in modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java [357:608]
private void doSignBeforeEncrypt(RampartMessageData rmd)
throws RampartException {
long t0 = 0, t1 = 0, t2 = 0;
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
HashMap sigSuppTokMap = null;
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
HashMap sgndEncSuppTokMap = null;
HashMap endEncSuppTokMap = null;
HashMap sgndEndEncSuppTokMap = null;
sigParts = RampartUtil.getSignedParts(rmd);
//Add timestamp
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(RampartUtil
.addWsuIdToElement((OMElement) this.timestampElement)));
}else{
this.setInsertionLocation(null);
}
if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
if (rmd.isInitiator()) {
// Now add the supporting tokens
SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
for (SupportingToken supportingTok : supportingToks) {
this.handleSupportingTokens(rmd, supportingTok);
}
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
sigParts = addSignatureParts(sigSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
} else {
addSignatureConfirmation(rmd, sigParts);
}
if( sigParts.size() > 0 &&
((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
(!rmd.isInitiator() && rpd.getRecipientToken() != null))) {
// Do signature
this.doSignature(rmd);
}
List<SupportingPolicyData> supportingToks = rpd.getSupportingPolicyData();
for (SupportingPolicyData policyData : supportingToks) {
if (policyData != null) { // TODO do we need this null check ?
List<WSEncryptionPart> supportingSigParts = RampartUtil.getSupportingSignedParts(rmd,
policyData);
if (supportingSigParts.size() > 0
&& ((rmd.isInitiator() && rpd.getInitiatorToken() != null) || (!rmd
.isInitiator() && rpd.getRecipientToken() != null))) {
// Do signature for policies defined under SupportingToken.
this.doSupportingSignature(rmd, supportingSigParts, policyData);
}
}
}
//Do endorsed signature
if (rmd.isInitiator()) {
// Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
if (endSuppTokMap != null) {
endSuppTokMap.putAll(endEncSuppTokMap);
}
// Do endorsed signatures
List<byte[]> endSigVals = this.doEndorsedSignatures(rmd,
endSuppTokMap);
for (byte[] endSigVal : endSigVals) {
signatureValues.add(endSigVal);
}
//Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
if (sgndEndSuppTokMap != null) {
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
}
// Do signed endorsing signatures
List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd,
sgndEndSuppTokMap);
for (byte[] sigEndSigVal : sigEndSigVals) {
signatureValues.add(sigEndSigVal);
}
}
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);
//Check for signature protection
if(rpd.isSignatureProtection() && this.mainSigId != null) {
encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
}
if(rmd.isInitiator()) {
for (String anEncryptedTokensIdList : encryptedTokensIdList) {
encrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));
}
}
//Do encryption
Token encrToken;
if (rmd.isInitiator()) {
encrToken = rpd.getRecipientToken();
} else {
encrToken = rpd.getInitiatorToken();
}
if(encrToken != null && encrParts.size() > 0) {
Element refList = null;
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(encrToken.isDerivedKeys()) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(rmd.getSecHeader());
if(this.encrKey == null) {
this.setupEncryptedKey(rmd, encrToken);
}
dkEncr.setTokenIdentifier(this.encryptedKeyId);
dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(this.encryptedKeyValue);
if(this.encrTokenElement != null) {
this.encrDKTElement = RampartUtil.insertSiblingAfter(
rmd, this.encrTokenElement, dkEncr.getdktElement());
} else {
this.encrDKTElement = RampartUtil.insertSiblingBefore(
rmd, this.sigDKTElement, dkEncr.getdktElement());
}
refList = dkEncr.encryptForExternalRef(null, encrParts);
RampartUtil.insertSiblingAfter(rmd,
this.encrDKTElement,
refList);
} catch (WSSecurityException e) {
throw new RampartException("errorInDKEncr", e);
} catch (Exception e) {
throw new RampartException("errorInDKEncr", e);
}
} else {
try {
WSSecEncrypt encr = new WSSecEncrypt(doc);
RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);
RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
KeyGenerator keyGen = KeyUtils.getKeyGenerator(rpd.getAlgorithmSuite().getEncryption());
SecretKey symmetricKey = keyGen.generateKey();
encr.prepare(RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()), symmetricKey);
if(this.timestampElement != null){
this.setInsertionLocation(this.timestampElement);
}else{
this.setInsertionLocation(null);
}
if(encr.getBSTTokenId() != null) {
this.setInsertionLocation(RampartUtil
.insertSiblingAfterOrPrepend(rmd,
this.getInsertionLocation(),
encr.getBinarySecurityTokenElement()));
}
Element encryptedKeyElement = encr.getEncryptedKeyElement();
//Encrypt, get hold of the ref list and add it
refList = encr.encryptForRef(null, encrParts, symmetricKey);
//Add internal refs
encryptedKeyElement.appendChild(refList);
this.setInsertionLocation(RampartUtil
.insertSiblingAfterOrPrepend(rmd,
this.getInsertionLocation(),
encryptedKeyElement));
// RampartUtil.insertSiblingAfter(rmd,
// this.getInsertionLocation(),
// refList);
} catch (WSSecurityException e) {
throw new RampartException("errorInEncryption", e);
}
}
}
List<SupportingPolicyData> supportingTokens = rpd.getSupportingPolicyData();
for (SupportingPolicyData policyData : supportingTokens) {
if (policyData != null) { // TODO do we need this null check ?
Token supportingEncrToken = policyData.getEncryptionToken();
List<WSEncryptionPart> supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd,
policyData);
if (supportingEncrToken != null && supoortingEncrParts.size() > 0) {
doEncryptionWithSupportingToken(rpd, rmd, supportingEncrToken, doc,
supoortingEncrParts);
}
}
}
if(tlog.isDebugEnabled()){
t2 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0)
+", Encryption took :" + (t2 - t1) );
}
}