securityTokenReferenceId, senderVouches, includeSTR);
securityToken.setProcessor(finalSAMLTokenOutputProcessor);
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && hok) {
final SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo();
SubjectBean subjectBean = samlCallback.getSubject();
if (subjectBean != null) {
KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
if (keyInfoBean != null) {
X509Certificate x509Certificate = keyInfoBean.getCertificate();
if (x509Certificate != null) {
String alias = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().
getX509Identifier(x509Certificate);
if (alias == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
}
WSPasswordCallback wsPasswordCallback = new WSPasswordCallback(alias, WSPasswordCallback.Usage.SIGNATURE);
WSSUtils.doPasswordCallback(
((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
wsPasswordCallback);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
samlKeyInfo.setCerts(((WSSSecurityProperties) getSecurityProperties()).
getSignatureCrypto().getX509Certificates(cryptoType));
samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword()));
} else if (keyInfoBean.getPublicKey() != null) {
PublicKey publicKey = keyInfoBean.getPublicKey();
samlKeyInfo.setPublicKey(publicKey);
samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
getSignatureCrypto().getPrivateKey(
samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword()));
} else {
samlKeyInfo.setSecret(keyInfoBean.getEphemeralKey());
}
}
}
finalSAMLTokenOutputProcessor = new FinalSAMLTokenOutputProcessor(null, samlAssertionWrapper,
securityTokenReferenceId, senderVouches, includeSTR);
final SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
private GenericOutboundSecurityToken samlSecurityToken;
@Override
public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
if (this.samlSecurityToken != null) {
return this.samlSecurityToken;
}
WSSecurityTokenConstants.TokenType tokenType;
if (samlCallback.getSamlVersion() == SAMLVersion.VERSION_10) {
tokenType = WSSecurityTokenConstants.Saml10Token;
} else if (samlCallback.getSamlVersion() == SAMLVersion.VERSION_11) {
tokenType = WSSecurityTokenConstants.Saml11Token;
} else {
tokenType = WSSecurityTokenConstants.Saml20Token;
}
if (samlKeyInfo.getPrivateKey() != null) {
this.samlSecurityToken = new GenericOutboundSecurityToken(
tokenId, tokenType, samlKeyInfo.getPrivateKey(), samlKeyInfo.getCerts());
} else {
this.samlSecurityToken = new GenericOutboundSecurityToken(
tokenId, tokenType) {
@Override
public Key getSecretKey(String algorithmURI) throws WSSecurityException {
Key key;
try {
key = super.getSecretKey(algorithmURI);
} catch (XMLSecurityException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
if (key != null) {
return key;
}
if (samlKeyInfo.getSecret() != null) {
String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
key = new SecretKeySpec(samlKeyInfo.getSecret(), algoFamily);
setSecretKey(algorithmURI, key);
}
return key;
}
};