//now process the (deferred-) attachments:
for (int i = 0; i < attachmentReferences.size(); i++) {
DeferredAttachment deferredAttachment = attachmentReferences.get(i);
final EncryptedDataType encryptedDataType = deferredAttachment.getEncryptedDataType();
final InboundSecurityToken inboundSecurityToken = deferredAttachment.getInboundSecurityToken();
final Cipher cipher = deferredAttachment.getCipher();
final String uri = encryptedDataType.getCipherData().getCipherReference().getURI();
final String attachmentId = uri.substring(4);
CallbackHandler attachmentCallbackHandler =
((WSSSecurityProperties) getSecurityProperties()).getAttachmentCallbackHandler();
if (attachmentCallbackHandler == null) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY,
"empty", "no attachment callbackhandler supplied"
);
}
AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
attachmentRequestCallback.setAttachmentId(attachmentId);
try {
attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
List<Attachment> attachments = attachmentRequestCallback.getAttachments();
if (attachments == null || attachments.isEmpty() || !attachmentId.equals(attachments.get(0).getId())) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY,
"empty", "Attachment not found"
);
}
final Attachment attachment = attachments.get(0);
final String encAlgo = encryptedDataType.getEncryptionMethod().getAlgorithm();
final Key symmetricKey =
inboundSecurityToken.getSecretKey(encAlgo, XMLSecurityConstants.Enc, encryptedDataType.getId());
InputStream attachmentInputStream =
AttachmentUtils.setupAttachmentDecryptionStream(encAlgo, cipher, symmetricKey, attachment.getSourceStream());
Attachment resultAttachment = new Attachment();
resultAttachment.setId(attachment.getId());
resultAttachment.setMimeType(encryptedDataType.getMimeType());
resultAttachment.setSourceStream(attachmentInputStream);
resultAttachment.addHeaders(attachment.getHeaders());
if (WSSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE.equals(encryptedDataType.getType())) {
try {
AttachmentUtils.readAndReplaceEncryptedAttachmentHeaders(
resultAttachment.getHeaders(), attachmentInputStream);
} catch (IOException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
}
AttachmentResultCallback attachmentResultCallback = new AttachmentResultCallback();
attachmentResultCallback.setAttachment(resultAttachment);
attachmentResultCallback.setAttachmentId(resultAttachment.getId());
try {
attachmentCallbackHandler.handle(new Callback[]{attachmentResultCallback});
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
// Create a security event for this encrypted Attachment
final DocumentContext documentContext = inputProcessorChain.getDocumentContext();
EncryptedPartSecurityEvent encryptedPartSecurityEvent =
new EncryptedPartSecurityEvent(inboundSecurityToken, true, documentContext.getProtectionOrder());
encryptedPartSecurityEvent.setAttachment(true);
encryptedPartSecurityEvent.setCorrelationID(encryptedDataType.getId());
inputProcessorChain.getSecurityContext().registerSecurityEvent(encryptedPartSecurityEvent);
}
}