*/
WSDocInfo wsDocInfo = new WSDocInfo(doc.hashCode());
wsDocInfo.setCrypto(crypto);
Element envelope = doc.getDocumentElement();
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(envelope);
Element securityHeader = insertSecurityHeader(doc);
// Set the id of the elements to be used as digest source
// String id = setBodyID(doc);
String certUri = null;
X509Certificate[] certs = null;
if (keyIdentifierType != WSConstants.UT_SIGNING) {
certs = crypto.getCertificates(user);
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidX509Data",
new Object[]{"for Signature"});
}
certUri = "CertId-" + certs[0].hashCode();
if (sigAlgo == null) {
String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
log.debug("automatic sig algo detection: " + pubKeyAlgo);
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
} else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
} else {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidX509Data",
new Object[]{"for Signature - unkown public key Algo"});
}
}
}
XMLSignature sig = null;
if (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
Element canonElem = XMLUtils.createElementInSignatureSpace(
doc,
Constants._TAG_CANONICALIZATIONMETHOD);
canonElem.setAttributeNS(
null,
Constants._ATT_ALGORITHM,
canonAlgo);
if (wssConfig.isWsiBSPCompliant()) {
Set prefixes = getInclusivePrefixes(securityHeader, false);
InclusiveNamespaces inclusiveNamespaces =
new InclusiveNamespaces(doc, prefixes);
canonElem.appendChild(inclusiveNamespaces.getElement());
}
try {
SignatureAlgorithm signatureAlgorithm =
new SignatureAlgorithm(doc, sigAlgo);
sig = new XMLSignature(
doc, null, signatureAlgorithm.getElement(), canonElem);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE,
"noXMLSig");
}
} else {
try {
sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE,
"noXMLSig");
}
}
/*
* If we don't generate a new Transforms for each addDocument here, then
* only the last Transforms is put into the according ds:Reference
* element, i.e. the first ds:Reference does not contain a Transforms
* element. Thus the verification fails (somehow)
*/
KeyInfo info = sig.getKeyInfo();
String keyInfoUri = "KeyId-" + info.hashCode();
info.setId(keyInfoUri);
SecurityTokenReference secRef = new SecurityTokenReference(wssConfig, doc);
String strUri = "STRId-" + secRef.hashCode();
secRef.setID(strUri);
if (tlog.isDebugEnabled()) {
t1 = System.currentTimeMillis();
}
if (parts == null) {
parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content");
parts.add(encP);
}
Transforms transforms = null;