W3CDOMStreamWriter writer,
String prefix,
String namespace
) throws Exception {
SpnegoTokenContext spnegoToken =
handleBinaryExchange(binaryExchange, exchange.getInMessage(), namespace);
writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
String context = requestEl.getAttributeNS(null, "Context");
if (context != null && !"".equals(context)) {
writer.writeAttribute("Context", context);
}
// Find TokenType and KeySize
int keySize = 256;
String tokenType = null;
Element el = DOMUtils.getFirstElement(requestEl);
while (el != null) {
String localName = el.getLocalName();
if (namespace.equals(el.getNamespaceURI())) {
if ("KeySize".equals(localName)) {
keySize = Integer.parseInt(el.getTextContent());
} else if ("TokenType".equals(localName)) {
tokenType = el.getTextContent();
}
}
el = DOMUtils.getNextElement(el);
}
// Check received KeySize
if (keySize < 128 || keySize > 512) {
keySize = 256;
}
// TokenType
writer.writeStartElement(prefix, "TokenType", namespace);
writer.writeCharacters(tokenType);
writer.writeEndElement();
writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
// SecurityContextToken
SecurityContextToken sct =
new SecurityContextToken(
NegotiationUtils.getWSCVersion(tokenType), writer.getDocument()
);
// Lifetime
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + 300000L);
SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
token.setToken(sct.getElement());
token.setTokenType(sct.getTokenType());
writer.getCurrentNode().appendChild(sct.getElement());
writer.writeEndElement();
// References
writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
token.setAttachedReference(
writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
);
writer.writeEndElement();
writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
token.setUnattachedReference(
writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
);
writer.writeEndElement();
writeLifetime(writer, created, expires, prefix, namespace);
// KeySize
writer.writeStartElement(prefix, "KeySize", namespace);
writer.writeCharacters("" + keySize);
writer.writeEndElement();
byte[] secret = WSSecurityUtil.generateNonce(keySize / 8);
byte[] key = spnegoToken.wrapKey(secret);
writeProofToken(writer, prefix, namespace, key);
writer.writeEndElement();
/*
// Second RequestSecurityTokenResponse containing the Authenticator
// TODO
writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
if (context != null && !"".equals(context)) {
writer.writeAttribute("Context", context);
}
writeAuthenticator(writer, prefix, namespace, secret);
writer.writeEndElement();
*/
writer.writeEndElement();
spnegoToken.clear();
token.setSecret(secret);
((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
.getProperty(TokenStore.class.getName())).add(token);
}