use of org.apache.wss4j.common.token.DOMX509IssuerSerial in project cxf by apache.
the class XmlEncOutInterceptor method createKeyInfoElement.
private Element createKeyInfoElement(Document encryptedDataDoc, X509Certificate remoteCert) throws Exception {
Element keyInfoElement = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
String keyIdType = encProps.getEncryptionKeyIdType() == null ? RSSecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
Node keyIdentifierNode = null;
if (keyIdType.equals(RSSecurityUtils.X509_CERT)) {
byte[] data = null;
try {
data = remoteCert.getEncoded();
} catch (CertificateEncodingException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError");
}
Text text = encryptedDataDoc.createTextNode(Base64.getMimeEncoder().encodeToString(data));
Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
cert.appendChild(text);
Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");
x509Data.appendChild(cert);
keyIdentifierNode = x509Data;
} else if (keyIdType.equals(RSSecurityUtils.X509_ISSUER_SERIAL)) {
String issuer = remoteCert.getIssuerDN().getName();
java.math.BigInteger serialNumber = remoteCert.getSerialNumber();
DOMX509IssuerSerial domIssuerSerial = new DOMX509IssuerSerial(encryptedDataDoc, issuer, serialNumber);
DOMX509Data domX509Data = new DOMX509Data(encryptedDataDoc, domIssuerSerial);
keyIdentifierNode = domX509Data.getElement();
} else {
throw new Exception("Unsupported key identifier:" + keyIdType);
}
keyInfoElement.appendChild(keyIdentifierNode);
return keyInfoElement;
}
Aggregations