package com.sun.xml.wss.provider;

import com.sun.enterprise.security.jauth.AuthPolicy;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.WssProviderSecurityEnvironment;
import com.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration;
import com.sun.xml.wss.impl.config.SecurityConfigurationXmlReader;
import com.sun.xml.wss.impl.policy.MLSPolicy;
import com.sun.xml.wss.impl.policy.PolicyGenerationException;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.Target;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.xml.soap.SOAPMessage;

/* loaded from: input_file:spg-ui-war-2.1.20.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/provider/WssProviderAuthModule.class */
public class WssProviderAuthModule implements ModuleOptions, ConfigurationStates {
    private static final String SIGN_POLICY = "com.sun.xml.wss.impl.policy.mls.SignaturePolicy";
    private static final String ENCRYPT_POLICY = "com.sun.xml.wss.impl.policy.mls.EncryptionPolicy";
    private static final String TIMESTAMP_POLICY = "com.sun.xml.wss.impl.policy.mls.TimestampPolicy";
    private static final String AUTHENTICATION_POLICY = "com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy";
    private static final String USERNAMETOKEN_POLICY = "com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy.UsernameTokenBinding";
    private static final String USERNAMETOKEN = "UsernameToken";
    private static final String BODY = "Body";
    public static final String REQUESTER_SUBJECT = "REQUESTER_SUBJECT";
    public static final String REQUESTER_KEYID = "REQUESTER_KEYID";
    public static final String REQUESTER_ISSUERNAME = "REQUESTER_ISSUERNAME";
    public static final String REQUESTER_SERIAL = "REQUESTER_SERIAL";
    public static final String SELF_SUBJECT = "SELF_SUBJECT";
    protected SecurityPolicy _policy = null;
    protected WssProviderSecurityEnvironment _sEnvironment = null;
    private boolean runtimeUsernamePassword = false;
    protected int optimize = 0;
    protected boolean configOptimizeAttribute = true;

    public void initialize(AuthPolicy authPolicy, AuthPolicy authPolicy2, CallbackHandler callbackHandler, Map map, boolean z) {
        boolean z2 = false;
        String str = (String) map.get(ModuleOptions.DEBUG);
        if (str != null && str.equals("true")) {
            z2 = true;
        }
        String str2 = (String) map.get(ModuleOptions.SECURITY_CONFIGURATION_FILE);
        String str3 = (String) map.get(ModuleOptions.SIGNING_KEY_ALIAS);
        String str4 = (String) map.get(ModuleOptions.ENCRYPTION_KEY_ALIAS);
        try {
            this._policy = SecurityConfigurationXmlReader.createDeclarativeConfiguration(str2 != null ? new BufferedInputStream(new FileInputStream(new File(str2))) : this instanceof ServerSecurityAuthModule ? getClass().getResourceAsStream("wss-server-config-2.0.xml") : getClass().getResourceAsStream("wss-client-config-2.0.xml"));
            int i = 8;
            int i2 = 8;
            if (authPolicy != null) {
                i = resolveConfigurationState(authPolicy, true, z);
            }
            if (authPolicy2 != null) {
                i2 = resolveConfigurationState(authPolicy2, false, z);
            }
            String str5 = (String) map.get(ModuleOptions.DYNAMIC_USERNAME_PASSWORD);
            if (str5 != null) {
                this.runtimeUsernamePassword = str5.equalsIgnoreCase("true");
            }
            if (z) {
                augmentConfiguration(i2, true, callbackHandler, z2, str3, str4);
                augmentConfiguration(i, false, callbackHandler, z2, str3, str4);
            } else {
                augmentConfiguration(i2, false, callbackHandler, z2, str3, str4);
                augmentConfiguration(i, true, callbackHandler, z2, str3, str4);
            }
            this._sEnvironment = new WssProviderSecurityEnvironment(callbackHandler, map);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.sun.xml.wss.provider.ConfigurationStates
    public int resolveConfigurationState(AuthPolicy authPolicy, boolean z, boolean z2) {
        boolean z3 = z2 ? !z : z;
        boolean isSourceAuthRequired = authPolicy.isSourceAuthRequired();
        boolean isRecipientAuthRequired = authPolicy.isRecipientAuthRequired();
        boolean isSenderAuthRequired = authPolicy.isSenderAuthRequired();
        boolean isContentAuthRequired = authPolicy.isContentAuthRequired();
        boolean isRecipientAuthBeforeContent = authPolicy.isRecipientAuthBeforeContent(z3);
        int i = -1;
        if (!isSourceAuthRequired || isRecipientAuthRequired) {
            if (!isSourceAuthRequired && isRecipientAuthRequired) {
                i = 1;
            } else if (!isSourceAuthRequired || !isRecipientAuthRequired) {
                i = 8;
            } else if (isRecipientAuthBeforeContent) {
                if (isSenderAuthRequired) {
                    i = 4;
                } else if (isContentAuthRequired) {
                    i = 6;
                }
            } else if (isSenderAuthRequired) {
                i = 5;
            } else if (isContentAuthRequired) {
                i = 7;
            }
        } else if (isSenderAuthRequired) {
            i = 2;
        } else if (isContentAuthRequired) {
            i = 3;
        }
        if (i == -1) {
            throw new RuntimeException("AuthPolicy configuration error: Invalid policy specification");
        }
        return i;
    }

    private Collection getEncryptPolicies(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        ArrayList arrayList = new ArrayList();
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.encryptionPolicy(wSSPolicy) && !hasEncryptUsernamePolicy((EncryptionPolicy) wSSPolicy, messagePolicy)) {
                arrayList.add(wSSPolicy);
            }
        }
        if (arrayList.isEmpty()) {
            throw new RuntimeException("Operation/Requirement (" + translate2configurationName(ENCRYPT_POLICY, z) + ") not specified in the Config. file is required by the policy");
        }
        return arrayList;
    }

    private Collection getEncryptPoliciesOptional(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        ArrayList arrayList = new ArrayList();
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.encryptionPolicy(wSSPolicy) && !hasEncryptUsernamePolicy((EncryptionPolicy) wSSPolicy, messagePolicy)) {
                arrayList.add(wSSPolicy);
            }
        }
        return arrayList;
    }

    private Collection getSignPolicies(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        ArrayList arrayList = new ArrayList();
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.signaturePolicy(wSSPolicy)) {
                arrayList.add(wSSPolicy);
            }
        }
        if (arrayList.isEmpty()) {
            throw new RuntimeException("Operation/Requirement (" + translate2configurationName(SIGN_POLICY, z) + ") not specified in the Config. file is required by the policy");
        }
        return arrayList;
    }

    private WSSPolicy getUsernamePolicy(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        WSSPolicy wSSPolicy = null;
        Iterator it = messagePolicy.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            WSSPolicy wSSPolicy2 = (WSSPolicy) it.next();
            if (PolicyTypeUtil.authenticationTokenPolicy(wSSPolicy2) && wSSPolicy2.getFeatureBinding() != null && PolicyTypeUtil.usernameTokenPolicy(wSSPolicy2.getFeatureBinding())) {
                if (z && !this.runtimeUsernamePassword) {
                    setUsernamePassword((AuthenticationTokenPolicy) wSSPolicy2, callbackHandler);
                }
                wSSPolicy = wSSPolicy2;
            }
        }
        if (wSSPolicy == null) {
            throw new RuntimeException("Operation/Requirement (" + translate2configurationName(USERNAMETOKEN_POLICY, z) + ") not specified in the Config. file is required by the policy");
        }
        return wSSPolicy;
    }

    private Collection getUsernamePolicies(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        ArrayList arrayList = new ArrayList();
        WSSPolicy wSSPolicy = null;
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy2 = (WSSPolicy) it.next();
            if (PolicyTypeUtil.authenticationTokenPolicy(wSSPolicy2)) {
                if (wSSPolicy2.getFeatureBinding() != null && PolicyTypeUtil.usernameTokenPolicy(wSSPolicy2.getFeatureBinding())) {
                    if (z && !this.runtimeUsernamePassword) {
                        setUsernamePassword((AuthenticationTokenPolicy) wSSPolicy2, callbackHandler);
                    }
                    arrayList.add(wSSPolicy2);
                }
            } else if (PolicyTypeUtil.encryptionPolicy(wSSPolicy2) && isEncryptUsernamePolicy((EncryptionPolicy) wSSPolicy2, messagePolicy)) {
                wSSPolicy = wSSPolicy2;
            }
        }
        if (arrayList.isEmpty()) {
            throw new RuntimeException("Operation/Requirement (" + translate2configurationName(USERNAMETOKEN_POLICY, z) + ") not specified in the Config. file is required by the policy");
        }
        if (wSSPolicy != null) {
            arrayList.add(wSSPolicy);
        }
        return arrayList;
    }

    private Collection getEncryptUsernamePolicies(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        ArrayList arrayList = new ArrayList();
        WSSPolicy encryptBodyUsernamePolicy = getEncryptBodyUsernamePolicy(messagePolicy);
        if (encryptBodyUsernamePolicy != null) {
            arrayList.addAll(getNonBodyUsernameEncryptPolicies(messagePolicy, callbackHandler, z));
            arrayList.add(getUsernamePolicy(messagePolicy, callbackHandler, z));
            arrayList.add(encryptBodyUsernamePolicy);
        } else {
            arrayList.addAll(getEncryptPoliciesOptional(messagePolicy, callbackHandler, z));
            arrayList.addAll(getUsernamePolicies(messagePolicy, callbackHandler, z));
        }
        if (arrayList.isEmpty()) {
            throw new RuntimeException("Operation/Requirement (" + translate2configurationName(ENCRYPT_POLICY, z) + ") not specified in the Config. file is required by the policy");
        }
        return arrayList;
    }

    private Collection getUsernameEncryptPolicies(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) throws PolicyGenerationException {
        ArrayList arrayList = new ArrayList();
        WSSPolicy encryptUsernameBodyPolicy = getEncryptUsernameBodyPolicy(messagePolicy);
        if (encryptUsernameBodyPolicy != null) {
            arrayList.add(getUsernamePolicy(messagePolicy, callbackHandler, z));
            arrayList.add(encryptUsernameBodyPolicy);
            arrayList.addAll(getNonBodyUsernameEncryptPolicies(messagePolicy, callbackHandler, z));
        } else {
            arrayList.addAll(getUsernamePolicies(messagePolicy, callbackHandler, z));
            arrayList.addAll(getEncryptPoliciesOptional(messagePolicy, callbackHandler, z));
        }
        if (arrayList.isEmpty()) {
            throw new RuntimeException("Operation/Requirement (" + translate2configurationName(USERNAMETOKEN_POLICY, z) + ") not specified in the Config. file is required by the policy");
        }
        return arrayList;
    }

    private WSSPolicy getTimestampPolicy(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) {
        WSSPolicy wSSPolicy = null;
        Iterator it = messagePolicy.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            WSSPolicy wSSPolicy2 = (WSSPolicy) it.next();
            if (PolicyTypeUtil.timestampPolicy(wSSPolicy2)) {
                wSSPolicy = wSSPolicy2;
                break;
            }
        }
        return wSSPolicy;
    }

    private void augmentConfiguration(int i, boolean z, CallbackHandler callbackHandler, boolean z2, String str, String str2) throws PolicyGenerationException {
        MessagePolicy senderSettings;
        MessagePolicy senderSettings2;
        DeclarativeSecurityConfiguration declarativeSecurityConfiguration = (DeclarativeSecurityConfiguration) this._policy;
        boolean z3 = false;
        if (i == 8) {
            if (z) {
                senderSettings2 = declarativeSecurityConfiguration.receiverSettings();
                senderSettings2.removeAll();
            } else {
                senderSettings2 = declarativeSecurityConfiguration.senderSettings();
                senderSettings2.removeAll();
            }
            if (z2) {
                senderSettings2.dumpMessages(true);
                return;
            }
            return;
        }
        if (z) {
            senderSettings = declarativeSecurityConfiguration.receiverSettings();
        } else {
            senderSettings = declarativeSecurityConfiguration.senderSettings();
            z3 = 0 == 0;
        }
        WSSPolicy timestampPolicy = getTimestampPolicy(senderSettings, callbackHandler, z3);
        boolean z4 = false;
        switch (i) {
            case 1:
                Collection encryptPolicies = getEncryptPolicies(senderSettings, callbackHandler, z3);
                senderSettings.removeAll();
                senderSettings.appendAll(encryptPolicies);
                break;
            case 2:
                Collection usernamePolicies = getUsernamePolicies(senderSettings, callbackHandler, z3);
                senderSettings.removeAll();
                senderSettings.appendAll(usernamePolicies);
                if (!z && this.configOptimizeAttribute) {
                    this.optimize = 4;
                    break;
                }
                break;
            case 3:
                Collection signPolicies = getSignPolicies(senderSettings, callbackHandler, z3);
                z4 = !signPolicies.isEmpty();
                senderSettings.removeAll();
                senderSettings.appendAll(signPolicies);
                if (!z && this.configOptimizeAttribute) {
                    this.optimize = 1;
                    break;
                }
                break;
            case 4:
                Collection encryptUsernamePolicies = getEncryptUsernamePolicies(senderSettings, callbackHandler, z3);
                senderSettings.removeAll();
                senderSettings.appendAll(encryptUsernamePolicies);
                break;
            case 5:
                Collection usernameEncryptPolicies = getUsernameEncryptPolicies(senderSettings, callbackHandler, z3);
                senderSettings.removeAll();
                senderSettings.appendAll(usernameEncryptPolicies);
                break;
            case 6:
                Collection encryptPolicies2 = getEncryptPolicies(senderSettings, callbackHandler, z3);
                Collection signPolicies2 = getSignPolicies(senderSettings, callbackHandler, z3);
                z4 = !signPolicies2.isEmpty();
                encryptPolicies2.addAll(signPolicies2);
                senderSettings.removeAll();
                senderSettings.appendAll(encryptPolicies2);
                break;
            case 7:
                Collection signPolicies3 = getSignPolicies(senderSettings, callbackHandler, z3);
                z4 = !signPolicies3.isEmpty();
                signPolicies3.addAll(getEncryptPolicies(senderSettings, callbackHandler, z3));
                senderSettings.removeAll();
                senderSettings.appendAll(signPolicies3);
                if (!z && this.configOptimizeAttribute) {
                    this.optimize = 2;
                    break;
                }
                break;
        }
        if (timestampPolicy != null && z4) {
            senderSettings.prepend(timestampPolicy);
        }
        if (z2) {
            senderSettings.dumpMessages(true);
        }
        augmentSignAlias(senderSettings, str);
        augmentEncryptAlias(senderSettings, str2);
    }

    private String translate2configurationName(String str, boolean z) {
        String str2 = null;
        if (str == SIGN_POLICY) {
            str2 = z ? "xwss:Sign" : "xwss:RequireSignature";
        } else if (str == ENCRYPT_POLICY) {
            str2 = z ? "xwss:Encrypt" : "xwss:RequireEncryption";
        } else if (str == USERNAMETOKEN_POLICY) {
            str2 = z ? "xwss:UsernameToken" : "xwss:RequireUsernameToken";
        }
        return str2;
    }

    private boolean isEncryptUsernamePolicy(EncryptionPolicy encryptionPolicy, MessagePolicy messagePolicy) {
        EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding();
        if (featureBinding.getTargetBindings().size() != 1) {
            return false;
        }
        Target target = (Target) featureBinding.getTargetBindings().iterator().next();
        return target.getType() == "uri" ? uriIsUsernameToken(messagePolicy, target.getValue()) : target.getValue().indexOf("UsernameToken") > -1;
    }

    private boolean hasEncryptUsernamePolicy(EncryptionPolicy encryptionPolicy, MessagePolicy messagePolicy) {
        Iterator it = ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).getTargetBindings().iterator();
        while (it.hasNext()) {
            Target target = (Target) it.next();
            if (target.getType() == "uri") {
                return uriIsUsernameToken(messagePolicy, target.getValue());
            }
            if (target.getValue().indexOf("UsernameToken") > -1) {
                return true;
            }
        }
        return false;
    }

    private boolean uriIsUsernameToken(MessagePolicy messagePolicy, String str) {
        MLSPolicy featureBinding;
        String str2 = str;
        if (str.startsWith("#")) {
            str2 = str.substring(1);
        }
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.authenticationTokenPolicy(wSSPolicy) && (featureBinding = wSSPolicy.getFeatureBinding()) != null && PolicyTypeUtil.usernameTokenPolicy(featureBinding)) {
                if (str2.equals(((AuthenticationTokenPolicy.UsernameTokenBinding) featureBinding).getUUID())) {
                    return true;
                }
            }
        }
        return false;
    }

    private WSSPolicy getEncryptBodyUsernamePolicy(MessagePolicy messagePolicy) {
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.encryptionPolicy(wSSPolicy)) {
                EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) wSSPolicy.getFeatureBinding();
                if (featureBinding.getTargetBindings().size() > 1 && hasBodyFollowedByUsername(featureBinding.getTargetBindings())) {
                    return wSSPolicy;
                }
            }
        }
        return null;
    }

    private WSSPolicy getEncryptUsernameBodyPolicy(MessagePolicy messagePolicy) {
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.encryptionPolicy(wSSPolicy)) {
                EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) wSSPolicy.getFeatureBinding();
                if (featureBinding.getTargetBindings().size() > 1 && hasUsernameFollowedByBody(featureBinding.getTargetBindings())) {
                    return wSSPolicy;
                }
            }
        }
        return null;
    }

    private boolean hasUsernameFollowedByBody(ArrayList arrayList) {
        return ((Target) arrayList.get(0)).getValue().indexOf("UsernameToken") != -1;
    }

    private boolean hasBodyFollowedByUsername(ArrayList arrayList) {
        return ((Target) arrayList.get(arrayList.size() - 1)).getValue().indexOf("UsernameToken") != -1;
    }

    private void setUsernamePassword(AuthenticationTokenPolicy authenticationTokenPolicy, CallbackHandler callbackHandler) {
        AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = (AuthenticationTokenPolicy.UsernameTokenBinding) authenticationTokenPolicy.getFeatureBinding();
        Callback nameCallback = new NameCallback("Username: ");
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        try {
            callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            usernameTokenBinding.setUsername(nameCallback.getName());
            usernameTokenBinding.setPassword(new String(passwordCallback.getPassword()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Collection getNonBodyUsernameEncryptPolicies(MessagePolicy messagePolicy, CallbackHandler callbackHandler, boolean z) {
        ArrayList arrayList = new ArrayList();
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            if (PolicyTypeUtil.encryptionPolicy(wSSPolicy) && !hasEncryptBodyPolicy((EncryptionPolicy) wSSPolicy) && !hasEncryptUsernamePolicy((EncryptionPolicy) wSSPolicy, messagePolicy)) {
                arrayList.add(wSSPolicy);
            }
        }
        return arrayList;
    }

    private boolean hasEncryptBodyPolicy(EncryptionPolicy encryptionPolicy) {
        Iterator it = ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).getTargetBindings().iterator();
        while (it.hasNext()) {
            if (((Target) it.next()).getValue().indexOf("Body") > -1) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isOptimized(SOAPMessage sOAPMessage) {
        return sOAPMessage.getClass().getName().equals("com.sun.xml.messaging.saaj.soap.ver1_1.ExpressMessage1_1Impl") || sOAPMessage.getClass().getName().equals("com.sun.xml.messaging.saaj.soap.ver1_2.ExpressMessage1_2Impl");
    }

    private void augmentSignAlias(MessagePolicy messagePolicy, String str) {
        if (str == null) {
            return;
        }
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            MLSPolicy keyBinding = wSSPolicy.getKeyBinding();
            if ((wSSPolicy instanceof SignaturePolicy) && keyBinding != null && (keyBinding instanceof AuthenticationTokenPolicy.X509CertificateBinding)) {
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
                if (x509CertificateBinding.getCertificateIdentifier() != null) {
                    x509CertificateBinding.setCertificateIdentifier(str);
                }
            }
        }
    }

    private void augmentEncryptAlias(MessagePolicy messagePolicy, String str) {
        if (str == null) {
            return;
        }
        Iterator it = messagePolicy.iterator();
        while (it.hasNext()) {
            WSSPolicy wSSPolicy = (WSSPolicy) it.next();
            MLSPolicy keyBinding = wSSPolicy.getKeyBinding();
            if ((wSSPolicy instanceof EncryptionPolicy) && keyBinding != null && (keyBinding instanceof AuthenticationTokenPolicy.X509CertificateBinding)) {
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
                if (x509CertificateBinding.getCertificateIdentifier() != null) {
                    x509CertificateBinding.setCertificateIdentifier(str);
                }
            }
        }
    }
}
