BinarySecretType clientBinarySecret = new BinarySecretType();
clientBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
clientBinarySecret.setValue(Base64.encodeBytes(clientSecret).getBytes());
// set the client secret in the client entropy.
EntropyType clientEntropy = new EntropyType();
clientEntropy.addAny(clientBinarySecret);
// create a token request specifying the key type, key size, and client entropy.
RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
"http://services.testcorp.org/provider2");
request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_SYMMETRIC));
request.setEntropy(clientEntropy);
request.setKeySize(64);
// invoke the token service.
Source requestMessage = this.createSourceFromRequest(request);
Source responseMessage = this.tokenService.invoke(requestMessage);
BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
.parse(DocumentUtil.getSourceAsStream(responseMessage));
// validate the security token response.
AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
RequestedProofTokenType proofToken = response.getRequestedProofToken();
assertNotNull("Unexpected null proof token", proofToken);
assertTrue(proofToken.getAny().get(0) instanceof ComputedKeyType);
ComputedKeyType computedKey = (ComputedKeyType) proofToken.getAny().get(0);
assertEquals("Unexpected computed key algorithm", WSTrustConstants.CK_PSHA1, computedKey.getAlgorithm());
// server entropy must have been included in the response to allow reconstruction of the computed key.
EntropyType serverEntropy = response.getEntropy();
assertNotNull("Unexpected null server entropy");
assertEquals("Invalid number of elements in server entropy", 1, serverEntropy.getAny().size());
BinarySecretType serverBinarySecret = (BinarySecretType) serverEntropy.getAny().get(0);
assertEquals("Unexpected binary secret type", WSTrustConstants.BS_TYPE_NONCE, serverBinarySecret.getType());
assertNotNull("Unexpected null secret value", serverBinarySecret.getValue());
// get the base64 decoded
byte[] encodedSecret = serverBinarySecret.getValue();
assertEquals("Unexpected secret size", 8, Base64.decode(encodedSecret, 0, encodedSecret.length).length);