in modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java [732:845]
protected OMElement createIssueRequest(String appliesTo) throws TrustException {
String requestType =
TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_ISSUE;
if (log.isDebugEnabled()) {
log.debug("Creating request with request type: " + requestType +
" and applies to: " + appliesTo);
}
OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
TrustUtil.createRequestTypeElement(this.version, rst, requestType);
if (appliesTo != null) {
TrustUtil.createAppliesToElement(rst, appliesTo, this.addressingNs);
}
TrustUtil.createLifetimeElement(this.version, rst, this.ttl * 1000);
//Copy over the elements from the template
if (this.rstTemplate != null) {
if (log.isDebugEnabled()) {
log.debug("Using RSTTemplate: " + this.rstTemplate.toString());
}
Iterator templateChildren = rstTemplate.getChildElements();
while (templateChildren.hasNext()) {
OMElement child = (OMElement) templateChildren.next();
rst.addChild(child.cloneOMElement());
//Look for the key size element
if (child.getQName().equals(
new QName(TrustUtil.getWSTNamespace(this.version),
RahasConstants.IssuanceBindingLocalNames.KEY_SIZE))) {
log.debug("Extracting key size from the RSTTemplate: ");
this.keySize =
(child.getText() != null && !"".equals(child.getText())) ?
Integer.parseInt(child.getText()) :
-1;
if (log.isDebugEnabled()) {
log.debug("Key size from RSTTemplate: " + this.keySize);
}
}
}
}
int nonceLength = this.algorithmSuite != null ? this.algorithmSuite.getMaximumSymmetricKeyLength() / 8 : 16;
try {
// Handle entropy
if (this.trust10 != null) {
log.debug("Processing Trust assertion");
if (this.trust10.isRequireClientEntropy()) {
log.debug("Requires client entropy");
// setup requestor entropy
OMElement ent = TrustUtil.createEntropyElement(this.version, rst);
OMElement binSec =
TrustUtil.createBinarySecretElement(this.version,
ent,
RahasConstants.BIN_SEC_TYPE_NONCE);
this.requestorEntropy =
UsernameTokenUtil.generateNonce(nonceLength);
binSec.setText(Base64Utils.encode(this.requestorEntropy));
if (log.isDebugEnabled()) {
log.debug("Clien entropy : " + Base64Utils.encode(this.requestorEntropy));
}
// Add the ComputedKey element
TrustUtil.createComputedKeyAlgorithm(this.version, rst,
RahasConstants.COMPUTED_KEY_PSHA1);
}
} else if (this.trust13 != null) {
if (this.trust13.isRequireClientEntropy()) {
log.debug("Requires client entropy");
// setup requestor entropy
OMElement ent = TrustUtil.createEntropyElement(this.version, rst);
OMElement binSec =
TrustUtil.createBinarySecretElement(this.version,
ent,
RahasConstants.BIN_SEC_TYPE_NONCE);
this.requestorEntropy =
UsernameTokenUtil.generateNonce(nonceLength);
binSec.setText(Base64Utils.encode(this.requestorEntropy));
if (log.isDebugEnabled()) {
log.debug("Clien entropy : " + Base64Utils.encode(this.requestorEntropy));
}
// Add the ComputedKey element
TrustUtil.createComputedKeyAlgorithm(this.version, rst,
RahasConstants.COMPUTED_KEY_PSHA1);
}
}
} catch (Exception e) {
throw new TrustException("errorSettingUpRequestorEntropy", e);
}
return rst;
}