ListIterator transformIterator = transforms.listIterator();
ArrayList transformList = new ArrayList(2);
while(transformIterator.hasNext()) {
SignatureTarget.Transform transformInfo = (SignatureTarget.Transform)transformIterator.next();
String transformAlgo = transformInfo.getTransform();
Transform transform = null;
if(logger.isLoggable(Level.FINEST))
logger.log(Level.FINEST, "Transform Algorithm is "+transformAlgo);
if(Transform.XPATH.equals(transformAlgo)){
/*TransformParameterSpec spec =(TransformParameterSpec) transformInfo.getAlgorithmParameters();
//XPathFilterParameterSpec spec = null;
if(spec == null){
throw new XWSSecurityException("XPATH parameters cannot be null");
}
//XPATH2,XSLTC , ..
transform = signatureFactory.newTransform(transformAlgo,spec);*/
throw new UnsupportedOperationException("XPATH not supported");
} else if(Transform.XPATH2.equals(transformAlgo)){
/*TransformParameterSpec transformParams = (TransformParameterSpec)transformInfo.getAlgorithmParameters();
transform= signatureFactory.newTransform(transformAlgo,transformParams);*/
throw new UnsupportedOperationException("XPATH not supported");
} else if (MessageConstants.STR_TRANSFORM_URI.equals(transformAlgo)){
Parameter transformParams =(Parameter) transformInfo.getAlgorithmParameters();
String algo = null;
if(transformParams.getParamName().equals("CanonicalizationMethod")){
algo = transformParams.getParamValue();
}
if(algo == null){
throw new XWSSecurityException("STR Transform must have a"+
"canonicalization method specified");
}
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST, "CanonicalizationMethod is " + algo);
}
//CanonicalizationMethod cm = null;
C14NMethodParameterSpec spec = null;
try{
TransformationParametersType tp =
new com.sun.xml.ws.security.secext10.ObjectFactory().createTransformationParametersType();
com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod cm =
new com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod();
cm.setAlgorithm(algo);
tp.getAny().add(cm);
JAXBElement<TransformationParametersType> tpElement =
new com.sun.xml.ws.security.secext10.ObjectFactory().createTransformationParameters(tp);
XMLStructure transformSpec = new JAXBStructure(tpElement);
transform = signatureFactory.newTransform(transformAlgo,transformSpec);
if(SignatureTarget.TARGET_TYPE_VALUE_URI.equals(signatureTarget.getType())){
String targetURI = signatureTarget.getValue();
((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setReferenceId(targetURI);
}
} catch(Exception ex){
logger.log(Level.SEVERE,LogStringsMessages.WSS_1767_ERROR_CREATE_TRANSFORM_OBJECT(),ex);
throw new XWSSecurityException(ex.getMessage());
}
} else if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
// should be there by default...
// As per R 5412, last child of ds:Transforms must be either excl-c14n, or attachment-content only or attachment-complete transform
exclTransformToBeAdded = true;
} else {
transform = signatureFactory.newTransform(transformAlgo,(TransformParameterSpec)null);
//throw new XWSSecurityException(transformAlgo + " not supported as Signature transform");
}
if (!MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
// will add c14n transform in the end; later
transformList.add(transform);
}
}
String targetURI = "";
String signatureType = signatureTarget.getType();
if (signatureTarget.isITNever()) {
String uri = signatureTarget.getValue();
uri = uri.startsWith("#") ? uri.substring(1) : uri;
SSEData data = (SSEData) fpContext.getElementCache().get(uri);
SecurityHeaderElement se = (SecurityHeaderElement) data.getSecurityElement();
fpContext.getSecurityHeader().add(se);
}
SecuredMessage secMessage = fpContext.getSecuredMessage();
//SecurityHeader secHeader = fpContext.getSecurityHeader();
//boolean headersOnly = signatureTarget.isSOAPHeadersOnly();
if(signatureType.equals(SignatureTarget.TARGET_TYPE_VALUE_QNAME)){
String expr = null;
List<SignedMessagePart> targets = new ArrayList<SignedMessagePart>();
String targetValue = signatureTarget.getValue();
boolean optimized = false;
if(fpContext.getConfigType() == MessageConstants.SIGN_BODY ||
fpContext.getConfigType() == MessageConstants.SIGN_ENCRYPT_BODY){
optimized = true;
}
if(targetValue.equals(SignatureTarget.BODY )){
Object body = secMessage.getBody();
if(body instanceof SignedMessagePart){
targets.add((SignedMessagePart)body);
} else if(body instanceof SecurityElement){
SignedMessagePart smp = new SignedMessagePart((SecurityElement)body);
targets.add(smp);
} else{
// replace SOAPBody with securityElement and add
// to targets
boolean contentOnly = signatureTarget.getContentOnly();
SOAPBody soapBody = (SOAPBody)body;
if(!contentOnly){
if(soapBody.getId() == null || "".equals(soapBody.getId()))
soapBody.setId(fpContext.generateID());
SignedMessagePart smp = new SignedMessagePart(soapBody, contentOnly);
secMessage.replaceBody(smp);
targets.add(smp);
} else{
String id = null;
if(soapBody.getBodyContentId() == null || "".equals(soapBody.getBodyContentId())){
id = fpContext.generateID();
soapBody.setBodyContentId(id);
}
SignedMessagePart smp = new SignedMessagePart(soapBody, contentOnly);
SOAPBody newBody = new SOAPBody(smp,fpContext.getSOAPVersion());
newBody.setId(soapBody.getId());
secMessage.replaceBody(newBody);
targets.add(smp);
}
}
} else{
//if QName is of the form "{NS-URI}" then this method throws
//illegalArgumentException with JDK 1.6
//QName name = QName.valueOf(targetValue);
QName name = null;
if (targetValue.endsWith("}")) {
String nsURI = targetValue.substring(1,targetValue.length() -1);
name = new QName(nsURI,"");
} else {
name = QName.valueOf(targetValue);
}
//boolean contentOnly = signatureTarget.getContentOnly();
Iterator headers = null;
if(name.getNamespaceURI().equals(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE) ||
name.getNamespaceURI().equals(MessageConstants.ADDRESSING_W3C_NAMESPACE)){
if(!"".equals(name.getLocalPart()))
headers = secMessage.getHeaders(name.getLocalPart(), null);
else{
headers = secMessage.getHeaders(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE);
if(!headers.hasNext())
headers = secMessage.getHeaders(MessageConstants.ADDRESSING_W3C_NAMESPACE);
}
} else {
if(!"".equals(name.getLocalPart()))
headers = secMessage.getHeaders(name.getLocalPart(), name.getNamespaceURI());
else
headers = secMessage.getHeaders(name.getNamespaceURI());
}
while(headers.hasNext()){
Object next = headers.next();
if(next instanceof SignedMessageHeader){
targets.add((SignedMessageHeader)next);
} else if(next instanceof SecurityHeaderElement){
SecurityHeaderElement she = (SecurityHeaderElement)next;
SignedMessageHeader smh = new SignedMessageHeader(she);
secMessage.replaceHeader(she, smh);
targets.add(smh);
} else if(next instanceof Header){
Header header = (Header)next;
SignedMessageHeader smh = toSignedMessageHeader(header, fpContext);
secMessage.replaceHeader(header, smh);
targets.add(smh);
}
}
SecurityHeader sh = fpContext.getSecurityHeader();
headers = sh.getHeaders(name.getLocalPart(), name.getNamespaceURI());
while(headers.hasNext()){
SecurityHeaderElement she = (SecurityHeaderElement) headers.next();
if(she instanceof SignedMessageHeader){
targets.add((SignedMessageHeader)she);
} else{
if(she.getId() == null){
she.setId(fpContext.generateID());
}
SignedMessageHeader smh = new SignedMessageHeader(she);
targets.add(smh);
}
}
}
if(targets.size() <= 0){
if(signatureTarget.getEnforce()){
throw new XWSSecurityException("SignatureTarget with URI "+signatureTarget.getValue()+
" is not in the message");
} else
continue;
}
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST, "Number of nodes "+ targets.size());
logger.log(Level.FINEST, "+++++++++++++++END+++++++++++++++");
}
HashMap elementCache = null;
if(fpContext != null ){
elementCache = fpContext.getElementCache();
}
for(int i = 0; i < targets.size(); i++){
SignedMessagePart targetRef = targets.get(i);
ArrayList clonedTransformList = (ArrayList)transformList.clone();
if (exclTransformToBeAdded) {
// exc-14-n must be one of the last transforms under ReferenceList by default.
String transformAlgo = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
((NamespaceContextEx)fpContext.getNamespaceContext()).addExc14NS();
ExcC14NParameterSpec spec = null;
if(!fpContext.getDisableIncPrefix()){
ArrayList list = new ArrayList();
/*list.add("wsu");list.add("wsse");*/ list.add("S");
spec = new ExcC14NParameterSpec(list); //TO BE SET
}
Transform transform = signatureFactory.newTransform(transformAlgo,spec);
// Commenting this - content is now set directly in com.sun.xml.ws.security.opt.crypto.dsig.Transform
// class
// if(!fpContext.getDisableIncPrefix()){
// List contentList = setInclusiveNamespaces(spec);
// ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setContent(contentList);
// }
clonedTransformList.add(transform);
}
String id = targetRef.getId();
if (id == null || id.equals("")) {
id = fpContext.generateID();
if(!verify){
targetRef.setId(id);
} else{
//add to context. dont modify the message.
elementCache.put(id, targetRef);
}
}
if(logger.isLoggable(Level.FINEST))
logger.log(Level.FINEST, "SignedInfo val id "+id);
targetURI = "#"+id;
Reference reference = null;
reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null);
references.add(reference);
}
continue;
} else if(SignatureTarget.TARGET_TYPE_VALUE_URI.equals(signatureType)){
targetURI = signatureTarget.getValue();
if(targetURI == null){
targetURI="";
}
QName policyName = signatureTarget.getPolicyQName();
if(policyName != null && policyName == MessageConstants.SCT_NAME){
String _uri = targetURI;
if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
_uri = targetURI.substring(1);
}
com.sun.xml.ws.security.IssuedTokenContext ictx = fpContext.getIssuedTokenContext(_uri);
com.sun.xml.ws.security.SecurityContextToken sct1 =(com.sun.xml.ws.security.SecurityContextToken)ictx.getSecurityToken();
targetURI = sct1.getWsuId();
}
if(MessageConstants.PROCESS_ALL_ATTACHMENTS.equals(targetURI)){
AttachmentSet as = secMessage.getAttachments();
if(as != null && as.isEmpty()){
logger.log(Level.WARNING, LogStringsMessages.WSS_1766_NO_ATTACHMENT_PARTS_TOBE_SECURED());
continue;
}
for(Attachment attachment : as){
String cid = "cid:" + attachment.getContentId();
Reference reference = signatureFactory.newReference(cid, digestMethod, transformList, null, null);
references.add(reference);
}
continue;
} else{
if (exclTransformToBeAdded) {
String _uri = targetURI;
if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
_uri = targetURI.substring(1);
}
Object reqdPart = getPartFromId(fpContext, _uri);
if(reqdPart != null){
String transformAlgo = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
ExcC14NParameterSpec spec = null;
if(!fpContext.getDisableIncPrefix()){
ArrayList list = new ArrayList();
list.add("wsu");list.add("wsse"); list.add("S");
spec = new ExcC14NParameterSpec(list);
}
Transform transform = signatureFactory.newTransform(transformAlgo,spec);
// Commenting this - content is now set directly in com.sun.xml.ws.security.opt.crypto.dsig.Transform
// class
// if(!fpContext.getDisableIncPrefix()){
// List contentList = setInclusiveNamespaces(spec);
// ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setContent(contentList);