in modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java [255:346]
private Assertion createHoKAssertion(SAMLTokenIssuerConfig config,
Document doc, Crypto crypto, Instant creationTime,
Instant expirationTime, RahasData data) throws TrustException {
if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
X509Certificate serviceCert = null;
try {
// TODO what if principal is null ?
NameIdentifier nameIdentifier = null;
if (data.getPrincipal() != null) {
String subjectNameId = data.getPrincipal().getName();
nameIdentifier =SAMLUtils.createNamedIdentifier(subjectNameId, NameIdentifier.EMAIL);
}
/**
* In this case we need to create a KeyInfo similar to following,
* * <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
* <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
* ....
* </xenc:EncryptedKey>
* </ds:KeyInfo>
*/
// Get ApliesTo to figure out which service to issue the token
// for
serviceCert = getServiceCert(config, crypto, data
.getAppliesToAddress());
// set keySize
int keySize = data.getKeysize();
keySize = (keySize != -1) ? keySize : config.getKeySize();
// Create the encrypted key
KeyInfo encryptedKeyInfoElement
= CommonUtil.getSymmetricKeyBasedKeyInfo(doc, data, serviceCert, keySize,
crypto, config.getKeyComputation());
return this.createAttributeAssertion(data, encryptedKeyInfoElement, nameIdentifier, config,
crypto, creationTime, expirationTime);
} catch (WSSecurityException e) {
if (serviceCert != null) {
throw new TrustException(
"errorInBuildingTheEncryptedKeyForPrincipal",
new String[]{serviceCert.getSubjectDN().getName()},
e);
} else {
throw new TrustException(
"trustedCertNotFoundForEPR",
new String[]{data.getAppliesToAddress()},
e);
}
}
} else {
try {
/**
* In this case we need to create KeyInfo as follows,
* <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
* <X509Data xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
* xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
* <X509Certificate>
* MIICNTCCAZ6gAwIBAgIES343....
* </X509Certificate>
* </X509Data>
* </KeyInfo>
*/
String subjectNameId = data.getPrincipal().getName();
NameIdentifier nameId = SAMLUtils.createNamedIdentifier(subjectNameId, NameIdentifier.EMAIL);
// Create the ds:KeyValue element with the ds:X509Data
X509Certificate clientCert = data.getClientCert();
if(clientCert == null) {
clientCert = CommonUtil.getCertificateByAlias(crypto,data.getPrincipal().getName());;
}
KeyInfo keyInfo = CommonUtil.getCertificateBasedKeyInfo(clientCert);
return this.createAuthAssertion(RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK, nameId, keyInfo,
config, crypto, creationTime, expirationTime, data);
} catch (Exception e) {
throw new TrustException("samlAssertionCreationError", e);
}
}
}