/**
* Creates a {@code KeyInfoType} that wraps the specified secret. If the {@code encryptionKey}
* parameter is not null, the secret is encrypted using the specified public key before it is set
* in the {@code KeyInfoType}.
*
* @param secret a {@code byte[]} representing the secret (symmetric key).
* @param encryptionKey the {@code PublicKey} that must be used to encrypt the secret.
* @param keyWrapAlgo the key wrap algorithm to be used.
* @return the constructed {@code KeyInfoType} instance.
* @throws WSTrustException if an error occurs while creating the {@code KeyInfoType} object.
*/
public static KeyInfoType createKeyInfo(byte[] secret, PublicKey encryptionKey, URI keyWrapAlgo)
throws WSTrustException {
KeyInfoType keyInfo = null;
// if a public key has been specified, encrypt the secret using the public key.
if (encryptionKey != null) {
try {
Document document = DocumentUtil.createDocument();
// TODO: XMLEncryptionUtil should allow for the specification of the key wrap algorithm.
EncryptedKey key =
XMLEncryptionUtil.encryptKey(
document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8);
Element encryptedKeyElement = XMLCipher.getInstance().martial(key);
keyInfo = new KeyInfoType();
keyInfo.addContent(encryptedKeyElement);
} catch (Exception e) {
throw logger.stsKeyInfoTypeCreationError(e);
}
} else {
logger.stsSecretKeyNotEncrypted();
}
return keyInfo;
}
