/**
* Creates a {@code KeyInfoType} that wraps the specified certificate.
*
* @param certificate the {@code Certificate} to be wrapped as a {@code X509DataType} inside the
* {@code KeyInfoType}.
* @return the constructed {@code KeyInfoType} object.
* @throws WSTrustException if an error occurs while creating the {@code KeyInfoType}.
*/
public static KeyInfoType createKeyInfo(Certificate certificate) throws WSTrustException {
KeyInfoType keyInfo = null;
try {
// don't Base64 encode the certificate - JAXB marshaling performs the encoding.
byte[] encodedCert = certificate.getEncoded();
// first create a X509DataType that contains the encoded certificate.
X509DataType x509 = new X509DataType();
X509CertificateType cert = new X509CertificateType();
cert.setEncodedCertificate(Base64.encodeBytes(encodedCert).getBytes());
x509.add(cert);
// set the X509DataType in the KeyInfoType.
keyInfo = new KeyInfoType();
keyInfo.addContent(x509);
} catch (Exception e) {
throw logger.stsKeyInfoTypeCreationError(e);
}
return keyInfo;
}
/**
* Creates a {@code KeyInfoType} that wraps the specified secret. If the {@code encryptionKey}
* parameter is not null, the secret is encrypted using the specified public key before it is set
* in the {@code KeyInfoType}.
*
* @param secret a {@code byte[]} representing the secret (symmetric key).
* @param encryptionKey the {@code PublicKey} that must be used to encrypt the secret.
* @param keyWrapAlgo the key wrap algorithm to be used.
* @return the constructed {@code KeyInfoType} instance.
* @throws WSTrustException if an error occurs while creating the {@code KeyInfoType} object.
*/
public static KeyInfoType createKeyInfo(byte[] secret, PublicKey encryptionKey, URI keyWrapAlgo)
throws WSTrustException {
KeyInfoType keyInfo = null;
// if a public key has been specified, encrypt the secret using the public key.
if (encryptionKey != null) {
try {
Document document = DocumentUtil.createDocument();
// TODO: XMLEncryptionUtil should allow for the specification of the key wrap algorithm.
EncryptedKey key =
XMLEncryptionUtil.encryptKey(
document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8);
Element encryptedKeyElement = XMLCipher.getInstance().martial(key);
keyInfo = new KeyInfoType();
keyInfo.addContent(encryptedKeyElement);
} catch (Exception e) {
throw logger.stsKeyInfoTypeCreationError(e);
}
} else {
logger.stsSecretKeyNotEncrypted();
}
return keyInfo;
}
