canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, canonAlgo);
if (wssConfig.isWsiBSPCompliant()) {
Set prefixes = getInclusivePrefixes(securityHeader, false);
InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(
doc, prefixes);
canonElem.appendChild(inclusiveNamespaces.getElement());
}
try {
SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(
doc, sigAlgo);
sig = new XMLSignature(doc, null, signatureAlgorithm
.getElement(), canonElem);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
);
}
} else {
try {
sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
);
}
}
/*
* If we don't generate a new Transforms for each addDocument here, then
* only the last Transforms is put into the according ds:Reference
* element, i.e. the first ds:Reference does not contain a Transforms
* element. Thus the verification fails (somehow)
*/
KeyInfo info = sig.getKeyInfo();
String keyInfoUri = "KeyId-" + info.hashCode();
info.setId(keyInfoUri);
SecurityTokenReference secRef = new SecurityTokenReference(doc);
String strUri = "STRId-" + secRef.hashCode();
secRef.setID(strUri);
if (tlog.isDebugEnabled()) {
t1 = System.currentTimeMillis();
}
if (parts == null) {
parts = new Vector();
WSEncryptionPart encP = new WSEncryptionPart(soapConstants
.getBodyQName().getLocalPart(), soapConstants
.getEnvelopeURI(), "Content");
parts.add(encP);
}
Transforms transforms = null;
for (int part = 0; part < parts.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
String idToSign = encPart.getId();
String elemName = encPart.getName();
String nmSpace = encPart.getNamespace();
/*
* Set up the elements to sign. There are two reserved element
* names: "Token" and "STRTransform" "Token": Setup the Signature to
* either sign the information that points to the security token or
* the token itself. If its a direct reference sign the token,
* otherwise sign the KeyInfo Element. "STRTransform": Setup the
* ds:Reference to use STR Transform
*
*/
try {
if (idToSign != null) {
Element toSignById = WSSecurityUtil
.findElementById(doc.getDocumentElement(),
idToSign, WSConstants.WSU_NS);
if (toSignById == null) {
toSignById = WSSecurityUtil.findElementById(doc
.getDocumentElement(), idToSign, null);
}
transforms = new Transforms(doc);
transforms
.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(doc,
getInclusivePrefixes(toSignById))
.getElement());
}
sig.addDocument("#" + idToSign, transforms);
}
else if (elemName.equals("Token")) {
transforms = new Transforms(doc);
transforms
.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
if (wssConfig.isWsiBSPCompliant()) {
transforms
.item(0)
.getElement()
.appendChild(
new InclusiveNamespaces(
doc,
getInclusivePrefixes(securityHeader))
.getElement());
}
sig.addDocument("#" + certUri, transforms);
} else {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(doc,
getInclusivePrefixes(info
.getElement()))
.getElement());
}
sig.addDocument("#" + keyInfoUri, transforms);
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(doc);
transforms = new Transforms(doc);
transforms.addTransform(
STRTransform.implementedTransformURI, ctx);
sig.addDocument("#" + strUri, transforms);
} else if (elemName.equals("Assertion")) { // Assertion
String id = null;
id = SAMLUtil.getAssertionId(envelope, elemName, nmSpace);
Element body = (Element) WSSecurityUtil.findElement(
envelope, elemName, nmSpace);
if (body == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noEncElement",
new Object[] { nmSpace + ", " + elemName });
}
transforms = new Transforms(doc);
transforms
.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(doc,
getInclusivePrefixes(body))
.getElement());
}
String prefix = WSSecurityUtil.setNamespace(body,
WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
body.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id",
id);
sig.addDocument("#" + id, transforms);
} else {
Element body = (Element) WSSecurityUtil.findElement(
envelope, elemName, nmSpace);
if (body == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noEncElement",
new Object[] { nmSpace + ", " + elemName });
}
transforms = new Transforms(doc);
transforms
.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(doc,
getInclusivePrefixes(body))
.getElement());
}
sig.addDocument("#" + setWsuId(body), transforms);
}