* processed, in partucular the crypto implementation, and already
* detected BST that may be used later during dereferencing.
*/
wsDocInfo = WSDocInfoStore.lookup(docHash);
if (wsDocInfo == null) {
throw (new CanonicalizationException("no WSDocInfo found"));
}
/*
* According to the OASIS WS Specification "Web Services Security:
* SOAP Message Security 1.0" Monday, 19 January 2004, chapter 8.3
* describes that the input node set must be processed bythe c14n
* that is specified in the argument element of the STRTransform
* element.
*
* First step: Get the required c14n argument and get the specified
* Canonicalizer
*/
String canonAlgo = null;
if (this._transformObject.length(WSConstants.WSSE_NS,
"TransformationParameters") == 1) {
Element tmpE = XMLUtils.selectNode(this._transformObject
.getElement().getFirstChild(), WSConstants.WSSE_NS,
"TransformationParameters", 0);
Element canonElem = (Element) WSSecurityUtil.getDirectChild(
tmpE, "CanonicalizationMethod", WSConstants.SIG_NS);
canonAlgo = canonElem.getAttribute("Algorithm");
if (doDebug) {
log.debug("CanonAlgo: " + canonAlgo);
}
}
Canonicalizer canon = Canonicalizer.getInstance(canonAlgo);
ByteArrayOutputStream bos = null;
byte[] buf = null;
if (doDebug) {
buf = input.getBytes();
bos = new ByteArrayOutputStream(buf.length);
bos.write(buf, 0, buf.length);
log.debug("canon bos: " + bos.toString());
}
/*
* Get the input (node) to transform. Currently we support only an
* Element as input format. If other formats are required we must
* get it as bytes and probably reparse it into a DOM tree (How to
* work with nodesets? how to select the right node from a nodeset?)
*/
Element str = null;
if (input.isElement()) {
str = (Element) input.getSubNode();
} else {
throw (new CanonicalizationException(
"Wrong input format - only element input supported"));
}
if (doDebug) {
log.debug("STR: " + str.toString());
}
/*
* The element to transform MUST be a SecurityTokenReference
* element.
*/
SecurityTokenReference secRef = new SecurityTokenReference(str);
/*
* Third and forth step are performed by derefenceSTR()
*/
Element dereferencedToken = dereferenceSTR(thisDoc, secRef);
/*
* C14n with specified algorithm. According to WSS Specification.
*/
buf = canon.canonicalizeSubtree(dereferencedToken, "#default");
if (doDebug) {
bos = new ByteArrayOutputStream(buf.length);
bos.write(buf, 0, buf.length);
log.debug("after c14n: " + bos.toString());
}
/*
* Alert: Hacks ahead According to WSS spec an Apex node must
* contain a default namespace. If none is availabe in the first
* node of the c14n output (this is the apex element) then we do
* some editing to insert an empty default namespace
*
* TODO: Rework theses hacks after c14n was updated and can be
* instructed to insert empty default namespace if required
*/
// If the problem with c14n method is solved then just do:
// return new XMLSignatureInput(buf);
// start of HACK
StringBuffer bf = new StringBuffer(new String(buf));
String bf1 = bf.toString();
/*
* Find start and end of first element <....>, this is the Apex node
*/
int lt = bf1.indexOf("<");
int gt = bf1.indexOf(">");
/*
* Lookup the default namespace
*/
int idx = bf1.indexOf(XMLNS);
/*
* If none found or if it is outside of this (Apex) element look for
* first blank in, insert default namespace there (this is the
* correct place according to c14n specification)
*/
if (idx < 0 || idx > gt) {
idx = bf1.indexOf(" ");
bf.insert(idx + 1, "xmlns=\"\" ");
bf1 = bf.toString();
}
if (doDebug) {
log.debug("last result: ");
log.debug(bf1);
}
return new XMLSignatureInput(bf1.getBytes());
}
// End of HACK
catch (WSSecurityException ex) {
throw (new CanonicalizationException("WS Security Exception", ex));
}
}