in ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java [269:391]
protected void createEncryptedKeyElement(X509Certificate remoteCert, Crypto crypto, KeyAgreementParameters dhSpec)
throws WSSecurityException {
encryptedKeyElement = createEncryptedKey(getDocument(), keyEncAlgo);
if (encKeyId == null || encKeyId.isEmpty()) {
encKeyId = IDGenerator.generateID("EK-");
}
encryptedKeyElement.setAttributeNS(null, "Id", encKeyId);
if (customEKKeyInfoElement != null) {
encryptedKeyElement.appendChild(getDocument().adoptNode(customEKKeyInfoElement));
} else if (keyIdentifierType == WSConstants.X509_SKI) {
DOMX509SKI x509SKI = new DOMX509SKI(getDocument(), remoteCert);
DOMX509Data x509Data = new DOMX509Data(getDocument(), x509SKI);
Element keyInfoElement = createKeyInfoElement(x509Data.getElement(), dhSpec);
encryptedKeyElement.appendChild(keyInfoElement);
} else {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
switch (keyIdentifierType) {
case WSConstants.X509_KEY_IDENTIFIER:
secToken.setKeyIdentifier(remoteCert);
break;
case WSConstants.SKI_KEY_IDENTIFIER:
secToken.setKeyIdentifierSKI(remoteCert, crypto);
if (includeEncryptionToken) {
addBST(remoteCert);
}
break;
case WSConstants.THUMBPRINT_IDENTIFIER:
case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
//
// This identifier is not applicable for this case, so fall back to
// ThumbprintRSA.
//
secToken.setKeyIdentifierThumb(remoteCert);
if (includeEncryptionToken) {
addBST(remoteCert);
}
break;
case WSConstants.ISSUER_SERIAL:
addIssuerSerial(remoteCert, secToken, false);
break;
case WSConstants.ISSUER_SERIAL_QUOTE_FORMAT:
addIssuerSerial(remoteCert, secToken,true);
break;
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(getDocument());
String certUri = IDGenerator.generateID(null);
ref.setURI("#" + certUri);
bstToken = new X509Security(getDocument());
((X509Security) bstToken).setX509Certificate(remoteCert);
bstToken.setID(certUri);
ref.setValueType(bstToken.getValueType());
secToken.setReference(ref);
break;
case WSConstants.CUSTOM_SYMM_SIGNING :
Reference refCust = new Reference(getDocument());
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
refCust.setValueType(customEKTokenValueType);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
refCust.setValueType(customEKTokenValueType);
} else {
refCust.setValueType(customEKTokenValueType);
}
refCust.setURI("#" + customEKTokenId);
secToken.setReference(refCust);
break;
case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
Reference refCustd = new Reference(getDocument());
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
refCustd.setValueType(customEKTokenValueType);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
refCustd.setValueType(customEKTokenValueType);
} else {
refCustd.setValueType(customEKTokenValueType);
}
refCustd.setURI(customEKTokenId);
secToken.setReference(refCustd);
break;
case WSConstants.CUSTOM_KEY_IDENTIFIER:
secToken.setKeyIdentifier(customEKTokenValueType, customEKTokenId);
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
} else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
} else if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(customEKTokenValueType)) {
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
}
break;
default:
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId",
new Object[] {keyIdentifierType});
}
Element keyInfoElement = createKeyInfoElement(secToken.getElement(), dhSpec);
encryptedKeyElement.appendChild(keyInfoElement);
}
}