in modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java [100:194]
private SOAPEnvelope createEnvelope(RahasData data,
SCTIssuerConfig config) throws TrustException {
try {
SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
int wstVersion = data.getVersion();
// Get the document
Document doc = ((Element) env).getOwnerDocument();
SecurityContextToken sct =
new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
OMElement rstrElem;
if (wstVersion == RahasConstants.VERSION_05_12) {
/**
* If secure conversation version is http://docs.oasis-open.org/ws-sx/ws-trust/200512
* We have to wrap "request security token response" in a "request security token response
* collection".
* See WS-SecureConversation 1.3 spec's Section 3 - Establishing Security Contexts
* for more details.
*/
OMElement requestedSecurityTokenResponseCollection = TrustUtil
.createRequestSecurityTokenResponseCollectionElement(wstVersion, env.getBody());
rstrElem =
TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
requestedSecurityTokenResponseCollection);
} else {
rstrElem =
TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
env.getBody());
}
OMElement rstElem =
TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
rstElem.addChild((OMElement) sct.getElement());
String tokenType = data.getTokenType();
OMElement reqAttachedRef = null;
OMElement reqUnattachedRef = null;
if (config.isAddRequestedAttachedRef()) {
reqAttachedRef = TrustUtil.createRequestedAttachedRef(wstVersion,
rstrElem,
"#" + sct.getID(),
tokenType);
}
if (config.isAddRequestedUnattachedRef()) {
reqUnattachedRef = TrustUtil.createRequestedUnattachedRef(wstVersion,
rstrElem,
sct.getIdentifier(),
tokenType);
}
//Creation and expiration times
ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC);
ZonedDateTime expirationTime = ZonedDateTime.ofInstant(Instant.ofEpochMilli(creationTime.toInstant().toEpochMilli() + config.getTtl()), ZoneOffset.UTC);
// Add the Lifetime element
TrustUtil.createLifetimeElement(wstVersion, rstrElem, DateUtil.getDateTimeFormatter(true).format(creationTime), DateUtil.getDateTimeFormatter(true).format(expirationTime));
// Store the tokens
Token sctToken = new Token(sct.getIdentifier(),
(OMElement) sct.getElement(),
Date.from(creationTime.toInstant()),
Date.from(expirationTime.toInstant()));
if(config.isAddRequestedAttachedRef()) {
sctToken.setAttachedReference(reqAttachedRef.getFirstElement());
}
if(config.isAddRequestedUnattachedRef()) {
sctToken.setUnattachedReference(reqUnattachedRef.getFirstElement());
}
byte[] secret = TokenIssuerUtil.getSharedSecret(data, config.getKeyComputation(), config.getKeySize());
sctToken.setSecret(secret);
//Add the RequestedProofToken
TokenIssuerUtil.handleRequestedProofToken(data,
wstVersion,
config,
rstrElem,
sctToken,
doc);
sctToken.setState(Token.ISSUED);
TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
return env;
} catch (Exception e) {
throw new TrustException(e.getMessage(), e);
}
}