in ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java [291:386]
private KeyInfo createKeyInfo() throws WSSecurityException {
KeyInfo keyInfo = new KeyInfo(getDocument());
if (embedEncryptedKey) {
keyInfo.addUnknownElement(getEncryptedKeyElement());
} else if (keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
secToken.addWSSENamespace();
if (customReferenceValue != null) {
secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
} else {
secToken.setKeyIdentifierEncKeySHA1(getEncryptedKeySHA1());
}
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
keyInfo.addUnknownElement(secToken.getElement());
} else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
secToken.addWSSENamespace();
secToken.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
secToken.setKeyIdentifier(WSConstants.WSS_SAML_KI_VALUE_TYPE, getId());
keyInfo.addUnknownElement(secToken.getElement());
} else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
secToken.addWSSENamespace();
secToken.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
secToken.setKeyIdentifier(WSConstants.WSS_SAML2_KI_VALUE_TYPE, getId());
keyInfo.addUnknownElement(secToken.getElement());
} else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(customReferenceValue)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
secToken.addWSSENamespace();
secToken.addTokenType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
secToken.setKeyIdentifier(customReferenceValue, getId(), true);
keyInfo.addUnknownElement(secToken.getElement());
} else if (securityTokenReference != null) {
Element tmpE = securityTokenReference.getElement();
tmpE.setAttributeNS(
WSConstants.XMLNS_NS, "xmlns:" + tmpE.getPrefix(), tmpE.getNamespaceURI()
);
keyInfo.addUnknownElement(securityTokenReference.getElement());
} else if (getId() != null) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
secToken.addWSSENamespace();
Reference ref = new Reference(getDocument());
if (encKeyIdDirectId) {
ref.setURI(getId());
} else {
ref.setURI("#" + getId());
}
if (customReferenceValue != null) {
ref.setValueType(customReferenceValue);
}
secToken.setReference(ref);
if (KerberosSecurity.isKerberosToken(customReferenceValue)) {
secToken.addTokenType(customReferenceValue);
} else if (!WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE.equals(customReferenceValue)) {
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
}
keyInfo.addUnknownElement(secToken.getElement());
} else if (!encryptSymmKey && (keyIdentifierType == WSConstants.ISSUER_SERIAL
|| keyIdentifierType == WSConstants.ISSUER_SERIAL_QUOTE_FORMAT)) {
SecurityTokenReference secToken = new SecurityTokenReference(getDocument());
if (addWSUNamespace) {
secToken.addWSUNamespace();
}
secToken.addWSSENamespace();
if (customReferenceValue != null) {
secToken.setKeyIdentifierEncKeySHA1(customReferenceValue);
} else {
secToken.setKeyIdentifierEncKeySHA1(getEncryptedKeySHA1());
}
secToken.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
keyInfo.addUnknownElement(secToken.getElement());
}
Element keyInfoElement = keyInfo.getElement();
keyInfoElement.setAttributeNS(
WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
);
return keyInfo;
}