sigParts.add(wep);
}
}
//check for derived keys
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(token.isDerivedKeys()) {
//Create a derived key and add
try {
//Do Signature with derived keys
WSSecDKSign dkSign = new WSSecDKSign();
// Setting the AttachedReference or the UnattachedReference according to the flag
OMElement ref;
if (tokenIncluded) {
ref = tok.getAttachedReference();
} else {
ref = tok.getUnattachedReference();
}
if(ref != null) {
dkSign.setExternalKey(tok.getSecret(), (Element)
doc.importNode((Element) ref, true));
} else {
dkSign.setExternalKey(tok.getSecret(), tok.getId());
}
//Set the algo info
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
dkSign.prepare(doc);
/**
* Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security
* header. We need to add this just after Encrypted Key and just before <Signature>..</Signature>
* elements. (As a convention)
*/
dkSign.appendDKElementToHeader(rmd.getSecHeader());
dkSign.setParts(sigParts);
List<Reference> referenceList
= dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
dkSign.computeSignature(referenceList, false, null);
// TODO verify before migration - dkSign.appendSigToHeader(rmd.getSecHeader())
// this.appendToHeader(rmd.getSecHeader(), dkSign.getSignatureElement());
return dkSign.getSignatureValue();
} catch (ConversationException e) {
throw new RampartException(
"errorInDerivedKeyTokenSignature", e);
} catch (WSSecurityException e) {
throw new RampartException(
"errorInDerivedKeyTokenSignature", e);
}
} else {
try {
WSSecSignature sig = new WSSecSignature();
sig.setWsConfig(rmd.getConfig());
String tokId = tok.getId();
if (tokId.charAt(0) == '#') {
tokId = tokId.substring(1);
}
sig.setCustomTokenId(tokId);
sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace());
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()),
rmd.getSecHeader());