/*
* We need to hold on to these two element to use them as refence in the
* case of encypting the signature
*/
Element encrDKTokenElem = null;
WSSecEncrypt encr = null;
Element refList = null;
WSSecDKEncrypt dkEncr = null;
/*
* We MUST use keys derived from the same token
*/
Token encryptionToken = null;
if(rmd.isInitiator()) {
encryptionToken = rpd.getRecipientToken();
} else {
encryptionToken = rpd.getInitiatorToken();
}
Vector encrParts = RampartUtil.getEncryptedParts(rmd);
//Signed parts are determined before encryption because encrypted signed headers
//will not be included otherwise
this.sigParts = RampartUtil.getSignedParts(rmd);
if(encryptionToken == null && encrParts.size() > 0) {
throw new RampartException("encryptionTokenMissing");
}
if (encryptionToken != null && encrParts.size() > 0) {
//Check for RampartConfig assertion
if(rpd.getRampartConfig() == null) {
//We'er missing the extra info rampart needs
throw new RampartException("rampartConigMissing");
}
if (encryptionToken.isDerivedKeys()) {
try {
this.setupEncryptedKey(rmd, encryptionToken);
// Create the DK encryption builder
dkEncr = new WSSecDKEncrypt();
dkEncr.setParts(encrParts);
dkEncr.setExternalKey(this.encryptedKeyValue,
this.encryptedKeyId);
dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
// Get and add the DKT element
this.encrDKTElement = dkEncr.getdktElement();
encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
refList = dkEncr.encryptForExternalRef(null, encrParts);
} catch (WSSecurityException e) {
throw new RampartException("errorCreatingEncryptedKey", e);
} catch (ConversationException e) {
throw new RampartException("errorInDKEncr", e);
}
} else {
try {
encr = new WSSecEncrypt();
encr.setParts(encrParts);
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
RampartUtil.setKeyIdentifierType(rmd, encr, encryptionToken);
encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
Element bstElem = encr.getBinarySecurityTokenElement();
if (bstElem != null) {
RampartUtil.appendChildToSecHeader(rmd, bstElem);
}
this.encrTokenElement = encr.getEncryptedKeyElement();
this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
encrTokenElement);
refList = encr.encryptForExternalRef(null, encrParts);
} catch (WSSecurityException e) {
throw new RampartException("errorInEncryption", e);
}
}
RampartUtil.appendChildToSecHeader(rmd, refList);
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
this.setInsertionLocation(encrTokenElement);
RampartUtil.handleEncryptedSignedHeaders(encrParts, this.sigParts, doc);
HashMap sigSuppTokMap = null;
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
HashMap sgndEncSuppTokMap = null;
HashMap endEncSuppTokMap = null;
HashMap sgndEndEncSuppTokMap = null;
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(RampartUtil
.addWsuIdToElement((OMElement) this.timestampElement)));
}
if (rmd.isInitiator()) {
// Now add the supporting tokens
SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
}
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
sigParts = addSignatureParts(sigSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
} else {
addSignatureConfirmation(rmd, sigParts);
}
if(( sigParts.size() > 0 &&
rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
(!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
this.doSignature(rmd);
}
if (rmd.isInitiator()) {
endSuppTokMap.putAll(endEncSuppTokMap);
// Do endorsed signatures
Vector endSigVals = this.doEndorsedSignatures(rmd,
endSuppTokMap);
for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
signatureValues.add(iter.next());
}
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
// Do signed endorsing signatures
Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
sgndEndSuppTokMap);
for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
signatureValues.add(iter.next());
}
}
if(tlog.isDebugEnabled()){
t2 = System.currentTimeMillis();
tlog.debug("Encryption took :" + (t1 - t0)
+", Signature tool :" + (t2 - t1) );
}
// Check for signature protection
if (rpd.isSignatureProtection() && this.mainSigId != null) {
long t3 = 0, t4 = 0;
if(tlog.isDebugEnabled()){
t3 = System.currentTimeMillis();
}
Vector secondEncrParts = new Vector();
// Now encrypt the signature using the above token
secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
"Element"));
if(rmd.isInitiator()) {
for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
}
}
Element secondRefList = null;
if (encryptionToken.isDerivedKeys()) {
try {
secondRefList = dkEncr.encryptForExternalRef(null,
secondEncrParts);
RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
secondRefList);
} catch (WSSecurityException e) {
throw new RampartException("errorCreatingEncryptedKey",
e);
}
} else {
try {
// Encrypt, get hold of the ref list and add it
secondRefList = encr.encryptForExternalRef(null,
secondEncrParts);
// Insert the ref list after the encrypted key elem
this.setInsertionLocation(RampartUtil
.insertSiblingAfter(rmd, encrTokenElement,