RampartPolicyData rpd = rmd.getPolicyData();
if(policyToken.isDerivedKeys()) {
try {
WSSecDKSign dkSign = new WSSecDKSign();
//Check whether it is security policy 1.2 and use the secure conversation accordingly
if (SPConstants.SP_V12 == policyToken.getVersion()) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
}
//Check for whether the token is attached in the message or not
boolean attached = false;
if (SPConstants.INCLUDE_TOEKN_ALWAYS == policyToken.getInclusion() ||
SPConstants.INCLUDE_TOKEN_ONCE == policyToken.getInclusion() ||
(rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
== policyToken.getInclusion())) {
attached = true;
}
// Setting the AttachedReference or the UnattachedReference according to the flag
OMElement ref;
if (attached == true) {
ref = tok.getAttachedReference();
} else {
ref = tok.getUnattachedReference();
}
if(ref != null) {
dkSign.setExternalKey(tok.getSecret(), (Element)
doc.importNode((Element) ref, true));
} else if (!rmd.isInitiator() && policyToken.isDerivedKeys()) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
// 7.7 Encrypted Key reference
SecurityTokenReference tokenRef = new SecurityTokenReference(doc);
if(tok instanceof EncryptedKeyToken) {
tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)tok).getSHA1());;
}
dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
} else {
dkSign.setExternalKey(tok.getSecret(), tok.getId());
}
//Set the algo info
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
if(tok instanceof EncryptedKeyToken) {
//Set the value type of the reference
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
}
dkSign.prepare(doc, rmd.getSecHeader());
if(rpd.isTokenProtection()) {
//Hack to handle reference id issues
//TODO Need a better fix
String sigTokId = tok.getId();
if(sigTokId.startsWith("#")) {
sigTokId = sigTokId.substring(1);
}
sigParts.add(new WSEncryptionPart(sigTokId));
}
dkSign.setParts(sigParts);
dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
dkSign.computeSignature();
//Add elements to header
if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
this.getInsertionLocation() == null ) {
this.setInsertionLocation(RampartUtil
.insertSiblingBefore(rmd,
this.mainRefListElement,
dkSign.getdktElement()));
this.setInsertionLocation(RampartUtil.insertSiblingAfter(
rmd,
this.getInsertionLocation(),
dkSign.getSignatureElement()));
} else {
this.setInsertionLocation(RampartUtil
.insertSiblingAfter(rmd,
this.getInsertionLocation(),
dkSign.getdktElement()));
this.setInsertionLocation(RampartUtil.insertSiblingAfter(
rmd,
this.getInsertionLocation(),
dkSign.getSignatureElement()));
}
return dkSign.getSignatureValue();
} catch (ConversationException e) {
throw new RampartException(
"errorInDerivedKeyTokenSignature", e);
} catch (WSSecurityException e) {