throw new WSTrustException("No SecurityTokenProvider configured for "
+ securityToken.getNamespaceURI() + ":" + securityToken.getLocalName());
WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal);
StatusType status = null;
// validate the security token digital signature.
if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null)
{
KeyPair keyPair = this.configuration.getSTSKeyPair();
try
{
if (trace)
{
try
{
log.trace("Going to validate:" + DocumentUtil.getNodeAsString(securityToken));
}
catch (Exception e)
{
}
}
Document tokenDocument = DocumentUtil.createDocument();
Node importedNode = tokenDocument.importNode(securityToken, true);
tokenDocument.appendChild(importedNode);
if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()))
{
status = new StatusType();
status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
status.setReason("Validation failure: digital signature is invalid");
}
}
catch (Exception e)
{
status = new StatusType();
status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
status.setReason("Validation failure: unable to verify digital signature: " + e.getMessage());
}
}
// TODO: add logging statements alerting that signature validation was not performed.
// if the signature is valid, then let the provider handle perform any additional validation checks.