Examples of org.apache.ws.security.message.token.SecurityTokenReference

• org.apache.ws.security.message.token.SecurityTokenReference
  Security Token Reference. @author Davanum Srinivas (dims@yahoo.com).

            dkSign.setExternalKey(tok.getSecret(), ref);
        } else if (!isRequestor() && policyToken.isDerivedKeys()) {
            // If the Encrypted key used to create the derived key is not
            // attached use key identifier as defined in WSS1.1 section
            // 7.7 Encrypted Key reference
            SecurityTokenReference tokenRef
                = new SecurityTokenReference(doc);
            if (tok.getSHA1() != null) {
                tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
            }
            dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());

        } else {
            dkSign.setExternalKey(tok.getSecret(), tok.getId());
        }

            dkSign.setExternalKey(tok.getSecret(), ref);
        } else if (!isRequestor() && policyToken.isDerivedKeys()) {
            // If the Encrypted key used to create the derived key is not
            // attached use key identifier as defined in WSS1.1 section
            // 7.7 Encrypted Key reference
            SecurityTokenReference tokenRef
                = new SecurityTokenReference(doc);
            if (tok.getSHA1() != null) {
                tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
            }
            dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());

        } else {
            dkSign.setExternalKey(tok.getSecret(), tok.getId());
        }

        KeyInfo info = sig.getKeyInfo();
        String keyInfoUri = "KeyId-" + info.hashCode();
        info.setId(keyInfoUri);

        SecurityTokenReference secRef = new SecurityTokenReference(wssConfig, doc);
        String strUri = "STRId-" + secRef.hashCode();
        secRef.setID(strUri);


        if (tlog.isDebugEnabled()) {
            t1 = System.currentTimeMillis();
        }

        if (parts == null) {
            parts = new Vector();
            WSEncryptionPart encP =
                    new WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
                            soapConstants.getEnvelopeURI(),
                            "Content");
            parts.add(encP);
        }

        Transforms transforms = null;

        for (int part = 0; part < parts.size(); part++) {
            WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
            String elemName = encPart.getName();
            String nmSpace = encPart.getNamespace();

            /*
             * Set up the elements to sign. There are two resevered element
             * names: "Token" and "STRTransform" "Token": Setup the Signature to
             * either sign the information that points to the security token or
             * the token itself. If its a direct reference sign the token,
             * otherwise sign the KeyInfo Element. "STRTransform": Setup the
             * ds:Reference to use STR Transform
             *
             */
            try {
                if (elemName.equals("Token")) {
                    transforms = new Transforms(doc);
                    transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
                    if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
                        if (wssConfig.isWsiBSPCompliant()) {
                            transforms.item(0).getElement().appendChild(
                                    new InclusiveNamespaces(
                                            doc, getInclusivePrefixes(
                                                    securityHeader)).getElement());
                        }
                        sig.addDocument("#" + certUri, transforms);
                    } else {
                        if (wssConfig.isWsiBSPCompliant()) {
                            transforms.item(0).getElement().appendChild(
                                    new InclusiveNamespaces(
                                            doc, getInclusivePrefixes(
                                                    info.getElement())).getElement());
                        }
                        sig.addDocument("#" + keyInfoUri, transforms);
                    }
                } else if (elemName.equals("STRTransform")) { // STRTransform
                    Element ctx = createSTRParameter(doc);
                    transforms = new Transforms(doc);
                    transforms.addTransform(STRTransform.implementedTransformURI,
                            ctx);
                    sig.addDocument("#" + strUri, transforms);
                } else if (elemName.equals("Assertion")) { // Assertion
                // Make the AssertionID the wsu:Id and the signature reference the same
                SAMLAssertion assertion;

                Element assertionElement =
                                    (Element) WSSecurityUtil.findElement(envelope,
                                            elemName,
                                            nmSpace);

                try {
              assertion = new SAMLAssertion(assertionElement);
                }
                catch (Exception e1) {
              log.error(e1);
              throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                          "noXMLSig", null, e1);
                }

                           Element body =
                                    (Element) WSSecurityUtil.findElement(envelope,
                                            elemName,
                                            nmSpace);
                            if (body == null) {
                                throw new WSSecurityException(WSSecurityException.FAILURE,
                                        "noEncElement",
                                        new Object[]{nmSpace + ", " + elemName});
                            }
                            transforms = new Transforms(doc);
                            transforms.addTransform(
                                    Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
                            if (wssConfig.isWsiBSPCompliant()) {
                                transforms.item(0).getElement().appendChild(
                                        new InclusiveNamespaces(
                                                doc, getInclusivePrefixes(body)).getElement());
                            }
                String prefix =
                                WSSecurityUtil.setNamespace(body,
                        wssConfig.getWsuNS(),
                        WSConstants.WSU_PREFIX);
                body.setAttributeNS(wssConfig.getWsuNS(), prefix + ":Id", assertion.getId());
                            sig.addDocument("#" + assertion.getId(), transforms);


                } else {
                    Element body =
                            (Element) WSSecurityUtil.findElement(envelope,
                                    elemName,
                                    nmSpace);
                    if (body == null) {
                        throw new WSSecurityException(WSSecurityException.FAILURE,
                                "noEncElement",
                                new Object[]{nmSpace + ", " + elemName});
                    }
                    transforms = new Transforms(doc);
                    transforms.addTransform(
                            Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
                    if (wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(
                                new InclusiveNamespaces(
                                        doc, getInclusivePrefixes(body)).getElement());
                    }
                    sig.addDocument("#" + setWsuId(body), transforms);
                }
            } catch (TransformationException e1) {
                throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                        "noXMLSig",
                        null,
                        e1);
            } catch (XMLSignatureException e1) {
                throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                        "noXMLSig",
                        null,
                        e1);
            }
        }

        sig.addResourceResolver(EnvelopeIdResolver.getInstance(wssConfig));

        WSSecurityUtil.prependChildElement(doc,
                securityHeader,
                sig.getElement(),
                false);
        if (tlog.isDebugEnabled()) {
            t2 = System.currentTimeMillis();
        }

        byte[] secretKey = null;
        switch (keyIdentifierType) {
            case WSConstants.BST_DIRECT_REFERENCE:
                Reference ref = new Reference(wssConfig, doc);
                ref.setURI("#" + certUri);
                BinarySecurity bstToken = null;
                if (!useSingleCert) {
                    bstToken = new PKIPathSecurity(wssConfig, doc);
                    ((PKIPathSecurity) bstToken).setX509Certificates(certs,
                            false,
                            crypto);
                } else {
                    bstToken = new X509Security(wssConfig, doc);
                    ((X509Security) bstToken).setX509Certificate(certs[0]);
                }
                ref.setValueType(bstToken.getValueType());
                secRef.setReference(ref);
                bstToken.setID(certUri);
                WSSecurityUtil.prependChildElement(doc,
                        securityHeader,
                        bstToken.getElement(),
                        false);
                wsDocInfo.setBst(bstToken.getElement());
                break;

            case WSConstants.ISSUER_SERIAL:
                XMLX509IssuerSerial data =
                        new XMLX509IssuerSerial(doc, certs[0]);
                secRef.setX509IssuerSerial(data);
                break;

            case WSConstants.X509_KEY_IDENTIFIER:
                secRef.setKeyIdentifier(certs[0]);
                break;

            case WSConstants.SKI_KEY_IDENTIFIER:
                secRef.setKeyIdentifierSKI(certs[0], crypto);
                break;

            case WSConstants.UT_SIGNING:
                Reference refUt = new Reference(wssConfig, doc);
                refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
                String utId = usernameToken.getId();
                if (utId == null) {
                    utId = "usernameTokenId-" + usernameToken.hashCode();
                    usernameToken.setId(utId);
                }
                refUt.setURI("#" + utId);
                secRef.setReference(refUt);
                secretKey = usernameToken.getSecretKey();
                break;

            default :
                throw new WSSecurityException(WSSecurityException.FAILURE,
                        "unsupportedKeyId");
        }
        if (tlog.isDebugEnabled()) {
            t3 = System.currentTimeMillis();
        }
        info.addUnknownElement(secRef.getElement());

        WSDocInfoStore.store(wsDocInfo);
        try {
            if (keyIdentifierType == WSConstants.UT_SIGNING) {
                sig.sign(sig.createSecretKey(secretKey));

        KeyInfo info = sig.getKeyInfo();
        String keyInfoUri = "KeyId-" + info.hashCode();
        info.setId(keyInfoUri);

        SecurityTokenReference secRef = new SecurityTokenReference(wssConfig,
                doc);
        String strUri = "STRId-" + secRef.hashCode();
        secRef.setID(strUri);

        String certUri = "CertId-" + certs[0].hashCode();

        if (tlog.isDebugEnabled()) {
            t1 = System.currentTimeMillis();
        }

        if (parts == null) {
            parts = new Vector();
            WSEncryptionPart encP = new WSEncryptionPart(soapConstants
                    .getBodyQName().getLocalPart(), soapConstants
                    .getEnvelopeURI(), "Content");
            parts.add(encP);
        }

        /*
         * If the sender vouches, then we must sign the SAML token _and_ at
         * least one part of the message (usually the SOAP body). To do so we
         * need to
         * - put in a reference to the SAML token. Thus we create a STR
         *   and insert it into the wsse:Security header
         * - set a reference of the created STR to the signature and use STR
         *   Transfrom during the signature
         */
        Transforms transforms = null;
        SecurityTokenReference secRefSaml = null;

        try {
            if (senderVouches) {
                secRefSaml = new SecurityTokenReference(wssConfig, doc);
                String strSamlUri = "STRSAMLId-" + secRefSaml.hashCode();
                secRefSaml.setID(strSamlUri);
                // Decouple Refernce/KeyInfo setup - quick shot here
                Reference ref = new Reference(wssConfig, doc);
                ref.setURI("#" + assertion.getId());
                ref.setValueType(WSConstants.WSS_SAML_NS
                        + WSConstants.WSS_SAML_ASSERTION);
                secRefSaml.setReference(ref);
                // up to here
                Element ctx = createSTRParameter(doc);
                transforms = new Transforms(doc);
                transforms.addTransform(STRTransform.implementedTransformURI,
                        ctx);
                sig.addDocument("#" + strSamlUri, transforms);
            }
            for (int part = 0; part < parts.size(); part++) {
                WSEncryptionPart encPart = (WSEncryptionPart) parts.get(part);
                String elemName = encPart.getName();
                String nmSpace = encPart.getNamespace();

                /*
                 * Set up the elements to sign. There are two resevered element
                 * names: "Token" and "STRTransform" "Token": Setup the
                 * Signature to either sign the information that points to the
                 * security token or the token itself. If its a direct
                 * reference sign the token, otherwise sign the KeyInfo
                 * Element. "STRTransform": Setup the ds:Reference to use STR
                 * Transform
                 *
                 */
                if (elemName.equals("Token")) {
                    transforms = new Transforms(doc);
                    transforms
                            .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
                    if (keyIdentifierType == WSConstants.BST_DIRECT_REFERENCE) {
                        sig.addDocument("#" + certUri, transforms);
                    } else {
                        sig.addDocument("#" + keyInfoUri, transforms);
                    }
                } else if (elemName.equals("STRTransform")) { // STRTransform
                    Element ctx = createSTRParameter(doc);
                    transforms = new Transforms(doc);
                    transforms.addTransform(
                            STRTransform.implementedTransformURI, ctx);
                    sig.addDocument("#" + strUri, transforms);
                } else {
                    Element body = (Element) WSSecurityUtil.findElement(
                            envelope, elemName, nmSpace);
                    if (body == null) {
                        throw new WSSecurityException(
                                WSSecurityException.FAILURE, "noEncElement",
                                new Object[] { nmSpace + ", " + elemName });
                    }
                    transforms = new Transforms(doc);
                    transforms
                            .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
                    sig.addDocument("#" + setWsuId(body), transforms);
                }
            }
        } catch (TransformationException e1) {
            throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                    "noXMLSig", null, e1);
        } catch (XMLSignatureException e1) {
            throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                    "noXMLSig", null, e1);
        }

        sig.addResourceResolver(EnvelopeIdResolver.getInstance(wssConfig));

        /*
         * The order to prepend is:
         * - signature
         * - BinarySecurityToken (depends on mode)
         * - SecurityTokenRefrence (depends on mode)
         * - SAML token
         */

        WSSecurityUtil.prependChildElement(doc, securityHeader, sig
                .getElement(), false);

        if (tlog.isDebugEnabled()) {
            t2 = System.currentTimeMillis();
        }
        switch (keyIdentifierType) {
        case WSConstants.BST_DIRECT_REFERENCE:
            Reference ref = new Reference(wssConfig, doc);
            if (senderVouches) {
                ref.setURI("#" + certUri);
                BinarySecurity bstToken = null;
                bstToken = new X509Security(wssConfig, doc);
                ((X509Security) bstToken).setX509Certificate(certs[0]);
                bstToken.setID(certUri);
                WSSecurityUtil.prependChildElement(doc, securityHeader,
                        bstToken.getElement(), false);
                wsDocInfo.setBst(bstToken.getElement());
                ref.setValueType(bstToken.getValueType());
            } else {
                ref.setURI("#" + assertion.getId());
                ref.setValueType(WSConstants.WSS_SAML_NS
                        + WSConstants.WSS_SAML_ASSERTION);
            }
            secRef.setReference(ref);
            break;
        //
        //            case WSConstants.ISSUER_SERIAL :
        //                XMLX509IssuerSerial data =
        //                    new XMLX509IssuerSerial(doc, certs[0]);
        //                secRef.setX509IssuerSerial(data);
        //                break;
        //
        //            case WSConstants.X509_KEY_IDENTIFIER :
        //                secRef.setKeyIdentifier(certs[0]);
        //                break;
        //
        //            case WSConstants.SKI_KEY_IDENTIFIER :
        //                secRef.setKeyIdentifierSKI(certs[0], crypto);
        //                break;
        //
        default:
            throw new WSSecurityException(WSSecurityException.FAILURE,
                    "unsupportedKeyId");
        }

        if (tlog.isDebugEnabled()) {
            t3 = System.currentTimeMillis();
        }
        info.addUnknownElement(secRef.getElement());

        Element samlToken = null;
        try {
            samlToken = (Element) assertion.toDOM(doc);
        } catch (SAMLException e2) {
            throw new WSSecurityException(WSSecurityException.FAILED_SIGNATURE,
                    "noSAMLdoc", null, e2);
        }
        if (senderVouches) {
            WSSecurityUtil.prependChildElement(doc, securityHeader, secRefSaml
                    .getElement(), true);
        }

        wsDocInfo.setAssertion(samlToken);
        WSSecurityUtil

            WSSecurityUtil.prependChildElement(doc,
                    parentNode,
                    xencEncryptedKey,
                    true);
        }
        SecurityTokenReference secToken = new SecurityTokenReference(wssConfig, doc);

        switch (keyIdentifierType) {
            case WSConstants.X509_KEY_IDENTIFIER:
                secToken.setKeyIdentifier(remoteCert);
                // build a key id class??
                break;

            case WSConstants.SKI_KEY_IDENTIFIER:
                secToken.setKeyIdentifierSKI(remoteCert, crypto);
                break;

            case WSConstants.ISSUER_SERIAL:
                secToken.setX509IssuerSerial(new XMLX509IssuerSerial(doc, remoteCert));
                break;

            case WSConstants.BST_DIRECT_REFERENCE:
                Reference ref = new Reference(wssConfig, doc);
                ref.setURI("#" + certUri);
                BinarySecurity bstToken = null;
                bstToken = new X509Security(wssConfig, doc);
                ((X509Security) bstToken).setX509Certificate(remoteCert);
                bstToken.setID(certUri);
                ref.setValueType(bstToken.getValueType());
                secToken.setReference(ref);
                WSSecurityUtil.prependChildElement(doc,
                        wsseSecurity,
                        bstToken.getElement(),
                        false);
                break;

            default :
                throw new WSSecurityException(WSSecurityException.FAILURE,
                        "unsupportedKeyId");
        }
        KeyInfo keyInfo = new KeyInfo(doc);
        keyInfo.addUnknownElement(secToken.getElement());
        WSSecurityUtil.appendChildElement(
                doc, xencEncryptedKey, keyInfo.getElement());

        Element xencCipherValue = createCipherValue(doc, xencEncryptedKey);
        xencCipherValue.appendChild(keyText);

        WSSecurityUtil.prependChildElement(doc,
                parentNode,
                xencEncryptedKey,
                true);

        SecurityTokenReference secToken = null;//new SecurityTokenReference(doc); TODO

        switch (keyIdentifierType) {
            case WSConstants.X509_KEY_IDENTIFIER:
                secToken.setKeyIdentifier(remoteCert);
                // build a key id class??
                break;

            case WSConstants.SKI_KEY_IDENTIFIER:
                secToken.setKeyIdentifierSKI(remoteCert, crypto);
                break;

            case WSConstants.ISSUER_SERIAL:
                secToken.setX509IssuerSerial(new XMLX509IssuerSerial(doc, remoteCert));
                WSSecurityUtil.setNamespace(secToken.getElement(), WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
                break;

            case WSConstants.BST_DIRECT_REFERENCE:
                BinarySecurity bstToken = null;
                bstToken = new X509Security(WSSConfig.getDefaultWSConfig(), doc);
                ((X509Security) bstToken).setX509Certificate(remoteCert);
                bstToken.setID(certUri);
                Reference ref = new Reference(WSSConfig.getDefaultWSConfig(), doc);
                ref.setURI("#" + certUri);
                ref.setValueType(bstToken.getValueType());
                secToken.setReference(ref);
//                WSSecurityUtil.prependChildElement(
//                    doc,
//                    wsseSecurity,
//                    bstToken.getElement(),
//                    false);
                break;

            default :
                throw new WSSecurityException(WSSecurityException.FAILURE,
                        "unsupportedKeyId");
        }
        KeyInfo keyInfo = new KeyInfo(doc);
        keyInfo.addUnknownElement(secToken.getElement());
        WSSecurityUtil.appendChildElement(doc, xencEncryptedKey, keyInfo.getElement());

        Element xencCipherValue = WSEncryptBody.createCipherValue(doc, xencEncryptedKey);
        xencCipherValue.appendChild(keyText);
        //    createDataRefList(doc, xencEncryptedKey, encDataRefs);

            (Element) WSSecurityUtil.findElement(
                (Node) encBodyData,
                "SecurityTokenReference",
                WSSConfig.getDefaultWSConfig().getWsseNS()))
            != null) {
            SecurityTokenReference secRef =
                new SecurityTokenReference(
                    WSSConfig.getDefaultWSConfig(),
                    tmpE);

            try {
                convResult =

                        log.debug(
                            "ConversationEngine :: The uuid is found " + uuid);
                        DerivedKeyInfo dkInfo = new DerivedKeyInfo(dkToken);
                        dkcbHandler.addDerivedKey(uuid, dkInfo);
                    } else { ///i.e. dkToken has a STR
                        SecurityTokenReference str2Base =
                            dkToken.getSecuityTokenReference();
                        if (str2Base.containsReference()) {
                            Reference ref2Base = str2Base.getReference();

                            if (ref2Base
                                .getValueType()
                                .equals("http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID")) {
                                /* ok now I have a SAML token. What should I do ?
                                 * -Decrypt the secret.
                                 * -create tempUUID
                                 * -add the scTInfo into dkcbHandler
                                 * -add the derived key token to dkcbHandler.
                                 */
                               uuid = ref2Base.getURI();
                            if(dkcbHandler.getSession(uuid)==null){
                        byte[] key = handleSAML(ref2Base.getElement().getOwnerDocument(), uuid);
                   System.out.println("I am here :-)");
                   SecurityContextInfo sctInfo = new SecurityContextInfo(
                                     uuid,
                                     key,
                                     1);
                   dkcbHandler.addSecurtiyContext(
                                     uuid,
                                     sctInfo);
                 }
                  DerivedKeyInfo dkInfo = new DerivedKeyInfo(dkToken);
                  dkcbHandler.addDerivedKey(uuid, dkInfo);
                            }



                            //TODO :: Add other tokens else if
                        } else if(str2Base.containsKeyIdentifier()){
                          Element elem = str2Base.getFirstElement();
                          //.getKeyIdentifier()System.out.println("KeyIdentifier :: He ehee ........");
              String value = elem.getAttribute("ValueType");
              if("http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID".equals(value)){
                uuid = ((Text)elem.getChildNodes().item(0)).getNodeValue();
                if(dkcbHandler.getSession(uuid)==null){

            binarySecToken =
                    new BinarySecurity(WSSConfig.getDefaultWSConfig(), (Element) this.element.getFirstChild());
            return binarySecToken;
        } else if ("SecurityTokenReference" == firstChild) {

            SecurityTokenReference secTokRef =
                    new SecurityTokenReference(WSSConfig.getDefaultWSConfig(),
                            (Element) this.element.getFirstChild());
            binarySecToken =
                    new BinarySecurity(WSSConfig.getDefaultWSConfig(),
                            secTokRef.getTokenElement(element.getOwnerDocument(),
                                    null));
            return binarySecToken;
        } else {
            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN,
                    "badTokenType");

        if (node == null) {
            throw new WSSecurityException(
                WSSecurityException.INVALID_SECURITY,
                "unsupportedKeyInfo");
        }
        SecurityTokenReference secRef =
            new SecurityTokenReference(
                WSSConfig.getDefaultWSConfig(),
                (Element) node);
        Document docSig = sig.getDocument();
        int docHash = docSig.hashCode();
        if (doDebug) {
            log.debug("XML Verify doc: " + docHash);
        } /*
                                  * Her we get some information about the document that is being processed,
                                  * in partucular the crypto implementation, and already detected BST that
                                  * may be used later during dereferencing.
                                  */
        WSDocInfo wsDocInfo = WSDocInfoStore.lookup(docHash);
        if (secRef.containsReference()) {
            Element token =
                secRef.getTokenElement(sig.getDocument(), wsDocInfo);
            /* check token type: We support Derivedkey tokens now.
             * We will support security context tokens.
             */
            QName el = new QName(token.getNamespaceURI(), token.getLocalName());
            if (el.equals(DERIVEDKEY_TOKEN)) {
                DerivedKeyToken dkToken = new DerivedKeyToken(token);
                DerivedKeyInfo dkInfo = null;

        String uuid = null;

                try {
          if (dkToken.getSecuityTokenReference() == null) {
            //if dkToken doesn't have a STR
            SecurityContextToken secContextTk =
              ConversationUtil.getSCT(dkToken);
            uuid = secContextTk.getIdentifier();
            log.debug(
              "ConversationEngine :: The uuid is found " + uuid);
            dkInfo = new DerivedKeyInfo(dkToken);
            dkcbHandler.addDerivedKey(uuid, dkInfo);
          } else { ///i.e. dkToken has a STR
            SecurityTokenReference str2Base =
              dkToken.getSecuityTokenReference();
            if (str2Base.containsReference()) {
              Reference ref2Base = str2Base.getReference();
                          //TODO:: Find where can I find the constants.
              if (ref2Base
                .getValueType()
                .equals("http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID")) {
                /* ok now I have a SAML token. What should I do ?
                 * -Decrypt the secret.
                 * -create tempUUID
                 * -add the scTInfo into dkcbHandler
                 * -add the derived key token to dkcbHandler.
                 */
                uuid = ref2Base.getURI();
                if(dkcbHandler.getSession(uuid)==null){
                  byte[] key = handleSAML(docSig, uuid);
                  System.out.println("I am here :-)");
                  SecurityContextInfo sctInfo =
                  new SecurityContextInfo(
                    uuid,
                    key,
                    1);
                  dkcbHandler.addSecurtiyContext(
                    uuid,
                  sctInfo);
                }
                  dkInfo = new DerivedKeyInfo(dkToken);
                  dkcbHandler.addDerivedKey(uuid, dkInfo);
                }
            } else if(str2Base.containsKeyIdentifier()){
                          Element elem = str2Base.getFirstElement();
                          //.getKeyIdentifier()System.out.println("KeyIdentifier :: He ehee ........");
                          String value = elem.getAttribute("ValueType");
                if("http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID".equals(value)){
                  uuid = ((Text)elem.getChildNodes().item(0)).getNodeValue();
                  if(dkcbHandler.getSession(uuid)==null){