* specification. Most of the data is extracted from the
* WSS4JPolicyData, only the user info (name/alias of the certificate in
* the keystore) must be provided by some other means.
*/
WSSecEncrypt recEncrypt = null;
WSS4JPolicyToken recToken = null;
if ((recToken = wpd.getRecipientToken()) != null) {
recEncrypt = new WSSecEncrypt();
recEncrypt.setUserInfo("wss4jcert");
recEncrypt.setKeyIdentifierType(recToken.getKeyIdentifier());
recEncrypt.setSymmetricEncAlgorithm(recToken.getEncAlgorithm());
recEncrypt.setKeyEnc(recToken.getEncTransportAlgorithm());
recEncrypt.prepare(doc, cryptoSKI);
}
/*
* Check for an initiator token. If one is avaliable use it as token to
* sign data. This is according to WSP specification. Most of the data
* is extracted from the WSS4JPolicyData, only the user info (name/alias
* of the certificate in the keystore) must be provided by some other
* means.
*
* If SignatureProtection is enabled add the signature to the encrypted
* parts vector. In any case the signature must be in the internal
* ReferenceList (this list is a child of the EncryptedKey element).
*
* If TokenProtection is enabled add an appropriate signature reference.
*
* TODO Check / enable for STRTransform
*/
WSSecSignature iniSignature = null;
WSS4JPolicyToken iniToken = null;
if ((iniToken = wpd.getInitiatorToken()) != null) {
iniSignature = new WSSecSignature();
iniSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
iniSignature.setKeyIdentifierType(iniToken.getKeyIdentifier());
iniSignature.setSignatureAlgorithm(iniToken.getSigAlgorithm());
iniSignature.prepare(doc, crypto, secHeader);
if (wpd.isSignatureProtection()) {
encPartsInternal.add(new WSEncryptionPart(iniSignature.getId(),
"Element"));
}