String canonicalizationAlgorithm, String signatureAlgorithm)
throws WSSecurityException {
//
// Create the signature
//
Signature signature = OpenSAMLUtil.buildSignature();
String c14nAlgo = canonicalizationAlgorithm;
if (c14nAlgo == null) {
c14nAlgo = defaultCanonicalizationAlgorithm;
}
signature.setCanonicalizationAlgorithm(c14nAlgo);
LOG.debug("Using Canonicalization algorithm " + c14nAlgo);
// prepare to sign the SAML token
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(issuerKeyName);
X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"No issuer certs were found to sign the SAML Assertion using issuer name: "
+ issuerKeyName);
}
String sigAlgo = signatureAlgorithm;
if (sigAlgo == null) {
sigAlgo = defaultRSASignatureAlgorithm;
}
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
if (LOG.isDebugEnabled()) {
LOG.debug("automatic sig algo detection: " + pubKeyAlgo);
}
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
sigAlgo = defaultDSASignatureAlgorithm;
}
LOG.debug("Using Signature algorithm " + sigAlgo);
PrivateKey privateKey = null;
try {
privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
}
signature.setSignatureAlgorithm(sigAlgo);
BasicX509Credential signingCredential = new BasicX509Credential();
signingCredential.setEntityCertificate(issuerCerts[0]);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
if (sendKeyValue) {
kiFactory.setEmitPublicKeyValue(true);
} else {
kiFactory.setEmitEntityCertificate(true);
}
try {
KeyInfo keyInfo = kiFactory.newInstance().generate(
signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.xml.security.SecurityException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", ex,
"Error generating KeyInfo from signing credential");
}