callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
callbackHandler.setIssuer("www.example.com");
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
WSSecSAMLToken wsSign = new WSSecSAMLToken();
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
wsSign.prepare(doc, samlAssertion);
// Get the Element + add it to the security header as an EncryptedAssertion
Element assertionElement = wsSign.getElement();
Element encryptedAssertionElement =
doc.createElementNS(WSConstants.SAML2_NS, WSConstants.ENCRYPED_ASSERTION_LN);
encryptedAssertionElement.appendChild(assertionElement);
secHeader.getSecurityHeader().appendChild(encryptedAssertionElement);
// Encrypt the Assertion
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(128);
SecretKey secretKey = keygen.generateKey();
Crypto crypto = CryptoFactory.getInstance("wss40.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("wss40");
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
assertTrue(certs != null && certs.length > 0 && certs[0] != null);
encryptElement(doc, assertionElement, WSConstants.AES_128, secretKey,
WSConstants.KEYTRANSPORT_RSAOEP, certs[0], false);
if (LOG.isDebugEnabled()) {
String outputString =
XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
List<WSSecurityEngineResult> results =
secEngine.processSecurityHeader(doc, null, new KeystoreCallbackHandler(), crypto);
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
SamlAssertionWrapper receivedSamlAssertion =
(SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(receivedSamlAssertion != null);
assertTrue(receivedSamlAssertion.getElement() != null);
assertTrue("Assertion".equals(receivedSamlAssertion.getElement().getLocalName()));
actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.ENCR);
assertTrue(actionResult != null);
}