//
// Prepare and setup the token references for this Signature
//
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(document);
ref.setURI("#" + certUri);
if (!useSingleCert) {
bstToken = new PKIPathSecurity(document);
((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto);
secRef.addTokenType(PKIPathSecurity.PKI_TYPE);
} else {
bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(certs[0]);
}
ref.setValueType(bstToken.getValueType());
secRef.setReference(ref);
bstToken.setID(certUri);
wsDocInfo.addTokenElement(bstToken.getElement(), false);
break;
case WSConstants.ISSUER_SERIAL:
String issuer = certs[0].getIssuerX500Principal().getName();
java.math.BigInteger serialNumber = certs[0].getSerialNumber();
DOMX509IssuerSerial domIssuerSerial =
new DOMX509IssuerSerial(doc, issuer, serialNumber);
DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
secRef.setX509Data(domX509Data);
break;
case WSConstants.X509_KEY_IDENTIFIER:
secRef.setKeyIdentifier(certs[0]);
break;
case WSConstants.SKI_KEY_IDENTIFIER:
secRef.setKeyIdentifierSKI(certs[0], crypto);
break;
case WSConstants.THUMBPRINT_IDENTIFIER:
secRef.setKeyIdentifierThumb(certs[0]);
break;
case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
if (encrKeySha1value != null) {
secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
} else {
byte[] digestBytes = WSSecurityUtil.generateDigest(secretKey);
secRef.setKeyIdentifierEncKeySHA1(Base64.encode(digestBytes));
}
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
break;
case WSConstants.CUSTOM_SYMM_SIGNING :
Reference refCust = new Reference(document);
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
refCust.setValueType(customTokenValueType);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
refCust.setValueType(customTokenValueType);
} else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
secRef.addTokenType(customTokenValueType);
refCust.setValueType(customTokenValueType);
} else {
refCust.setValueType(customTokenValueType);
}
refCust.setURI("#" + customTokenId);
secRef.setReference(refCust);
break;
case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
Reference refCustd = new Reference(document);
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
refCustd.setValueType(customTokenValueType);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
refCustd.setValueType(customTokenValueType);
} else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
secRef.addTokenType(customTokenValueType);
refCustd.setValueType(customTokenValueType);
} else {
refCustd.setValueType(customTokenValueType);
}
refCustd.setURI(customTokenId);
secRef.setReference(refCustd);
break;
case WSConstants.CUSTOM_KEY_IDENTIFIER:
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {