org.apache.ws.security.message.WSSecSignature Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of wss4j Show documentation
Show all versions of wss4j Show documentation
The Apache WSS4J project provides a Java implementation of the primary security standards
for Web Services, namely the OASIS Web Services Security (WS-Security) specifications
from the OASIS Web Services Security TC.
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.security.message;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.Vector;
/**
* Creates a Signature according to WS Specification, X509 profile.
*
* This class is a re-factored implementation of the previous WSS4J class
* WSSignEnvelope
. This new class allows better control of
* the process to create a Signature and to add it to the Security header.
*
* The flexibility and fine granular control is required to implement a handler
* that uses WSSecurityPolicy files to control the setup of a Security header.
*
* @author Davanum Srinivas ([email protected])
* @author Werner Dittmann ([email protected])
*/
public class WSSecSignature extends WSSecBase {
private static Log log = LogFactory.getLog(WSSecSignature.class.getName());
protected boolean useSingleCert = true;
protected String sigAlgo = null;
protected String canonAlgo = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
protected WSSecUsernameToken usernameToken = null;
protected byte[] signatureValue = null;
/*
* The following private variable are setup during prepare().
*/
protected Document document = null;
private Crypto crypto = null;
protected WSDocInfo wsDocInfo = null;
protected String certUri = null;
protected XMLSignature sig = null;
protected KeyInfo keyInfo = null;
protected String keyInfoUri = null;
protected SecurityTokenReference secRef = null;
protected String strUri = null;
private byte[] secretKey = null;
private String encrKeySha1value = null;
protected BinarySecurity bstToken = null;
private String customTokenValueType;
private String customTokenId;
private String digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
private X509Certificate useThisCert = null;
/**
* Constructor.
*/
public WSSecSignature() {
}
/**
* set the single cert flag.
*
* @param useSingleCert
*/
public void setUseSingleCertificate(boolean useSingleCert) {
this.useSingleCert = useSingleCert;
}
/**
* Get the single cert flag.
*
* @return A boolean if single certificate is set.
*/
public boolean isUseSingleCertificate() {
return this.useSingleCert;
}
/**
* Set the name of the signature encryption algorithm to use.
*
* If the algorithm is not set then an automatic detection of the signature
* algorithm to use is performed during the prepare()
* method. Refer to WSConstants which algorithms are supported.
*
* @param algo Is the name of the signature algorithm
* @see WSConstants#RSA
* @see WSConstants#DSA
*/
public void setSignatureAlgorithm(String algo) {
sigAlgo = algo;
}
/**
* Get the name of the signature algorithm that is being used.
*
* Call this method after prepare
to get the information
* which signature algorithm was automatically detected if no signature
* algorithm was preset.
*
* @return the identifier URI of the signature algorithm
*/
public String getSignatureAlgorithm() {
return sigAlgo;
}
/**
* Set the canonicalization method to use.
*
* If the canonicalization method is not set then the recommended Exclusive
* XML Canonicalization is used by default Refer to WSConstants which
* algorithms are supported.
*
* @param algo Is the name of the signature algorithm
* @see WSConstants#C14N_OMIT_COMMENTS
* @see WSConstants#C14N_WITH_COMMENTS
* @see WSConstants#C14N_EXCL_OMIT_COMMENTS
* @see WSConstants#C14N_EXCL_WITH_COMMENTS
*/
public void setSigCanonicalization(String algo) {
canonAlgo = algo;
}
/**
* Get the canonicalization method.
*
* If the canonicalization method was not set then Exclusive XML
* Canonicalization is used by default.
*
* @return The string describing the canonicalization algorithm.
*/
public String getSigCanonicalization() {
return canonAlgo;
}
/**
* @return the digestAlgo
*/
public String getDigestAlgo() {
return digestAlgo;
}
/**
* Set the string that defines which digest algorithm to use
*
* @param digestAlgo the digestAlgo to set
*/
public void setDigestAlgo(String digestAlgo) {
this.digestAlgo = digestAlgo;
}
/**
* @param usernameToken The usernameToken to set.
*/
public void setUsernameToken(WSSecUsernameToken usernameToken) {
this.usernameToken = usernameToken;
}
/**
* Returns the computed Signature value.
*
* Call this method after computeSignature()
or build()
* methods were called.
*
* @return Returns the signatureValue.
*/
public byte[] getSignatureValue() {
return signatureValue;
}
/**
* Get the id generated during prepare()
.
*
* Returns the the value of wsu:Id attribute of the Signature element.
*
* @return Return the wsu:Id of this token or null if prepare()
* was not called before.
*/
public String getId() {
if (sig == null) {
return null;
}
return sig.getId();
}
/**
* Get the id of the BSt generated during prepare()
.
*
* @return Returns the the value of wsu:Id attribute of the
* BinaruSecurityToken element.
*/
public String getBSTTokenId() {
if (this.bstToken == null) {
return null;
}
return this.bstToken.getID();
}
/**
* Initialize a WSSec Signature.
*
* The method sets up and initializes a WSSec Signature structure after the
* relevant information was set. After setup of the references to elements
* to sign may be added. After all references are added they can be signed.
*
* This method does not add the Signature element to the security header.
* See prependSignatureElementToHeader()
method.
*
* @param doc The SOAP envelope as Document
* @param cr An instance of the Crypto API to handle keystore and certificates
* @param secHeader The security header that will hold the Signature. This is used
* to construct namespace prefixes for Signature. This method
* @throws WSSecurityException
*/
public void prepare(Document doc, Crypto cr, WSSecHeader secHeader)
throws WSSecurityException {
//
// Gather some info about the document to process and store it for
// retrieval
//
crypto = cr;
document = doc;
wsDocInfo = new WSDocInfo(doc.hashCode());
wsDocInfo.setCrypto(cr);
//
// At first get the security token (certificate) according to the
// parameters.
//
X509Certificate[] certs = null;
if (keyIdentifierType != WSConstants.UT_SIGNING
&& keyIdentifierType != WSConstants.CUSTOM_SYMM_SIGNING
&& keyIdentifierType != WSConstants.CUSTOM_SYMM_SIGNING_DIRECT
&& keyIdentifierType != WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER
&& keyIdentifierType != WSConstants.CUSTOM_KEY_IDENTIFIER) {
if (useThisCert == null) {
certs = crypto.getCertificates(user);
} else {
certs = new X509Certificate[] {useThisCert};
}
if (certs == null || certs.length <= 0) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"noUserCertsFound",
new Object[] { user, "signature" }
);
}
certUri = "CertId-" + certs[0].hashCode();
//
// If no signature algorithm was set try to detect it according to the
// data stored in the certificate.
//
if (sigAlgo == null) {
String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
log.debug("automatic sig algo detection: " + pubKeyAlgo);
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
} else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
} else {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"unknownSignatureAlgorithm",
new Object[] {pubKeyAlgo}
);
}
}
}
//
// Get an initialized XMLSignature element.
//
if (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
Element canonElem =
XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
canonElem.setAttributeNS(null, Constants._ATT_ALGORITHM, canonAlgo);
if (wssConfig.isWsiBSPCompliant()) {
Set prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(doc, prefixes);
canonElem.appendChild(inclusiveNamespaces.getElement());
}
try {
SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, sigAlgo);
sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
);
}
} else {
try {
sig = new XMLSignature(doc, null, sigAlgo, canonAlgo);
} catch (XMLSecurityException e) {
log.error("", e);
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e
);
}
}
sig.addResourceResolver(EnvelopeIdResolver.getInstance());
String sigUri = "Signature-" + sig.hashCode();
sig.setId(sigUri);
keyInfo = sig.getKeyInfo();
keyInfoUri = "KeyId-" + keyInfo.hashCode();
keyInfo.setId(keyInfoUri);
secRef = new SecurityTokenReference(doc);
strUri = "STRId-" + secRef.hashCode();
secRef.setID(strUri);
//
// Prepare and setup the token references for this Signature
//
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(document);
ref.setURI("#" + certUri);
if (!useSingleCert) {
bstToken = new PKIPathSecurity(document);
((PKIPathSecurity) bstToken).setX509Certificates(certs, false, crypto);
} else {
bstToken = new X509Security(document);
((X509Security) bstToken).setX509Certificate(certs[0]);
}
ref.setValueType(bstToken.getValueType());
secRef.setReference(ref);
bstToken.setID(certUri);
wsDocInfo.setBst(bstToken.getElement());
break;
case WSConstants.ISSUER_SERIAL:
XMLX509IssuerSerial data = new XMLX509IssuerSerial(document, certs[0]);
X509Data x509Data = new X509Data(document);
x509Data.add(data);
secRef.setX509IssuerSerial(x509Data);
break;
case WSConstants.X509_KEY_IDENTIFIER:
secRef.setKeyIdentifier(certs[0]);
break;
case WSConstants.SKI_KEY_IDENTIFIER:
secRef.setKeyIdentifierSKI(certs[0], crypto);
break;
case WSConstants.UT_SIGNING:
Reference refUt = new Reference(document);
refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
String utId = usernameToken.getId();
refUt.setURI("#" + utId);
secRef.setReference(refUt);
secretKey = usernameToken.getSecretKey();
break;
case WSConstants.THUMBPRINT_IDENTIFIER:
secRef.setKeyIdentifierThumb(certs[0]);
break;
case WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER:
secRef.setKeyIdentifierEncKeySHA1(this.encrKeySha1value);
break;
case WSConstants.CUSTOM_SYMM_SIGNING :
Reference refCust = new Reference(document);
refCust.setValueType(this.customTokenValueType);
refCust.setURI("#" + this.customTokenId);
secRef.setReference(refCust);
break;
case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT :
Reference refCustd = new Reference(document);
refCustd.setValueType(this.customTokenValueType);
refCustd.setURI(this.customTokenId);
secRef.setReference(refCustd);
break;
case WSConstants.CUSTOM_KEY_IDENTIFIER:
secRef.setKeyIdentifier(customTokenValueType, customTokenId);
break;
case WSConstants.KEY_VALUE:
java.security.PublicKey publicKey = certs[0].getPublicKey();
String pubKeyAlgo = publicKey.getAlgorithm();
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(document, publicKey);
keyInfo.add(dsaKeyValue);
} else if (pubKeyAlgo.equalsIgnoreCase("RSA")) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(document, publicKey);
keyInfo.add(rsaKeyValue);
} else {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"unknownSignatureAlgorithm",
new Object[] {pubKeyAlgo}
);
}
break;
default:
throw new WSSecurityException(WSSecurityException.FAILURE, "unsupportedKeyId");
}
if (keyIdentifierType != WSConstants.KEY_VALUE) {
keyInfo.addUnknownElement(secRef.getElement());
}
}
/**
* This method adds references to the Signature.
*
* The added references are signed when calling
* computeSignature()
. This method can be called several
* times to add references as required. addReferencesToSign()
* can be called any time after prepare
.
*
* @param references A vector containing WSEncryptionPart
objects
* that define the parts to sign.
* @param secHeader Used to compute namespaces to be inserted by
* InclusiveNamespaces to be WSI compliant.
* @throws WSSecurityException
*/
public void addReferencesToSign(Vector references, WSSecHeader secHeader)
throws WSSecurityException {
Element envelope = document.getDocumentElement();
for (int part = 0; part < references.size(); part++) {
WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
String idToSign = encPart.getId();
String elemName = encPart.getName();
String nmSpace = encPart.getNamespace();
//
// Set up the elements to sign. There are two reserved element
// names: "Token" and "STRTransform" "Token": Setup the Signature to
// either sign the information that points to the security token or
// the token itself. If its a direct reference sign the token,
// otherwise sign the KeyInfo Element. "STRTransform": Setup the
// ds:Reference to use STR Transform
//
Transforms transforms = new Transforms(document);
try {
if (idToSign != null) {
Element toSignById =
WSSecurityUtil.findElementById(
document.getDocumentElement(), idToSign, WSConstants.WSU_NS
);
if (toSignById == null) {
toSignById =
WSSecurityUtil.findElementById(
document.getDocumentElement(), idToSign, null
);
}
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
document, getInclusivePrefixes(toSignById)).getElement()
);
}
sig.addDocument("#" + idToSign, transforms, digestAlgo);
} else if (elemName.equals("Token")) {
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
document,
getInclusivePrefixes(secHeader.getSecurityHeader())).getElement()
);
}
sig.addDocument("#" + certUri, transforms, digestAlgo);
} else {
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
document, getInclusivePrefixes(keyInfo.getElement())).getElement()
);
}
sig.addDocument("#" + keyInfoUri, transforms, digestAlgo);
}
} else if (elemName.equals("STRTransform")) { // STRTransform
Element ctx = createSTRParameter(document);
transforms.addTransform(STRTransform.implementedTransformURI, ctx);
sig.addDocument("#" + strUri, transforms, digestAlgo);
} else if (elemName.equals("Assertion")) { // Assertion
String id = null;
id = SAMLUtil.getAssertionId(envelope, elemName, nmSpace);
Element body =
(Element) WSSecurityUtil.findElement(envelope, elemName, nmSpace);
if (body == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noEncElement",
new Object[] {nmSpace + ", " + elemName}
);
}
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
document, getInclusivePrefixes(body)).getElement()
);
}
String prefix =
WSSecurityUtil.setNamespace(body, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
body.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
sig.addDocument("#" + id, transforms, digestAlgo);
} else {
Element body =
(Element)WSSecurityUtil.findElement(envelope, elemName, nmSpace);
if (body == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"noEncElement",
new Object[] {nmSpace + ", " + elemName}
);
}
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
if (wssConfig.isWsiBSPCompliant()) {
transforms.item(0).getElement().appendChild(
new InclusiveNamespaces(
document, getInclusivePrefixes(body)).getElement()
);
}
sig.addDocument("#" + setWsuId(body), transforms, digestAlgo);
}
} catch (TransformationException e1) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
);
} catch (XMLSignatureException e1) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
);
}
}
}
/**
* Prepends the Signature element to the elements already in the Security
* header.
*
* The method can be called any time after prepare()
.
* This allows to insert the Signature element at any position in the
* Security header.
*
* @param secHeader The secHeader that holds the Signature element.
*/
public void prependToHeader(WSSecHeader secHeader) {
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), sig.getElement());
}
/**
* Appends the Signature element to the elements already in the Security
* header.
*
* The method can be called any time after prepare()
.
* This allows to insert the Signature element at any position in the
* Security header.
*
* @param secHeader The secHeader that holds the Signature element.
*/
public void appendToHeader(WSSecHeader secHeader) {
Element secHeaderElement = secHeader.getSecurityHeader();
secHeaderElement.appendChild(sig.getElement());
}
/**
* Prepend the BinarySecurityToken to the elements already in the Security
* header.
*
* The method can be called any time after prepare()
.
* This allows to insert the BST element at any position in the Security
* header.
*
* @param secHeader The security header that holds the BST element.
*/
public void prependBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bstToken.getElement());
}
bstToken = null;
}
/**
* Returns the SignatureElement.
* The method can be called any time after prepare()
.
* @return The DOM Element of the signature.
*/
public Element getSignatureElement() {
return this.sig.getElement();
}
/**
* Returns the BST Token element.
* The method can be called any time after prepare()
.
* @return the BST Token element
*/
public Element getBinarySecurityTokenElement() {
if (this.bstToken != null) {
return this.bstToken.getElement();
}
return null;
}
public void appendBSTElementToHeader(WSSecHeader secHeader) {
if (bstToken != null) {
Element secHeaderElement = secHeader.getSecurityHeader();
secHeaderElement.appendChild(bstToken.getElement());
}
bstToken = null;
}
/**
* Compute the Signature over the references.
*
* After references are set this method computes the Signature for them.
* This method can be called any time after the references were set. See
* addReferencesToSign()
.
*
* @throws WSSecurityException
*/
public void computeSignature() throws WSSecurityException {
WSDocInfoStore.store(wsDocInfo);
try {
if (keyIdentifierType == WSConstants.UT_SIGNING ||
keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING ||
keyIdentifierType == WSConstants.CUSTOM_SYMM_SIGNING_DIRECT ||
keyIdentifierType == WSConstants.CUSTOM_KEY_IDENTIFIER ||
keyIdentifierType == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER) {
if (secretKey == null) {
sig.sign(crypto.getPrivateKey(user, password));
} else {
sig.sign(sig.createSecretKey(secretKey));
}
} else {
sig.sign(crypto.getPrivateKey(user, password));
}
signatureValue = sig.getSignatureValue();
} catch (XMLSignatureException e1) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, null, null, e1
);
} catch (Exception e1) {
throw new WSSecurityException(
WSSecurityException.FAILED_SIGNATURE, null, null, e1
);
} finally {
WSDocInfoStore.delete(wsDocInfo);
}
}
/**
* Builds a signed soap envelope.
*
* This is a convenience method and for backward compatibility. The method
* creates a Signature and puts it into the Security header. It does so by
* calling the single functions in order to perform a one shot signature.
* This method is compatible with the build method of the previous version
* with the exception of the additional WSSecHeader parameter.
*
* @param doc The unsigned SOAP envelope as Document
* @param cr An instance of the Crypto API to handle keystore and certificates
* @param secHeader the security header element to hold the encrypted key element.
* @return A signed SOAP envelope as Document
* @throws WSSecurityException
*/
public Document build(Document doc, Crypto cr, WSSecHeader secHeader)
throws WSSecurityException {
doDebug = log.isDebugEnabled();
if (doDebug) {
log.debug("Beginning signing...");
}
prepare(doc, cr, secHeader);
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
if (parts == null) {
parts = new Vector();
WSEncryptionPart encP =
new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content"
);
parts.add(encP);
}
addReferencesToSign(parts, secHeader);
prependToHeader(secHeader);
//
// if we have a BST prepend it in front of the Signature according to
// strict layout rules.
//
if (bstToken != null) {
prependBSTElementToHeader(secHeader);
}
computeSignature();
return doc;
}
protected Element createSTRParameter(Document doc) {
Element transformParam =
doc.createElementNS(
WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX + ":TransformationParameters"
);
WSSecurityUtil.setNamespace(
transformParam, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX
);
Element canonElem =
doc.createElementNS(
WSConstants.SIG_NS,
WSConstants.SIG_PREFIX + ":CanonicalizationMethod"
);
WSSecurityUtil.setNamespace(
canonElem, WSConstants.SIG_NS, WSConstants.SIG_PREFIX
);
canonElem.setAttributeNS(null, "Algorithm", Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
transformParam.appendChild(canonElem);
return transformParam;
}
protected Set getInclusivePrefixes(Element target) {
return getInclusivePrefixes(target, true);
}
protected Set getInclusivePrefixes(Element target, boolean excludeVisible) {
Set result = new HashSet();
Node parent = target;
while (!(parent.getParentNode() instanceof Document)) {
parent = parent.getParentNode();
NamedNodeMap attributes = parent.getAttributes();
for (int i = 0; i < attributes.getLength(); i++) {
Node attribute = attributes.item(i);
if (attribute.getNamespaceURI() != null
&& attribute.getNamespaceURI().equals(
org.apache.ws.security.WSConstants.XMLNS_NS
)
) {
if (attribute.getNodeName().equals("xmlns")) {
result.add("#default");
} else {
result.add(attribute.getLocalName());
}
}
}
}
if (excludeVisible == true) {
NamedNodeMap attributes = target.getAttributes();
for (int i = 0; i < attributes.getLength(); i++) {
Node attribute = attributes.item(i);
if (attribute.getNamespaceURI() != null
&& attribute.getNamespaceURI().equals(
org.apache.ws.security.WSConstants.XMLNS_NS
)
) {
if (attribute.getNodeName().equals("xmlns")) {
result.remove("#default");
} else {
result.remove(attribute.getLocalName());
}
}
if (attribute.getPrefix() != null) {
result.remove(attribute.getPrefix());
}
}
if (target.getPrefix() == null) {
result.remove("#default");
} else {
result.remove(target.getPrefix());
}
}
return result;
}
public void setSecretKey(byte[] secretKey) {
this.secretKey = secretKey;
}
public void setCustomTokenValueType(String customTokenValueType) {
this.customTokenValueType = customTokenValueType;
}
public void setCustomTokenId(String customTokenId) {
this.customTokenId = customTokenId;
}
public void setEncrKeySha1value(String encrKeySha1value) {
this.encrKeySha1value = encrKeySha1value;
}
public void setX509Certificate(X509Certificate cer) {
this.useThisCert = cer;
}
}