Document doc, Crypto crypto, Date creationTime,
Date expirationTime, RahasData data) throws TrustException {
if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
Element encryptedKeyElem;
SAMLNameIdentifier nameId = null;
X509Certificate serviceCert = null;
try {
if (data.getPrincipal() != null) {
String subjectNameId = data.getPrincipal().getName();
nameId = new SAMLNameIdentifier(subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
}
// Get ApliesTo to figure out which service to issue the token
// for
serviceCert = getServiceCert(config, crypto, data
.getAppliesToAddress());
// Create the encrypted key
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
// Use thumbprint id
encrKeyBuilder
.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
// SEt the encryption cert
encrKeyBuilder.setUseThisCert(serviceCert);
// set keysize
int keysize = data.getKeysize();
keysize = (keysize != -1) ? keysize : config.keySize;
encrKeyBuilder.setKeySize(keysize);
encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
data, config.keyComputation, keysize));
// Set key encryption algo
encrKeyBuilder
.setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
// Build
encrKeyBuilder.prepare(doc, crypto);
// Extract the base64 encoded secret value
byte[] tempKey = new byte[keysize / 8];
System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, tempKey,
0, keysize / 8);
data.setEphmeralKey(tempKey);
// Extract the Encryptedkey DOM element
encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
} catch (Exception e) {
throw new TrustException(
"errorInBuildingTheEncryptedKeyForPrincipal",
new String[] { serviceCert.getSubjectDN().getName() },
e);
}
return this.createAttributeAssertion(doc, data ,encryptedKeyElem, nameId, config,
crypto, creationTime, expirationTime);
} else {
try {
String subjectNameId = data.getPrincipal().getName();
SAMLNameIdentifier nameId = new SAMLNameIdentifier(
subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
// Create the ds:KeyValue element with the ds:X509Data
X509Certificate clientCert = data.getClientCert();