package com.sun.xml.wss.impl.dsig;

import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.xml.ws.security.DerivedKeyToken;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.impl.DerivedKeyTokenImpl;
import com.sun.xml.ws.security.trust.GenericToken;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.DerivedKeyTokenHeaderBlock;
import com.sun.xml.wss.core.KeyInfoHeaderBlock;
import com.sun.xml.wss.core.SamlAssertionHeaderBlock;
import com.sun.xml.wss.core.SecurityContextTokenImpl;
import com.sun.xml.wss.core.SecurityHeader;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.core.X509SecurityToken;
import com.sun.xml.wss.core.reference.DirectReference;
import com.sun.xml.wss.core.reference.EncryptedKeySHA1Identifier;
import com.sun.xml.wss.core.reference.X509IssuerSerial;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.core.reference.X509ThumbPrintIdentifier;
import com.sun.xml.wss.impl.AlgorithmSuite;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.PolicyViolationException;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy;
import com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.PrivateKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.impl.policy.verifier.SignaturePolicyVerifier;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.Data;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.NodeSetData;
import javax.xml.crypto.OctetStreamData;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.TransformService;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:spg-ui-war-2.1.6.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/dsig/SignatureProcessor.class */
public class SignatureProcessor {
    private static Logger logger = Logger.getLogger(LogDomainConstants.IMPL_SIGNATURE_DOMAIN, LogDomainConstants.IMPL_SIGNATURE_DOMAIN_BUNDLE);

    public static int sign(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        SymmetricKeyBinding symmetricKeyBinding;
        String str;
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding;
        SecretKey secretKey;
        try {
            SignaturePolicy signaturePolicy = (SignaturePolicy) filterProcessingContext.getSecurityPolicy();
            filterProcessingContext.getSOAPMessage();
            SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
            WSSPolicy wSSPolicy = (WSSPolicy) signaturePolicy.getKeyBinding();
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "KeyBinding is " + wSSPolicy);
            }
            Key key = null;
            Node node = null;
            WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
            KeyInfo keyInfo = null;
            SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
            SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
            AlgorithmSuite algorithmSuite = filterProcessingContext.getAlgorithmSuite();
            boolean equals = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicyReceiver"));
            boolean equals2 = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicySender"));
            boolean z = !equals2;
            boolean z2 = equals && equals2 && getEKSHA1Ref(filterProcessingContext) != null;
            if (PolicyTypeUtil.usernameTokenPolicy(wSSPolicy)) {
                logger.log(Level.SEVERE, "WSS1326.unsupported.usernametoken.keybinding");
                throw new XWSSecurityException("UsernameToken as KeyBinding for SignaturePolicy is Not Yet Supported");
            }
            if (PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy)) {
                WSSPolicy originalKeyBinding = ((DerivedTokenKeyBinding) wSSPolicy.clone()).getOriginalKeyBinding();
                String str2 = null;
                if (algorithmSuite != null) {
                    str2 = algorithmSuite.getEncryptionAlgorithm();
                }
                String secretKeyAlgorithm = SecurityUtil.getSecretKeyAlgorithm(str2);
                long lengthFromAlgorithm = SecurityUtil.getLengthFromAlgorithm(str2);
                if (lengthFromAlgorithm == 32) {
                    lengthFromAlgorithm = 24;
                }
                if (PolicyTypeUtil.x509CertificateBinding(originalKeyBinding)) {
                    logger.log(Level.SEVERE, "WSS1327.unsupported.asymmetricbinding.derivedkey.x509token");
                    throw new XWSSecurityException("Asymmetric Binding with DerivedKeys under X509Token Policy Not Yet Supported");
                }
                if (PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding)) {
                    SymmetricKeyBinding symmetricKeyBinding2 = null;
                    if (filterProcessingContext.getSymmetricKeyBinding() != null) {
                        symmetricKeyBinding2 = filterProcessingContext.getSymmetricKeyBinding();
                        filterProcessingContext.setSymmetricKeyBinding(null);
                    }
                    if (filterProcessingContext.getCurrentSecret() != null) {
                        secretKey = filterProcessingContext.getCurrentSecret();
                    } else {
                        secretKey = symmetricKeyBinding2.getSecretKey();
                        filterProcessingContext.setCurrentSecret(secretKey);
                    }
                    DerivedKeyTokenImpl derivedKeyTokenImpl = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, secretKey.getEncoded());
                    key = derivedKeyTokenImpl.generateSymmetricKey(secretKeyAlgorithm);
                    Node[] nodeArr = new Node[1];
                    keyInfo = prepareForSymmetricKeySignature(filterProcessingContext, wSSPolicy, secretKey, signaturePolicy, nodeArr, null, derivedKeyTokenImpl);
                    node = nodeArr[0];
                } else if (PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding)) {
                    byte[] proofKey = filterProcessingContext.getTrustContext().getProofKey();
                    if (proofKey == null) {
                        X509Certificate requestorCertificate = filterProcessingContext.getTrustContext().getRequestorCertificate();
                        if (requestorCertificate == null) {
                            logger.log(Level.SEVERE, "WSS1328.illegal.Certificate.key.null");
                            throw new XWSSecurityException("Requestor Certificate and Proof Key are both null for Issued Token");
                        }
                        key = filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), requestorCertificate);
                        SOAPElement convertToSoapElement = XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), (Element) ((GenericToken) filterProcessingContext.getTrustContext().getSecurityToken()).getTokenValue());
                        if ("".equals(convertToSoapElement.getAttribute("Id")) && MessageConstants.ENCRYPTED_DATA_LNAME.equals(convertToSoapElement.getLocalName())) {
                            convertToSoapElement.setAttribute("Id", securableSoapMessage.generateId());
                        }
                        filterProcessingContext.getTokenCache().put(wSSPolicy.getUUID(), convertToSoapElement);
                        IssuedTokenKeyBinding issuedTokenKeyBinding = (IssuedTokenKeyBinding) originalKeyBinding;
                        boolean z3 = IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(issuedTokenKeyBinding.getIncludeToken()) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(issuedTokenKeyBinding.getIncludeToken());
                        SecurityTokenReference securityTokenReference = new SecurityTokenReference(XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), (Element) ((Element) securableSoapMessage.getSOAPPart().importNode(z3 ? (Element) filterProcessingContext.getTrustContext().getAttachedSecurityTokenReference().getTokenValue() : (Element) filterProcessingContext.getTrustContext().getUnAttachedSecurityTokenReference().getTokenValue(), true)).cloneNode(true)), false);
                        if (convertToSoapElement != null) {
                            if (z3) {
                                securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlockElement(convertToSoapElement);
                                node = convertToSoapElement.getNextSibling();
                            } else {
                                node = null;
                            }
                            filterProcessingContext.setIssuedSAMLToken(convertToSoapElement);
                        }
                        keyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference);
                        SecurityUtil.updateSamlVsKeyCache(securityTokenReference, filterProcessingContext, requestorCertificate.getPublicKey());
                    } else {
                        DerivedKeyTokenImpl derivedKeyTokenImpl2 = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, proofKey);
                        key = derivedKeyTokenImpl2.generateSymmetricKey(secretKeyAlgorithm);
                        Node[] nodeArr2 = new Node[1];
                        keyInfo = prepareForSymmetricKeySignature(filterProcessingContext, wSSPolicy, new SecretKeySpec(proofKey, algorithmSuite != null ? SecurityUtil.getSecretKeyAlgorithm(algorithmSuite.getEncryptionAlgorithm()) : "AES"), signaturePolicy, nodeArr2, null, derivedKeyTokenImpl2);
                        node = nodeArr2[0];
                    }
                } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding)) {
                    DerivedKeyTokenImpl derivedKeyTokenImpl3 = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, filterProcessingContext.getSecureConversationContext().getProofKey());
                    key = derivedKeyTokenImpl3.generateSymmetricKey(secretKeyAlgorithm);
                    Node[] nodeArr3 = new Node[1];
                    keyInfo = prepareForSymmetricKeySignature(filterProcessingContext, wSSPolicy, null, signaturePolicy, nodeArr3, null, derivedKeyTokenImpl3);
                    node = nodeArr3[0];
                }
            } else if (PolicyTypeUtil.issuedTokenKeyBinding(wSSPolicy)) {
                Node[] nodeArr4 = new Node[1];
                byte[] proofKey2 = filterProcessingContext.getTrustContext().getProofKey();
                if (proofKey2 == null) {
                    X509Certificate requestorCertificate2 = filterProcessingContext.getTrustContext().getRequestorCertificate();
                    if (requestorCertificate2 == null) {
                        logger.log(Level.SEVERE, "WSS1328.illegal.Certificate.key.null");
                        throw new XWSSecurityException("Requestor Certificate and Proof Key are both null for Issued Token");
                    }
                    key = filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), requestorCertificate2);
                    SOAPElement convertToSoapElement2 = XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), (Element) ((GenericToken) filterProcessingContext.getTrustContext().getSecurityToken()).getTokenValue());
                    if ("".equals(convertToSoapElement2.getAttribute("Id")) && MessageConstants.ENCRYPTED_DATA_LNAME.equals(convertToSoapElement2.getLocalName())) {
                        convertToSoapElement2.setAttribute("Id", securableSoapMessage.generateId());
                    }
                    filterProcessingContext.getTokenCache().put(wSSPolicy.getUUID(), convertToSoapElement2);
                    IssuedTokenKeyBinding issuedTokenKeyBinding2 = (IssuedTokenKeyBinding) wSSPolicy;
                    boolean z4 = IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(issuedTokenKeyBinding2.getIncludeToken()) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(issuedTokenKeyBinding2.getIncludeToken());
                    SecurityTokenReference securityTokenReference2 = new SecurityTokenReference(XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), (Element) ((Element) securableSoapMessage.getSOAPPart().importNode(z4 ? (Element) filterProcessingContext.getTrustContext().getAttachedSecurityTokenReference().getTokenValue() : (Element) filterProcessingContext.getTrustContext().getUnAttachedSecurityTokenReference().getTokenValue(), true)).cloneNode(true)), false);
                    if (convertToSoapElement2 != null) {
                        if (z4) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlockElement(convertToSoapElement2);
                            node = convertToSoapElement2.getNextSibling();
                        } else {
                            node = null;
                        }
                        filterProcessingContext.setIssuedSAMLToken(convertToSoapElement2);
                    }
                    keyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference2);
                    SecurityUtil.updateSamlVsKeyCache(securityTokenReference2, filterProcessingContext, requestorCertificate2.getPublicKey());
                } else {
                    key = new SecretKeySpec(proofKey2, algorithmSuite != null ? SecurityUtil.getSecretKeyAlgorithm(algorithmSuite.getEncryptionAlgorithm()) : "AES");
                    keyInfo = prepareForSymmetricKeySignature(filterProcessingContext, wSSPolicy, key, signaturePolicy, nodeArr4, null, null);
                    node = nodeArr4[0];
                }
            } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(wSSPolicy)) {
                Node[] nodeArr5 = new Node[1];
                keyInfo = prepareForSymmetricKeySignature(filterProcessingContext, wSSPolicy, null, signaturePolicy, nodeArr5, null, null);
                key = new SecretKeySpec(filterProcessingContext.getSecureConversationContext().getProofKey(), algorithmSuite != null ? SecurityUtil.getSecretKeyAlgorithm(algorithmSuite.getEncryptionAlgorithm()) : "AES");
                node = nodeArr5[0];
            } else if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy)) {
                if (filterProcessingContext.getX509CertificateBinding() != null) {
                    x509CertificateBinding = filterProcessingContext.getX509CertificateBinding();
                    filterProcessingContext.setX509CertificateBinding(null);
                } else {
                    x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy;
                }
                key = ((PrivateKeyBinding) x509CertificateBinding.getKeyBinding()).getPrivateKey();
                Node[] nodeArr6 = new Node[1];
                keyInfo = handleX509Binding(filterProcessingContext, signaturePolicy, x509CertificateBinding, nodeArr6);
                node = nodeArr6[0];
            } else if (PolicyTypeUtil.samlTokenPolicy(wSSPolicy)) {
                AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy;
                PrivateKeyBinding privateKeyBinding = (PrivateKeyBinding) sAMLAssertionBinding.getKeyBinding();
                if (privateKeyBinding == null) {
                    logger.log(Level.SEVERE, "WSS1329.null.privatekeybinding.SAMLPolicy");
                    throw new XWSSecurityException("PrivateKey binding not set for SAML Policy by CallbackHandler");
                }
                key = privateKeyBinding.getPrivateKey();
                if (key == null) {
                    logger.log(Level.SEVERE, "WSS1330.null.privatekey.SAMLPolicy");
                    throw new XWSSecurityException("PrivateKey null inside PrivateKeyBinding set for SAML Policy ");
                }
                if (sAMLAssertionBinding.getReferenceType().equals("Embedded")) {
                    logger.log(Level.SEVERE, "WSS1331.unsupported.EmbeddedReference.SAML");
                    throw new XWSSecurityException("Embedded Reference Type for SAML Assertions not supported yet");
                }
                String assertionId = sAMLAssertionBinding.getAssertionId();
                Element assertion = sAMLAssertionBinding.getAssertion();
                Element authorityBinding = sAMLAssertionBinding.getAuthorityBinding();
                if (assertionId == null) {
                    if (assertion == null) {
                        logger.log(Level.SEVERE, "WSS1332.null.SAMLAssertion.SAMLAssertionId");
                        throw new XWSSecurityException("None of SAML Assertion, SAML Assertion Id information was set into  the Policy by the CallbackHandler");
                    }
                    assertionId = assertion.getAttributeNode(MessageConstants.SAML_ID_LNAME) != null ? assertion.getAttribute(MessageConstants.SAML_ID_LNAME) : assertion.getAttribute(MessageConstants.SAML_ASSERTIONID_LNAME);
                }
                SecurityTokenReference securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                String strid = sAMLAssertionBinding.getSTRID();
                if (strid == null) {
                    strid = securableSoapMessage.generateId();
                }
                securityTokenReference3.setWsuId(strid);
                if (assertion.getAttributeNode(MessageConstants.SAML_ID_LNAME) != null) {
                    securityTokenReference3.setTokenType(MessageConstants.WSSE_SAML_v2_0_TOKEN_TYPE);
                } else {
                    securityTokenReference3.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                }
                if (authorityBinding != null) {
                    securityTokenReference3.setSamlAuthorityBinding(authorityBinding, securableSoapMessage.getSOAPPart());
                }
                if (assertion == null || authorityBinding != null) {
                    node = findOrCreateSecurityHeader.getNextSiblingOfTimestamp();
                } else {
                    SamlAssertionHeaderBlock samlAssertionHeaderBlock = new SamlAssertionHeaderBlock(assertion, securableSoapMessage.getSOAPPart());
                    securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(samlAssertionHeaderBlock);
                    new KeyIdentifierStrategy(assertionId).insertKey(securityTokenReference3, securableSoapMessage);
                    keyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference3);
                    node = samlAssertionHeaderBlock.getAsSoapElement().getNextSibling();
                }
            } else {
                if (!PolicyTypeUtil.symmetricKeyBinding(wSSPolicy)) {
                    logger.log(Level.SEVERE, "WSS1335.unsupported.keybinding.signaturepolicy");
                    throw new XWSSecurityException("Unsupported Key Binding for SignaturePolicy");
                }
                if (filterProcessingContext.getSymmetricKeyBinding() != null) {
                    symmetricKeyBinding = filterProcessingContext.getSymmetricKeyBinding();
                    filterProcessingContext.setSymmetricKeyBinding(null);
                } else {
                    symmetricKeyBinding = (SymmetricKeyBinding) wSSPolicy;
                }
                if (!symmetricKeyBinding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
                    key = symmetricKeyBinding.getSecretKey();
                    keyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, symmetricKeyBinding.getKeyIdentifier());
                    node = findOrCreateSecurityHeader.getNextSiblingOfTimestamp();
                } else if (z2) {
                    String eKSHA1Ref = getEKSHA1Ref(filterProcessingContext);
                    key = symmetricKeyBinding.getSecretKey();
                    SecurityTokenReference securityTokenReference4 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    EncryptedKeySHA1Identifier encryptedKeySHA1Identifier = new EncryptedKeySHA1Identifier((Document) securableSoapMessage.getSOAPPart());
                    encryptedKeySHA1Identifier.setReferenceValue(eKSHA1Ref);
                    securityTokenReference4.setReference(encryptedKeySHA1Identifier);
                    keyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference4);
                    node = findOrCreateSecurityHeader.getNextSiblingOfTimestamp();
                } else if (equals2 || z) {
                    key = symmetricKeyBinding.getSecretKey();
                    AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = null;
                    if (!symmetricKeyBinding.getCertAlias().equals(MessageConstants._EMPTY)) {
                        x509CertificateBinding2 = new AuthenticationTokenPolicy.X509CertificateBinding();
                        x509CertificateBinding2.newPrivateKeyBinding();
                        x509CertificateBinding2.setCertificateIdentifier(symmetricKeyBinding.getCertAlias());
                        x509CertificateBinding2.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding2.getCertificateIdentifier(), false));
                        x509CertificateBinding2.setReferenceType("Direct");
                    } else if (filterProcessingContext.getX509CertificateBinding() != null) {
                        x509CertificateBinding2 = filterProcessingContext.getX509CertificateBinding();
                        filterProcessingContext.setX509CertificateBinding(null);
                        x509CertificateBinding2.getX509Certificate();
                    }
                    HashMap tokenCache = filterProcessingContext.getTokenCache();
                    HashMap insertedX509Cache = filterProcessingContext.getInsertedX509Cache();
                    String uuid = x509CertificateBinding2.getUUID();
                    if (uuid == null || uuid.equals("")) {
                        uuid = securableSoapMessage.generateId();
                    }
                    SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding2, uuid);
                    String str3 = MessageConstants.RSA_15_KEY_TRANSPORT;
                    String str4 = null;
                    if (algorithmSuite != null) {
                        str4 = algorithmSuite.getAsymmetricKeyAlgorithm();
                    }
                    if (str4 != null && !"".equals(str4)) {
                        str3 = str4;
                    }
                    String referenceType = x509CertificateBinding2.getReferenceType();
                    if (referenceType.equals("Identifier") && x509CertificateBinding2.getValueType().equals(MessageConstants.X509v1_NS)) {
                        logger.log(Level.SEVERE, "WSS1333.unsupported.keyidentifer.X509v1");
                        throw new XWSSecurityException("Key Identifier strategy in X509v1 is not supported");
                    }
                    KeyInfoStrategy keyInfoStrategy = KeyInfoStrategy.getInstance(referenceType);
                    SecurableSoapMessage securableSoapMessage2 = filterProcessingContext.getSecurableSoapMessage();
                    wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
                    X509Certificate x509Certificate = x509CertificateBinding2.getX509Certificate();
                    String uuid2 = x509CertificateBinding2.getUUID();
                    boolean z5 = false;
                    if (uuid2 == null || uuid2.equals("")) {
                        uuid2 = securableSoapMessage2.generateId();
                    }
                    X509SecurityToken x509SecurityToken = (X509SecurityToken) tokenCache.get(uuid2);
                    X509SecurityToken x509SecurityToken2 = (X509SecurityToken) filterProcessingContext.getInsertedX509Cache().get(uuid2);
                    if (x509SecurityToken == null) {
                        String valueType = x509CertificateBinding2.getValueType();
                        if (valueType == null || valueType.equals("")) {
                            valueType = MessageConstants.X509v3_NS;
                        }
                        x509SecurityToken = new X509SecurityToken(securableSoapMessage2.getSOAPPart(), x509Certificate, uuid2, valueType);
                        tokenCache.put(uuid2, x509SecurityToken);
                    } else {
                        z5 = true;
                    }
                    HashMap encryptedKeyCache = filterProcessingContext.getEncryptedKeyCache();
                    if (z5) {
                        str = (String) encryptedKeyCache.get(uuid2);
                        key = filterProcessingContext.getCurrentSecret();
                        node = securableSoapMessage2.getElementById(str).getNextSibling();
                    } else {
                        filterProcessingContext.setCurrentSecret(key);
                        filterProcessingContext.setExtraneousProperty("SecretKey", key);
                        KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock((Document) securableSoapMessage2.getSOAPPart());
                        keyInfoStrategy.setCertificate(x509Certificate);
                        keyInfoStrategy.insertKey(keyInfoHeaderBlock, securableSoapMessage2, uuid2);
                        com.sun.org.apache.xml.internal.security.keys.KeyInfo keyInfo2 = keyInfoHeaderBlock.getKeyInfo();
                        EncryptedKey encryptedKey = null;
                        try {
                            XMLCipher xMLCipher = XMLCipher.getInstance(str3);
                            xMLCipher.init(3, x509Certificate.getPublicKey());
                            if (xMLCipher != null) {
                                encryptedKey = xMLCipher.encryptKey(securableSoapMessage2.getSOAPPart(), key);
                            }
                            str = securableSoapMessage2.generateId();
                            encryptedKey.setId(str);
                            encryptedKeyCache.put(uuid2, str);
                            encryptedKey.setKeyInfo(keyInfo2);
                            SOAPElement sOAPElement = (SOAPElement) xMLCipher.martial(encryptedKey);
                            if (x509SecurityToken2 == null) {
                                securableSoapMessage2.findOrCreateSecurityHeader().insertHeaderBlockElement(sOAPElement);
                            } else {
                                securableSoapMessage2.findOrCreateSecurityHeader().insertBefore((Node) sOAPElement, x509SecurityToken2.getNextSibling());
                            }
                            filterProcessingContext.setExtraneousProperty(MessageConstants.EK_SHA1_TYPE, Base64.encode(MessageDigest.getInstance(MessageConstants.SHA_1).digest(Base64.decode(((Element) sOAPElement.getChildElements(new QName(MessageConstants.XENC_NS, MessageConstants.XENC_CIPHER_DATA_LNAME, MessageConstants.XENC_PREFIX)).next()).getElementsByTagNameNS(MessageConstants.XENC_NS, "CipherValue").item(0).getTextContent()))));
                            node = sOAPElement.getNextSibling();
                        } catch (Exception e) {
                            logger.log(Level.SEVERE, "WSS1334.error.creating.encryptedkey");
                            throw new XWSSecurityException(e);
                        }
                    }
                    if ("Direct".equals(referenceType) && x509SecurityToken2 == null) {
                        securableSoapMessage2.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken);
                        insertedX509Cache.put(uuid2, x509SecurityToken);
                    }
                    SecurityTokenReference securityTokenReference5 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                    DirectReference directReference = new DirectReference();
                    String strid2 = x509CertificateBinding2.getSTRID();
                    if (strid2 == null) {
                        strid2 = securableSoapMessage2.generateId();
                    }
                    securityTokenReference5.setWsuId(strid2);
                    directReference.setURI("#" + str);
                    directReference.setValueType(MessageConstants.EncryptedKey_NS);
                    securityTokenReference5.setReference(directReference);
                    keyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference5);
                }
            }
            NodeList elementsByTagNameNS = findOrCreateSecurityHeader.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
            if (elementsByTagNameNS != null && elementsByTagNameNS.getLength() > 0) {
                node = elementsByTagNameNS.item(0).getNextSibling();
            }
            Node currentRefList = filterProcessingContext.getCurrentRefList();
            if (currentRefList != null) {
                node = currentRefList;
                filterProcessingContext.setCurrentReferenceList(null);
            }
            if (featureBinding.isEndorsingSignature()) {
                node = findOrCreateSecurityHeader.getLastChild().getNextSibling();
            }
            SignedInfo constructSignedInfo = WSSPolicyConsumerImpl.getInstance().constructSignedInfo(filterProcessingContext);
            DOMSignContext dOMSignContext = node == null ? new DOMSignContext(key, findOrCreateSecurityHeader.getAsSoapElement()) : new DOMSignContext(key, findOrCreateSecurityHeader.getAsSoapElement(), node);
            dOMSignContext.setURIDereferencer(DSigResolver.getInstance());
            XMLSignature constructSignature = wSSPolicyConsumerImpl.constructSignature(constructSignedInfo, keyInfo, signaturePolicy.getUUID());
            dOMSignContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, filterProcessingContext);
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            constructSignature.sign(dOMSignContext);
            ArrayList arrayList = (ArrayList) filterProcessingContext.getExtraneousProperty(MessageConstants.SIGNATURE_CONFIRMATION_LNAME);
            if (arrayList != null) {
                arrayList.add(Base64.encode(constructSignature.getSignatureValue().getValue()));
            }
            return 0;
        } catch (XWSSecurityException e2) {
            logger.log(Level.SEVERE, "WSS1316.sign.failed", (Throwable) e2);
            throw e2;
        } catch (Exception e3) {
            logger.log(Level.SEVERE, "WSS1316.sign.failed", (Throwable) e3);
            throw new XWSSecurityException(e3);
        }
    }

    public static int verify(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        try {
            try {
                WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
                SOAPElement currentHeaderElement = filterProcessingContext.getSecurableSoapMessage().findSecurityHeader().getCurrentHeaderElement();
                if (currentHeaderElement == null || currentHeaderElement.getLocalName() == null || !"Signature".equals(currentHeaderElement.getLocalName())) {
                    filterProcessingContext.setPVE(new PolicyViolationException("Expected Signature Element as per receiver requirements, found  " + (currentHeaderElement != null ? currentHeaderElement.getLocalName() : "")));
                    filterProcessingContext.isPrimaryPolicyViolation(true);
                    filterProcessingContext.setInferredPolicy(null);
                    return 0;
                }
                DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelectorImpl.getInstance(), currentHeaderElement);
                XMLSignature unmarshalXMLSignature = WSSPolicyConsumerImpl.getInstance().getSignatureFactory().unmarshalXMLSignature(dOMValidateContext);
                ArrayList arrayList = (ArrayList) filterProcessingContext.getExtraneousProperty("receivedSignValues");
                if (arrayList != null) {
                    arrayList.add(Base64.encode(unmarshalXMLSignature.getSignatureValue().getValue()));
                }
                dOMValidateContext.setURIDereferencer(DSigResolver.getInstance());
                dOMValidateContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, filterProcessingContext);
                SignaturePolicy signaturePolicy = null;
                if (filterProcessingContext.getMode() == 0 || filterProcessingContext.getMode() == 1) {
                    signaturePolicy = new SignaturePolicy();
                    filterProcessingContext.setInferredPolicy(signaturePolicy);
                } else if (filterProcessingContext.getMode() == 3) {
                    signaturePolicy = new SignaturePolicy();
                    filterProcessingContext.getInferredSecurityPolicy().append(signaturePolicy);
                }
                boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
                SecurityPolicy securityPolicy = filterProcessingContext.getSecurityPolicy();
                boolean isBSP = securityPolicy != null ? PolicyTypeUtil.messagePolicy(securityPolicy) ? ((MessagePolicy) securityPolicy).isBSP() : ((WSSPolicy) securityPolicy).isBSP() : false;
                if (!validate) {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.log(Level.FINEST, "Signature failed core validation");
                        logger.log(Level.FINEST, "Signature validation status: " + unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext));
                        int i = 0;
                        for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                            logger.log(Level.FINEST, "Reference ID " + reference.getId());
                            logger.log(Level.FINEST, "Reference URI " + reference.getURI());
                            logger.log(Level.FINEST, "Reference[" + i + "] validity status: " + reference.validate(dOMValidateContext));
                            i++;
                        }
                    }
                    logger.log(Level.SEVERE, "WSS1315.signature.verification.failed");
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Signature verification failed ", new XWSSecurityException("Signature verification failed"));
                }
                if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINE, "Signature Passed Core Validation");
                }
                SignedInfo signedInfo = unmarshalXMLSignature.getSignedInfo();
                if (isBSP) {
                    Iterator it = signedInfo.getReferences().iterator();
                    int i2 = 0;
                    while (it.hasNext()) {
                        int i3 = 0;
                        for (Transform transform : ((Reference) it.next()).getTransforms()) {
                            if ("http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(transform.getAlgorithm())) {
                                logger.log(Level.SEVERE, "WSS1336.illegal.envelopedsignature");
                                throw new XWSSecurityException("Enveloped signatures not permitted by BSP");
                            }
                            if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(transform.getAlgorithm()) && transform.getParameterSpec() != null) {
                                if (transform.getParameterSpec().getPrefixList().isEmpty()) {
                                    logger.log(Level.SEVERE, "WSS1337.invalid.Emptyprefixlist");
                                }
                                throw new XWSSecurityException("Prefix List cannot be empty: violation of BSP 5407");
                            }
                            i3++;
                        }
                        i2++;
                    }
                }
                if (filterProcessingContext.getMode() == 1) {
                    MessagePolicy messagePolicy = (MessagePolicy) filterProcessingContext.getSecurityPolicy();
                    wSSPolicyConsumerImpl.constructSignaturePolicy(signedInfo, messagePolicy.isBSP(), signaturePolicy);
                    messagePolicy.append(signaturePolicy);
                }
                if (filterProcessingContext.getMode() == 0) {
                    verifyRequirements(filterProcessingContext, unmarshalXMLSignature, dOMValidateContext);
                    SignaturePolicy signaturePolicy2 = (SignaturePolicy) filterProcessingContext.getSecurityPolicy();
                    wSSPolicyConsumerImpl.constructSignaturePolicy(signedInfo, signaturePolicy2.isBSP(), signaturePolicy);
                    new SignaturePolicyVerifier(filterProcessingContext).verifyPolicy(signaturePolicy2, signaturePolicy);
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.log(Level.FINE, "Reciever Requirements  are met");
                    }
                }
                if (filterProcessingContext.getMode() == 3) {
                    wSSPolicyConsumerImpl.constructSignaturePolicy(signedInfo, signaturePolicy, filterProcessingContext.getSecurableSoapMessage());
                }
                return 0;
            } catch (Exception e) {
                logger.log(Level.SEVERE, "WSS1338.error.verify");
                throw new XWSSecurityException(e);
            } catch (XMLSignatureException e2) {
                Throwable cause = e2.getCause();
                if (cause == null) {
                    logger.log(Level.SEVERE, "WSS1338.error.verify");
                    throw new XWSSecurityException((Throwable) e2);
                }
                if (!(cause instanceof KeySelectorException) && !(cause instanceof URIReferenceException)) {
                    logger.log(Level.SEVERE, "WSS1338.error.verify");
                    throw new XWSSecurityException((Throwable) e2);
                }
                Throwable cause2 = cause.getCause();
                if (cause2 == null || !(cause2 instanceof WssSoapFaultException)) {
                    logger.log(Level.SEVERE, "WSS1338.error.verify");
                    throw new XWSSecurityException((Exception) cause);
                }
                logger.log(Level.SEVERE, "WSS1338.error.verify");
                throw ((WssSoapFaultException) cause2);
            } catch (XWSSecurityException e3) {
                logger.log(Level.SEVERE, "WSS1338.error.verify");
                throw e3;
            }
        } finally {
            filterProcessingContext.setInferredPolicy(null);
        }
    }

    public static void verifyRequirements(FilterProcessingContext filterProcessingContext, XMLSignature xMLSignature, DOMValidateContext dOMValidateContext) throws Exception {
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) ((SignaturePolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
        WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
        ArrayList targetBindings = featureBinding.getTargetBindings();
        if (targetBindings == null || targetBindings.size() == 0) {
            return;
        }
        ListIterator listIterator = xMLSignature.getSignedInfo().getReferences().listIterator();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        while (listIterator.hasNext()) {
            Reference reference = (Reference) listIterator.next();
            arrayList.add(new DataWrapper(getData(reference, dOMValidateContext)));
            arrayList2.add(reference);
        }
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        ArrayList arrayList7 = new ArrayList();
        Iterator it = targetBindings.iterator();
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        while (it.hasNext()) {
            SignatureTarget signatureTarget = (SignatureTarget) it.next();
            boolean enforce = signatureTarget.getEnforce();
            List list = null;
            if (enforce) {
                try {
                    list = wSSPolicyConsumerImpl.generateReferenceList(Collections.singletonList(signatureTarget), securableSoapMessage, filterProcessingContext, true, featureBinding.isEndorsingSignature());
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "WSS1302.reflist_error", (Throwable) e);
                    if (enforce) {
                        logger.log(Level.SEVERE, "WSS1339.invalid.ReceiverRequirements");
                        throw new XWSSecurityException("Receiver requirement for SignatureTarget " + signatureTarget.getValue() + " is not met");
                    }
                }
            } else {
                arrayList3.add(signatureTarget);
            }
            if (enforce) {
                if (list.size() <= 0) {
                    logger.log(Level.SEVERE, "WSS1339.invalid.ReceiverRequirements");
                    throw new XWSSecurityException("Receiver requirement for SignatureTarget " + signatureTarget.getValue() + " is not met");
                }
                for (int i = 0; i < list.size(); i++) {
                    Reference reference2 = (Reference) list.get(i);
                    try {
                        Data data = getData(reference2, dOMValidateContext);
                        if (enforce && data != null) {
                            DataWrapper dataWrapper = new DataWrapper(data);
                            dataWrapper.setTarget(signatureTarget);
                            arrayList4.add(dataWrapper);
                            arrayList5.add(reference2);
                        }
                    } catch (Exception e2) {
                        if (enforce) {
                            logger.log(Level.SEVERE, "WSS1339.invalid.ReceiverRequirements");
                            throw new XWSSecurityException("Receiver requirement for SignatureTarget " + signatureTarget.getValue() + " is not met");
                        }
                    }
                }
            }
        }
        if (arrayList3.size() == 0 && arrayList5.size() != arrayList2.size()) {
            logger.log(Level.SEVERE, "WSS1340.illegal.unmatched.NoofTargets");
            throw new XWSSecurityException("Number of Targets in the message dont match number of Targets in receiver requirements");
        }
        if (arrayList4.size() == 0) {
            if (logger.isLoggable(Level.FINER)) {
                logger.log(Level.FINER, "No mandatory receiver requirements were provided");
                return;
            }
            return;
        }
        for (int i2 = 0; i2 < arrayList4.size(); i2++) {
            DataWrapper dataWrapper2 = (DataWrapper) arrayList4.get(i2);
            boolean z = false;
            int i3 = 0;
            while (true) {
                if (i3 >= arrayList.size()) {
                    break;
                }
                if (isEqual(dataWrapper2, (DataWrapper) arrayList.get(i3), (Reference) arrayList5.get(i2), (Reference) arrayList2.get(i3))) {
                    arrayList.remove(i3);
                    arrayList2.remove(i3);
                    z = true;
                    break;
                }
                i3++;
            }
            if (!z) {
                String value = dataWrapper2.getTarget().getValue();
                String type = dataWrapper2.getTarget().getType();
                logger.log(Level.SEVERE, "WSS1341.illegal.unmatched.Type.Uri");
                throw new XWSSecurityException("Receiver requirement for SignatureTarget having " + type + " type and value " + value + " is not met");
            }
        }
        if (arrayList.size() == 0) {
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "All receiver requirements are met");
                return;
            }
            return;
        }
        List list2 = null;
        for (int i4 = 0; i4 < arrayList3.size(); i4++) {
            SignatureTarget signatureTarget2 = (SignatureTarget) arrayList3.get(i4);
            try {
                list2 = wSSPolicyConsumerImpl.generateReferenceList(Collections.singletonList(signatureTarget2), securableSoapMessage, filterProcessingContext, true, featureBinding.isEndorsingSignature());
            } catch (Exception e3) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "Optional Target not found in the message ", (Throwable) e3);
                }
            }
            if (list2 != null && list2.size() > 0) {
                Reference reference3 = (Reference) list2.get(0);
                Data data2 = null;
                try {
                    data2 = getData(reference3, dOMValidateContext);
                } catch (Exception e4) {
                }
                if (data2 != null) {
                    DataWrapper dataWrapper3 = new DataWrapper(data2);
                    dataWrapper3.setTarget(signatureTarget2);
                    arrayList6.add(dataWrapper3);
                    arrayList7.add(reference3);
                }
            }
        }
        for (int i5 = 0; i5 < arrayList.size(); i5++) {
            DataWrapper dataWrapper4 = (DataWrapper) arrayList.get(i5);
            boolean z2 = false;
            int i6 = 0;
            while (true) {
                if (i6 >= arrayList6.size()) {
                    break;
                }
                if (isEqual((DataWrapper) arrayList6.get(i6), dataWrapper4, (Reference) arrayList7.get(i6), (Reference) arrayList2.get(i5))) {
                    arrayList6.remove(i6);
                    arrayList7.remove(i6);
                    z2 = true;
                    break;
                }
                i6++;
            }
            if (!z2) {
                Reference reference4 = (Reference) arrayList2.get(i5);
                logger.log(Level.SEVERE, "WSS1341.illegal.unmatched.Type.Uri");
                throw new XWSSecurityException("SignatureTarget in the message with URI " + reference4.getURI() + " has not met receiver requirements");
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "All receiver requirements are met");
        }
    }

    private static boolean isEqual(DataWrapper dataWrapper, DataWrapper dataWrapper2, Reference reference, Reference reference2) throws XWSSecurityException {
        if (dataWrapper.isNodesetData() && dataWrapper2.isNodesetData()) {
            org.jcp.xml.dsig.internal.dom.DOMSubTreeData dOMSubTreeData = (NodeSetData) dataWrapper.getData();
            org.jcp.xml.dsig.internal.dom.DOMSubTreeData dOMSubTreeData2 = (NodeSetData) dataWrapper2.getData();
            Node root = dOMSubTreeData instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData ? dOMSubTreeData.getRoot() : null;
            Node root2 = dOMSubTreeData2 instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData ? dOMSubTreeData2.getRoot() : null;
            if (root == null || root2 == null) {
                return false;
            }
            return root.isSameNode(root2) || root.isEqualNode(root2);
        }
        if (!dataWrapper.isOctectData() || !dataWrapper2.isOctectData()) {
            if (!dataWrapper.isAttachmentData() || !dataWrapper2.isAttachmentData()) {
                return false;
            }
            AttachmentData attachmentData = (AttachmentData) dataWrapper.getData();
            AttachmentData attachmentData2 = (AttachmentData) dataWrapper2.getData();
            String contentId = attachmentData.getAttachmentPart().getContentId();
            String contentId2 = attachmentData2.getAttachmentPart().getContentId();
            if (contentId == null || !contentId.equals(contentId2)) {
                return false;
            }
            return isTransformsEqual(reference, reference2);
        }
        OctetStreamData data = dataWrapper.getData();
        OctetStreamData data2 = dataWrapper2.getData();
        InputStream octetStream = data.getOctetStream();
        InputStream octetStream2 = data2.getOctetStream();
        byte[] bArr = new byte[128];
        byte[] bArr2 = new byte[128];
        while (true) {
            try {
                int read = octetStream.read(bArr);
                int read2 = octetStream2.read(bArr2);
                if (read == -1 && read2 == -1) {
                    return true;
                }
                if (read != read2) {
                    return false;
                }
                for (int i = 0; i < read; i++) {
                    if (bArr[i] != bArr2[i]) {
                        return false;
                    }
                }
            } catch (IOException e) {
                if (!logger.isLoggable(Level.FINEST)) {
                    return false;
                }
                logger.log(Level.FINEST, "Error occurred whilecomparing OctetStreamData objects " + e.getMessage());
                return false;
            }
        }
    }

    private static boolean isTransformsEqual(Reference reference, Reference reference2) throws XWSSecurityException {
        List transforms = reference.getTransforms();
        List transforms2 = reference2.getTransforms();
        if (transforms.size() != transforms2.size()) {
            logger.log(Level.SEVERE, "WSS1342.illegal.unmatched.transforms");
            throw new XWSSecurityException("Receiver Requirements for the transforms are not met");
        }
        int i = 0;
        while (i < transforms.size()) {
            Transform transform = (Transform) transforms.get(i);
            Transform transform2 = (Transform) transforms2.get(i);
            String algorithm = transform.getAlgorithm();
            String algorithm2 = transform2.getAlgorithm();
            i++;
            if (algorithm != algorithm2 && (algorithm == null || !algorithm.equals(algorithm2))) {
                logger.log(Level.SEVERE, "WSS1342.illegal.unmatched.transforms");
                throw new XWSSecurityException("Receiver Requirements for the transforms are not met");
            }
        }
        return true;
    }

    private static Data getData(Reference reference, DOMValidateContext dOMValidateContext) throws Exception {
        final String uri = reference.getURI();
        Data dereference = DSigResolver.getInstance().dereference(new URIReference() { // from class: com.sun.xml.wss.impl.dsig.SignatureProcessor.1
            public String getURI() {
                return uri;
            }

            public String getType() {
                return null;
            }
        }, dOMValidateContext);
        if (dereference instanceof AttachmentData) {
            return dereference;
        }
        Iterator it = reference.getTransforms().iterator();
        while (it.hasNext()) {
            dereference = getData((Transform) it.next(), dereference, dOMValidateContext);
        }
        return dereference;
    }

    private static Data getData(Transform transform, Data data, DOMValidateContext dOMValidateContext) throws Exception {
        String algorithm = transform.getAlgorithm();
        if (algorithm != "http://www.w3.org/TR/1999/REC-xpath-19991116" && algorithm != MessageConstants.TRANSFORM_FILTER2 && algorithm != "http://www.w3.org/TR/1999/REC-xslt-19991116") {
            return data;
        }
        TransformService transformService = TransformService.getInstance(algorithm, "DOM");
        transformService.init(transform.getParameterSpec());
        return transformService.transform(data, dOMValidateContext);
    }

    public static boolean verifySignature(Element element, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        try {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelectorImpl.getInstance(), element);
            XMLSignature unmarshalXMLSignature = WSSPolicyConsumerImpl.getInstance().getSignatureFactory().unmarshalXMLSignature(dOMValidateContext);
            dOMValidateContext.setURIDereferencer(DSigResolver.getInstance());
            dOMValidateContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, filterProcessingContext);
            boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
            if (!validate && logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "Signature failed core validation");
                logger.log(Level.FINEST, "Signature validation status: " + unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext));
                int i = 0;
                for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                    logger.log(Level.FINEST, "Reference ID " + reference.getId());
                    logger.log(Level.FINEST, "Reference URI " + reference.getURI());
                    logger.log(Level.FINEST, "Reference[" + i + "] validity status: " + reference.validate(dOMValidateContext));
                    i++;
                }
            }
            return validate;
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Exception occurred during signature verification" + e.getMessage());
            throw new XWSSecurityException(e);
        }
    }

    private static KeyInfo prepareForSymmetricKeySignature(FilterProcessingContext filterProcessingContext, WSSPolicy wSSPolicy, Key key, SignaturePolicy signaturePolicy, Node[] nodeArr, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, DerivedKeyToken derivedKeyToken) throws XWSSecurityException {
        Node currentRefList;
        String str = MessageConstants.RSA_15_KEY_TRANSPORT;
        if (filterProcessingContext.getAlgorithmSuite() != null) {
            str = filterProcessingContext.getAlgorithmSuite().getAsymmetricKeyAlgorithm();
        }
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
        WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
        boolean equals = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicyReceiver"));
        boolean equals2 = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicySender"));
        boolean z = equals && equals2 && getEKSHA1Ref(filterProcessingContext) != null;
        boolean z2 = !equals2;
        try {
            if (!PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy)) {
                if (!PolicyTypeUtil.issuedTokenKeyBinding(wSSPolicy)) {
                    if (!PolicyTypeUtil.secureConversationTokenKeyBinding(wSSPolicy)) {
                        return null;
                    }
                    SecurityTokenReference securityTokenReference = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    SOAPElement insertSCT = insertSCT(filterProcessingContext, (SecureConversationTokenKeyBinding) wSSPolicy, securityTokenReference);
                    nodeArr[0] = insertSCT != null ? insertSCT.getNextSibling() : null;
                    return wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference);
                }
                IssuedTokenContext trustContext = filterProcessingContext.getTrustContext();
                GenericToken genericToken = (GenericToken) trustContext.getSecurityToken();
                SOAPElement sOAPElement = null;
                SOAPElement sOAPElement2 = null;
                IssuedTokenKeyBinding issuedTokenKeyBinding = (IssuedTokenKeyBinding) wSSPolicy;
                String uuid = issuedTokenKeyBinding.getUUID();
                HashMap tokenCache = filterProcessingContext.getTokenCache();
                Object obj = tokenCache.get(uuid);
                boolean z3 = IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(issuedTokenKeyBinding.getIncludeToken()) || IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(issuedTokenKeyBinding.getIncludeToken());
                if (z3 && genericToken == null) {
                    logger.log(Level.SEVERE, "WSS1343.null.IssuedToken");
                    throw new XWSSecurityException("Issued Token to be inserted into the Message was Null");
                }
                if (genericToken != null) {
                    Element element = (Element) genericToken.getTokenValue();
                    if (obj == null) {
                        sOAPElement = XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), element);
                        if ("".equals(sOAPElement.getAttribute("Id")) && MessageConstants.ENCRYPTED_DATA_LNAME.equals(sOAPElement.getLocalName())) {
                            sOAPElement.setAttribute("Id", securableSoapMessage.generateId());
                        }
                        tokenCache.put(uuid, sOAPElement);
                    } else {
                        sOAPElement2 = (SOAPElement) securableSoapMessage.getElementById(SecurityUtil.getWsuIdOrId((Element) obj));
                        if (sOAPElement2 == null) {
                            logger.log(Level.SEVERE, "WSS1344.error.locateIssueToken.Message");
                            throw new XWSSecurityException("Could not locate Issued Token in Message");
                        }
                    }
                }
                Element convertSTRToElement = z3 ? SecurityUtil.convertSTRToElement(trustContext.getAttachedSecurityTokenReference().getTokenValue(), securableSoapMessage.getSOAPPart()) : SecurityUtil.convertSTRToElement(trustContext.getUnAttachedSecurityTokenReference().getTokenValue(), securableSoapMessage.getSOAPPart());
                if (convertSTRToElement == null) {
                    logger.log(Level.SEVERE, "WSS1378.unableto.refer.IssueToken");
                    throw new XWSSecurityException("Cannot determine how to reference the Issued Token in the Message");
                }
                SecurityTokenReference securityTokenReference2 = new SecurityTokenReference(XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), (Element) ((Element) securableSoapMessage.getSOAPPart().importNode(convertSTRToElement, true)).cloneNode(true)), false);
                if (key != null) {
                    SecurityUtil.updateSamlVsKeyCache(securityTokenReference2, filterProcessingContext, key);
                }
                if (sOAPElement != null) {
                    if (z3) {
                        securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlockElement(sOAPElement);
                        nodeArr[0] = sOAPElement.getNextSibling();
                    } else {
                        nodeArr[0] = null;
                    }
                    filterProcessingContext.setIssuedSAMLToken(sOAPElement);
                } else if (sOAPElement2 != null) {
                    nodeArr[0] = sOAPElement2.getNextSibling();
                }
                return wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference2);
            }
            WSSPolicy originalKeyBinding = ((DerivedTokenKeyBinding) wSSPolicy.clone()).getOriginalKeyBinding();
            if (PolicyTypeUtil.x509CertificateBinding(originalKeyBinding)) {
                logger.log(Level.SEVERE, "WSS1327.unsupported.asymmetricbinding.derivedkey.x509token");
                throw new XWSSecurityException("Asymmetric Binding with DerivedKeys under X509Token Policy Not Yet Supported");
            }
            if (PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding)) {
                if (z) {
                    String eKSHA1Ref = getEKSHA1Ref(filterProcessingContext);
                    SecurityTokenReference securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    EncryptedKeySHA1Identifier encryptedKeySHA1Identifier = new EncryptedKeySHA1Identifier((Document) securableSoapMessage.getSOAPPart());
                    encryptedKeySHA1Identifier.setReferenceValue(eKSHA1Ref);
                    securityTokenReference3.setReference(encryptedKeySHA1Identifier);
                    String uuid2 = wSSPolicy.getUUID();
                    if (uuid2 == null) {
                        uuid2 = securableSoapMessage.generateId();
                    }
                    DerivedKeyTokenHeaderBlock derivedKeyTokenHeaderBlock = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference3, Base64.encode(derivedKeyToken.getNonce()), derivedKeyToken.getOffset(), derivedKeyToken.getLength(), uuid2);
                    securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(derivedKeyTokenHeaderBlock);
                    nodeArr[0] = derivedKeyTokenHeaderBlock.getAsSoapElement().getNextSibling();
                    DirectReference directReference = new DirectReference();
                    directReference.setURI("#" + uuid2);
                    SecurityTokenReference securityTokenReference4 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    securityTokenReference4.setReference(directReference);
                    return wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference4);
                }
                if (equals2 || z2) {
                    AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = null;
                    if (filterProcessingContext.getX509CertificateBinding() != null) {
                        x509CertificateBinding2 = filterProcessingContext.getX509CertificateBinding();
                        filterProcessingContext.setX509CertificateBinding(null);
                    }
                    HashMap tokenCache2 = filterProcessingContext.getTokenCache();
                    HashMap insertedX509Cache = filterProcessingContext.getInsertedX509Cache();
                    String uuid3 = x509CertificateBinding2.getUUID();
                    if (uuid3 == null || uuid3.equals("")) {
                        uuid3 = securableSoapMessage.generateId();
                    }
                    SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding2, uuid3);
                    String referenceType = x509CertificateBinding2.getReferenceType();
                    KeyInfoStrategy keyInfoStrategy = KeyInfoStrategy.getInstance(referenceType);
                    X509Certificate x509Certificate = x509CertificateBinding2.getX509Certificate();
                    String uuid4 = x509CertificateBinding2.getUUID();
                    boolean z4 = false;
                    if (uuid4 == null || uuid4.equals("")) {
                        uuid4 = securableSoapMessage.generateId();
                    }
                    X509SecurityToken x509SecurityToken = (X509SecurityToken) filterProcessingContext.getInsertedX509Cache().get(uuid4);
                    X509SecurityToken x509SecurityToken2 = (X509SecurityToken) tokenCache2.get(uuid4);
                    if (x509SecurityToken2 == null) {
                        if (x509SecurityToken != null) {
                            x509SecurityToken2 = x509SecurityToken;
                            tokenCache2.put(uuid4, x509SecurityToken);
                        } else {
                            String valueType = x509CertificateBinding2.getValueType();
                            if (valueType == null || valueType.equals("")) {
                                valueType = MessageConstants.X509v3_NS;
                            }
                            x509SecurityToken2 = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509Certificate, uuid4, valueType);
                            tokenCache2.put(uuid4, x509SecurityToken2);
                        }
                        filterProcessingContext.setCurrentSecret(key);
                    } else {
                        z4 = true;
                    }
                    String uuid5 = wSSPolicy.getUUID();
                    if (uuid5 == null) {
                        uuid5 = securableSoapMessage.generateId();
                    }
                    String encode = Base64.encode(derivedKeyToken.getNonce());
                    HashMap encryptedKeyCache = filterProcessingContext.getEncryptedKeyCache();
                    String str2 = (String) encryptedKeyCache.get(uuid4);
                    EncryptedKey encryptedKey = null;
                    XMLCipher xMLCipher = null;
                    if (!z4) {
                        filterProcessingContext.setExtraneousProperty("SecretKey", key);
                        KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock((Document) securableSoapMessage.getSOAPPart());
                        keyInfoStrategy.setCertificate(x509Certificate);
                        keyInfoStrategy.insertKey(keyInfoHeaderBlock, securableSoapMessage, uuid4);
                        com.sun.org.apache.xml.internal.security.keys.KeyInfo keyInfo = keyInfoHeaderBlock.getKeyInfo();
                        try {
                            xMLCipher = XMLCipher.getInstance(str);
                            xMLCipher.init(3, x509Certificate.getPublicKey());
                            if (xMLCipher != null) {
                                encryptedKey = xMLCipher.encryptKey(securableSoapMessage.getSOAPPart(), key);
                            }
                            str2 = securableSoapMessage.generateId();
                            encryptedKeyCache.put(uuid4, str2);
                            encryptedKey.setId(str2);
                            encryptedKey.setKeyInfo(keyInfo);
                        } catch (Exception e) {
                            logger.log(Level.SEVERE, "WSS1334.error.creating.encryptedkey");
                            throw new XWSSecurityException(e);
                        }
                    }
                    SecurityTokenReference securityTokenReference5 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    DirectReference directReference2 = new DirectReference();
                    directReference2.setValueType(MessageConstants.EncryptedKey_NS);
                    directReference2.setURI("#" + str2);
                    securityTokenReference5.setReference(directReference2);
                    DerivedKeyTokenHeaderBlock derivedKeyTokenHeaderBlock2 = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference5, encode, derivedKeyToken.getOffset(), derivedKeyToken.getLength(), uuid5);
                    if (z4) {
                        securableSoapMessage.findOrCreateSecurityHeader().insertBefore(derivedKeyTokenHeaderBlock2, securableSoapMessage.getElementById(str2).getNextSibling());
                    } else {
                        Node node = null;
                        if (x509SecurityToken != null) {
                            node = x509SecurityToken.getNextSibling();
                        }
                        if (node == null) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(derivedKeyTokenHeaderBlock2);
                        } else {
                            securableSoapMessage.findOrCreateSecurityHeader().insertBefore(derivedKeyTokenHeaderBlock2, node);
                        }
                        if (x509SecurityToken != null) {
                            node = x509SecurityToken.getNextSibling();
                        }
                        SOAPElement sOAPElement3 = (SOAPElement) xMLCipher.martial(encryptedKey);
                        if (node == null) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlockElement(sOAPElement3);
                        } else {
                            securableSoapMessage.findOrCreateSecurityHeader().insertBefore((Node) sOAPElement3, node);
                        }
                        if ("Direct".equals(referenceType) && insertedX509Cache.get(uuid4) == null) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken2);
                            insertedX509Cache.put(uuid4, x509SecurityToken2);
                        }
                        filterProcessingContext.setExtraneousProperty(MessageConstants.EK_SHA1_TYPE, Base64.encode(MessageDigest.getInstance(MessageConstants.SHA_1).digest(Base64.decode(((Element) sOAPElement3.getChildElements(new QName(MessageConstants.XENC_NS, MessageConstants.XENC_CIPHER_DATA_LNAME, MessageConstants.XENC_PREFIX)).next()).getElementsByTagNameNS(MessageConstants.XENC_NS, "CipherValue").item(0).getTextContent()))));
                    }
                    DirectReference directReference3 = new DirectReference();
                    directReference3.setURI("#" + uuid5);
                    SecurityTokenReference securityTokenReference6 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    securityTokenReference6.setReference(directReference3);
                    KeyInfo constructKeyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference6);
                    nodeArr[0] = derivedKeyTokenHeaderBlock2.getAsSoapElement().getNextSibling();
                    return constructKeyInfo;
                }
            } else {
                if (PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding)) {
                    IssuedTokenContext trustContext2 = filterProcessingContext.getTrustContext();
                    GenericToken genericToken2 = (GenericToken) trustContext2.getSecurityToken();
                    SOAPElement sOAPElement4 = null;
                    IssuedTokenKeyBinding issuedTokenKeyBinding2 = (IssuedTokenKeyBinding) originalKeyBinding;
                    String uuid6 = issuedTokenKeyBinding2.getUUID();
                    HashMap tokenCache3 = filterProcessingContext.getTokenCache();
                    Object obj2 = tokenCache3.get(uuid6);
                    SOAPElement sOAPElement5 = null;
                    boolean z5 = IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(issuedTokenKeyBinding2.getIncludeToken()) || IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(issuedTokenKeyBinding2.getIncludeToken());
                    if (z5 && genericToken2 == null) {
                        logger.log(Level.SEVERE, "WSS1343.null.IssuedToken");
                        throw new XWSSecurityException("Issued Token to be inserted into the Message was Null");
                    }
                    if (genericToken2 != null) {
                        Element element2 = (Element) genericToken2.getTokenValue();
                        if (obj2 == null) {
                            sOAPElement4 = XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), element2);
                            if ("".equals(sOAPElement4.getAttribute("Id")) && MessageConstants.ENCRYPTED_DATA_LNAME.equals(sOAPElement4.getLocalName())) {
                                sOAPElement4.setAttribute("Id", securableSoapMessage.generateId());
                            }
                            tokenCache3.put(uuid6, sOAPElement4);
                        } else {
                            sOAPElement5 = (SOAPElement) securableSoapMessage.getElementById(SecurityUtil.getWsuIdOrId((Element) obj2));
                            if (sOAPElement5 == null) {
                                logger.log(Level.SEVERE, "WSS1344.error.locateIssueToken.Message");
                                throw new XWSSecurityException("Could not locate Issued Token in Message");
                            }
                        }
                    }
                    SecurityTokenReference securityTokenReference7 = new SecurityTokenReference(XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), (Element) securableSoapMessage.getSOAPPart().importNode(z5 ? (Element) trustContext2.getAttachedSecurityTokenReference().getTokenValue() : (Element) trustContext2.getUnAttachedSecurityTokenReference().getTokenValue(), true)), false);
                    if (key != null) {
                        SecurityUtil.updateSamlVsKeyCache(securityTokenReference7, filterProcessingContext, key);
                    }
                    String uuid7 = wSSPolicy.getUUID();
                    if (uuid7 == null) {
                        uuid7 = securableSoapMessage.generateId();
                    }
                    DerivedKeyTokenHeaderBlock derivedKeyTokenHeaderBlock3 = new DerivedKeyTokenHeaderBlock(securableSoapMessage.getSOAPPart(), securityTokenReference7, Base64.encode(derivedKeyToken.getNonce()), derivedKeyToken.getOffset(), derivedKeyToken.getLength(), uuid7);
                    if (sOAPElement5 != null) {
                        securableSoapMessage.findOrCreateSecurityHeader().insertBefore(derivedKeyTokenHeaderBlock3, sOAPElement5.getNextSibling());
                    } else {
                        Node currentRefList2 = filterProcessingContext.getCurrentRefList();
                        if (currentRefList2 != null) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertBefore(derivedKeyTokenHeaderBlock3, currentRefList2);
                            filterProcessingContext.setCurrentReferenceList(null);
                        } else {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(derivedKeyTokenHeaderBlock3);
                        }
                    }
                    if (sOAPElement4 != null) {
                        if (z5) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlockElement(sOAPElement4);
                        }
                        filterProcessingContext.setIssuedSAMLToken(sOAPElement4);
                    }
                    DirectReference directReference4 = new DirectReference();
                    directReference4.setURI("#" + uuid7);
                    SecurityTokenReference securityTokenReference8 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    securityTokenReference8.setReference(directReference4);
                    KeyInfo constructKeyInfo2 = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference8);
                    nodeArr[0] = derivedKeyTokenHeaderBlock3.getAsSoapElement().getNextSibling();
                    return constructKeyInfo2;
                }
                if (PolicyTypeUtil.samlTokenPolicy(originalKeyBinding)) {
                    logger.log(Level.SEVERE, "WSS1345.unsupported.derivedkeys.SAMLToken");
                    throw new UnsupportedOperationException("DerivedKeys with SAMLToken not yet supported");
                }
                if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding)) {
                    SecureConversationTokenKeyBinding secureConversationTokenKeyBinding = (SecureConversationTokenKeyBinding) originalKeyBinding;
                    SecurityTokenReference securityTokenReference9 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    SOAPElement insertSCT2 = insertSCT(filterProcessingContext, secureConversationTokenKeyBinding, securityTokenReference9);
                    String uuid8 = wSSPolicy.getUUID();
                    if (uuid8 == null) {
                        uuid8 = securableSoapMessage.generateId();
                    }
                    DerivedKeyTokenHeaderBlock derivedKeyTokenHeaderBlock4 = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference9, Base64.encode(derivedKeyToken.getNonce()), derivedKeyToken.getOffset(), derivedKeyToken.getLength(), uuid8);
                    Node nextSibling = insertSCT2 != null ? insertSCT2.getNextSibling() : null;
                    if (nextSibling == null && (currentRefList = filterProcessingContext.getCurrentRefList()) != null) {
                        nextSibling = currentRefList;
                        filterProcessingContext.setCurrentReferenceList(null);
                    }
                    SOAPElement insertBefore = findOrCreateSecurityHeader.insertBefore((Node) derivedKeyTokenHeaderBlock4.getAsSoapElement(), nextSibling);
                    DirectReference directReference5 = new DirectReference();
                    directReference5.setURI("#" + uuid8);
                    SecurityTokenReference securityTokenReference10 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                    securityTokenReference10.setReference(directReference5);
                    nodeArr[0] = insertBefore.getNextSibling();
                    return wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference10);
                }
            }
            return null;
        } catch (Base64DecodingException e2) {
            logger.log(Level.SEVERE, "WSS1346.error.preparing.symmetrickey.signature", e2);
            throw new XWSSecurityException(e2);
        } catch (NoSuchAlgorithmException e3) {
            logger.log(Level.SEVERE, "WSS1346.error.preparing.symmetrickey.signature", (Throwable) e3);
            throw new XWSSecurityException(e3);
        } catch (SOAPException e4) {
            logger.log(Level.SEVERE, "WSS1346.error.preparing.symmetrickey.signature", e4);
            throw new XWSSecurityException(e4);
        }
    }

    public static SOAPElement insertSCT(FilterProcessingContext filterProcessingContext, SecureConversationTokenKeyBinding secureConversationTokenKeyBinding, SecurityTokenReference securityTokenReference) throws XWSSecurityException {
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        String uuid = secureConversationTokenKeyBinding.getUUID();
        HashMap tokenCache = filterProcessingContext.getTokenCache();
        SecurityContextTokenImpl securityContextTokenImpl = (SecurityContextTokenImpl) tokenCache.get(uuid);
        boolean z = false;
        SOAPElement sOAPElement = null;
        IssuedTokenContext secureConversationContext = filterProcessingContext.getSecureConversationContext();
        if (securityContextTokenImpl == null) {
            SecurityContextToken securityContextToken = (SecurityContextToken) secureConversationContext.getSecurityToken();
            if (securityContextToken == null) {
                logger.log(Level.SEVERE, "WSS1347.null.SecureConversationToken");
                throw new XWSSecurityException("SecureConversation Token not Found");
            }
            securityContextTokenImpl = new SecurityContextTokenImpl(securableSoapMessage.getSOAPPart(), securityContextToken.getIdentifier().toString(), securityContextToken.getInstance(), securityContextToken.getWsuId(), securityContextToken.getExtElements());
            tokenCache.put(uuid, securityContextTokenImpl);
        } else {
            z = true;
            sOAPElement = securableSoapMessage.getElementByWsuId(securityContextTokenImpl.getWsuId());
        }
        if (securityContextTokenImpl.getWsuId() == null) {
            securityContextTokenImpl.setId(securableSoapMessage.generateId());
        }
        String wsuId = securityContextTokenImpl.getWsuId();
        if (SecureConversationTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(secureConversationTokenKeyBinding.getIncludeToken()) || SecureConversationTokenKeyBinding.INCLUDE_ALWAYS.equals(secureConversationTokenKeyBinding.getIncludeToken())) {
            if (!z) {
                securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(securityContextTokenImpl);
                sOAPElement = securableSoapMessage.getElementByWsuId(securityContextTokenImpl.getWsuId());
            }
            DirectReference directReference = new DirectReference();
            directReference.setURI("#" + wsuId);
            securityTokenReference.setReference(directReference);
        } else {
            DirectReference directReference2 = new DirectReference();
            directReference2.setSCTURI(securityContextTokenImpl.getIdentifier().toString(), securityContextTokenImpl.getInstance());
            securityTokenReference.setReference(directReference2);
        }
        return sOAPElement;
    }

    private static KeyInfo handleX509Binding(FilterProcessingContext filterProcessingContext, SignaturePolicy signaturePolicy, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, Node[] nodeArr) throws XWSSecurityException {
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
        WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
        HashMap tokenCache = filterProcessingContext.getTokenCache();
        HashMap insertedX509Cache = filterProcessingContext.getInsertedX509Cache();
        String uuid = x509CertificateBinding.getUUID();
        if (uuid == null || uuid.equals("")) {
            uuid = securableSoapMessage.generateId();
        }
        SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding, uuid);
        String referenceType = x509CertificateBinding.getReferenceType();
        String strid = x509CertificateBinding.getSTRID();
        if (strid == null) {
            strid = securableSoapMessage.generateId();
        }
        try {
            if (referenceType.equals("Direct")) {
                DirectReference directReference = new DirectReference();
                String valueType = x509CertificateBinding.getValueType();
                if (valueType == null || valueType.equals("")) {
                    valueType = MessageConstants.X509v3_NS;
                }
                directReference.setValueType(valueType);
                String uuid2 = x509CertificateBinding.getUUID();
                if (uuid2 == null || uuid2.equals("")) {
                    uuid2 = securableSoapMessage.generateId();
                }
                directReference.setURI("#" + uuid2);
                SecurityTokenReference securityTokenReference = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                securityTokenReference.setReference(directReference);
                securityTokenReference.setWsuId(strid);
                KeyInfo constructKeyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference);
                X509SecurityToken x509SecurityToken = (X509SecurityToken) tokenCache.get(uuid2);
                if (x509SecurityToken == null) {
                    String valueType2 = x509CertificateBinding.getValueType();
                    if (valueType2 == null || valueType2.equals("")) {
                        valueType2 = MessageConstants.X509v3_NS;
                    }
                    x509SecurityToken = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509CertificateBinding.getX509Certificate(), uuid2, valueType2);
                    tokenCache.put(uuid2, x509SecurityToken);
                }
                if (insertedX509Cache.get(uuid2) == null) {
                    securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken);
                    insertedX509Cache.put(uuid2, x509SecurityToken);
                }
                nodeArr[0] = x509SecurityToken.getAsSoapElement().getNextSibling();
                return constructKeyInfo;
            }
            if (referenceType.equals("Identifier")) {
                String valueType3 = x509CertificateBinding.getValueType();
                if (valueType3 == MessageConstants.X509v1_NS || valueType3.equals(MessageConstants.X509v1_NS)) {
                    logger.log(Level.SEVERE, "WSS1333.unsupported.keyidentifer.X509v1");
                    throw new XWSSecurityException("Key Identifier reference Type is not allowed for X509v1 Certificates");
                }
                KeyIdentifierStrategy keyIdentifierStrategy = new KeyIdentifierStrategy(x509CertificateBinding.getCertificateIdentifier(), true);
                keyIdentifierStrategy.setCertificate(x509CertificateBinding.getX509Certificate());
                SecurityTokenReference securityTokenReference2 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                keyIdentifierStrategy.insertKey(securityTokenReference2, securableSoapMessage);
                securityTokenReference2.setWsuId(strid);
                X509SubjectKeyIdentifier x509SubjectKeyIdentifier = (X509SubjectKeyIdentifier) securityTokenReference2.getReference();
                tokenCache.put(x509SubjectKeyIdentifier.getReferenceValue(), x509SubjectKeyIdentifier);
                x509SubjectKeyIdentifier.setCertificate(x509CertificateBinding.getX509Certificate());
                KeyInfo constructKeyInfo2 = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference2);
                nodeArr[0] = findOrCreateSecurityHeader.getNextSiblingOfTimestamp();
                return constructKeyInfo2;
            }
            if (!referenceType.equals(MessageConstants.THUMB_PRINT_TYPE)) {
                if (!referenceType.equals("IssuerSerialNumber")) {
                    logger.log(Level.SEVERE, "WSS1308.unsupported.reference.mechanism");
                    throw new XWSSecurityException("Reference type " + referenceType + "not supported");
                }
                X509Certificate x509Certificate = x509CertificateBinding.getX509Certificate();
                X509IssuerSerial x509IssuerSerial = new X509IssuerSerial((Document) securableSoapMessage.getSOAPPart(), x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber());
                SecurityTokenReference securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                securityTokenReference3.setReference(x509IssuerSerial);
                securityTokenReference3.setWsuId(strid);
                x509IssuerSerial.setCertificate(x509Certificate);
                tokenCache.put(x509IssuerSerial.getIssuerName() + x509IssuerSerial.getSerialNumber(), x509IssuerSerial);
                KeyInfo constructKeyInfo3 = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference3);
                nodeArr[0] = findOrCreateSecurityHeader.getNextSiblingOfTimestamp();
                return constructKeyInfo3;
            }
            String valueType4 = x509CertificateBinding.getValueType();
            if (valueType4 == MessageConstants.X509v1_NS || valueType4.equals(MessageConstants.X509v1_NS)) {
                logger.log(Level.SEVERE, "WSS1348.illegal.thumbprint.x509v1");
                throw new XWSSecurityException("Thumb reference Type is not allowed for X509v1 Certificates");
            }
            KeyIdentifierStrategy keyIdentifierStrategy2 = new KeyIdentifierStrategy(x509CertificateBinding.getCertificateIdentifier(), true, true);
            keyIdentifierStrategy2.setCertificate(x509CertificateBinding.getX509Certificate());
            SecurityTokenReference securityTokenReference4 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
            keyIdentifierStrategy2.insertKey(securityTokenReference4, securableSoapMessage);
            securityTokenReference4.setWsuId(strid);
            X509ThumbPrintIdentifier x509ThumbPrintIdentifier = (X509ThumbPrintIdentifier) securityTokenReference4.getReference();
            tokenCache.put(x509ThumbPrintIdentifier.getReferenceValue(), x509ThumbPrintIdentifier);
            x509ThumbPrintIdentifier.setCertificate(x509CertificateBinding.getX509Certificate());
            KeyInfo constructKeyInfo4 = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference4);
            nodeArr[0] = findOrCreateSecurityHeader.getNextSiblingOfTimestamp();
            return constructKeyInfo4;
        } catch (Exception e) {
            logger.log(Level.SEVERE, "WSS1349.error.handlingX509Binding", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    private static String getEKSHA1Ref(FilterProcessingContext filterProcessingContext) {
        return (String) filterProcessingContext.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
    }
}
