// processed, in particular the crypto implementation, and already
// detected BST that may be used later during dereferencing.
//
wsDocInfo = WSDocInfoStore.lookup(thisDoc);
if (wsDocInfo == null) {
throw (new CanonicalizationException("no WSDocInfo found"));
}
//
// According to the OASIS WS Specification "Web Services Security:
// SOAP Message Security 1.0" Monday, 19 January 2004, chapter 8.3
// describes that the input node set must be processed by the c14n
// that is specified in the argument element of the STRTransform
// element.
//
// First step: Get the required c14n argument and get the specified
// Canonicalizer
//
String canonAlgo = null;
if (transformObject.length(
WSConstants.WSSE_NS, "TransformationParameters") == 1) {
Element tmpE =
XMLUtils.selectNode(
transformObject.getElement().getFirstChild(),
WSConstants.WSSE_NS,
"TransformationParameters",
0
);
Element canonElem =
(Element) WSSecurityUtil.getDirectChild(
tmpE, "CanonicalizationMethod", WSConstants.SIG_NS
);
canonAlgo = canonElem.getAttribute("Algorithm");
if (doDebug) {
log.debug("CanonAlgo: " + canonAlgo);
}
}
Canonicalizer canon = Canonicalizer.getInstance(canonAlgo);
ByteArrayOutputStream bos = null;
byte[] buf = null;
if (doDebug) {
buf = input.getBytes();
bos = new ByteArrayOutputStream(buf.length);
bos.write(buf, 0, buf.length);
log.debug("canon bos: " + bos.toString());
}
//
// Get the input (node) to transform. Currently we support only an
// Element as input format. If other formats are required we must
// get it as bytes and probably reparse it into a DOM tree (How to
// work with nodesets? how to select the right node from a nodeset?)
//
Element str = null;
if (input.isElement()) {
str = (Element) input.getSubNode();
} else {
throw new CanonicalizationException(
"Wrong input format - only element input supported"
);
}
if (doDebug) {
log.debug("STR: " + str.toString());
}
//
// The element to transform MUST be a SecurityTokenReference
// element.
//
SecurityTokenReference secRef = new SecurityTokenReference(str);
//
// Third and forth step are performed by derefenceSTR()
//
Element dereferencedToken = STRTransformUtil.dereferenceSTR(
thisDoc, secRef, wsDocInfo);
//
// C14n with specified algorithm. According to WSS Specification.
//
buf = canon.canonicalizeSubtree(dereferencedToken, "#default");
if (doDebug) {
bos = new ByteArrayOutputStream(buf.length);
bos.write(buf, 0, buf.length);
log.debug("after c14n: " + bos.toString());
}
//
// Alert: Hacks ahead According to WSS spec an Apex node must
// contain a default namespace. If none is availabe in the first
// node of the c14n output (this is the apex element) then we do
// some editing to insert an empty default namespace
//
// TODO: Rework theses hacks after c14n was updated and can be
// instructed to insert empty default namespace if required
//
// If the problem with c14n method is solved then just do:
// return new XMLSignatureInput(buf);
// start of HACK
StringBuffer bf = new StringBuffer(new String(buf));
String bf1 = bf.toString();
//
// Find start and end of first element <....>, this is the Apex node
//
int gt = bf1.indexOf(">");
//
// Lookup the default namespace
//
int idx = bf1.indexOf(XMLNS);
//
// If none found or if it is outside of this (Apex) element look for
// first blank in, insert default namespace there (this is the
// correct place according to c14n specification)
//
if (idx < 0 || idx > gt) {
idx = bf1.indexOf(" ");
bf.insert(idx + 1, "xmlns=\"\" ");
bf1 = bf.toString();
}
if (doDebug) {
log.debug("last result: ");
log.debug(bf1);
}
return new XMLSignatureInput(bf1.getBytes());
}
// End of HACK
catch (WSSecurityException ex) {
log.debug(ex.getMessage(), ex);
throw (new CanonicalizationException("c14n.Canonicalizer.Exception", ex));
}
}