in modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java [183:262]
protected SOAPEnvelope createRequestSecurityTokenResponse(RahasData rahasData,
Assertion assertion,
SOAPEnvelope soapEnvelope) throws TrustException {
OMElement requestSecurityTokenResponse;
int wstVersion = rahasData.getVersion();
if (RahasConstants.VERSION_05_02 == wstVersion) {
requestSecurityTokenResponse = TrustUtil.createRequestSecurityTokenResponseElement(
wstVersion, soapEnvelope.getBody());
} else {
OMElement requestSecurityTokenResponseCollectionElement = TrustUtil
.createRequestSecurityTokenResponseCollectionElement(
wstVersion, soapEnvelope.getBody());
requestSecurityTokenResponse = TrustUtil.createRequestSecurityTokenResponseElement(
wstVersion, requestSecurityTokenResponseCollectionElement);
}
TrustUtil.createTokenTypeElement(wstVersion, requestSecurityTokenResponse).setText(
RahasConstants.TOK_TYPE_SAML_20);
if (rahasData.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
TrustUtil.createKeySizeElement(wstVersion, requestSecurityTokenResponse, rahasData.getKeySize());
}
if (tokenIssuerConfiguration.isAddRequestedAttachedRef()) {
TrustUtil.createRequestedAttachedRef(wstVersion, requestSecurityTokenResponse, "#"
+ assertion.getID(), RahasConstants.TOK_TYPE_SAML_20);
}
if (tokenIssuerConfiguration.isAddRequestedUnattachedRef()) {
TrustUtil.createRequestedUnattachedRef(wstVersion, requestSecurityTokenResponse,
assertion.getID(), RahasConstants.TOK_TYPE_SAML_20);
}
if (rahasData.getAppliesToAddress() != null) {
TrustUtil.createAppliesToElement(requestSecurityTokenResponse, rahasData
.getAppliesToAddress(), rahasData.getAddressingNs());
}
// Use GMT time in milliseconds
ZonedDateTime creationTime = ZonedDateTime.ofInstant(rahasData.getAssertionCreatedDate().toInstant(), ZoneOffset.UTC);
ZonedDateTime expirationTime = ZonedDateTime.ofInstant(rahasData.getAssertionExpiringDate().toInstant(), ZoneOffset.UTC);
// Add the Lifetime element
TrustUtil.createLifetimeElement(wstVersion, requestSecurityTokenResponse, DateUtil.getDateTimeFormatter(true).format(creationTime), DateUtil.getDateTimeFormatter(true).format(expirationTime));
// Create the RequestedSecurityToken element and add the SAML token
// to it
OMElement requestedSecurityTokenElement = TrustUtil
.createRequestedSecurityTokenElement(wstVersion, requestSecurityTokenResponse);
Element assertionElement = assertion.getDOM();
requestedSecurityTokenElement.addChild((OMNode)assertionElement);
// Store the token
Token assertionToken = new Token(assertion.getID(),
(OMElement) assertionElement, rahasData.getAssertionCreatedDate(),
rahasData.getAssertionExpiringDate());
// At this point we definitely have the secret
// Otherwise it should fail with an exception earlier
assertionToken.setSecret(rahasData.getEphmeralKey());
TrustUtil.getTokenStore(rahasData.getInMessageContext()).add(assertionToken);
if (rahasData.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
&& tokenIssuerConfiguration.getKeyComputation()
!= SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
Document doc = ((Element) soapEnvelope).getOwnerDocument();
// Add the RequestedProofToken
TokenIssuerUtil.handleRequestedProofToken(rahasData, wstVersion,
tokenIssuerConfiguration,
requestSecurityTokenResponse, assertionToken, doc);
}
return soapEnvelope;
}