if (signToken) {
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
// Initialise signature objects with defaults of STSPropertiesMBean
Crypto signatureCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
String alias = stsProperties.getSignatureUsername();
if (samlRealm != null) {
// If SignatureCrypto configured in realm then
// callbackhandler and alias of STSPropertiesMBean is ignored
if (samlRealm.getSignatureCrypto() != null) {
LOG.fine("SAMLRealm signature keystore used");
signatureCrypto = samlRealm.getSignatureCrypto();
callbackHandler = samlRealm.getCallbackHandler();
alias = samlRealm.getSignatureAlias();
}
// SignatureProperties can be defined independently of SignatureCrypto
if (samlRealm.getSignatureProperties() != null) {
signatureProperties = samlRealm.getSignatureProperties();
}
}
// Get the signature algorithm to use
String signatureAlgorithm = tokenParameters.getKeyRequirements().getSignatureAlgorithm();
if (signatureAlgorithm == null) {
// If none then default to what is configured
signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
} else {
List<String> supportedAlgorithms =
signatureProperties.getAcceptedSignatureAlgorithms();
if (!supportedAlgorithms.contains(signatureAlgorithm)) {
signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
}
}
// Get the c14n algorithm to use
String c14nAlgorithm = tokenParameters.getKeyRequirements().getC14nAlgorithm();
if (c14nAlgorithm == null) {
// If none then default to what is configured
c14nAlgorithm = signatureProperties.getC14nAlgorithm();
} else {
List<String> supportedAlgorithms =
signatureProperties.getAcceptedC14nAlgorithms();
if (!supportedAlgorithms.contains(c14nAlgorithm)) {
c14nAlgorithm = signatureProperties.getC14nAlgorithm();
LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
}
}
// If alias not defined, get the default of the SignatureCrypto
if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
alias = signatureCrypto.getDefaultX509Identifier();
LOG.fine("Signature alias is null so using default alias: " + alias);
}
// Get the password
WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
LOG.fine("Creating SAML Token");