//
// Now dig into the Signature element to get the elements that
// this Signature covers. Build the QName of these Elements and
// return them to caller
//
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
siRef = si.item(i);
} catch (XMLSecurityException e3) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, null, null, e3
);
}
String uri = siRef.getURI();
if (uri != null && !"".equals(uri)) {
Element se = null;
try {
Transforms transforms = siRef.getTransforms();
for (int j = 0; j < transforms.getLength(); j++) {
Transform transform = transforms.item(j);
// We have some transforming to do before we can
// determine the protected element.
if (STRTransform.implementedTransformURI
.equals(transform.getURI())) {
XMLSignatureInput signatureInput =
siRef.getContentsBeforeTransformation();
if (signatureInput.isElement()) {
// The signature was already validated,
// meaning that this element was already
// parsed. We can therefore be pretty
// confident that this constructor will work.
SecurityTokenReference secTokenRef =
new SecurityTokenReference(
(Element) signatureInput.getSubNode());
// Use the utility to extract the element (or
// generate a new one in some cases) from the
// message.
se = STRTransformUtil.dereferenceSTR(
transform.getDocument(),
secTokenRef, wsDocInfo);
} else {
// The internal impl of Reference changed.
// We expect it to return the signature input
// based on a node/element.
throw new WSSecurityException(
WSSecurityException.FAILURE);
}
}
}
}
catch (XMLSecurityException e) {
log.warn("Error processing signature coverage elements.", e);
throw new WSSecurityException(WSSecurityException.FAILURE);
}
if (se == null) {
se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
}
if (se == null) {
se = WSSecurityUtil.getElementByGenId(elem.getOwnerDocument(), uri);
}
if (se == null) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
}
WSDataRef ref = new WSDataRef(uri);
ref.setWsuId(uri);
ref.setName(new QName(se.getNamespaceURI(), se.getLocalName()));
ref.setProtectedElement(se);
ref.setXpath(ReferenceListProcessor.getXPath(se));
ref.setAlgorithm(si.getSignatureMethodURI());
ref.setDigestAlgorithm(siRef.getMessageDigestAlgorithm().getAlgorithmURI());
protectedElements.add(ref);
returnElements.add(WSSecurityUtil.getIDFromReference(uri));
} else {
// This is the case where the signed element is identified
// by a transform such as XPath filtering
// We add the complete reference element to the return
// elements
returnElements.add(siRef);
}
}
// Algorithms used for signature and c14n
signatureMethod = si.getSignatureMethodURI();
c14nMethod = si.getCanonicalizationMethodURI();
if (certs != null) {
returnCert[0] = certs[0];
if (validateCertificateChain) {
certificates = certs;