/** * Signs the message. * * @param soapMessage SOAPMessage that needs to be signed. * @param profile Security profile that needs to be used for signing. * @param assertion Security Assertion * @return SOAPMessage signed SOAPMessage. */ private SOAPMessage signMessage( SOAPMessage soapMessage, String profile, SecurityAssertion assertion) throws SOAPBindingException { try { SOAPHeader soapHeader = soapMessage.getSOAPPart().getEnvelope().getHeader(); if (soapHeader == null) { soapMessage.getSOAPPart().getEnvelope().addHeader(); } SOAPBody soapBody = soapMessage.getSOAPPart().getEnvelope().getBody(); if (soapBody == null) { throw new SOAPBindingException(WSSUtils.bundle.getString("nullSOAPBody")); } String bodyId = SAMLUtils.generateID(); soapBody.setAttributeNS(WSSEConstants.NS_WSU_WSF11, WSSEConstants.WSU_ID, bodyId); List ids = new ArrayList(); ids.add(bodyId); if (correlationId != null) { ids.add(correlationId); } Certificate cert = null; Element sigElem = null; ByteArrayInputStream bin = null; ByteArrayOutputStream bop = new ByteArrayOutputStream(); Document doc = null; if (profile == null || profile.equals(Message.NULL_X509) || profile.equals(Message.TLS_X509) || profile.equals(Message.CLIENT_TLS_X509) || profile.equals(Message.NULL_X509_WSF11) || profile.equals(Message.TLS_X509_WSF11) || profile.equals(Message.CLIENT_TLS_X509_WSF11)) { BinarySecurityToken binaryToken = addBinaryToken(soapMessage); cert = SecurityUtils.getCertificate(binaryToken); soapMessage.writeTo(bop); bin = new ByteArrayInputStream(bop.toByteArray()); doc = XMLUtils.toDOMDocument(bin, WSSUtils.debug); sigElem = SecurityUtils.getSignatureManager() .signWithWSSX509TokenProfile( doc, cert, "", ids, SOAPBindingConstants.WSF_11_VERSION); } else if (profile.equals(Message.NULL_SAML) || profile.equals(Message.TLS_SAML) || profile.equals(Message.CLIENT_TLS_SAML) || profile.equals(Message.NULL_SAML_WSF11) || profile.equals(Message.TLS_SAML_WSF11) || profile.equals(Message.CLIENT_TLS_SAML_WSF11)) { cert = SecurityUtils.getCertificate(assertion); soapMessage.writeTo(bop); new ByteArrayInputStream(bop.toByteArray()); bin = new ByteArrayInputStream(bop.toByteArray()); doc = XMLUtils.toDOMDocument(bin, WSSUtils.debug); sigElem = SecurityUtils.getSignatureManager() .signWithWSSSAMLTokenProfile( doc, cert, assertion.getAssertionID(), "", ids, SOAPBindingConstants.WSF_11_VERSION); } if (sigElem == null) { WSSUtils.debug.error("MessageProcessor.signMessage: " + "SigElement is null"); throw new SOAPBindingException(WSSUtils.bundle.getString("cannotSignMessage")); } Element securityHeader = getSecurityHeader(soapMessage); securityHeader.appendChild(securityHeader.getOwnerDocument().importNode(sigElem, true)); return Utils.DocumentToSOAPMessage(sigElem.getOwnerDocument()); } catch (Exception ex) { WSSUtils.debug.error("MessageProcessor.signMessage: " + "Signing failed.", ex); throw new SOAPBindingException(WSSUtils.bundle.getString("cannotSignMessage")); } }