samlCallback.getCanonicalizationAlgorithm(),
samlCallback.getSignatureAlgorithm(),
samlCallback.getSignatureDigestAlgorithm()
);
}
WSSecSignatureSAML wsSign = new WSSecSignatureSAML(reqData.getWssConfig());
CallbackHandler callbackHandler =
handler.getPasswordCallbackHandler(reqData);
WSPasswordCallback passwordCallback =
handler.getPasswordCB(reqData.getUsername(), WSConstants.ST_SIGNED, callbackHandler, reqData);
wsSign.setUserInfo(reqData.getUsername(), passwordCallback.getPassword());
SignatureActionToken signatureToken = null;
if (actionToken instanceof SignatureActionToken) {
signatureToken = (SignatureActionToken)actionToken;
}
if (signatureToken == null) {
signatureToken = reqData.getSignatureToken();
}
if (signatureToken.getKeyIdentifierId() != 0) {
wsSign.setKeyIdentifierType(signatureToken.getKeyIdentifierId());
}
if (signatureToken.getSignatureAlgorithm() != null) {
wsSign.setSignatureAlgorithm(signatureToken.getSignatureAlgorithm());
}
if (signatureToken.getDigestAlgorithm() != null) {
wsSign.setDigestAlgo(signatureToken.getDigestAlgorithm());
}
if (signatureToken.getC14nAlgorithm() != null) {
wsSign.setSigCanonicalization(signatureToken.getC14nAlgorithm());
}
/*
* required to add support for the
* signatureParts parameter.
* If not set WSSecSignatureSAML
* defaults to only sign the body.
*/
if (signatureToken.getParts().size() > 0) {
wsSign.setParts(signatureToken.getParts());
}
try {
wsSign.build(
doc,
crypto,
samlAssertion,
samlCallback.getIssuerCrypto(),
samlCallback.getIssuerKeyName(),
samlCallback.getIssuerKeyPassword(),
reqData.getSecHeader());
reqData.getSignatureValues().add(wsSign.getSignatureValue());
} catch (WSSecurityException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, "Error when signing the SAML token: ");
}
}