA-256";
- public static final String ALGO_MD5 = "MD5";
-
- private MessageDigestUtils() {
-
- }
-
- public static String generate(byte[] input) {
- return generate(input, ALGO_SHA_256);
- }
-
- public static String generate(byte[] input, String algo) {
- try {
- byte[] messageDigest = createDigest(input, algo);
- return StringUtils.toHexString(messageDigest);
- } catch (NoSuchAlgorithmException e) {
- throw new SecurityException(e);
- }
- }
-
- public static byte[] createDigest(String input, String algo) {
- try {
- return createDigest(input.getBytes("UTF-8"), algo);
- } catch (UnsupportedEncodingException e) {
- throw new SecurityException(e);
- } catch (NoSuchAlgorithmException e) {
- throw new SecurityException(e);
- }
- }
-
- public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException {
- MessageDigest md = MessageDigest.getInstance(algo);
- return md.digest(input);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/osgi/karaf/features/src/main/resources/features.xml
----------------------------------------------------------------------
diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml
index c32b40d..ec5a949 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -203,6 +203,7 @@
</feature>
<feature name="cxf-rs-security-jose" version="${project.version}" resolver="(obr)">
<feature version="${project.version}">cxf-jaxrs</feature>
+ <feature version="${project.version}">cxf-rt-security</feature>
<bundle start-level="40">mvn:org.apache.cxf/cxf-rt-rs-security-jose/${project.version}</bundle>
</feature>
<feature name="cxf-rs-security-oauth2" version="${project.version}" resolver="(obr)">
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/pom.xml
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/pom.xml b/rt/rs/security/jose/pom.xml
index 77c18c6..fee7c60 100644
--- a/rt/rs/security/jose/pom.xml
+++ b/rt/rs/security/jose/pom.xml
@@ -38,6 +38,11 @@
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-security</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>${project.version}</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
index f3e25c1..635ca76 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
@@ -25,8 +25,8 @@ import java.util.Set;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public final class JoseUtils {
private static final Logger LOG = LogUtils.getL7dLogger(JoseUtils.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index 821a36a..70a1905 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -27,7 +27,6 @@ import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.core.HttpHeaders;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
@@ -37,6 +36,7 @@ import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
@Priority(Priorities.AUTHENTICATION)
public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
index 499e4f6..9a4078e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -44,13 +44,13 @@ import java.util.logging.Logger;
import org.apache.cxf.Bus;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.PropertyUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.JoseException;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.security.SecurityContext;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index bf7a68c..355a21b 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.util.concurrent.atomic.AtomicInteger;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
index 4f9eecd..b683c77 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
@@ -22,8 +22,8 @@ import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
index 88cde87..dbae000 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
@@ -23,13 +23,13 @@ import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public abstract class AbstractJweDecryption implements JweDecryptionProvider {
protected static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 171ecc6..6d4c0cb 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -26,13 +26,13 @@ import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index 642fcf6..7e94cd6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -24,10 +24,10 @@ import java.util.Set;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
protected static final Logger LOG = LogUtils.getL7dLogger(AbstractWrapKeyEncryptionAlgorithm.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index 8ac33e4..36d21e8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -26,9 +26,9 @@ import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
-import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
public class AesCbcHmacJweEncryption extends JweEncryption {
private static final Map<String, String> AES_HMAC_MAP;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index 0b4dd1e..1c53a82 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
index f0529f2..dda527e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
@@ -25,10 +25,10 @@ import javax.crypto.SecretKey;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.JoseException;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
protected static final Logger LOG = LogUtils.getL7dLogger(AesGcmWrapKeyDecryptionAlgorithm.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
index 584d48f..6349b7d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
@@ -26,9 +26,9 @@ import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 2ef461f..11350a2 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
public AesWrapKeyDecryptionAlgorithm(String encodedKey) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
index 522b479..3fe85e3 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -24,8 +24,8 @@ import java.util.Set;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
index 210c597..95aa6dc 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
@@ -24,10 +24,10 @@ import java.security.interfaces.ECPublicKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class EcdhDirectKeyJweEncryption extends JweEncryption {
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
index 918ef5a..5036887 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.Cipher;
-import org.apache.cxf.common.util.crypto.KeyProperties;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public class JweEncryptionOutput {
private Cipher cipher;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index f8e2f20..fd837d8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -36,7 +36,6 @@ import javax.crypto.SecretKey;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
@@ -49,6 +48,7 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
public final class JweUtils {
private static final Logger LOG = LogUtils.getL7dLogger(JweUtils.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index d2d4ff4..0a17be5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -28,10 +28,10 @@ import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.MessageDigestUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 6414461..7def0ce 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -23,10 +23,10 @@ import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
protected static final Logger LOG = LogUtils.getL7dLogger(WrappedKeyDecryptionAlgorithm.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 241fe6b..9dcd0fe 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -38,7 +38,6 @@ import javax.crypto.SecretKey;
import org.apache.cxf.Bus;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
@@ -62,6 +61,7 @@ import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public final class JwkUtils {
public static final String JWK_KEY_STORE_TYPE = "jwk";
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
index d904de9..0c88113 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
@@ -24,10 +24,10 @@ import javax.crypto.Mac;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
private byte[] key;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 984eb32..e0a4c68 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -23,10 +23,10 @@ import java.util.Arrays;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.HmacUtils;
public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
protected static final Logger LOG = LogUtils.getL7dLogger(HmacJwsSignatureVerifier.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
index cb7b5ab..258d5e3 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
@@ -24,10 +24,10 @@ import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider {
private PrivateKey key;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
index d40e66d..86fabca 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
@@ -24,9 +24,9 @@ import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
protected static final Logger LOG = LogUtils.getL7dLogger(PublicKeyJwsSignatureVerifier.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 91debe2..6fff443 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -28,14 +28,13 @@ import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
index 5a52682..dad6f70 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
@@ -24,10 +24,9 @@ import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 71f0d90..7a8c6c0 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -27,10 +27,9 @@ import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 285705b..8f65be7 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -28,7 +28,6 @@ import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
@@ -37,8 +36,8 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
import org.junit.Assert;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/cxf/blob/179c1d41/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index 64e6276..a7f58c9 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -25,11 +25,11 @@ import java.util.Set;
import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+import org.apache.cxf.rt.security.crypto.KeyProperties;
public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDataProvider
implements AuthorizationCodeDataProvider {
[4/4] cxf git commit: Fixing build
Posted by co...@apache.org.
Fixing build
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/26818515
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/26818515
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/26818515
Branch: refs/heads/3.0.x-fixes
Commit: 26818515c115bc4ed9a26643eb71aeb22e1fda32
Parents: 1432937
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 30 09:18:38 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 30 09:18:38 2015 +0100
----------------------------------------------------------------------
.../org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 5 -----
1 file changed, 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/26818515/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index bd4ec9f..79f9f51 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -28,11 +28,6 @@ import java.util.Set;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
-<<<<<<< HEAD
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-=======
-import org.apache.cxf.jaxrs.ext.MessageContext;
->>>>>>> b9e4fcf... Move CryptoUtils into rt-security
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.model.URITemplate;
import org.apache.cxf.rs.security.oauth2.common.Client;