final FinalSAMLTokenOutputProcessor finalSAMLTokenOutputProcessor;
XMLSecurityConstants.Action action = getAction();
boolean includeSTR = false;
GenericOutboundSecurityToken securityToken = null;
// See if a token is already available
String sigTokenId =
outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
SecurityTokenProvider<OutboundSecurityToken> signatureTokenProvider = null;
if (sigTokenId != null) {
signatureTokenProvider =
outputProcessorChain.getSecurityContext().getSecurityTokenProvider(sigTokenId);
if (signatureTokenProvider != null) {
securityToken =
(GenericOutboundSecurityToken)signatureTokenProvider.getSecurityToken();
}
}
if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && senderVouches) {
includeSTR = true;
if (securityToken == null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(samlCallback.getIssuerKeyName());
X509Certificate[] certificates = null;
if (samlCallback.getIssuerCrypto() != null) {
certificates = samlCallback.getIssuerCrypto().getX509Certificates(cryptoType);
}
if (certificates == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty", "No issuer certs were found to sign the SAML Assertion using issuer name: "
+ samlCallback.getIssuerKeyName()
);
}
PrivateKey privateKey;
try {
privateKey = samlCallback.getIssuerCrypto().getPrivateKey(
samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword());
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
}
final String binarySecurityTokenId = IDGenerator.generateID(null);
final GenericOutboundSecurityToken bstSecurityToken =
new GenericOutboundSecurityToken(binarySecurityTokenId, WSSecurityTokenConstants.X509V3Token,
privateKey, certificates);
SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
@Override
public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
return bstSecurityToken;
}
@Override
public String getId() {
return binarySecurityTokenId;
}
};
outputProcessorChain.getSecurityContext().registerSecurityTokenProvider(binarySecurityTokenId, securityTokenProvider);
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, binarySecurityTokenId);
securityToken = bstSecurityToken;
}
finalSAMLTokenOutputProcessor = new FinalSAMLTokenOutputProcessor(securityToken, samlAssertionWrapper,
securityTokenReferenceId, senderVouches, includeSTR);
securityToken.setProcessor(finalSAMLTokenOutputProcessor);
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && hok) {
final SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo();
SubjectBean subjectBean = samlCallback.getSubject();
if (subjectBean != null) {
KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
if (keyInfoBean != null) {
X509Certificate x509Certificate = keyInfoBean.getCertificate();
if (x509Certificate != null) {
String alias = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().
getX509Identifier(x509Certificate);
if (alias == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
}
WSPasswordCallback wsPasswordCallback =
new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE);
WSSUtils.doPasswordCallback(
((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
wsPasswordCallback);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
samlKeyInfo.setCerts(((WSSSecurityProperties) getSecurityProperties()).
getSignatureCrypto().getX509Certificates(cryptoType));
samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword()));
} else if (keyInfoBean.getPublicKey() != null) {
PublicKey publicKey = keyInfoBean.getPublicKey();
samlKeyInfo.setPublicKey(publicKey);
samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
getSignatureCrypto().getPrivateKey(
samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword()));
} else {
samlKeyInfo.setSecret(keyInfoBean.getEphemeralKey());
}
}
}
final Element ref;
if (securityToken != null) {
ref = securityToken.getCustomTokenReference();
} else {
ref = null;
}
finalSAMLTokenOutputProcessor = new FinalSAMLTokenOutputProcessor(null, samlAssertionWrapper,
securityTokenReferenceId, senderVouches, includeSTR);
final SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
private GenericOutboundSecurityToken samlSecurityToken;
@Override
public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
if (this.samlSecurityToken != null) {
return this.samlSecurityToken;
}
WSSecurityTokenConstants.TokenType tokenType;
if (samlCallback.getSamlVersion() == SAMLVersion.VERSION_10) {
tokenType = WSSecurityTokenConstants.Saml10Token;
} else if (samlCallback.getSamlVersion() == SAMLVersion.VERSION_11) {
tokenType = WSSecurityTokenConstants.Saml11Token;
} else {
tokenType = WSSecurityTokenConstants.Saml20Token;
}
if (samlKeyInfo.getPrivateKey() != null) {
this.samlSecurityToken = new GenericOutboundSecurityToken(
tokenId, tokenType, samlKeyInfo.getPrivateKey(), samlKeyInfo.getCerts());
} else {
this.samlSecurityToken = new GenericOutboundSecurityToken(
tokenId, tokenType) {
@Override
public Key getSecretKey(String algorithmURI) throws WSSecurityException {