/*
* Copyright 2004,2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
public class AsymmetricBindingBuilder extends BindingBuilder {
private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
private boolean dotDebug = false;
private Token sigToken;
private WSSecSignature sig;
private WSSecEncryptedKey encrKey;
private String encryptedKeyId;
private byte[] encryptedKeyValue;
private Vector signatureValues = new Vector();
private Element encrTokenElement;
private Element sigDKTElement;
private Element encrDKTElement;
private Vector sigParts = new Vector();
private Element signatureElement;
public AsymmetricBindingBuilder(){
dotDebug = tlog.isDebugEnabled();
}
public void build(RampartMessageData rmd) throws RampartException {
log.debug("AsymmetricBindingBuilder build invoked");
RampartPolicyData rpd = rmd.getPolicyData();
if (rpd.isIncludeTimestamp()) {
this.addTimestamp(rmd);
}
if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
this.doEncryptBeforeSig(rmd);
} else {
this.doSignBeforeEncrypt(rmd);
}
log.debug("AsymmetricBindingBuilder build invoked : DONE");
}
private void doEncryptBeforeSig(RampartMessageData rmd)
throws RampartException {
long t0 = 0, t1 = 0, t2 = 0;
if(dotDebug){
t0 = System.currentTimeMillis();
}
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
RampartConfig config = rpd.getRampartConfig();
/*
* We need to hold on to these two element to use them as refence in the
* case of encypting the signature
*/
Element encrDKTokenElem = null;
WSSecEncrypt encr = null;
Element refList = null;
WSSecDKEncrypt dkEncr = null;
/*
* We MUST use keys derived from the same token
*/
Token encryptionToken = null;
if(rmd.isInitiator()) {
encryptionToken = rpd.getRecipientToken();
} else {
encryptionToken = rpd.getInitiatorToken();
}
Vector encrParts = RampartUtil.getEncryptedParts(rmd);
//Signed parts are determined before encryption because encrypted signed headers
//will not be included otherwise
this.sigParts = RampartUtil.getSignedParts(rmd);
if(encryptionToken == null && encrParts.size() > 0) {
throw new RampartException("encryptionTokenMissing");
}
if (encryptionToken != null && encrParts.size() > 0) {
//Check for RampartConfig assertion
if(rpd.getRampartConfig() == null) {
//We'er missing the extra info rampart needs
throw new RampartException("rampartConigMissing");
}
if (encryptionToken.isDerivedKeys()) {
try {
this.setupEncryptedKey(rmd, encryptionToken);
// Create the DK encryption builder
dkEncr = new WSSecDKEncrypt();
dkEncr.setParts(encrParts);
dkEncr.setExternalKey(this.encryptedKeyValue,
this.encryptedKeyId);
dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
// Get and add the DKT element
this.encrDKTElement = dkEncr.getdktElement();
encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
refList = dkEncr.encryptForExternalRef(null, encrParts);
} catch (WSSecurityException e) {
throw new RampartException("errorCreatingEncryptedKey", e);
} catch (ConversationException e) {
throw new RampartException("errorInDKEncr", e);
}
} else {
try {
encr = new WSSecEncrypt();
encr.setParts(encrParts);
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
RampartUtil.setKeyIdentifierType(rpd,encr, encryptionToken);
encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
Element bstElem = encr.getBinarySecurityTokenElement();
if (bstElem != null) {
RampartUtil.appendChildToSecHeader(rmd, bstElem);
}
this.encrTokenElement = encr.getEncryptedKeyElement();
this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
encrTokenElement);
refList = encr.encryptForExternalRef(null, encrParts);
} catch (WSSecurityException e) {
throw new RampartException("errorInEncryption", e);
}
}
RampartUtil.appendChildToSecHeader(rmd, refList);
if(dotDebug){
t1 = System.currentTimeMillis();
}
this.setInsertionLocation(encrTokenElement);
RampartUtil.handleEncryptedSignedHeaders(encrParts, this.sigParts, doc);
HashMap sigSuppTokMap = null;
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
HashMap sgndEncSuppTokMap = null;
HashMap endEncSuppTokMap = null;
HashMap sgndEndEncSuppTokMap = null;
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(RampartUtil
.addWsuIdToElement((OMElement) this.timestampElement)));
}
if (rmd.isInitiator()) {
// Now add the supporting tokens
SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
SupportingToken supportingToks = rpd.getSupportingTokens();
this.handleSupportingTokens(rmd, supportingToks);
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
sigParts = addSignatureParts(sigSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
} else {
addSignatureConfirmation(rmd, sigParts);
}
if(( sigParts.size() > 0 &&
rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
(!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
this.doSignature(rmd);
}
if (rmd.isInitiator()) {
endSuppTokMap.putAll(endEncSuppTokMap);
// Do endorsed signatures
Vector endSigVals = this.doEndorsedSignatures(rmd,
endSuppTokMap);
for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
signatureValues.add(iter.next());
}
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
// Do signed endorsing signatures
Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
sgndEndSuppTokMap);
for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
signatureValues.add(iter.next());
}
}
if(dotDebug){
t2 = System.currentTimeMillis();
tlog.debug("Encryption took :" + (t1 - t0)
+", Signature tool :" + (t2 - t1) );
}
// Check for signature protection
if (rpd.isSignatureProtection() && this.mainSigId != null) {
long t3 = 0, t4 = 0;
if(dotDebug){
t3 = System.currentTimeMillis();
}
Vector secondEncrParts = new Vector();
// Now encrypt the signature using the above token
secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
"Element"));
if(rmd.isInitiator()) {
for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
}
}
Element secondRefList = null;
if (encryptionToken.isDerivedKeys()) {
try {
secondRefList = dkEncr.encryptForExternalRef(null,
secondEncrParts);
RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
secondRefList);
} catch (WSSecurityException e) {
throw new RampartException("errorCreatingEncryptedKey",
e);
}
} else {
try {
// Encrypt, get hold of the ref list and add it
secondRefList = encr.encryptForExternalRef(null,
secondEncrParts);
// Insert the ref list after the encrypted key elem
this.setInsertionLocation(RampartUtil
.insertSiblingAfter(rmd, encrTokenElement,
secondRefList));
} catch (WSSecurityException e) {
throw new RampartException("errorInEncryption", e);
}
}
if(dotDebug){
t4 = System.currentTimeMillis();
tlog.debug("Signature protection took :" + (t4 - t3));
}
}
}
}
private void doSignBeforeEncrypt(RampartMessageData rmd)
throws RampartException {
long t0 = 0, t1 = 0, t2 = 0;
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
HashMap sigSuppTokMap = null;
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
HashMap sgndEncSuppTokMap = null;
HashMap endEncSuppTokMap = null;
HashMap sgndEndEncSuppTokMap = null;
sigParts = RampartUtil.getSignedParts(rmd);
//Add timestamp
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(RampartUtil
.addWsuIdToElement((OMElement) this.timestampElement)));
}else{
this.setInsertionLocation(null);
}
if(dotDebug){
t0 = System.currentTimeMillis();
}
if (rmd.isInitiator()) {
// Now add the supporting tokens
SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
SupportingToken supportingToks = rpd.getSupportingTokens();
this.handleSupportingTokens(rmd, supportingToks);
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
sigParts = addSignatureParts(sigSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
} else {
addSignatureConfirmation(rmd, sigParts);
}
if( sigParts.size() > 0 &&
((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
(!rmd.isInitiator() && rpd.getRecipientToken() != null))) {
// Do signature
this.doSignature(rmd);
}
//Do endorsed signature
if (rmd.isInitiator()) {
// Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
endSuppTokMap.putAll(endEncSuppTokMap);
// Do endorsed signatures
Vector endSigVals = this.doEndorsedSignatures(rmd,
endSuppTokMap);
for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
signatureValues.add(iter.next());
}
//Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
// Do signed endorsing signatures
Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
sgndEndSuppTokMap);
for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
signatureValues.add(iter.next());
}
}
if(dotDebug){
t1 = System.currentTimeMillis();
}
Vector encrParts = RampartUtil.getEncryptedParts(rmd);
//Check for signature protection
if(rpd.isSignatureProtection() && this.mainSigId != null) {
encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
}
if(rmd.isInitiator()) {
for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
encrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
}
}
//Do encryption
Token encrToken = rpd.getRecipientToken();
if(encrToken != null && encrParts.size() > 0) {
Element refList = null;
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(encrToken.isDerivedKeys()) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
if(this.encrKey == null) {
this.setupEncryptedKey(rmd, encrToken);
}
dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
if(this.encrTokenElement != null) {
this.encrDKTElement = RampartUtil.insertSiblingAfter(
rmd, this.encrTokenElement, dkEncr.getdktElement());
} else {
this.encrDKTElement = RampartUtil.insertSiblingBefore(
rmd, this.sigDKTElement, dkEncr.getdktElement());
}
refList = dkEncr.encryptForExternalRef(null, encrParts);
RampartUtil.insertSiblingAfter(rmd,
this.encrDKTElement,
refList);
} catch (WSSecurityException e) {
throw new RampartException("errorInDKEncr", e);
} catch (ConversationException e) {
throw new RampartException("errorInDKEncr", e);
}
} else {
try {
WSSecEncrypt encr = new WSSecEncrypt();
RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
if(this.timestampElement != null){
this.setInsertionLocation(this.timestampElement);
}else{
this.setInsertionLocation(null);
}
if(encr.getBSTTokenId() != null) {
this.setInsertionLocation(RampartUtil
.insertSiblingAfterOrPrepend(rmd,
this.getInsertionLocation(),
encr.getBinarySecurityTokenElement()));
}
Element encryptedKeyElement = encr.getEncryptedKeyElement();
//Encrypt, get hold of the ref list and add it
refList = encr.encryptForInternalRef(null, encrParts);
//Add internal refs
encryptedKeyElement.appendChild(refList);
this.setInsertionLocation(RampartUtil
.insertSiblingAfterOrPrepend(rmd,
this.getInsertionLocation(),
encryptedKeyElement));
// RampartUtil.insertSiblingAfter(rmd,
// this.getInsertionLocation(),
// refList);
} catch (WSSecurityException e) {
throw new RampartException("errorInEncryption", e);
}
}
}
if(dotDebug){
t2 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0)
+", Encryption took :" + (t2 - t1) );
}
}
private void doSignature(RampartMessageData rmd) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
long t0 = 0, t1 = 0;
if(dotDebug){
t0 = System.currentTimeMillis();
}
if(rmd.isInitiator()) {
sigToken = rpd.getInitiatorToken();
} else {
sigToken = rpd.getRecipientToken();
}
if (sigToken.isDerivedKeys()) {
// Set up the encrypted key to use
if(this.encrKey == null) {
setupEncryptedKey(rmd, sigToken);
}
WSSecDKSign dkSign = new WSSecDKSign();
dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
// Set the algo info
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
.getSymmetricSignature());
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
.getSignatureDerivedKeyLength() / 8);
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
try {
dkSign.prepare(doc, rmd.getSecHeader());
if (rpd.isTokenProtection()) {
sigParts.add(new WSEncryptionPart(encrKey.getId()));
}
dkSign.setParts(sigParts);
dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
// Do signature
dkSign.computeSignature();
;
// Add elements to header
this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
this.getInsertionLocation(), dkSign.getdktElement());
this.setInsertionLocation(this.sigDKTElement);
this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
this.getInsertionLocation(), dkSign
.getSignatureElement()));
this.mainSigId = RampartUtil
.addWsuIdToElement((OMElement) dkSign
.getSignatureElement());
signatureValues.add(dkSign.getSignatureValue());
signatureElement = dkSign.getSignatureElement();
} catch (WSSecurityException e) {
throw new RampartException("errorInDerivedKeyTokenSignature", e);
} catch (ConversationException e) {
throw new RampartException("errorInDerivedKeyTokenSignature", e);
}
} else {
sig = this.getSignatureBuider(rmd, sigToken);
Element bstElem = sig.getBinarySecurityTokenElement();
if(bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd, this
.getInsertionLocation(), bstElem);
this.setInsertionLocation(bstElem);
}
if (rmd.getPolicyData().isTokenProtection()
&& sig.getBSTTokenId() != null) {
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
try {
sig.addReferencesToSign(sigParts, rmd.getSecHeader());
sig.computeSignature();
signatureElement = sig.getSignatureElement();
this.setInsertionLocation(RampartUtil.insertSiblingAfter(
rmd, this.getInsertionLocation(), signatureElement));
this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
} catch (WSSecurityException e) {
throw new RampartException("errorInSignatureWithX509Token", e);
}
signatureValues.add(sig.getSignatureValue());
}
if(dotDebug){
t1 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0));
}
}
/**
* @param rmd
* @throws RampartException
*/
private void setupEncryptedKey(RampartMessageData rmd, Token token)
throws RampartException {
if(!rmd.isInitiator() && token.isDerivedKeys()) {
//If we already have them, simply return
if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
return;
}
//Use the secret from the incoming EncryptedKey element
Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
if(resultsObj != null) {
encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
//In the case where we don't have the EncryptedKey in the
//request, for the control to have reached this state,
//the scenario MUST be a case where this is the response
//message by a listener created for an async client
//Therefor we will create a new EncryptedKey
if(encryptedKeyId == null && encryptedKeyValue == null) {
createEncryptedKey(rmd, token);
}
} else {
throw new RampartException("noSecurityResults");
}
} else {
createEncryptedKey(rmd, token);
}
}
/**
* Create an encrypted key element
* @param rmd
* @param token
* @throws RampartException
*/
private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
//Set up the encrypted key to use
encrKey = this.getEncryptedKeyBuilder(rmd, token);
Element bstElem = encrKey.getBinarySecurityTokenElement();
if (bstElem != null) {
// If a BST is available then use it
RampartUtil.appendChildToSecHeader(rmd, bstElem);
}
// Add the EncryptedKey
encrTokenElement = encrKey.getEncryptedKeyElement();
this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
encrTokenElement);
encryptedKeyValue = encrKey.getEphemeralKey();
encryptedKeyId = encrKey.getId();
//Store the token for client - response verification
// and server - response creation
try {
org.apache.rahas.Token tok = new org.apache.rahas.Token(
encryptedKeyId, (OMElement)encrTokenElement , null, null);
tok.setSecret(encryptedKeyValue);
rmd.getTokenStorage().add(tok);
} catch (TrustException e) {
throw new RampartException("errorInAddingTokenIntoStore", e);
}
}
}