Java Code Examples for org.apache.cxf.staxutils.W3CDOMStreamWriter#getDocument()

@Override
public Document loadDocument(InputSource inputSource, EntityResolver entityResolver,
                             ErrorHandler errorHandler, int validationMode, boolean namespaceAware)
    throws Exception {
    if (validationMode == XmlBeanDefinitionReader.VALIDATION_NONE) {
        SAXParserFactory parserFactory =
            namespaceAware ? nsasaxParserFactory : saxParserFactory;
        SAXParser parser = parserFactory.newSAXParser();
        XMLReader reader = parser.getXMLReader();
        reader.setEntityResolver(entityResolver);
        reader.setErrorHandler(errorHandler);
        SAXSource saxSource = new SAXSource(reader, inputSource);
        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
        StaxUtils.copy(saxSource, writer);
        return writer.getDocument();
    }
    return super.loadDocument(inputSource, entityResolver, errorHandler, validationMode,
                              namespaceAware);
}
 

Element writeSecurityTokenReference(
    W3CDOMStreamWriter writer,
    String id,
    String refValueType
) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.addWSSENamespace();
    str.setReference(ref);

    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
 

Element writeSecurityTokenReference(
    W3CDOMStreamWriter writer,
    String id,
    String refValueType
) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.setReference(ref);

    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
 

Element writeSecurityTokenReference(
    W3CDOMStreamWriter writer,
    String id,
    String refValueType
) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.setReference(ref);

    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
 

Element writeSecurityTokenReference(
    W3CDOMStreamWriter writer,
    String id,
    String refValueType
) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.setReference(ref);

    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
 

public static Source convertToXML(EndpointReferenceType epr) {
    try {
        Marshaller jm = getJAXBContextForEPR().createMarshaller();
        jm.setProperty(Marshaller.JAXB_FRAGMENT, true);
        QName qname = new QName("http://www.w3.org/2005/08/addressing", "EndpointReference");
        JAXBElement<EndpointReferenceType> jaxEle
            = new JAXBElement<>(qname, EndpointReferenceType.class, epr);


        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
        jm.marshal(jaxEle, writer);
        return new DOMSource(writer.getDocument());
    } catch (JAXBException e) {
        //ignore
    }
    return null;
}
 

Element writeSecurityTokenReference(
    W3CDOMStreamWriter writer,
    String id,
    String refValueType
) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.setReference(ref);

    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("dsig", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("dsig", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

Element writeSecurityTokenReference(
    W3CDOMStreamWriter writer,
    String id,
    String instance,
    String refValueType
) {
    Reference ref = new Reference(writer.getDocument());
    ref.setURI(id);
    if (refValueType != null) {
        ref.setValueType(refValueType);
    }
    SecurityTokenReference str = new SecurityTokenReference(writer.getDocument());
    str.addWSSENamespace();
    str.setReference(ref);

    if (instance != null) {
        try {
            Element firstChildElement = str.getFirstElement();
            if (firstChildElement != null) {
                int version = NegotiationUtils.getWSCVersion(refValueType);
                String ns = ConversationConstants.getWSCNs(version);
                firstChildElement.setAttributeNS(ns, "wsc:" + ConversationConstants.INSTANCE_LN,
                                                 instance);
            }
        } catch (WSSecurityException e) {
            //just return without wsc:Instance
        }
    }

    writer.getCurrentNode().appendChild(str.getElement());
    return str.getElement();
}
 

@SuppressWarnings("unchecked")
private Document getDomDocument(Message m) throws Exception {

    Object body = getRequestBody(m);
    if (body == null) {
        return null;
    }

    if (body instanceof Document) {
        return (Document)body;
    }
    if (body instanceof DOMSource) {
        return (Document)((DOMSource)body).getNode();
    }

    ProviderFactory pf = ProviderFactory.getInstance(m);

    Object providerObject = pf.createMessageBodyWriter(body.getClass(),
                               body.getClass(), new Annotation[]{},
                               MediaType.APPLICATION_XML_TYPE, m);
    if (!(providerObject instanceof JAXBElementProvider)) {
        return null;
    }
    JAXBElementProvider<Object> provider = (JAXBElementProvider<Object>)providerObject;
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    m.setContent(XMLStreamWriter.class, writer);
    provider.writeTo(body,
                     body.getClass(), new Annotation[]{},
                     MediaType.APPLICATION_XML_TYPE,
                     (MultivaluedMap<String, Object>)m.get(Message.PROTOCOL_HEADERS), null);
    return writer.getDocument();
}
 

public Document getMetaData(
    String serviceURL,
    String assertionConsumerServiceURL,
    String logoutURL,
    Key signingKey,
    X509Certificate signingCert,
    boolean wantRequestsSigned
) throws Exception {

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();

    writer.writeStartDocument(StandardCharsets.UTF_8.name(), "1.0");

    String referenceID = IDGenerator.generateID("_");
    writer.writeStartElement("md", "EntityDescriptor", SSOConstants.SAML2_METADATA_NS);
    writer.writeAttribute("ID", referenceID);

    writer.writeAttribute("entityID", serviceURL);

    writer.writeNamespace("md", SSOConstants.SAML2_METADATA_NS);
    writer.writeNamespace("wsa", SSOConstants.WS_ADDRESSING_NS);
    writer.writeNamespace("xsi", SSOConstants.SCHEMA_INSTANCE_NS);

    writeSAMLMetadata(writer, assertionConsumerServiceURL, logoutURL, signingCert, wantRequestsSigned);

    writer.writeEndElement(); // EntityDescriptor

    writer.writeEndDocument();

    writer.close();

    if (LOG.isDebugEnabled()) {
        String out = DOM2Writer.nodeToString(writer.getDocument());
        LOG.debug("***************** unsigned ****************");
        LOG.debug(out);
        LOG.debug("***************** unsigned ****************");
    }

    Document doc = writer.getDocument();

    if (signingKey != null) {
        return signMetaInfo(signingCert, signingKey, doc, referenceID);
    }
    return doc;
}
 

void doIssue(
    Element requestEl,
    Exchange exchange,
    Element binaryExchange,
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace
) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
    
    byte clientEntropy[] = null;
    int keySize = 256;
    long ttl = 300000L;
    String tokenType = null;
    Element el = DOMUtils.getFirstElement(requestEl);
    while (el != null) {
        String localName = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Entropy".equals(localName)) {
                Element bs = DOMUtils.getFirstElement(el);
                if (bs != null) {
                    clientEntropy = Base64.decode(bs.getTextContent());
                }
            } else if ("KeySize".equals(localName)) {
                keySize = Integer.parseInt(el.getTextContent());
            } else if ("TokenType".equals(localName)) {
                tokenType = el.getTextContent();
            }
        }
        
        el = DOMUtils.getNextElement(el);
    }
    
    // Check received KeySize
    if (keySize < 128 || keySize > 512) {
        keySize = 256;
    }
    
    writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
    SecurityContextToken sct =
        new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
    
    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + ttl);
    
    SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
    token.setToken(sct.getElement());
    token.setTokenType(sct.getTokenType());
    
    writer.getCurrentNode().appendChild(sct.getElement());
    writer.writeEndElement();        
    
    writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
    token.setAttachedReference(
        writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
    );
    writer.writeEndElement();
    
    writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
    token.setUnattachedReference(
        writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
    );
    writer.writeEndElement();
    
    writeLifetime(writer, created, expires, prefix, namespace);

    byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize);
    
    token.setSecret(secret);
    ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
            .getProperty(TokenStore.class.getName())).add(token);
    
    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}
 

void doIssue(
    Element requestEl,
    Exchange exchange,
    Element binaryExchange,
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace
) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
    
    byte clientEntropy[] = null;
    int keySize = 256;
    long ttl = 300000L;
    String tokenType = null;
    Element el = DOMUtils.getFirstElement(requestEl);
    while (el != null) {
        String localName = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Entropy".equals(localName)) {
                Element bs = DOMUtils.getFirstElement(el);
                if (bs != null) {
                    clientEntropy = Base64.decode(bs.getTextContent());
                }
            } else if ("KeySize".equals(localName)) {
                keySize = Integer.parseInt(el.getTextContent());
            } else if ("TokenType".equals(localName)) {
                tokenType = el.getTextContent();
            }
        }
        
        el = DOMUtils.getNextElement(el);
    }
    
    // Check received KeySize
    if (keySize < 128 || keySize > 512) {
        keySize = 256;
    }
    
    writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
    SecurityContextToken sct =
        new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
    
    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + ttl);
    
    SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
    token.setToken(sct.getElement());
    token.setTokenType(sct.getTokenType());
    
    writer.getCurrentNode().appendChild(sct.getElement());
    writer.writeEndElement();        
    
    writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
    token.setAttachedReference(
        writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
    );
    writer.writeEndElement();
    
    writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
    token.setUnattachedReference(
        writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
    );
    writer.writeEndElement();
    
    writeLifetime(writer, created, expires, prefix, namespace);

    byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize);
    
    token.setSecret(secret);
    ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
            .getProperty(TokenStore.class.getName())).add(token);
    
    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}
 

void doIssue(
    Element requestEl,
    Exchange exchange,
    Element binaryExchange,
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace
) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
    
    byte clientEntropy[] = null;
    int keySize = 256;
    long ttl = 300000L;
    String tokenType = null;
    Element el = DOMUtils.getFirstElement(requestEl);
    while (el != null) {
        String localName = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Entropy".equals(localName)) {
                Element bs = DOMUtils.getFirstElement(el);
                if (bs != null) {
                    clientEntropy = Base64.decode(bs.getTextContent());
                }
            } else if ("KeySize".equals(localName)) {
                keySize = Integer.parseInt(el.getTextContent());
            } else if ("TokenType".equals(localName)) {
                tokenType = el.getTextContent();
            }
        }
        
        el = DOMUtils.getNextElement(el);
    }
    
    // Check received KeySize
    if (keySize < 128 || keySize > 512) {
        keySize = 256;
    }
    
    writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
    SecurityContextToken sct =
        new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
    
    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + ttl);
    
    SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
    token.setToken(sct.getElement());
    token.setTokenType(sct.getTokenType());
    
    writer.getCurrentNode().appendChild(sct.getElement());
    writer.writeEndElement();        
    
    writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
    token.setAttachedReference(
        writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
    );
    writer.writeEndElement();
    
    writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
    token.setUnattachedReference(
        writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
    );
    writer.writeEndElement();
    
    writeLifetime(writer, created, expires, prefix, namespace);

    byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize);
    
    token.setSecret(secret);
    ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
            .getProperty(TokenStore.class.getName())).add(token);
    
    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}
 

void doIssue(
    Element requestEl,
    Exchange exchange,
    Element binaryExchange,
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace
) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
    
    byte clientEntropy[] = null;
    int keySize = 256;
    long ttl = 300000L;
    String tokenType = null;
    Element el = DOMUtils.getFirstElement(requestEl);
    while (el != null) {
        String localName = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Entropy".equals(localName)) {
                Element bs = DOMUtils.getFirstElement(el);
                if (bs != null) {
                    clientEntropy = Base64.decode(bs.getTextContent());
                }
            } else if ("KeySize".equals(localName)) {
                keySize = Integer.parseInt(el.getTextContent());
            } else if ("TokenType".equals(localName)) {
                tokenType = el.getTextContent();
            }
        }
        
        el = DOMUtils.getNextElement(el);
    }
    
    // Check received KeySize
    if (keySize < 128 || keySize > 512) {
        keySize = 256;
    }
    
    writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
    SecurityContextToken sct =
        new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
    
    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + ttl);
    
    SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
    token.setToken(sct.getElement());
    token.setTokenType(sct.getTokenType());
    
    writer.getCurrentNode().appendChild(sct.getElement());
    writer.writeEndElement();        
    
    writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
    token.setAttachedReference(
        writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
    );
    writer.writeEndElement();
    
    writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
    token.setUnattachedReference(
        writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
    );
    writer.writeEndElement();
    
    writeLifetime(writer, created, expires, prefix, namespace);

    byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize);
    
    token.setSecret(secret);
    ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
            .getProperty(TokenStore.class.getName())).add(token);
    
    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}