in ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java [84:231]
public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(
Document doc,
List<WSEncryptionPart> references,
WSDocInfo wsDocInfo,
XMLSignatureFactory signatureFactory,
boolean addInclusivePrefixes,
String digestAlgo
) throws WSSecurityException {
DigestMethod digestMethod;
try {
digestMethod = signatureFactory.newDigestMethod(digestAlgo, null);
} catch (Exception ex) {
LOG.error("", ex);
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex, "noXMLSig"
);
}
//create separate list for attachment and append it after same document references
//are processed.
List<javax.xml.crypto.dsig.Reference> attachmentReferenceList = null;
List<javax.xml.crypto.dsig.Reference> referenceList = new ArrayList<>();
for (WSEncryptionPart encPart : references) {
String idToSign = encPart.getId();
String elemName = encPart.getName();
Element element = encPart.getElement();
//
// Set up the elements to sign. There is one reserved element
// names: "STRTransform": Setup the ds:Reference to use STR Transform
//
try {
if ("cid:Attachments".equals(idToSign) && attachmentReferenceList == null) {
attachmentReferenceList =
addAttachmentReferences(encPart, digestMethod, signatureFactory);
continue;
}
if (idToSign != null) {
Transform transform = null;
if ("STRTransform".equals(elemName)) {
Element ctx = createSTRParameter(doc);
XMLStructure structure = new DOMStructure(ctx);
transform =
signatureFactory.newTransform(
STRTransform.TRANSFORM_URI,
structure
);
} else {
TransformParameterSpec transformSpec = null;
if (element == null) {
if (callbackLookup == null) {
callbackLookup = new DOMCallbackLookup(doc);
}
element = callbackLookup.getElement(idToSign, null, false);
}
if (addInclusivePrefixes && element != null) {
List<String> prefixes = getInclusivePrefixes(element);
if (!prefixes.isEmpty()) {
transformSpec = new ExcC14NParameterSpec(prefixes);
}
}
transform =
signatureFactory.newTransform(
WSConstants.C14N_EXCL_OMIT_COMMENTS,
transformSpec
);
}
if (element != null) {
cloneElement(element);
wsDocInfo.addTokenElement(element, false);
} else if (!encPart.isRequired()) {
continue;
}
javax.xml.crypto.dsig.Reference reference =
signatureFactory.newReference(
"#" + idToSign,
digestMethod,
Collections.singletonList(transform),
null,
null
);
referenceList.add(reference);
} else {
String nmSpace = encPart.getNamespace();
List<Element> elementsToSign = null;
if (element != null) {
elementsToSign = Collections.singletonList(element);
} else {
if (callbackLookup == null) {
callbackLookup = new DOMCallbackLookup(doc);
}
elementsToSign = WSSecurityUtil.findElements(encPart, callbackLookup);
}
if (elementsToSign == null || elementsToSign.isEmpty()) {
if (!encPart.isRequired()) {
continue;
}
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
"noEncElement",
new Object[] {nmSpace + ", " + elemName});
}
for (Element elementToSign : elementsToSign) {
String wsuId = setWsuId(elementToSign);
cloneElement(elementToSign);
TransformParameterSpec transformSpec = null;
if (addInclusivePrefixes) {
List<String> prefixes = getInclusivePrefixes(elementToSign);
if (!prefixes.isEmpty()) {
transformSpec = new ExcC14NParameterSpec(prefixes);
}
}
Transform transform =
signatureFactory.newTransform(
WSConstants.C14N_EXCL_OMIT_COMMENTS,
transformSpec
);
javax.xml.crypto.dsig.Reference reference =
signatureFactory.newReference(
"#" + wsuId,
digestMethod,
Collections.singletonList(transform),
null,
null
);
referenceList.add(reference);
wsDocInfo.addTokenElement(elementToSign, false);
}
}
} catch (Exception ex) {
LOG.error("", ex);
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex, "noXMLSig"
);
}
}
//append attachment references now
if (attachmentReferenceList != null) {
referenceList.addAll(attachmentReferenceList);
}
return referenceList;
}