KeyInfo info = sig.getKeyInfo();
String keyInfoUri = "KeyId-" + info.hashCode();
info.setId(keyInfoUri);
SecurityTokenReference secRef = new SecurityTokenReference(wssConfig, doc);
String strUri = "STRId-" + secRef.hashCode();
secRef.setID(strUri);
if (tlog.isDebugEnabled()) {
t1 = System.currentTimeMillis();
}
if (parts == null) {
parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content");
parts.add(encP);
}
Transforms transforms = null;
for (int part = 0; part < parts.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
String elemName = encPart.getName();
String nmSpace = encPart.getNamespace();
/*
* Set up the elements to sign. There are two resevered element
* names: "Token" and "STRTransform" "Token": Setup the Signature to
* either sign the information that points to the security token or
* the token itself. If its a direct reference sign the token,
* otherwise sign the KeyInfo Element. "STRTransform": Setup the
* ds:Reference to use STR Transform
*
*/
try {
if (elemName.equals("Token")) {
transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
doc, getInclusivePrefixes(
securityHeader)).getElement());
}
sig.addDocument("#" + certUri, transforms);
} else {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
doc, getInclusivePrefixes(
info.getElement())).getElement());
}
sig.addDocument("#" + keyInfoUri, transforms);
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(doc);
transforms = new Transforms(doc);
transforms.addTransform(STRTransform.implementedTransformURI,
ctx);
sig.addDocument("#" + strUri, transforms);
} else if (elemName.equals("Assertion")) { // Assertion
// Make the AssertionID the wsu:Id and the signature reference the same
SAMLAssertion assertion;
Element assertionElement =
(Element) WSSecurityUtil.findElement(envelope,
elemName,
nmSpace);
try {
assertion = new SAMLAssertion(assertionElement);
}
catch (Exception e1) {
log.error(e1);
throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
"noXMLSig", null, e1);
}
Element body =
(Element) WSSecurityUtil.findElement(envelope,
elemName,
nmSpace);
if (body == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noEncElement",
new Object[]{nmSpace + ", " + elemName});
}
transforms = new Transforms(doc);
transforms.addTransform(
Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
doc, getInclusivePrefixes(body)).getElement());
}
String prefix =
WSSecurityUtil.setNamespace(body,
wssConfig.getWsuNS(),
WSConstants.WSU_PREFIX);
body.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", assertion.getId());
sig.addDocument("#" + assertion.getId(), transforms);
} else {
Element body =
(Element) WSSecurityUtil.findElement(envelope,
elemName,
nmSpace);
if (body == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"noEncElement",
new Object[]{nmSpace + ", " + elemName});
}
transforms = new Transforms(doc);
transforms.addTransform(
Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
doc, getInclusivePrefixes(body)).getElement());
}
sig.addDocument("#" + setWsuId(body), transforms);
}
} catch (TransformationException e1) {
throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
"noXMLSig",
null,
e1);
} catch (XMLSignatureException e1) {
throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
"noXMLSig",
null,
e1);
}
}
sig.addResourceResolver(EnvelopeIdResolver.getInstance(wssConfig));
WSSecurityUtil.prependChildElement(doc,
securityHeader,
sig.getElement(),
false);
if (tlog.isDebugEnabled()) {
t2 = System.currentTimeMillis();
}
byte[] secretKey = null;
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(wssConfig, doc);
ref.setURI("#" + certUri);
BinarySecurity bstToken = null;
if (!useSingleCert) {
bstToken = new PKIPathSecurity(wssConfig, doc);
((PKIPathSecurity) bstToken).setX509Certificates(certs,
false,
crypto);
} else {
bstToken = new X509Security(wssConfig, doc);
((X509Security) bstToken).setX509Certificate(certs[0]);
}
ref.setValueType(bstToken.getValueType());
secRef.setReference(ref);
bstToken.setID(certUri);
WSSecurityUtil.prependChildElement(doc,
securityHeader,
bstToken.getElement(),
false);
wsDocInfo.setBst(bstToken.getElement());
break;
case WSConstants.ISSUER_SERIAL:
XMLX509IssuerSerial data =
new XMLX509IssuerSerial(doc, certs[0]);
secRef.setX509IssuerSerial(data);
break;
case WSConstants.X509_KEY_IDENTIFIER:
secRef.setKeyIdentifier(certs[0]);
break;
case WSConstants.SKI_KEY_IDENTIFIER:
secRef.setKeyIdentifierSKI(certs[0], crypto);
break;
case WSConstants.UT_SIGNING:
Reference refUt = new Reference(wssConfig, doc);
refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
String utId = usernameToken.getId();
if (utId == null) {
utId = "usernameTokenId-" + usernameToken.hashCode();
usernameToken.setId(utId);
}
refUt.setURI("#" + utId);
secRef.setReference(refUt);
secretKey = usernameToken.getSecretKey();
break;
default :
throw new WSSecurityException(WSSecurityException.FAILURE,
"unsupportedKeyId");
}
if (tlog.isDebugEnabled()) {
t3 = System.currentTimeMillis();
}
info.addUnknownElement(secRef.getElement());
WSDocInfoStore.store(wsDocInfo);
try {
if (keyIdentifierType == WSConstants.UT_SIGNING) {
sig.sign(sig.createSecretKey(secretKey));