in modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java [81:160]
public static void handleRequestedProofToken(RahasData data,
int wstVersion,
AbstractIssuerConfig config,
OMElement rstrElem,
Token token,
Document doc) throws TrustException {
OMElement reqProofTokElem =
TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
if (config.keyComputation == AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT
&& data.getRequestEntropy() != null) {
//If we there's requester entropy and its configured to provide
//entropy then we have to set the entropy value and
//set the RPT to include a ComputedKey element
OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
String entr = Base64Utils.encode(data.getResponseEntropy());
OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
respEntrElem,
RahasConstants.BIN_SEC_TYPE_NONCE);
binSecElem.setText(entr);
OMElement compKeyElem =
TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
compKeyElem.setText(data.getWstNs() + RahasConstants.COMPUTED_KEY_PSHA1);
} else {
if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey(doc);
Crypto crypto;
ClassLoader classLoader = data.getInMessageContext().getAxisService().getClassLoader();
if (config.cryptoElement != null) { // crypto props defined as elements
crypto = CommonUtil.getCrypto(TrustUtil.toProperties(config.cryptoElement),classLoader);
} else { // crypto props defined in a properties file
crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, classLoader);
}
SecretKey symmetricKey = null;
try {
KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
symmetricKey = keyGen.generateKey();
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
} catch (WSSecurityException e) {
throw new TrustException("errorCreatingSecretKey", e);
}
try {
encrKeyBuilder.setUseThisCert(data.getClientCert());
encrKeyBuilder.prepare(crypto, symmetricKey);
} catch (WSSecurityException e) {
throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
new String[]{data.
getClientCert().getSubjectDN().getName()});
}
Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
if (bstElem != null) {
reqProofTokElem.addChild((OMElement) bstElem);
}
reqProofTokElem.addChild((OMElement) encryptedKeyElem);
token.setSecret(encrKeyBuilder.getEncryptedKeySHA1().getBytes());
} else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) {
byte[] secret = TokenIssuerUtil.getSharedSecret(data,
config.keyComputation,
config.keySize);
OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
reqProofTokElem,
null);
binSecElem.setText(Base64Utils.encode(secret));
token.setSecret(secret);
} else {
throw new IllegalArgumentException(config.proofKeyType);
}
}
}