in ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java [160:346]
public void prepare(Crypto cr)
throws WSSecurityException {
//
// Gather some info about the document to process and store it for
// retrieval
//
crypto = cr;
WSDocInfo wsDocInfo = getWsDocInfo();
if (wsDocInfo == null) {
wsDocInfo = new WSDocInfo(getDocument());
super.setWsDocInfo(wsDocInfo);
}
wsDocInfo.setCrypto(cr);
//
// At first get the security token (certificate) according to the parameters.
//
X509Certificate[] certs = getSigningCerts();
try {
C14NMethodParameterSpec c14nSpec = null;
if (addInclusivePrefixes && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
Element securityHeaderElement = getSecurityHeader().getSecurityHeaderElement();
List<String> prefixes =
getInclusivePrefixes(securityHeaderElement, false);
c14nSpec = new ExcC14NParameterSpec(prefixes);
}
c14nMethod = signatureFactory.newCanonicalizationMethod(canonAlgo, c14nSpec);
} catch (Exception ex) {
LOG.error("", ex);
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex, "noXMLSig"
);
}
keyInfoUri = getIdAllocator().createSecureId("KI-", keyInfo);
if (!useCustomSecRef && customKeyInfoElement == null) {
secRef = new SecurityTokenReference(getDocument());
strUri = getIdAllocator().createSecureId("STR-", secRef);
secRef.addWSSENamespace();
secRef.addWSUNamespace();
secRef.setID(strUri);
//
// Get an initialized XMLSignature element.
//
//
// Prepare and setup the token references for this Signature
//
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(getDocument());
ref.setURI("#" + certUri);
addBST(certs);
if (!useSingleCert) {
secRef.addTokenType(PKIPathSecurity.PKI_TYPE);
ref.setValueType(PKIPathSecurity.PKI_TYPE);
} else {
ref.setValueType(X509Security.X509_V3_TYPE);
}
secRef.setReference(ref);
break;
case WSConstants.ISSUER_SERIAL:
addIssuerSerial(certs,false);
break;
case WSConstants.ISSUER_SERIAL_QUOTE_FORMAT:
addIssuerSerial(certs,true);
break;
case WSConstants.X509_KEY_IDENTIFIER:
secRef.setKeyIdentifier(certs[0]);
break;
case WSConstants.SKI_KEY_IDENTIFIER:
secRef.setKeyIdentifierSKI(certs[0], crypto);
if (includeSignatureToken) {
addBST(certs);
}
break;
case WSConstants.THUMBPRINT_IDENTIFIER:
secRef.setKeyIdentifierThumb(certs[0]);
if (includeSignatureToken) {
addBST(certs);
}
break;
case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
if (encrKeySha1value != null) {
secRef.setKeyIdentifierEncKeySHA1(encrKeySha1value);
} else {
byte[] digestBytes = KeyUtils.generateDigest(secretKey);
secRef.setKeyIdentifierEncKeySHA1(org.apache.xml.security.utils.XMLUtils.encodeToString(digestBytes));
}
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
break;
case WSConstants.CUSTOM_SYMM_SIGNING :
Reference refCust = new Reference(getDocument());
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
refCust.setValueType(customTokenValueType);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
refCust.setValueType(customTokenValueType);
} else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
secRef.addTokenType(customTokenValueType);
refCust.setValueType(customTokenValueType);
} else {
refCust.setValueType(customTokenValueType);
}
refCust.setURI("#" + customTokenId);
secRef.setReference(refCust);
break;
case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
Reference refCustd = new Reference(getDocument());
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
refCustd.setValueType(customTokenValueType);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
refCustd.setValueType(customTokenValueType);
} else if (KerberosSecurity.isKerberosToken(customTokenValueType)) {
secRef.addTokenType(customTokenValueType);
refCustd.setValueType(customTokenValueType);
} else {
refCustd.setValueType(customTokenValueType);
}
refCustd.setURI(customTokenId);
secRef.setReference(refCustd);
break;
case WSConstants.CUSTOM_KEY_IDENTIFIER:
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.setKeyIdentifier(customTokenValueType, customTokenId);
secRef.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.setKeyIdentifier(customTokenValueType, customTokenId);
secRef.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customTokenValueType)) {
secRef.setKeyIdentifier(customTokenValueType, customTokenId, true);
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
} else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customTokenValueType)) {
secRef.setKeyIdentifier(customTokenValueType, customTokenId, true);
secRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
} else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customTokenValueType)) {
secRef.setKeyIdentifier(customTokenValueType, customTokenId, true);
secRef.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
}
break;
case WSConstants.KEY_VALUE:
java.security.PublicKey publicKey = certs[0].getPublicKey();
try {
KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
KeyValue keyValue = keyInfoFactory.newKeyValue(publicKey);
keyInfo =
keyInfoFactory.newKeyInfo(Collections.singletonList(keyValue), keyInfoUri);
} catch (java.security.KeyException ex) {
LOG.error("", ex);
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex, "noXMLSig"
);
}
break;
default:
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId");
}
}
if (keyIdentifierType != WSConstants.KEY_VALUE) {
marshalKeyInfo(wsDocInfo);
}
}