private WSSecBase doEncryption( TokenWrapper recToken, SecurityToken encrTok, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd) { // Do encryption if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) { Token encrToken = recToken.getToken(); policyAsserted(recToken); policyAsserted(encrToken); AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite(); if (encrToken.isDerivedKeys()) { return doEncryptionDerived(recToken, encrTok, encrToken, attached, encrParts, atEnd); } else { try { WSSecEncrypt encr = new WSSecEncrypt(wssConfig); String encrTokId = encrTok.getId(); if (attached) { encrTokId = encrTok.getWsuId(); if (encrTokId == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) { encr.setEncKeyIdDirectId(true); encrTokId = encrTok.getId(); } else if (encrTokId == null) { encrTokId = encrTok.getId(); } if (encrTokId.startsWith("#")) { encrTokId = encrTokId.substring(1); } } else { encr.setEncKeyIdDirectId(true); } if (encrTok.getTokenType() != null) { encr.setCustomReferenceValue(encrTok.getTokenType()); } encr.setEncKeyId(encrTokId); encr.setEphemeralKey(encrTok.getSecret()); Crypto crypto = getEncryptionCrypto(recToken); if (crypto != null) { this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto); setEncryptionUser(encr, recToken, false, crypto); } encr.setDocument(saaj.getSOAPPart()); encr.setEncryptSymmKey(false); encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken) { // Setting the AttachedReference or the UnattachedReference according to the flag Element ref; if (attached) { ref = encrTok.getAttachedReference(); } else { ref = encrTok.getUnattachedReference(); } String tokenType = encrTok.getTokenType(); if (ref != null) { SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), false); encr.setSecurityTokenReference(secRef); } else if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) { encr.setCustomReferenceValue(WSConstants.WSS_SAML_KI_VALUE_TYPE); encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { encr.setCustomReferenceValue(WSConstants.WSS_SAML2_KI_VALUE_TYPE); encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { encr.setCustomReferenceValue(tokenType); encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } } else if (encrToken instanceof UsernameToken) { encr.setCustomReferenceValue(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } else if (!isRequestor()) { if (encrTok.getSHA1() != null) { encr.setCustomReferenceValue(encrTok.getSHA1()); encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); } else { encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF); } } encr.prepare(saaj.getSOAPPart(), crypto); if (encr.getBSTTokenId() != null) { encr.prependBSTElementToHeader(secHeader); } Element refList = encr.encryptForRef(null, encrParts); if (atEnd) { this.insertBeforeBottomUp(refList); } else { this.addDerivedKeyElement(refList); } return encr; } catch (WSSecurityException e) { policyNotAsserted(recToken, e); } } } return null; }