CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("wss40");
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
assertNotNull(certs);
X509Security bst = new X509Security(doc);
String certUri = WSSConfig.getNewInstance().getIdAllocator().createSecureId("X509-", certs[0]);
bst.setX509Certificate(certs[0]);
bst.setID(certUri);
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());
// Add the signature
WSSecSignature sign = new WSSecSignature();
sign.setUserInfo("wss40", "security");
sign.setSignatureAlgorithm(WSConstants.RSA);
sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sign.setX509Certificate(certs[0]);
List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
// Add SOAP Body
String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
WSEncryptionPart encP =
new WSEncryptionPart(
WSConstants.ELEM_BODY, soapNamespace, "Content"
);
parts.add(encP);
// Add BST
encP =
new WSEncryptionPart(
WSConstants.BINARY_TOKEN_LN, WSConstants.WSSE_NS, "Element"
);
encP.setElement(bst.getElement());
parts.add(encP);
sign.setParts(parts);
sign.setCustomTokenId(bst.getID());
sign.setCustomTokenValueType(bst.getValueType());
sign.prepare(doc, crypto, secHeader);
List<javax.xml.crypto.dsig.Reference> referenceList =
sign.addReferencesToSign(parts, secHeader);
sign.computeSignature(referenceList, false, null);