XWSSPolicyGenerator xwssPolicyGenerator = new XWSSPolicyGenerator(effectivePolicy, isServer, isIncoming, spVersion);
xwssPolicyGenerator.process(ignoreST);
this.bindingLevelAlgSuite = xwssPolicyGenerator.getBindingLevelAlgSuite();
MessagePolicy messagePolicy = xwssPolicyGenerator.getXWSSPolicy();
SecurityPolicyHolder sph = new SecurityPolicyHolder();
sph.setMessagePolicy(messagePolicy);
sph.setBindingLevelAlgSuite(xwssPolicyGenerator.getBindingLevelAlgSuite());
sph.isIssuedTokenAsEncryptedSupportingToken(xwssPolicyGenerator.isIssuedTokenAsEncryptedSupportingToken());
List<PolicyAssertion> tokenList = getTokens(effectivePolicy);
addConfigAssertions(effectivePolicy, sph);
for (PolicyAssertion token : tokenList) {
if (PolicyUtil.isSecureConversationToken(token, spVersion)) {
NestedPolicy bootstrapPolicy = ((SecureConversationToken) token).getBootstrapPolicy();
Policy effectiveBP;
if (hasTargets(bootstrapPolicy)) {
effectiveBP = bootstrapPolicy;
} else {
effectiveBP = getEffectiveBootstrapPolicy(bootstrapPolicy);
}
xwssPolicyGenerator = new XWSSPolicyGenerator(effectiveBP, isServer, isIncoming, spVersion);
xwssPolicyGenerator.process(ignoreST);
MessagePolicy bmp = xwssPolicyGenerator.getXWSSPolicy();
this.bootStrapAlgoSuite = xwssPolicyGenerator.getBindingLevelAlgSuite();
if (isServer && isIncoming) {
EncryptionPolicy optionalPolicy =
new EncryptionPolicy();
EncryptionPolicy.FeatureBinding fb = (EncryptionPolicy.FeatureBinding) optionalPolicy.getFeatureBinding();
optionalPolicy.newX509CertificateKeyBinding();
EncryptionTarget target = new EncryptionTarget();
target.setQName(new QName(MessageConstants.SAML_v1_1_NS, MessageConstants.SAML_ASSERTION_LNAME));
target.setEnforce(false);
fb.addTargetBinding(target);
/*
try {
bmp.prepend(optionalPolicy);
} catch (PolicyGenerationException ex) {
throw new PolicyException(ex);
}*/
}
PolicyAssertion sct = new SCTokenWrapper(token, bmp);
sph.addSecureConversationToken(sct);
hasSecureConversation = true;
// if the bootstrap has issued tokens then set hasIssuedTokens=true
List<PolicyAssertion> iList =
this.getIssuedTokenPoliciesFromBootstrapPolicy((Token) sct);
if (!iList.isEmpty()) {
hasIssuedTokens = true;
}
// if the bootstrap has kerberos tokens then set hasKerberosTokens=true
List<PolicyAssertion> kList =
this.getKerberosTokenPoliciesFromBootstrapPolicy((Token) sct);
if (!kList.isEmpty()) {
hasKerberosToken = true;
}
} else if (PolicyUtil.isIssuedToken(token, spVersion)) {
sph.addIssuedToken(token);
hasIssuedTokens = true;
} else if (PolicyUtil.isKerberosToken(token, spVersion)) {
sph.addKerberosToken(token);
hasKerberosToken = true;
}
}
return sph;
}