You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/04/20 15:56:38 UTC
svn commit: r766696 [32/36] - in /webservices/wss4j/site: ./ apidocs/
apidocs/org/apache/ws/axis/security/
apidocs/org/apache/ws/axis/security/class-use/
apidocs/org/apache/ws/axis/security/handler/
apidocs/org/apache/ws/axis/security/handler/class-use...
Modified: webservices/wss4j/site/xref/org/apache/ws/security/saml/WSSecSignatureSAML.html
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/xref/org/apache/ws/security/saml/WSSecSignatureSAML.html?rev=766696&r1=766695&r2=766696&view=diff
==============================================================================
--- webservices/wss4j/site/xref/org/apache/ws/security/saml/WSSecSignatureSAML.html (original)
+++ webservices/wss4j/site/xref/org/apache/ws/security/saml/WSSecSignatureSAML.html Mon Apr 20 13:56:25 2009
@@ -71,561 +71,568 @@
<a name="61" href="#61">61</a>
<a name="62" href="#62">62</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../org/apache/ws/security/saml/WSSecSignatureSAML.html">WSSecSignatureSAML</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../../org/apache/ws/security/message/WSSecSignature.html">WSSecSignature</a> {
<a name="63" href="#63">63</a>
-<a name="64" href="#64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> Log log = LogFactory.getLog(WSSecSignatureSAML.<strong class="jxr_keyword">class</strong>
-<a name="65" href="#65">65</a> .getName());
-<a name="66" href="#66">66</a>
-<a name="67" href="#67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> senderVouches = false;
-<a name="68" href="#68">68</a>
-<a name="69" href="#69">69</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/apache/ws/security/message/token/SecurityTokenReference.html">SecurityTokenReference</a> secRefSaml = <strong class="jxr_keyword">null</strong>;
-<a name="70" href="#70">70</a>
-<a name="71" href="#71">71</a> <strong class="jxr_keyword">private</strong> Element samlToken = <strong class="jxr_keyword">null</strong>;
+<a name="64" href="#64">64</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> Log log = LogFactory.getLog(WSSecSignatureSAML.<strong class="jxr_keyword">class</strong>.getName());
+<a name="65" href="#65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> senderVouches = false;
+<a name="66" href="#66">66</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/apache/ws/security/message/token/SecurityTokenReference.html">SecurityTokenReference</a> secRefSaml = <strong class="jxr_keyword">null</strong>;
+<a name="67" href="#67">67</a> <strong class="jxr_keyword">private</strong> Element samlToken = <strong class="jxr_keyword">null</strong>;
+<a name="68" href="#68">68</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> userCrypto = <strong class="jxr_keyword">null</strong>;
+<a name="69" href="#69">69</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> issuerCrypto = <strong class="jxr_keyword">null</strong>;
+<a name="70" href="#70">70</a> <strong class="jxr_keyword">private</strong> String issuerKeyName = <strong class="jxr_keyword">null</strong>;
+<a name="71" href="#71">71</a> <strong class="jxr_keyword">private</strong> String issuerKeyPW = <strong class="jxr_keyword">null</strong>;
<a name="72" href="#72">72</a>
-<a name="73" href="#73">73</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> userCrypto = <strong class="jxr_keyword">null</strong>;
-<a name="74" href="#74">74</a>
-<a name="75" href="#75">75</a> <strong class="jxr_keyword">private</strong> <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> issuerCrypto = <strong class="jxr_keyword">null</strong>;
-<a name="76" href="#76">76</a>
-<a name="77" href="#77">77</a> <strong class="jxr_keyword">private</strong> String issuerKeyName = <strong class="jxr_keyword">null</strong>;
-<a name="78" href="#78">78</a>
-<a name="79" href="#79">79</a> <strong class="jxr_keyword">private</strong> String issuerKeyPW = <strong class="jxr_keyword">null</strong>;
-<a name="80" href="#80">80</a>
-<a name="81" href="#81">81</a> <em class="jxr_javadoccomment">/**</em>
-<a name="82" href="#82">82</a> <em class="jxr_javadoccomment"> * Constructor.</em>
-<a name="83" href="#83">83</a> <em class="jxr_javadoccomment"> */</em>
-<a name="84" href="#84">84</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../org/apache/ws/security/saml/WSSecSignatureSAML.html">WSSecSignatureSAML</a>() {
-<a name="85" href="#85">85</a> }
-<a name="86" href="#86">86</a>
-<a name="87" href="#87">87</a> <em class="jxr_javadoccomment">/**</em>
-<a name="88" href="#88">88</a> <em class="jxr_javadoccomment"> * Builds a signed soap envelope with SAML token.</em>
-<a name="89" href="#89">89</a> <em class="jxr_javadoccomment"> * </em>
-<a name="90" href="#90">90</a> <em class="jxr_javadoccomment"> * <p/></em>
-<a name="91" href="#91">91</a> <em class="jxr_javadoccomment"> * </em>
-<a name="92" href="#92">92</a> <em class="jxr_javadoccomment"> * The method first gets an appropriate security header. According to the</em>
-<a name="93" href="#93">93</a> <em class="jxr_javadoccomment"> * defined parameters for certificate handling the signature elements are</em>
-<a name="94" href="#94">94</a> <em class="jxr_javadoccomment"> * constructed and inserted into the <code>wsse:Signature</code></em>
-<a name="95" href="#95">95</a> <em class="jxr_javadoccomment"> * </em>
-<a name="96" href="#96">96</a> <em class="jxr_javadoccomment"> * @param doc</em>
-<a name="97" href="#97">97</a> <em class="jxr_javadoccomment"> * The unsigned SOAP envelope as <code>Document</code></em>
-<a name="98" href="#98">98</a> <em class="jxr_javadoccomment"> * @param uCrypto</em>
-<a name="99" href="#99">99</a> <em class="jxr_javadoccomment"> * The user's Crypto instance</em>
-<a name="100" href="#100">100</a> <em class="jxr_javadoccomment"> * @param assertion</em>
-<a name="101" href="#101">101</a> <em class="jxr_javadoccomment"> * the complete SAML assertion</em>
-<a name="102" href="#102">102</a> <em class="jxr_javadoccomment"> * @param iCrypto</em>
-<a name="103" href="#103">103</a> <em class="jxr_javadoccomment"> * An instance of the Crypto API to handle keystore SAML token</em>
-<a name="104" href="#104">104</a> <em class="jxr_javadoccomment"> * issuer and to generate certificates</em>
-<a name="105" href="#105">105</a> <em class="jxr_javadoccomment"> * @param iKeyName</em>
-<a name="106" href="#106">106</a> <em class="jxr_javadoccomment"> * Private key to use in case of "sender-Vouches"</em>
-<a name="107" href="#107">107</a> <em class="jxr_javadoccomment"> * @param iKeyPW</em>
-<a name="108" href="#108">108</a> <em class="jxr_javadoccomment"> * Password for issuer private key</em>
-<a name="109" href="#109">109</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
-<a name="110" href="#110">110</a> <em class="jxr_javadoccomment"> * The Security header</em>
-<a name="111" href="#111">111</a> <em class="jxr_javadoccomment"> * @return A signed SOAP envelope as <code>Document</code></em>
-<a name="112" href="#112">112</a> <em class="jxr_javadoccomment"> * @throws org.apache.ws.security.WSSecurityException</em>
-<a name="113" href="#113">113</a> <em class="jxr_javadoccomment"> */</em>
-<a name="114" href="#114">114</a> <strong class="jxr_keyword">public</strong> Document build(Document doc, <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> uCrypto,
-<a name="115" href="#115">115</a> SAMLAssertion assertion, <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> iCrypto, String iKeyName,
-<a name="116" href="#116">116</a> String iKeyPW, <a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader) <strong class="jxr_keyword">throws</strong> WSSecurityException {
-<a name="117" href="#117">117</a>
-<a name="118" href="#118">118</a> prepare(doc, uCrypto, assertion, iCrypto, iKeyName, iKeyPW, secHeader);
-<a name="119" href="#119">119</a>
-<a name="120" href="#120">120</a> <a href="../../../../../org/apache/ws/security/SOAPConstants.html">SOAPConstants</a> soapConstants = WSSecurityUtil.getSOAPConstants(doc
-<a name="121" href="#121">121</a> .getDocumentElement());
-<a name="122" href="#122">122</a>
-<a name="123" href="#123">123</a> <strong class="jxr_keyword">if</strong> (parts == <strong class="jxr_keyword">null</strong>) {
-<a name="124" href="#124">124</a> parts = <strong class="jxr_keyword">new</strong> Vector();
-<a name="125" href="#125">125</a> <a href="../../../../../org/apache/ws/security/WSEncryptionPart.html">WSEncryptionPart</a> encP = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSEncryptionPart.html">WSEncryptionPart</a>(soapConstants
-<a name="126" href="#126">126</a> .getBodyQName().getLocalPart(), soapConstants
-<a name="127" href="#127">127</a> .getEnvelopeURI(), <span class="jxr_string">"Content"</span>);
-<a name="128" href="#128">128</a> parts.add(encP);
-<a name="129" href="#129">129</a> }
-<a name="130" href="#130">130</a> addReferencesToSign(parts, secHeader);
-<a name="131" href="#131">131</a>
-<a name="132" href="#132">132</a> <em class="jxr_comment">/*</em>
-<a name="133" href="#133">133</a> <em class="jxr_comment"> * The order to prepend is: - signature Element - BinarySecurityToken</em>
-<a name="134" href="#134">134</a> <em class="jxr_comment"> * (depends on mode) - SecurityTokenRefrence (depends on mode) - SAML</em>
-<a name="135" href="#135">135</a> <em class="jxr_comment"> * token</em>
-<a name="136" href="#136">136</a> <em class="jxr_comment"> */</em>
-<a name="137" href="#137">137</a>
-<a name="138" href="#138">138</a> prependToHeader(secHeader);
-<a name="139" href="#139">139</a>
-<a name="140" href="#140">140</a> <em class="jxr_comment">/*</em>
-<a name="141" href="#141">141</a> <em class="jxr_comment"> * if we have a BST prepend it in front of the Signature according to</em>
-<a name="142" href="#142">142</a> <em class="jxr_comment"> * strict layout rules.</em>
-<a name="143" href="#143">143</a> <em class="jxr_comment"> */</em>
-<a name="144" href="#144">144</a> <strong class="jxr_keyword">if</strong> (bstToken != <strong class="jxr_keyword">null</strong>) {
-<a name="145" href="#145">145</a> prependBSTElementToHeader(secHeader);
-<a name="146" href="#146">146</a> }
-<a name="147" href="#147">147</a>
-<a name="148" href="#148">148</a> prependSAMLElementsToHeader(secHeader);
-<a name="149" href="#149">149</a>
-<a name="150" href="#150">150</a> computeSignature();
-<a name="151" href="#151">151</a>
-<a name="152" href="#152">152</a> <strong class="jxr_keyword">return</strong> doc;
-<a name="153" href="#153">153</a> }
-<a name="154" href="#154">154</a>
-<a name="155" href="#155">155</a> <em class="jxr_javadoccomment">/**</em>
-<a name="156" href="#156">156</a> <em class="jxr_javadoccomment"> * Initialize a WSSec SAML Signature.</em>
-<a name="157" href="#157">157</a> <em class="jxr_javadoccomment"> * </em>
-<a name="158" href="#158">158</a> <em class="jxr_javadoccomment"> * The method sets up and initializes a WSSec SAML Signature structure after</em>
-<a name="159" href="#159">159</a> <em class="jxr_javadoccomment"> * the relevant information was set. After setup of the references to</em>
-<a name="160" href="#160">160</a> <em class="jxr_javadoccomment"> * elements to sign may be added. After all references are added they can be</em>
-<a name="161" href="#161">161</a> <em class="jxr_javadoccomment"> * signed.</em>
-<a name="162" href="#162">162</a> <em class="jxr_javadoccomment"> * </em>
-<a name="163" href="#163">163</a> <em class="jxr_javadoccomment"> * <p/></em>
-<a name="164" href="#164">164</a> <em class="jxr_javadoccomment"> * </em>
-<a name="165" href="#165">165</a> <em class="jxr_javadoccomment"> * This method does not add the Signature element to the security header.</em>
-<a name="166" href="#166">166</a> <em class="jxr_javadoccomment"> * See <code>prependSignatureElementToHeader()</code> method.</em>
-<a name="167" href="#167">167</a> <em class="jxr_javadoccomment"> * </em>
-<a name="168" href="#168">168</a> <em class="jxr_javadoccomment"> * @param doc</em>
-<a name="169" href="#169">169</a> <em class="jxr_javadoccomment"> * The SOAP envelope as <code>Document</code></em>
-<a name="170" href="#170">170</a> <em class="jxr_javadoccomment"> * @param uCrypto</em>
-<a name="171" href="#171">171</a> <em class="jxr_javadoccomment"> * The user's Crypto instance</em>
-<a name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * @param assertion</em>
-<a name="173" href="#173">173</a> <em class="jxr_javadoccomment"> * the complete SAML assertion</em>
-<a name="174" href="#174">174</a> <em class="jxr_javadoccomment"> * @param iCrypto</em>
-<a name="175" href="#175">175</a> <em class="jxr_javadoccomment"> * An instance of the Crypto API to handle keystore SAML token</em>
-<a name="176" href="#176">176</a> <em class="jxr_javadoccomment"> * issuer and to generate certificates</em>
-<a name="177" href="#177">177</a> <em class="jxr_javadoccomment"> * @param iKeyName</em>
-<a name="178" href="#178">178</a> <em class="jxr_javadoccomment"> * Private key to use in case of "sender-Vouches"</em>
-<a name="179" href="#179">179</a> <em class="jxr_javadoccomment"> * @param iKeyPW</em>
-<a name="180" href="#180">180</a> <em class="jxr_javadoccomment"> * Password for issuer private key</em>
-<a name="181" href="#181">181</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
-<a name="182" href="#182">182</a> <em class="jxr_javadoccomment"> * The Security header</em>
-<a name="183" href="#183">183</a> <em class="jxr_javadoccomment"> * @throws WSSecurityException</em>
-<a name="184" href="#184">184</a> <em class="jxr_javadoccomment"> */</em>
-<a name="185" href="#185">185</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> prepare(Document doc, <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> uCrypto, SAMLAssertion assertion,
-<a name="186" href="#186">186</a> <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> iCrypto, String iKeyName, String iKeyPW,
-<a name="187" href="#187">187</a> <a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader) <strong class="jxr_keyword">throws</strong> WSSecurityException {
+<a name="73" href="#73">73</a> <em class="jxr_javadoccomment">/**</em>
+<a name="74" href="#74">74</a> <em class="jxr_javadoccomment"> * Constructor.</em>
+<a name="75" href="#75">75</a> <em class="jxr_javadoccomment"> */</em>
+<a name="76" href="#76">76</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../org/apache/ws/security/saml/WSSecSignatureSAML.html">WSSecSignatureSAML</a>() {
+<a name="77" href="#77">77</a> doDebug = log.isDebugEnabled();
+<a name="78" href="#78">78</a> }
+<a name="79" href="#79">79</a>
+<a name="80" href="#80">80</a> <em class="jxr_javadoccomment">/**</em>
+<a name="81" href="#81">81</a> <em class="jxr_javadoccomment"> * Builds a signed soap envelope with SAML token.</em>
+<a name="82" href="#82">82</a> <em class="jxr_javadoccomment"> * </em>
+<a name="83" href="#83">83</a> <em class="jxr_javadoccomment"> * The method first gets an appropriate security header. According to the</em>
+<a name="84" href="#84">84</a> <em class="jxr_javadoccomment"> * defined parameters for certificate handling the signature elements are</em>
+<a name="85" href="#85">85</a> <em class="jxr_javadoccomment"> * constructed and inserted into the <code>wsse:Signature</code></em>
+<a name="86" href="#86">86</a> <em class="jxr_javadoccomment"> * </em>
+<a name="87" href="#87">87</a> <em class="jxr_javadoccomment"> * @param doc</em>
+<a name="88" href="#88">88</a> <em class="jxr_javadoccomment"> * The unsigned SOAP envelope as <code>Document</code></em>
+<a name="89" href="#89">89</a> <em class="jxr_javadoccomment"> * @param uCrypto</em>
+<a name="90" href="#90">90</a> <em class="jxr_javadoccomment"> * The user's Crypto instance</em>
+<a name="91" href="#91">91</a> <em class="jxr_javadoccomment"> * @param assertion</em>
+<a name="92" href="#92">92</a> <em class="jxr_javadoccomment"> * the complete SAML assertion</em>
+<a name="93" href="#93">93</a> <em class="jxr_javadoccomment"> * @param iCrypto</em>
+<a name="94" href="#94">94</a> <em class="jxr_javadoccomment"> * An instance of the Crypto API to handle keystore SAML token</em>
+<a name="95" href="#95">95</a> <em class="jxr_javadoccomment"> * issuer and to generate certificates</em>
+<a name="96" href="#96">96</a> <em class="jxr_javadoccomment"> * @param iKeyName</em>
+<a name="97" href="#97">97</a> <em class="jxr_javadoccomment"> * Private key to use in case of "sender-Vouches"</em>
+<a name="98" href="#98">98</a> <em class="jxr_javadoccomment"> * @param iKeyPW</em>
+<a name="99" href="#99">99</a> <em class="jxr_javadoccomment"> * Password for issuer private key</em>
+<a name="100" href="#100">100</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
+<a name="101" href="#101">101</a> <em class="jxr_javadoccomment"> * The Security header</em>
+<a name="102" href="#102">102</a> <em class="jxr_javadoccomment"> * @return A signed SOAP envelope as <code>Document</code></em>
+<a name="103" href="#103">103</a> <em class="jxr_javadoccomment"> * @throws org.apache.ws.security.WSSecurityException</em>
+<a name="104" href="#104">104</a> <em class="jxr_javadoccomment"> */</em>
+<a name="105" href="#105">105</a> <strong class="jxr_keyword">public</strong> Document build(
+<a name="106" href="#106">106</a> Document doc, <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> uCrypto, SAMLAssertion assertion,
+<a name="107" href="#107">107</a> <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> iCrypto, String iKeyName, String iKeyPW, <a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader
+<a name="108" href="#108">108</a> ) <strong class="jxr_keyword">throws</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a> {
+<a name="109" href="#109">109</a>
+<a name="110" href="#110">110</a> prepare(doc, uCrypto, assertion, iCrypto, iKeyName, iKeyPW, secHeader);
+<a name="111" href="#111">111</a>
+<a name="112" href="#112">112</a> <a href="../../../../../org/apache/ws/security/SOAPConstants.html">SOAPConstants</a> soapConstants = WSSecurityUtil.getSOAPConstants(doc
+<a name="113" href="#113">113</a> .getDocumentElement());
+<a name="114" href="#114">114</a>
+<a name="115" href="#115">115</a> <strong class="jxr_keyword">if</strong> (parts == <strong class="jxr_keyword">null</strong>) {
+<a name="116" href="#116">116</a> parts = <strong class="jxr_keyword">new</strong> Vector();
+<a name="117" href="#117">117</a> <a href="../../../../../org/apache/ws/security/WSEncryptionPart.html">WSEncryptionPart</a> encP = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSEncryptionPart.html">WSEncryptionPart</a>(soapConstants
+<a name="118" href="#118">118</a> .getBodyQName().getLocalPart(), soapConstants
+<a name="119" href="#119">119</a> .getEnvelopeURI(), <span class="jxr_string">"Content"</span>);
+<a name="120" href="#120">120</a> parts.add(encP);
+<a name="121" href="#121">121</a> }
+<a name="122" href="#122">122</a> addReferencesToSign(parts, secHeader);
+<a name="123" href="#123">123</a>
+<a name="124" href="#124">124</a> <em class="jxr_comment">//</em>
+<a name="125" href="#125">125</a> <em class="jxr_comment">// The order to prepend is: - signature Element - BinarySecurityToken</em>
+<a name="126" href="#126">126</a> <em class="jxr_comment">// (depends on mode) - SecurityTokenRefrence (depends on mode) - SAML</em>
+<a name="127" href="#127">127</a> <em class="jxr_comment">// token</em>
+<a name="128" href="#128">128</a> <em class="jxr_comment">//</em>
+<a name="129" href="#129">129</a> prependToHeader(secHeader);
+<a name="130" href="#130">130</a>
+<a name="131" href="#131">131</a> <em class="jxr_comment">//</em>
+<a name="132" href="#132">132</a> <em class="jxr_comment">// if we have a BST prepend it in front of the Signature according to</em>
+<a name="133" href="#133">133</a> <em class="jxr_comment">// strict layout rules.</em>
+<a name="134" href="#134">134</a> <em class="jxr_comment">//</em>
+<a name="135" href="#135">135</a> <strong class="jxr_keyword">if</strong> (bstToken != <strong class="jxr_keyword">null</strong>) {
+<a name="136" href="#136">136</a> prependBSTElementToHeader(secHeader);
+<a name="137" href="#137">137</a> }
+<a name="138" href="#138">138</a>
+<a name="139" href="#139">139</a> prependSAMLElementsToHeader(secHeader);
+<a name="140" href="#140">140</a>
+<a name="141" href="#141">141</a> computeSignature();
+<a name="142" href="#142">142</a>
+<a name="143" href="#143">143</a> <strong class="jxr_keyword">return</strong> doc;
+<a name="144" href="#144">144</a> }
+<a name="145" href="#145">145</a>
+<a name="146" href="#146">146</a> <em class="jxr_javadoccomment">/**</em>
+<a name="147" href="#147">147</a> <em class="jxr_javadoccomment"> * Initialize a WSSec SAML Signature.</em>
+<a name="148" href="#148">148</a> <em class="jxr_javadoccomment"> * </em>
+<a name="149" href="#149">149</a> <em class="jxr_javadoccomment"> * The method sets up and initializes a WSSec SAML Signature structure after</em>
+<a name="150" href="#150">150</a> <em class="jxr_javadoccomment"> * the relevant information was set. After setup of the references to</em>
+<a name="151" href="#151">151</a> <em class="jxr_javadoccomment"> * elements to sign may be added. After all references are added they can be</em>
+<a name="152" href="#152">152</a> <em class="jxr_javadoccomment"> * signed.</em>
+<a name="153" href="#153">153</a> <em class="jxr_javadoccomment"> * </em>
+<a name="154" href="#154">154</a> <em class="jxr_javadoccomment"> * This method does not add the Signature element to the security header.</em>
+<a name="155" href="#155">155</a> <em class="jxr_javadoccomment"> * See <code>prependSignatureElementToHeader()</code> method.</em>
+<a name="156" href="#156">156</a> <em class="jxr_javadoccomment"> * </em>
+<a name="157" href="#157">157</a> <em class="jxr_javadoccomment"> * @param doc</em>
+<a name="158" href="#158">158</a> <em class="jxr_javadoccomment"> * The SOAP envelope as <code>Document</code></em>
+<a name="159" href="#159">159</a> <em class="jxr_javadoccomment"> * @param uCrypto</em>
+<a name="160" href="#160">160</a> <em class="jxr_javadoccomment"> * The user's Crypto instance</em>
+<a name="161" href="#161">161</a> <em class="jxr_javadoccomment"> * @param assertion</em>
+<a name="162" href="#162">162</a> <em class="jxr_javadoccomment"> * the complete SAML assertion</em>
+<a name="163" href="#163">163</a> <em class="jxr_javadoccomment"> * @param iCrypto</em>
+<a name="164" href="#164">164</a> <em class="jxr_javadoccomment"> * An instance of the Crypto API to handle keystore SAML token</em>
+<a name="165" href="#165">165</a> <em class="jxr_javadoccomment"> * issuer and to generate certificates</em>
+<a name="166" href="#166">166</a> <em class="jxr_javadoccomment"> * @param iKeyName</em>
+<a name="167" href="#167">167</a> <em class="jxr_javadoccomment"> * Private key to use in case of "sender-Vouches"</em>
+<a name="168" href="#168">168</a> <em class="jxr_javadoccomment"> * @param iKeyPW</em>
+<a name="169" href="#169">169</a> <em class="jxr_javadoccomment"> * Password for issuer private key</em>
+<a name="170" href="#170">170</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
+<a name="171" href="#171">171</a> <em class="jxr_javadoccomment"> * The Security header</em>
+<a name="172" href="#172">172</a> <em class="jxr_javadoccomment"> * @throws WSSecurityException</em>
+<a name="173" href="#173">173</a> <em class="jxr_javadoccomment"> */</em>
+<a name="174" href="#174">174</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> prepare(
+<a name="175" href="#175">175</a> Document doc, <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> uCrypto, SAMLAssertion assertion, <a href="../../../../../org/apache/ws/security/components/crypto/Crypto.html">Crypto</a> iCrypto,
+<a name="176" href="#176">176</a> String iKeyName, String iKeyPW, <a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader
+<a name="177" href="#177">177</a> ) <strong class="jxr_keyword">throws</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a> {
+<a name="178" href="#178">178</a>
+<a name="179" href="#179">179</a> <strong class="jxr_keyword">if</strong> (doDebug) {
+<a name="180" href="#180">180</a> log.debug(<span class="jxr_string">"Beginning ST signing..."</span>);
+<a name="181" href="#181">181</a> }
+<a name="182" href="#182">182</a>
+<a name="183" href="#183">183</a> userCrypto = uCrypto;
+<a name="184" href="#184">184</a> issuerCrypto = iCrypto;
+<a name="185" href="#185">185</a> document = doc;
+<a name="186" href="#186">186</a> issuerKeyName = iKeyName;
+<a name="187" href="#187">187</a> issuerKeyPW = iKeyPW;
<a name="188" href="#188">188</a>
-<a name="189" href="#189">189</a> doDebug = log.isDebugEnabled();
-<a name="190" href="#190">190</a> <strong class="jxr_keyword">if</strong> (doDebug) {
-<a name="191" href="#191">191</a> log.debug(<span class="jxr_string">"Beginning ST signing..."</span>);
-<a name="192" href="#192">192</a> }
-<a name="193" href="#193">193</a>
-<a name="194" href="#194">194</a> userCrypto = uCrypto;
-<a name="195" href="#195">195</a> issuerCrypto = iCrypto;
-<a name="196" href="#196">196</a> document = doc;
-<a name="197" href="#197">197</a> issuerKeyName = iKeyName;
-<a name="198" href="#198">198</a> issuerKeyPW = iKeyPW;
-<a name="199" href="#199">199</a>
-<a name="200" href="#200">200</a> <em class="jxr_comment">/*</em>
-<a name="201" href="#201">201</a> <em class="jxr_comment"> * Get some information about the SAML token content. This controls how</em>
-<a name="202" href="#202">202</a> <em class="jxr_comment"> * to deal with the whole stuff. First get the Authentication statement</em>
-<a name="203" href="#203">203</a> <em class="jxr_comment"> * (includes Subject), then get the _first_ confirmation method only</em>
-<a name="204" href="#204">204</a> <em class="jxr_comment"> * thats if "senderVouches" is true.</em>
-<a name="205" href="#205">205</a> <em class="jxr_comment"> */</em>
-<a name="206" href="#206">206</a> SAMLSubjectStatement samlSubjS = <strong class="jxr_keyword">null</strong>;
-<a name="207" href="#207">207</a> Iterator it = assertion.getStatements();
-<a name="208" href="#208">208</a> <strong class="jxr_keyword">while</strong> (it.hasNext()) {
-<a name="209" href="#209">209</a> SAMLObject so = (SAMLObject) it.next();
-<a name="210" href="#210">210</a> <strong class="jxr_keyword">if</strong> (so instanceof SAMLSubjectStatement) {
-<a name="211" href="#211">211</a> samlSubjS = (SAMLSubjectStatement) so;
-<a name="212" href="#212">212</a> <strong class="jxr_keyword">break</strong>;
-<a name="213" href="#213">213</a> }
-<a name="214" href="#214">214</a> }
-<a name="215" href="#215">215</a> SAMLSubject samlSubj = <strong class="jxr_keyword">null</strong>;
-<a name="216" href="#216">216</a> <strong class="jxr_keyword">if</strong> (samlSubjS != <strong class="jxr_keyword">null</strong>) {
-<a name="217" href="#217">217</a> samlSubj = samlSubjS.getSubject();
-<a name="218" href="#218">218</a> }
-<a name="219" href="#219">219</a> <strong class="jxr_keyword">if</strong> (samlSubj == <strong class="jxr_keyword">null</strong>) {
-<a name="220" href="#220">220</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE,
-<a name="221" href="#221">221</a> <span class="jxr_string">"invalidSAMLToken"</span>, <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"for Signature"</span> });
-<a name="222" href="#222">222</a> }
-<a name="223" href="#223">223</a>
-<a name="224" href="#224">224</a> String confirmMethod = <strong class="jxr_keyword">null</strong>;
-<a name="225" href="#225">225</a> it = samlSubj.getConfirmationMethods();
-<a name="226" href="#226">226</a> <strong class="jxr_keyword">if</strong> (it.hasNext()) {
-<a name="227" href="#227">227</a> confirmMethod = (String) it.next();
-<a name="228" href="#228">228</a> }
-<a name="229" href="#229">229</a> <strong class="jxr_keyword">if</strong> (SAMLSubject.CONF_SENDER_VOUCHES.equals(confirmMethod)) {
-<a name="230" href="#230">230</a> senderVouches = <strong class="jxr_keyword">true</strong>;
-<a name="231" href="#231">231</a> }
-<a name="232" href="#232">232</a> <em class="jxr_comment">/*</em>
-<a name="233" href="#233">233</a> <em class="jxr_comment"> * Gather some info about the document to process and store it for</em>
-<a name="234" href="#234">234</a> <em class="jxr_comment"> * retrieval</em>
-<a name="235" href="#235">235</a> <em class="jxr_comment"> */</em>
-<a name="236" href="#236">236</a> wsDocInfo = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSDocInfo.html">WSDocInfo</a>(doc.hashCode());
-<a name="237" href="#237">237</a>
-<a name="238" href="#238">238</a> X509Certificate[] certs = <strong class="jxr_keyword">null</strong>;
-<a name="239" href="#239">239</a>
-<a name="240" href="#240">240</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
-<a name="241" href="#241">241</a> certs = issuerCrypto.getCertificates(issuerKeyName);
-<a name="242" href="#242">242</a> wsDocInfo.setCrypto(issuerCrypto);
-<a name="243" href="#243">243</a> }
-<a name="244" href="#244">244</a> <em class="jxr_comment">/*</em>
-<a name="245" href="#245">245</a> <em class="jxr_comment"> * in case of key holder: - get the user's certificate that _must_ be</em>
-<a name="246" href="#246">246</a> <em class="jxr_comment"> * included in the SAML token. To ensure the cert integrity the SAML</em>
-<a name="247" href="#247">247</a> <em class="jxr_comment"> * token must be signed (by the issuer). Just check if its signed, but</em>
-<a name="248" href="#248">248</a> <em class="jxr_comment"> * don't verify this SAML token's signature here (maybe later).</em>
-<a name="249" href="#249">249</a> <em class="jxr_comment"> */</em>
-<a name="250" href="#250">250</a> <strong class="jxr_keyword">else</strong> {
-<a name="251" href="#251">251</a> <strong class="jxr_keyword">if</strong> (userCrypto == <strong class="jxr_keyword">null</strong> || assertion.isSigned() == false) {
-<a name="252" href="#252">252</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE,
-<a name="253" href="#253">253</a> <span class="jxr_string">"invalidSAMLsecurity"</span>,
-<a name="254" href="#254">254</a> <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"for SAML Signature (Key Holder)"</span> });
-<a name="255" href="#255">255</a> }
-<a name="256" href="#256">256</a> Element e = samlSubj.getKeyInfo();
-<a name="257" href="#257">257</a> <strong class="jxr_keyword">try</strong> {
-<a name="258" href="#258">258</a> KeyInfo ki = <strong class="jxr_keyword">new</strong> KeyInfo(e, <strong class="jxr_keyword">null</strong>);
-<a name="259" href="#259">259</a>
-<a name="260" href="#260">260</a> <strong class="jxr_keyword">if</strong> (ki.containsX509Data()) {
-<a name="261" href="#261">261</a> X509Data data = ki.itemX509Data(0);
-<a name="262" href="#262">262</a> XMLX509Certificate certElem = <strong class="jxr_keyword">null</strong>;
-<a name="263" href="#263">263</a> <strong class="jxr_keyword">if</strong> (data != <strong class="jxr_keyword">null</strong> && data.containsCertificate()) {
-<a name="264" href="#264">264</a> certElem = data.itemCertificate(0);
-<a name="265" href="#265">265</a> }
-<a name="266" href="#266">266</a> <strong class="jxr_keyword">if</strong> (certElem != <strong class="jxr_keyword">null</strong>) {
-<a name="267" href="#267">267</a> X509Certificate cert = certElem.getX509Certificate();
-<a name="268" href="#268">268</a> certs = <strong class="jxr_keyword">new</strong> X509Certificate[1];
-<a name="269" href="#269">269</a> certs[0] = cert;
-<a name="270" href="#270">270</a> }
-<a name="271" href="#271">271</a> }
-<a name="272" href="#272">272</a> <em class="jxr_comment">// TODO: get alias name for cert, check against username set by</em>
-<a name="273" href="#273">273</a> <em class="jxr_comment">// caller</em>
-<a name="274" href="#274">274</a> } <strong class="jxr_keyword">catch</strong> (XMLSecurityException e3) {
-<a name="275" href="#275">275</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE,
-<a name="276" href="#276">276</a> <span class="jxr_string">"invalidSAMLsecurity"</span>,
-<a name="277" href="#277">277</a> <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"cannot get certificate (key holder)"</span> },
-<a name="278" href="#278">278</a> e3);
-<a name="279" href="#279">279</a> }
-<a name="280" href="#280">280</a> wsDocInfo.setCrypto(userCrypto);
+<a name="189" href="#189">189</a> <em class="jxr_comment">//</em>
+<a name="190" href="#190">190</a> <em class="jxr_comment">// Get some information about the SAML token content. This controls how</em>
+<a name="191" href="#191">191</a> <em class="jxr_comment">// to deal with the whole stuff. First get the Authentication statement</em>
+<a name="192" href="#192">192</a> <em class="jxr_comment">// (includes Subject), then get the _first_ confirmation method only</em>
+<a name="193" href="#193">193</a> <em class="jxr_comment">// thats if "senderVouches" is true.</em>
+<a name="194" href="#194">194</a> <em class="jxr_comment">//</em>
+<a name="195" href="#195">195</a> SAMLSubjectStatement samlSubjS = <strong class="jxr_keyword">null</strong>;
+<a name="196" href="#196">196</a> Iterator it = assertion.getStatements();
+<a name="197" href="#197">197</a> <strong class="jxr_keyword">while</strong> (it.hasNext()) {
+<a name="198" href="#198">198</a> SAMLObject so = (SAMLObject) it.next();
+<a name="199" href="#199">199</a> <strong class="jxr_keyword">if</strong> (so instanceof SAMLSubjectStatement) {
+<a name="200" href="#200">200</a> samlSubjS = (SAMLSubjectStatement) so;
+<a name="201" href="#201">201</a> <strong class="jxr_keyword">break</strong>;
+<a name="202" href="#202">202</a> }
+<a name="203" href="#203">203</a> }
+<a name="204" href="#204">204</a> SAMLSubject samlSubj = <strong class="jxr_keyword">null</strong>;
+<a name="205" href="#205">205</a> <strong class="jxr_keyword">if</strong> (samlSubjS != <strong class="jxr_keyword">null</strong>) {
+<a name="206" href="#206">206</a> samlSubj = samlSubjS.getSubject();
+<a name="207" href="#207">207</a> }
+<a name="208" href="#208">208</a> <strong class="jxr_keyword">if</strong> (samlSubj == <strong class="jxr_keyword">null</strong>) {
+<a name="209" href="#209">209</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE,
+<a name="210" href="#210">210</a> <span class="jxr_string">"invalidSAMLToken"</span>, <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"for Signature"</span> });
+<a name="211" href="#211">211</a> }
+<a name="212" href="#212">212</a>
+<a name="213" href="#213">213</a> String confirmMethod = <strong class="jxr_keyword">null</strong>;
+<a name="214" href="#214">214</a> it = samlSubj.getConfirmationMethods();
+<a name="215" href="#215">215</a> <strong class="jxr_keyword">if</strong> (it.hasNext()) {
+<a name="216" href="#216">216</a> confirmMethod = (String) it.next();
+<a name="217" href="#217">217</a> }
+<a name="218" href="#218">218</a> <strong class="jxr_keyword">if</strong> (SAMLSubject.CONF_SENDER_VOUCHES.equals(confirmMethod)) {
+<a name="219" href="#219">219</a> senderVouches = <strong class="jxr_keyword">true</strong>;
+<a name="220" href="#220">220</a> }
+<a name="221" href="#221">221</a> <em class="jxr_comment">//</em>
+<a name="222" href="#222">222</a> <em class="jxr_comment">// Gather some info about the document to process and store it for</em>
+<a name="223" href="#223">223</a> <em class="jxr_comment">// retrieval</em>
+<a name="224" href="#224">224</a> <em class="jxr_comment">//</em>
+<a name="225" href="#225">225</a> wsDocInfo = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSDocInfo.html">WSDocInfo</a>(doc);
+<a name="226" href="#226">226</a>
+<a name="227" href="#227">227</a> X509Certificate[] certs = <strong class="jxr_keyword">null</strong>;
+<a name="228" href="#228">228</a>
+<a name="229" href="#229">229</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
+<a name="230" href="#230">230</a> certs = issuerCrypto.getCertificates(issuerKeyName);
+<a name="231" href="#231">231</a> wsDocInfo.setCrypto(issuerCrypto);
+<a name="232" href="#232">232</a> }
+<a name="233" href="#233">233</a> <em class="jxr_comment">//</em>
+<a name="234" href="#234">234</a> <em class="jxr_comment">// in case of key holder: - get the user's certificate that _must_ be</em>
+<a name="235" href="#235">235</a> <em class="jxr_comment">// included in the SAML token. To ensure the cert integrity the SAML</em>
+<a name="236" href="#236">236</a> <em class="jxr_comment">// token must be signed (by the issuer). Just check if its signed, but</em>
+<a name="237" href="#237">237</a> <em class="jxr_comment">// don't verify this SAML token's signature here (maybe later).</em>
+<a name="238" href="#238">238</a> <em class="jxr_comment">//</em>
+<a name="239" href="#239">239</a> <strong class="jxr_keyword">else</strong> {
+<a name="240" href="#240">240</a> <strong class="jxr_keyword">if</strong> (userCrypto == <strong class="jxr_keyword">null</strong> || !assertion.isSigned()) {
+<a name="241" href="#241">241</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="242" href="#242">242</a> WSSecurityException.FAILURE,
+<a name="243" href="#243">243</a> <span class="jxr_string">"invalidSAMLsecurity"</span>,
+<a name="244" href="#244">244</a> <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"for SAML Signature (Key Holder)"</span> }
+<a name="245" href="#245">245</a> );
+<a name="246" href="#246">246</a> }
+<a name="247" href="#247">247</a> Element e = samlSubj.getKeyInfo();
+<a name="248" href="#248">248</a> <strong class="jxr_keyword">try</strong> {
+<a name="249" href="#249">249</a> KeyInfo ki = <strong class="jxr_keyword">new</strong> KeyInfo(e, <strong class="jxr_keyword">null</strong>);
+<a name="250" href="#250">250</a>
+<a name="251" href="#251">251</a> <strong class="jxr_keyword">if</strong> (ki.containsX509Data()) {
+<a name="252" href="#252">252</a> X509Data data = ki.itemX509Data(0);
+<a name="253" href="#253">253</a> XMLX509Certificate certElem = <strong class="jxr_keyword">null</strong>;
+<a name="254" href="#254">254</a> <strong class="jxr_keyword">if</strong> (data != <strong class="jxr_keyword">null</strong> && data.containsCertificate()) {
+<a name="255" href="#255">255</a> certElem = data.itemCertificate(0);
+<a name="256" href="#256">256</a> }
+<a name="257" href="#257">257</a> <strong class="jxr_keyword">if</strong> (certElem != <strong class="jxr_keyword">null</strong>) {
+<a name="258" href="#258">258</a> X509Certificate cert = certElem.getX509Certificate();
+<a name="259" href="#259">259</a> certs = <strong class="jxr_keyword">new</strong> X509Certificate[1];
+<a name="260" href="#260">260</a> certs[0] = cert;
+<a name="261" href="#261">261</a> }
+<a name="262" href="#262">262</a> }
+<a name="263" href="#263">263</a> <em class="jxr_comment">// TODO: get alias name for cert, check against username set by</em>
+<a name="264" href="#264">264</a> <em class="jxr_comment">// caller</em>
+<a name="265" href="#265">265</a> } <strong class="jxr_keyword">catch</strong> (XMLSecurityException e3) {
+<a name="266" href="#266">266</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="267" href="#267">267</a> WSSecurityException.FAILURE,
+<a name="268" href="#268">268</a> <span class="jxr_string">"invalidSAMLsecurity"</span>,
+<a name="269" href="#269">269</a> <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"cannot get certificate (key holder)"</span> },
+<a name="270" href="#270">270</a> e3
+<a name="271" href="#271">271</a> );
+<a name="272" href="#272">272</a> }
+<a name="273" href="#273">273</a> wsDocInfo.setCrypto(userCrypto);
+<a name="274" href="#274">274</a> }
+<a name="275" href="#275">275</a> <strong class="jxr_keyword">if</strong> (certs == <strong class="jxr_keyword">null</strong> || certs.length <= 0) {
+<a name="276" href="#276">276</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="277" href="#277">277</a> WSSecurityException.FAILURE,
+<a name="278" href="#278">278</a> <span class="jxr_string">"noCertsFound"</span>,
+<a name="279" href="#279">279</a> <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"SAML signature"</span> }
+<a name="280" href="#280">280</a> );
<a name="281" href="#281">281</a> }
-<a name="282" href="#282">282</a> <strong class="jxr_keyword">if</strong> (certs == <strong class="jxr_keyword">null</strong> || certs.length <= 0) {
-<a name="283" href="#283">283</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
-<a name="284" href="#284">284</a> WSSecurityException.FAILURE,
-<a name="285" href="#285">285</a> <span class="jxr_string">"noCertsFound"</span>,
-<a name="286" href="#286">286</a> <strong class="jxr_keyword">new</strong> Object[] { <span class="jxr_string">"SAML signature"</span> }
-<a name="287" href="#287">287</a> );
-<a name="288" href="#288">288</a> }
-<a name="289" href="#289">289</a> <strong class="jxr_keyword">if</strong> (sigAlgo == <strong class="jxr_keyword">null</strong>) {
-<a name="290" href="#290">290</a> String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
-<a name="291" href="#291">291</a> log.debug(<span class="jxr_string">"automatic sig algo detection: "</span> + pubKeyAlgo);
-<a name="292" href="#292">292</a> <strong class="jxr_keyword">if</strong> (pubKeyAlgo.equalsIgnoreCase(<span class="jxr_string">"DSA"</span>)) {
-<a name="293" href="#293">293</a> sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
-<a name="294" href="#294">294</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (pubKeyAlgo.equalsIgnoreCase(<span class="jxr_string">"RSA"</span>)) {
-<a name="295" href="#295">295</a> sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
-<a name="296" href="#296">296</a> } <strong class="jxr_keyword">else</strong> {
-<a name="297" href="#297">297</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
-<a name="298" href="#298">298</a> WSSecurityException.FAILURE,
-<a name="299" href="#299">299</a> <span class="jxr_string">"unknownSignatureAlgorithm"</span>,
-<a name="300" href="#300">300</a> <strong class="jxr_keyword">new</strong> Object[] {
-<a name="301" href="#301">301</a> pubKeyAlgo
-<a name="302" href="#302">302</a> }
-<a name="303" href="#303">303</a> );
-<a name="304" href="#304">304</a> }
-<a name="305" href="#305">305</a> }
-<a name="306" href="#306">306</a> sig = <strong class="jxr_keyword">null</strong>;
-<a name="307" href="#307">307</a> <strong class="jxr_keyword">if</strong> (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
-<a name="308" href="#308">308</a> Element canonElem = XMLUtils.createElementInSignatureSpace(doc,
-<a name="309" href="#309">309</a> Constants._TAG_CANONICALIZATIONMETHOD);
-<a name="310" href="#310">310</a>
-<a name="311" href="#311">311</a> canonElem.setAttributeNS(<strong class="jxr_keyword">null</strong>, Constants._ATT_ALGORITHM, canonAlgo);
-<a name="312" href="#312">312</a>
-<a name="313" href="#313">313</a> <strong class="jxr_keyword">if</strong> (wssConfig.isWsiBSPCompliant()) {
-<a name="314" href="#314">314</a> Set prefixes = getInclusivePrefixes(secHeader
-<a name="315" href="#315">315</a> .getSecurityHeader(), false);
-<a name="316" href="#316">316</a>
-<a name="317" href="#317">317</a> InclusiveNamespaces inclusiveNamespaces = <strong class="jxr_keyword">new</strong> InclusiveNamespaces(
-<a name="318" href="#318">318</a> doc, prefixes);
-<a name="319" href="#319">319</a>
-<a name="320" href="#320">320</a> canonElem.appendChild(inclusiveNamespaces.getElement());
-<a name="321" href="#321">321</a> }
-<a name="322" href="#322">322</a> <strong class="jxr_keyword">try</strong> {
-<a name="323" href="#323">323</a> SignatureAlgorithm signatureAlgorithm = <strong class="jxr_keyword">new</strong> SignatureAlgorithm(
-<a name="324" href="#324">324</a> doc, sigAlgo);
-<a name="325" href="#325">325</a> sig = <strong class="jxr_keyword">new</strong> XMLSignature(doc, <strong class="jxr_keyword">null</strong>, signatureAlgorithm
-<a name="326" href="#326">326</a> .getElement(), canonElem);
-<a name="327" href="#327">327</a> } <strong class="jxr_keyword">catch</strong> (XMLSecurityException e) {
-<a name="328" href="#328">328</a> log.error(<span class="jxr_string">""</span>, e);
-<a name="329" href="#329">329</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
-<a name="330" href="#330">330</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e
-<a name="331" href="#331">331</a> );
-<a name="332" href="#332">332</a> }
-<a name="333" href="#333">333</a> } <strong class="jxr_keyword">else</strong> {
-<a name="334" href="#334">334</a> <strong class="jxr_keyword">try</strong> {
-<a name="335" href="#335">335</a> sig = <strong class="jxr_keyword">new</strong> XMLSignature(doc, <strong class="jxr_keyword">null</strong>, sigAlgo, canonAlgo);
-<a name="336" href="#336">336</a> } <strong class="jxr_keyword">catch</strong> (XMLSecurityException e) {
-<a name="337" href="#337">337</a> log.error(<span class="jxr_string">""</span>, e);
-<a name="338" href="#338">338</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
-<a name="339" href="#339">339</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e
-<a name="340" href="#340">340</a> );
-<a name="341" href="#341">341</a> }
-<a name="342" href="#342">342</a> }
-<a name="343" href="#343">343</a>
-<a name="344" href="#344">344</a> sig.addResourceResolver(EnvelopeIdResolver.getInstance());
-<a name="345" href="#345">345</a> String sigUri = <span class="jxr_string">"Signature-"</span> + sig.hashCode();
-<a name="346" href="#346">346</a> sig.setId(sigUri);
+<a name="282" href="#282">282</a> <strong class="jxr_keyword">if</strong> (sigAlgo == <strong class="jxr_keyword">null</strong>) {
+<a name="283" href="#283">283</a> String pubKeyAlgo = certs[0].getPublicKey().getAlgorithm();
+<a name="284" href="#284">284</a> log.debug(<span class="jxr_string">"automatic sig algo detection: "</span> + pubKeyAlgo);
+<a name="285" href="#285">285</a> <strong class="jxr_keyword">if</strong> (pubKeyAlgo.equalsIgnoreCase(<span class="jxr_string">"DSA"</span>)) {
+<a name="286" href="#286">286</a> sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+<a name="287" href="#287">287</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (pubKeyAlgo.equalsIgnoreCase(<span class="jxr_string">"RSA"</span>)) {
+<a name="288" href="#288">288</a> sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+<a name="289" href="#289">289</a> } <strong class="jxr_keyword">else</strong> {
+<a name="290" href="#290">290</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="291" href="#291">291</a> WSSecurityException.FAILURE,
+<a name="292" href="#292">292</a> <span class="jxr_string">"unknownSignatureAlgorithm"</span>,
+<a name="293" href="#293">293</a> <strong class="jxr_keyword">new</strong> Object[] {
+<a name="294" href="#294">294</a> pubKeyAlgo
+<a name="295" href="#295">295</a> }
+<a name="296" href="#296">296</a> );
+<a name="297" href="#297">297</a> }
+<a name="298" href="#298">298</a> }
+<a name="299" href="#299">299</a> sig = <strong class="jxr_keyword">null</strong>;
+<a name="300" href="#300">300</a> <strong class="jxr_keyword">if</strong> (canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+<a name="301" href="#301">301</a> Element canonElem =
+<a name="302" href="#302">302</a> XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
+<a name="303" href="#303">303</a>
+<a name="304" href="#304">304</a> canonElem.setAttributeNS(<strong class="jxr_keyword">null</strong>, Constants._ATT_ALGORITHM, canonAlgo);
+<a name="305" href="#305">305</a>
+<a name="306" href="#306">306</a> <strong class="jxr_keyword">if</strong> (wssConfig.isWsiBSPCompliant()) {
+<a name="307" href="#307">307</a> Set prefixes = getInclusivePrefixes(secHeader.getSecurityHeader(), false);
+<a name="308" href="#308">308</a>
+<a name="309" href="#309">309</a> InclusiveNamespaces inclusiveNamespaces =
+<a name="310" href="#310">310</a> <strong class="jxr_keyword">new</strong> InclusiveNamespaces(doc, prefixes);
+<a name="311" href="#311">311</a>
+<a name="312" href="#312">312</a> canonElem.appendChild(inclusiveNamespaces.getElement());
+<a name="313" href="#313">313</a> }
+<a name="314" href="#314">314</a> <strong class="jxr_keyword">try</strong> {
+<a name="315" href="#315">315</a> SignatureAlgorithm signatureAlgorithm = <strong class="jxr_keyword">new</strong> SignatureAlgorithm(doc, sigAlgo);
+<a name="316" href="#316">316</a> sig = <strong class="jxr_keyword">new</strong> XMLSignature(doc, <strong class="jxr_keyword">null</strong>, signatureAlgorithm.getElement(), canonElem);
+<a name="317" href="#317">317</a> } <strong class="jxr_keyword">catch</strong> (XMLSecurityException e) {
+<a name="318" href="#318">318</a> log.error(<span class="jxr_string">""</span>, e);
+<a name="319" href="#319">319</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="320" href="#320">320</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e
+<a name="321" href="#321">321</a> );
+<a name="322" href="#322">322</a> }
+<a name="323" href="#323">323</a> } <strong class="jxr_keyword">else</strong> {
+<a name="324" href="#324">324</a> <strong class="jxr_keyword">try</strong> {
+<a name="325" href="#325">325</a> sig = <strong class="jxr_keyword">new</strong> XMLSignature(doc, <strong class="jxr_keyword">null</strong>, sigAlgo, canonAlgo);
+<a name="326" href="#326">326</a> } <strong class="jxr_keyword">catch</strong> (XMLSecurityException e) {
+<a name="327" href="#327">327</a> log.error(<span class="jxr_string">""</span>, e);
+<a name="328" href="#328">328</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="329" href="#329">329</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e
+<a name="330" href="#330">330</a> );
+<a name="331" href="#331">331</a> }
+<a name="332" href="#332">332</a> }
+<a name="333" href="#333">333</a>
+<a name="334" href="#334">334</a> sig.addResourceResolver(EnvelopeIdResolver.getInstance());
+<a name="335" href="#335">335</a> String sigUri = wssConfig.getIdAllocator().createId(<span class="jxr_string">"Signature-"</span>, sig);
+<a name="336" href="#336">336</a> sig.setId(sigUri);
+<a name="337" href="#337">337</a>
+<a name="338" href="#338">338</a> keyInfo = sig.getKeyInfo();
+<a name="339" href="#339">339</a> keyInfoUri = wssConfig.getIdAllocator().createSecureId(<span class="jxr_string">"KeyId-"</span>, keyInfo);
+<a name="340" href="#340">340</a> keyInfo.setId(keyInfoUri);
+<a name="341" href="#341">341</a>
+<a name="342" href="#342">342</a> secRef = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/SecurityTokenReference.html">SecurityTokenReference</a>(doc);
+<a name="343" href="#343">343</a> strUri = wssConfig.getIdAllocator().createSecureId(<span class="jxr_string">"STRId-"</span>, secRef);
+<a name="344" href="#344">344</a> secRef.setID(strUri);
+<a name="345" href="#345">345</a>
+<a name="346" href="#346">346</a> certUri = wssConfig.getIdAllocator().createSecureId(<span class="jxr_string">"CertId-"</span>, certs[0]);
<a name="347" href="#347">347</a>
-<a name="348" href="#348">348</a> keyInfo = sig.getKeyInfo();
-<a name="349" href="#349">349</a> keyInfoUri = <span class="jxr_string">"KeyId-"</span> + keyInfo.hashCode();
-<a name="350" href="#350">350</a> keyInfo.setId(keyInfoUri);
-<a name="351" href="#351">351</a>
-<a name="352" href="#352">352</a> secRef = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/SecurityTokenReference.html">SecurityTokenReference</a>(doc);
-<a name="353" href="#353">353</a> strUri = <span class="jxr_string">"STRId-"</span> + secRef.hashCode();
-<a name="354" href="#354">354</a> secRef.setID(strUri);
-<a name="355" href="#355">355</a>
-<a name="356" href="#356">356</a> certUri = <span class="jxr_string">"CertId-"</span> + certs[0].hashCode();
-<a name="357" href="#357">357</a>
-<a name="358" href="#358">358</a> <em class="jxr_comment">/*</em>
-<a name="359" href="#359">359</a> <em class="jxr_comment"> * If the sender vouches, then we must sign the SAML token _and_ at</em>
-<a name="360" href="#360">360</a> <em class="jxr_comment"> * least one part of the message (usually the SOAP body). To do so we</em>
-<a name="361" href="#361">361</a> <em class="jxr_comment"> * need to - put in a reference to the SAML token. Thus we create a STR</em>
-<a name="362" href="#362">362</a> <em class="jxr_comment"> * and insert it into the wsse:Security header - set a reference of the</em>
-<a name="363" href="#363">363</a> <em class="jxr_comment"> * created STR to the signature and use STR Transfrom during the</em>
-<a name="364" href="#364">364</a> <em class="jxr_comment"> * signature</em>
-<a name="365" href="#365">365</a> <em class="jxr_comment"> */</em>
-<a name="366" href="#366">366</a> Transforms transforms = <strong class="jxr_keyword">null</strong>;
-<a name="367" href="#367">367</a>
-<a name="368" href="#368">368</a> <strong class="jxr_keyword">try</strong> {
-<a name="369" href="#369">369</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
-<a name="370" href="#370">370</a> secRefSaml = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/SecurityTokenReference.html">SecurityTokenReference</a>(doc);
-<a name="371" href="#371">371</a> String strSamlUri = <span class="jxr_string">"STRSAMLId-"</span> + secRefSaml.hashCode();
-<a name="372" href="#372">372</a> secRefSaml.setID(strSamlUri);
-<a name="373" href="#373">373</a>
-<a name="374" href="#374">374</a> <em class="jxr_comment">// Decouple Reference/KeyInfo setup - quick shot here</em>
-<a name="375" href="#375">375</a> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a>(doc);
-<a name="376" href="#376">376</a> ref.setURI(<span class="jxr_string">"#"</span> + assertion.getId());
-<a name="377" href="#377">377</a> ref.setValueType(WSConstants.WSS_SAML_NS
-<a name="378" href="#378">378</a> + WSConstants.WSS_SAML_ASSERTION);
-<a name="379" href="#379">379</a> secRefSaml.setReference(ref);
-<a name="380" href="#380">380</a> <em class="jxr_comment">// up to here</em>
-<a name="381" href="#381">381</a>
-<a name="382" href="#382">382</a> Element ctx = createSTRParameter(doc);
-<a name="383" href="#383">383</a> transforms = <strong class="jxr_keyword">new</strong> Transforms(doc);
-<a name="384" href="#384">384</a> transforms.addTransform(STRTransform.implementedTransformURI,
-<a name="385" href="#385">385</a> ctx);
-<a name="386" href="#386">386</a> sig.addDocument(<span class="jxr_string">"#"</span> + strSamlUri, transforms);
-<a name="387" href="#387">387</a> }
-<a name="388" href="#388">388</a> } <strong class="jxr_keyword">catch</strong> (TransformationException e1) {
-<a name="389" href="#389">389</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILED_SIGNATURE,
-<a name="390" href="#390">390</a> <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e1);
-<a name="391" href="#391">391</a> } <strong class="jxr_keyword">catch</strong> (XMLSignatureException e1) {
-<a name="392" href="#392">392</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILED_SIGNATURE,
-<a name="393" href="#393">393</a> <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e1);
-<a name="394" href="#394">394</a> }
-<a name="395" href="#395">395</a>
-<a name="396" href="#396">396</a> <strong class="jxr_keyword">switch</strong> (keyIdentifierType) {
-<a name="397" href="#397">397</a> <strong class="jxr_keyword">case</strong> WSConstants.BST_DIRECT_REFERENCE:
-<a name="398" href="#398">398</a> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a>(doc);
-<a name="399" href="#399">399</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
-<a name="400" href="#400">400</a> ref.setURI(<span class="jxr_string">"#"</span> + certUri);
-<a name="401" href="#401">401</a> bstToken = <strong class="jxr_keyword">new</strong> X509Security(doc);
-<a name="402" href="#402">402</a> ((X509Security) bstToken).setX509Certificate(certs[0]);
-<a name="403" href="#403">403</a> bstToken.setID(certUri);
-<a name="404" href="#404">404</a> wsDocInfo.setBst(bstToken.getElement());
-<a name="405" href="#405">405</a> ref.setValueType(bstToken.getValueType());
-<a name="406" href="#406">406</a> } <strong class="jxr_keyword">else</strong> {
-<a name="407" href="#407">407</a> ref.setURI(<span class="jxr_string">"#"</span> + assertion.getId());
-<a name="408" href="#408">408</a> ref.setValueType(WSConstants.WSS_SAML_NS
-<a name="409" href="#409">409</a> + WSConstants.WSS_SAML_ASSERTION);
-<a name="410" href="#410">410</a> }
-<a name="411" href="#411">411</a> secRef.setReference(ref);
-<a name="412" href="#412">412</a> <strong class="jxr_keyword">break</strong>;
-<a name="413" href="#413">413</a> <em class="jxr_comment">//</em>
-<a name="414" href="#414">414</a> <em class="jxr_comment">// case WSConstants.ISSUER_SERIAL :</em>
-<a name="415" href="#415">415</a> <em class="jxr_comment">// XMLX509IssuerSerial data =</em>
-<a name="416" href="#416">416</a> <em class="jxr_comment">// new XMLX509IssuerSerial(doc, certs[0]);</em>
-<a name="417" href="#417">417</a> <em class="jxr_comment">// secRef.setX509IssuerSerial(data);</em>
-<a name="418" href="#418">418</a> <em class="jxr_comment">// break;</em>
-<a name="419" href="#419">419</a> <em class="jxr_comment">//</em>
-<a name="420" href="#420">420</a> <em class="jxr_comment">// case WSConstants.X509_KEY_IDENTIFIER :</em>
-<a name="421" href="#421">421</a> <em class="jxr_comment">// secRef.setKeyIdentifier(certs[0]);</em>
-<a name="422" href="#422">422</a> <em class="jxr_comment">// break;</em>
-<a name="423" href="#423">423</a> <em class="jxr_comment">//</em>
-<a name="424" href="#424">424</a> <em class="jxr_comment">// case WSConstants.SKI_KEY_IDENTIFIER :</em>
-<a name="425" href="#425">425</a> <em class="jxr_comment">// secRef.setKeyIdentifierSKI(certs[0], crypto);</em>
-<a name="426" href="#426">426</a> <em class="jxr_comment">// break;</em>
-<a name="427" href="#427">427</a> <em class="jxr_comment">//</em>
-<a name="428" href="#428">428</a> <strong class="jxr_keyword">default</strong>:
-<a name="429" href="#429">429</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE,
-<a name="430" href="#430">430</a> <span class="jxr_string">"unsupportedKeyId"</span>);
-<a name="431" href="#431">431</a> }
+<a name="348" href="#348">348</a> <em class="jxr_comment">//</em>
+<a name="349" href="#349">349</a> <em class="jxr_comment">// If the sender vouches, then we must sign the SAML token _and_ at</em>
+<a name="350" href="#350">350</a> <em class="jxr_comment">// least one part of the message (usually the SOAP body). To do so we</em>
+<a name="351" href="#351">351</a> <em class="jxr_comment">// need to - put in a reference to the SAML token. Thus we create a STR</em>
+<a name="352" href="#352">352</a> <em class="jxr_comment">// and insert it into the wsse:Security header - set a reference of the</em>
+<a name="353" href="#353">353</a> <em class="jxr_comment">// created STR to the signature and use STR Transform during the</em>
+<a name="354" href="#354">354</a> <em class="jxr_comment">// signature</em>
+<a name="355" href="#355">355</a> <em class="jxr_comment">//</em>
+<a name="356" href="#356">356</a> Transforms transforms = <strong class="jxr_keyword">null</strong>;
+<a name="357" href="#357">357</a> <strong class="jxr_keyword">try</strong> {
+<a name="358" href="#358">358</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
+<a name="359" href="#359">359</a> secRefSaml = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/SecurityTokenReference.html">SecurityTokenReference</a>(doc);
+<a name="360" href="#360">360</a> String strSamlUri =
+<a name="361" href="#361">361</a> wssConfig.getIdAllocator().createSecureId(<span class="jxr_string">"STRSAMLId-"</span>, secRefSaml);
+<a name="362" href="#362">362</a> secRefSaml.setID(strSamlUri);
+<a name="363" href="#363">363</a>
+<a name="364" href="#364">364</a> <strong class="jxr_keyword">if</strong> (WSConstants.X509_KEY_IDENTIFIER == keyIdentifierType) {
+<a name="365" href="#365">365</a> Element keyId = doc.createElementNS(WSConstants.WSSE_NS, <span class="jxr_string">"wsse:KeyIdentifier"</span>);
+<a name="366" href="#366">366</a> keyId.setAttributeNS(
+<a name="367" href="#367">367</a> <strong class="jxr_keyword">null</strong>, <span class="jxr_string">"ValueType"</span>, WSConstants.WSS_SAML_KI_VALUE_TYPE
+<a name="368" href="#368">368</a> );
+<a name="369" href="#369">369</a> keyId.appendChild(doc.createTextNode(assertion.getId()));
+<a name="370" href="#370">370</a> Element elem = secRefSaml.getElement();
+<a name="371" href="#371">371</a> elem.appendChild(keyId);
+<a name="372" href="#372">372</a> } <strong class="jxr_keyword">else</strong> {
+<a name="373" href="#373">373</a> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a>(doc);
+<a name="374" href="#374">374</a> ref.setURI(<span class="jxr_string">"#"</span> + assertion.getId());
+<a name="375" href="#375">375</a> ref.setValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+<a name="376" href="#376">376</a> secRefSaml.setReference(ref);
+<a name="377" href="#377">377</a> }
+<a name="378" href="#378">378</a>
+<a name="379" href="#379">379</a> Element ctx = createSTRParameter(doc);
+<a name="380" href="#380">380</a> transforms = <strong class="jxr_keyword">new</strong> Transforms(doc);
+<a name="381" href="#381">381</a> transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+<a name="382" href="#382">382</a> sig.addDocument(<span class="jxr_string">"#"</span> + strSamlUri, transforms);
+<a name="383" href="#383">383</a> }
+<a name="384" href="#384">384</a> } <strong class="jxr_keyword">catch</strong> (TransformationException e1) {
+<a name="385" href="#385">385</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="386" href="#386">386</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e1
+<a name="387" href="#387">387</a> );
+<a name="388" href="#388">388</a> } <strong class="jxr_keyword">catch</strong> (XMLSignatureException e1) {
+<a name="389" href="#389">389</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="390" href="#390">390</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noXMLSig"</span>, <strong class="jxr_keyword">null</strong>, e1
+<a name="391" href="#391">391</a> );
+<a name="392" href="#392">392</a> }
+<a name="393" href="#393">393</a>
+<a name="394" href="#394">394</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
+<a name="395" href="#395">395</a> <strong class="jxr_keyword">switch</strong> (keyIdentifierType) {
+<a name="396" href="#396">396</a> <strong class="jxr_keyword">case</strong> WSConstants.BST_DIRECT_REFERENCE:
+<a name="397" href="#397">397</a> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a>(doc);
+<a name="398" href="#398">398</a> ref.setURI(<span class="jxr_string">"#"</span> + certUri);
+<a name="399" href="#399">399</a> bstToken = <strong class="jxr_keyword">new</strong> X509Security(doc);
+<a name="400" href="#400">400</a> ((X509Security) bstToken).setX509Certificate(certs[0]);
+<a name="401" href="#401">401</a> bstToken.setID(certUri);
+<a name="402" href="#402">402</a> wsDocInfo.setBst(bstToken.getElement());
+<a name="403" href="#403">403</a> ref.setValueType(bstToken.getValueType());
+<a name="404" href="#404">404</a> secRef.setReference(ref);
+<a name="405" href="#405">405</a> <strong class="jxr_keyword">break</strong>;
+<a name="406" href="#406">406</a>
+<a name="407" href="#407">407</a> <strong class="jxr_keyword">case</strong> WSConstants.X509_KEY_IDENTIFIER :
+<a name="408" href="#408">408</a> secRef.setKeyIdentifier(certs[0]);
+<a name="409" href="#409">409</a> <strong class="jxr_keyword">break</strong>;
+<a name="410" href="#410">410</a>
+<a name="411" href="#411">411</a> <strong class="jxr_keyword">default</strong>:
+<a name="412" href="#412">412</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE, <span class="jxr_string">"unsupportedKeyId"</span>);
+<a name="413" href="#413">413</a> }
+<a name="414" href="#414">414</a> } <strong class="jxr_keyword">else</strong> {
+<a name="415" href="#415">415</a> <strong class="jxr_keyword">switch</strong> (keyIdentifierType) {
+<a name="416" href="#416">416</a> <strong class="jxr_keyword">case</strong> WSConstants.BST_DIRECT_REFERENCE:
+<a name="417" href="#417">417</a> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a> ref = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/message/token/Reference.html">Reference</a>(doc);
+<a name="418" href="#418">418</a> ref.setURI(<span class="jxr_string">"#"</span> + assertion.getId());
+<a name="419" href="#419">419</a> ref.setValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+<a name="420" href="#420">420</a> secRef.setReference(ref);
+<a name="421" href="#421">421</a> <strong class="jxr_keyword">break</strong>;
+<a name="422" href="#422">422</a>
+<a name="423" href="#423">423</a> <strong class="jxr_keyword">case</strong> WSConstants.X509_KEY_IDENTIFIER :
+<a name="424" href="#424">424</a> Element keyId = doc.createElementNS(WSConstants.WSSE_NS, <span class="jxr_string">"wsse:KeyIdentifier"</span>);
+<a name="425" href="#425">425</a> keyId.setAttributeNS(
+<a name="426" href="#426">426</a> <strong class="jxr_keyword">null</strong>, <span class="jxr_string">"ValueType"</span>, WSConstants.WSS_SAML_KI_VALUE_TYPE
+<a name="427" href="#427">427</a> );
+<a name="428" href="#428">428</a> keyId.appendChild(doc.createTextNode(assertion.getId()));
+<a name="429" href="#429">429</a> Element elem = secRef.getElement();
+<a name="430" href="#430">430</a> elem.appendChild(keyId);
+<a name="431" href="#431">431</a> <strong class="jxr_keyword">break</strong>;
<a name="432" href="#432">432</a>
-<a name="433" href="#433">433</a> keyInfo.addUnknownElement(secRef.getElement());
-<a name="434" href="#434">434</a>
-<a name="435" href="#435">435</a> Element keyInfoElement = keyInfo.getElement();
-<a name="436" href="#436">436</a> keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, <span class="jxr_string">"xmlns:"</span>
-<a name="437" href="#437">437</a> + WSConstants.SIG_PREFIX, WSConstants.SIG_NS);
-<a name="438" href="#438">438</a>
-<a name="439" href="#439">439</a> <strong class="jxr_keyword">try</strong> {
-<a name="440" href="#440">440</a> samlToken = (Element) assertion.toDOM(doc);
-<a name="441" href="#441">441</a> } <strong class="jxr_keyword">catch</strong> (SAMLException e2) {
-<a name="442" href="#442">442</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILED_SIGNATURE,
-<a name="443" href="#443">443</a> <span class="jxr_string">"noSAMLdoc"</span>, <strong class="jxr_keyword">null</strong>, e2);
-<a name="444" href="#444">444</a> }
-<a name="445" href="#445">445</a> wsDocInfo.setAssertion(samlToken);
-<a name="446" href="#446">446</a> }
-<a name="447" href="#447">447</a>
-<a name="448" href="#448">448</a> <em class="jxr_javadoccomment">/**</em>
-<a name="449" href="#449">449</a> <em class="jxr_javadoccomment"> * Prepend the SAML elements to the elements already in the Security header.</em>
-<a name="450" href="#450">450</a> <em class="jxr_javadoccomment"> * </em>
-<a name="451" href="#451">451</a> <em class="jxr_javadoccomment"> * The method can be called any time after <code>prepare()</code>. This</em>
-<a name="452" href="#452">452</a> <em class="jxr_javadoccomment"> * allows to insert the SAML elements at any position in the Security</em>
-<a name="453" href="#453">453</a> <em class="jxr_javadoccomment"> * header.</em>
-<a name="454" href="#454">454</a> <em class="jxr_javadoccomment"> * </em>
-<a name="455" href="#455">455</a> <em class="jxr_javadoccomment"> * <p/></em>
+<a name="433" href="#433">433</a> <strong class="jxr_keyword">default</strong>:
+<a name="434" href="#434">434</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(WSSecurityException.FAILURE, <span class="jxr_string">"unsupportedKeyId"</span>);
+<a name="435" href="#435">435</a> }
+<a name="436" href="#436">436</a> }
+<a name="437" href="#437">437</a> keyInfo.addUnknownElement(secRef.getElement());
+<a name="438" href="#438">438</a>
+<a name="439" href="#439">439</a> Element keyInfoElement = keyInfo.getElement();
+<a name="440" href="#440">440</a> keyInfoElement.setAttributeNS(
+<a name="441" href="#441">441</a> WSConstants.XMLNS_NS, <span class="jxr_string">"xmlns:"</span> + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
+<a name="442" href="#442">442</a> );
+<a name="443" href="#443">443</a>
+<a name="444" href="#444">444</a> <strong class="jxr_keyword">try</strong> {
+<a name="445" href="#445">445</a> samlToken = (Element) assertion.toDOM(doc);
+<a name="446" href="#446">446</a> } <strong class="jxr_keyword">catch</strong> (SAMLException e2) {
+<a name="447" href="#447">447</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a>(
+<a name="448" href="#448">448</a> WSSecurityException.FAILED_SIGNATURE, <span class="jxr_string">"noSAMLdoc"</span>, <strong class="jxr_keyword">null</strong>, e2
+<a name="449" href="#449">449</a> );
+<a name="450" href="#450">450</a> }
+<a name="451" href="#451">451</a> wsDocInfo.setAssertion(samlToken);
+<a name="452" href="#452">452</a> }
+<a name="453" href="#453">453</a>
+<a name="454" href="#454">454</a> <em class="jxr_javadoccomment">/**</em>
+<a name="455" href="#455">455</a> <em class="jxr_javadoccomment"> * Prepend the SAML elements to the elements already in the Security header.</em>
<a name="456" href="#456">456</a> <em class="jxr_javadoccomment"> * </em>
-<a name="457" href="#457">457</a> <em class="jxr_javadoccomment"> * This methods first prepends the SAML security reference if mode is</em>
-<a name="458" href="#458">458</a> <em class="jxr_javadoccomment"> * <code>senderVouches</code>, then the SAML token itself,</em>
-<a name="459" href="#459">459</a> <em class="jxr_javadoccomment"> * </em>
-<a name="460" href="#460">460</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
-<a name="461" href="#461">461</a> <em class="jxr_javadoccomment"> * The security header that holds the BST element.</em>
-<a name="462" href="#462">462</a> <em class="jxr_javadoccomment"> */</em>
-<a name="463" href="#463">463</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> prependSAMLElementsToHeader(<a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader) {
-<a name="464" href="#464">464</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
-<a name="465" href="#465">465</a> WSSecurityUtil.prependChildElement(
-<a name="466" href="#466">466</a> secHeader.getSecurityHeader(), secRefSaml.getElement());
-<a name="467" href="#467">467</a> }
-<a name="468" href="#468">468</a>
-<a name="469" href="#469">469</a> WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), samlToken);
-<a name="470" href="#470">470</a> }
-<a name="471" href="#471">471</a>
-<a name="472" href="#472">472</a> <em class="jxr_javadoccomment">/**</em>
-<a name="473" href="#473">473</a> <em class="jxr_javadoccomment"> * This method adds references to the Signature.</em>
-<a name="474" href="#474">474</a> <em class="jxr_javadoccomment"> * </em>
-<a name="475" href="#475">475</a> <em class="jxr_javadoccomment"> * The added references are signed when calling</em>
-<a name="476" href="#476">476</a> <em class="jxr_javadoccomment"> * <code>computeSignature()</code>. This method can be called several</em>
-<a name="477" href="#477">477</a> <em class="jxr_javadoccomment"> * times to add references as required. <code>addReferencesToSign()</code></em>
-<a name="478" href="#478">478</a> <em class="jxr_javadoccomment"> * can be called anytime after <code>prepare</code>.</em>
+<a name="457" href="#457">457</a> <em class="jxr_javadoccomment"> * The method can be called any time after <code>prepare()</code>. This</em>
+<a name="458" href="#458">458</a> <em class="jxr_javadoccomment"> * allows to insert the SAML elements at any position in the Security</em>
+<a name="459" href="#459">459</a> <em class="jxr_javadoccomment"> * header.</em>
+<a name="460" href="#460">460</a> <em class="jxr_javadoccomment"> * </em>
+<a name="461" href="#461">461</a> <em class="jxr_javadoccomment"> * This methods first prepends the SAML security reference if mode is</em>
+<a name="462" href="#462">462</a> <em class="jxr_javadoccomment"> * <code>senderVouches</code>, then the SAML token itself,</em>
+<a name="463" href="#463">463</a> <em class="jxr_javadoccomment"> * </em>
+<a name="464" href="#464">464</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
+<a name="465" href="#465">465</a> <em class="jxr_javadoccomment"> * The security header that holds the BST element.</em>
+<a name="466" href="#466">466</a> <em class="jxr_javadoccomment"> */</em>
+<a name="467" href="#467">467</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> prependSAMLElementsToHeader(<a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader) {
+<a name="468" href="#468">468</a> <strong class="jxr_keyword">if</strong> (senderVouches) {
+<a name="469" href="#469">469</a> WSSecurityUtil.prependChildElement(
+<a name="470" href="#470">470</a> secHeader.getSecurityHeader(), secRefSaml.getElement()
+<a name="471" href="#471">471</a> );
+<a name="472" href="#472">472</a> }
+<a name="473" href="#473">473</a>
+<a name="474" href="#474">474</a> WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), samlToken);
+<a name="475" href="#475">475</a> }
+<a name="476" href="#476">476</a>
+<a name="477" href="#477">477</a> <em class="jxr_javadoccomment">/**</em>
+<a name="478" href="#478">478</a> <em class="jxr_javadoccomment"> * This method adds references to the Signature.</em>
<a name="479" href="#479">479</a> <em class="jxr_javadoccomment"> * </em>
-<a name="480" href="#480">480</a> <em class="jxr_javadoccomment"> * @param references</em>
-<a name="481" href="#481">481</a> <em class="jxr_javadoccomment"> * A vector containing <code>WSEncryptionPart</code> objects</em>
-<a name="482" href="#482">482</a> <em class="jxr_javadoccomment"> * that define the parts to sign.</em>
-<a name="483" href="#483">483</a> <em class="jxr_javadoccomment"> * @param secHeader</em>
-<a name="484" href="#484">484</a> <em class="jxr_javadoccomment"> * Used to compute namespaces to be inserted by</em>
-<a name="485" href="#485">485</a> <em class="jxr_javadoccomment"> * InclusiveNamespaces to be WSI compliant.</em>
-<a name="486" href="#486">486</a> <em class="jxr_javadoccomment"> * @throws WSSecurityException</em>
-<a name="487" href="#487">487</a> <em class="jxr_javadoccomment"> */</em>
-<a name="488" href="#488">488</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> addReferencesToSign(Vector references, <a href="../../../../../org/apache/ws/security/message/WSSecHeader.html">WSSecHeader</a> secHeader)
-<a name="489" href="#489">489</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../../org/apache/ws/security/WSSecurityException.html">WSSecurityException</a> {
-<a name="490" href="#490">490</a> Transforms transforms = <strong class="jxr_keyword">null</strong>;
-<a name="491" href="#491">491</a>
-<a name="492" href="#492">492</a> Element envelope = document.getDocumentElement();
-<a name="493" href="#493">493</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> part = 0; part < parts.size(); part++) {
[... 274 lines stripped ...]
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org