package org.apache.rampart.builder;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/open/rampart/rampart-core-1.6.2.jar:org/apache/rampart/builder/SymmetricBindingBuilder.class */
public class SymmetricBindingBuilder extends BindingBuilder {
    private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);
    private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);

    public void build(RampartMessageData rampartMessageData) throws RampartException {
        log.debug("SymmetricBindingBuilder build invoked");
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (policyData.isIncludeTimestamp()) {
            addTimestamp(rampartMessageData);
        }
        if (rampartMessageData.isInitiator()) {
            initializeTokens(rampartMessageData);
        }
        if ("EncryptBeforeSigning".equals(policyData.getProtectionOrder())) {
            doEncryptBeforeSig(rampartMessageData);
        } else {
            doSignBeforeEncrypt(rampartMessageData);
        }
        log.debug("SymmetricBindingBuilder build invoked : DONE");
    }

    private void doEncryptBeforeSig(RampartMessageData rampartMessageData) throws RampartException {
        Element encryptForExternalRef;
        long j = 0;
        long j2 = 0;
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        ArrayList arrayList = new ArrayList();
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        Token encryptionToken = policyData.getEncryptionToken();
        List<WSEncryptionPart> encryptedParts = RampartUtil.getEncryptedParts(rampartMessageData);
        List<WSEncryptionPart> signedParts = RampartUtil.getSignedParts(rampartMessageData);
        if (encryptionToken == null && encryptedParts.size() > 0) {
            throw new RampartException("encryptionTokenMissing");
        }
        if (encryptionToken == null || encryptedParts.size() <= 0) {
            throw new RampartException("encryptionTokenMissing");
        }
        String str = null;
        if (encryptionToken instanceof IssuedToken) {
            str = rampartMessageData.getIssuedEncryptionTokenId();
            if (log.isDebugEnabled()) {
                log.debug("Issued EncryptionToken Id : " + str);
            }
        } else if (encryptionToken instanceof SecureConversationToken) {
            str = rampartMessageData.getSecConvTokenId();
            if (log.isDebugEnabled()) {
                log.debug("SCT Id : " + str);
            }
        } else if (encryptionToken instanceof X509Token) {
            str = rampartMessageData.isInitiator() ? setupEncryptedKey(rampartMessageData, encryptionToken) : getEncryptedKey(rampartMessageData);
        }
        if (str == null || str.length() == 0) {
            throw new RampartException("noSecurityToken");
        }
        if (str.startsWith("#")) {
            str = str.substring(1);
        }
        org.apache.rahas.Token token = getToken(rampartMessageData, str);
        boolean z = false;
        Element element = null;
        WSSecDKEncrypt wSSecDKEncrypt = null;
        WSSecEncrypt wSSecEncrypt = null;
        Element element2 = null;
        if (5 == encryptionToken.getInclusion() || 2 == encryptionToken.getInclusion() || (rampartMessageData.isInitiator() && 3 == encryptionToken.getInclusion())) {
            element = RampartUtil.appendChildToSecHeader(rampartMessageData, token.getToken());
            z = true;
        } else if ((encryptionToken instanceof X509Token) && rampartMessageData.isInitiator()) {
            element = RampartUtil.appendChildToSecHeader(rampartMessageData, token.getToken());
        }
        Document document = rampartMessageData.getDocument();
        AlgorithmSuite algorithmSuite = policyData.getAlgorithmSuite();
        if (encryptionToken.isDerivedKeys()) {
            log.debug("Use drived keys");
            wSSecDKEncrypt = new WSSecDKEncrypt();
            if (z && token.getAttachedReference() != null) {
                wSSecDKEncrypt.setExternalKey(token.getSecret(), (Element) document.importNode((Element) token.getAttachedReference(), true));
            } else if (token.getUnattachedReference() != null) {
                wSSecDKEncrypt.setExternalKey(token.getSecret(), (Element) document.importNode((Element) token.getUnattachedReference(), true));
            } else {
                wSSecDKEncrypt.setExternalKey(token.getSecret(), token.getId());
            }
            try {
                wSSecDKEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                wSSecDKEncrypt.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength() / 8);
                wSSecDKEncrypt.prepare(document);
                element2 = wSSecDKEncrypt.getdktElement();
                RampartUtil.appendChildToSecHeader(rampartMessageData, element2);
                encryptForExternalRef = wSSecDKEncrypt.encryptForExternalRef(null, encryptedParts);
            } catch (WSSecurityException e) {
                throw new RampartException("errorInDKEncr");
            } catch (ConversationException e2) {
                throw new RampartException("errorInDKEncr");
            }
        } else {
            log.debug("NO derived keys, use the shared secret");
            wSSecEncrypt = new WSSecEncrypt();
            wSSecEncrypt.setWsConfig(rampartMessageData.getConfig());
            wSSecEncrypt.setEncKeyId(str);
            RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncrypt);
            wSSecEncrypt.setEphemeralKey(token.getSecret());
            wSSecEncrypt.setDocument(document);
            wSSecEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
            wSSecEncrypt.setEncryptSymmKey(false);
            if (!rampartMessageData.isInitiator() && (token instanceof EncryptedKeyToken)) {
                wSSecEncrypt.setEncKeyIdDirectId(true);
                wSSecEncrypt.setCustomReferenceValue(((EncryptedKeyToken) token).getSHA1());
                wSSecEncrypt.setKeyIdentifierType(10);
            }
            try {
                wSSecEncrypt.prepare(document, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()));
                encryptForExternalRef = wSSecEncrypt.encryptForExternalRef(null, encryptedParts);
            } catch (WSSecurityException e3) {
                throw new RampartException("errorInEncryption", e3);
            }
        }
        this.mainRefListElement = RampartUtil.appendChildToSecHeader(rampartMessageData, encryptForExternalRef);
        if (tlog.isDebugEnabled()) {
            j2 = System.currentTimeMillis();
        }
        if (element != null) {
            setInsertionLocation(element);
        } else if (this.timestampElement != null) {
            setInsertionLocation(this.timestampElement);
        }
        RampartUtil.handleEncryptedSignedHeaders(encryptedParts, signedParts, document);
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        HashMap hashMap3 = null;
        HashMap hashMap4 = null;
        if (this.timestampElement != null) {
            signedParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.timestampElement)));
        }
        if (rampartMessageData.isInitiator()) {
            HashMap handleSupportingTokens = handleSupportingTokens(rampartMessageData, policyData.getSignedSupportingTokens());
            hashMap = handleSupportingTokens(rampartMessageData, policyData.getEndorsingSupportingTokens());
            hashMap2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingSupportingTokens());
            HashMap handleSupportingTokens2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEncryptedSupportingTokens());
            hashMap3 = handleSupportingTokens(rampartMessageData, policyData.getEndorsingEncryptedSupportingTokens());
            hashMap4 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingEncryptedSupportingTokens());
            Iterator<SupportingToken> it = policyData.getSupportingTokensList().iterator();
            while (it.hasNext()) {
                handleSupportingTokens(rampartMessageData, it.next());
            }
            handleSupportingTokens(rampartMessageData, policyData.getEncryptedSupportingTokens());
            signedParts = addSignatureParts(hashMap4, addSignatureParts(hashMap2, addSignatureParts(handleSupportingTokens2, addSignatureParts(handleSupportingTokens, signedParts))));
        } else {
            addSignatureConfirmation(rampartMessageData, signedParts);
        }
        if (signedParts.size() > 0) {
            arrayList.add(doSymmSignature(rampartMessageData, encryptionToken, token, signedParts));
            this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) getInsertionLocation());
        }
        if (rampartMessageData.isInitiator()) {
            hashMap.putAll(hashMap3);
            Iterator<byte[]> it2 = doEndorsedSignatures(rampartMessageData, hashMap).iterator();
            while (it2.hasNext()) {
                arrayList.add(it2.next());
            }
            hashMap2.putAll(hashMap4);
            Iterator<byte[]> it3 = doEndorsedSignatures(rampartMessageData, hashMap2).iterator();
            while (it3.hasNext()) {
                arrayList.add(it3.next());
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Encryption took :" + (j2 - j) + ", Signature tool :" + (System.currentTimeMillis() - j2));
        }
        if ((!policyData.isSignatureProtection() || this.mainSigId == null) && (this.encryptedTokensIdList.size() <= 0 || !rampartMessageData.isInitiator())) {
            return;
        }
        long j3 = 0;
        if (tlog.isDebugEnabled()) {
            j3 = System.currentTimeMillis();
        }
        log.debug("Signature protection");
        ArrayList arrayList2 = new ArrayList();
        if (policyData.isSignatureProtection()) {
            arrayList2.add(new WSEncryptionPart(this.mainSigId, RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
        }
        if (rampartMessageData.isInitiator()) {
            Iterator<String> it4 = this.encryptedTokensIdList.iterator();
            while (it4.hasNext()) {
                arrayList2.add(new WSEncryptionPart(it4.next(), RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
            }
        }
        if (encryptionToken.isDerivedKeys()) {
            try {
                RampartUtil.insertSiblingAfter(rampartMessageData, element2, wSSecDKEncrypt.encryptForExternalRef(null, arrayList2));
            } catch (WSSecurityException e4) {
                throw new RampartException("errorInDKEncr");
            }
        } else {
            try {
                RampartUtil.insertSiblingAfter(rampartMessageData, element, wSSecEncrypt.encryptForExternalRef(null, encryptedParts));
            } catch (WSSecurityException e5) {
                throw new RampartException("errorInEncryption", e5);
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Signature protection took :" + (System.currentTimeMillis() - j3));
        }
    }

    private void doSignBeforeEncrypt(RampartMessageData rampartMessageData) throws RampartException {
        String issuedEncryptionTokenId;
        org.apache.rahas.Token token;
        long j = 0;
        long j2 = 0;
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        Token signatureToken = policyData.getSignatureToken();
        String str = null;
        Element element = null;
        ArrayList arrayList = new ArrayList();
        if (signatureToken == null) {
            throw new RampartException("signatureTokenMissing");
        }
        if (signatureToken instanceof SecureConversationToken) {
            str = rampartMessageData.getSecConvTokenId();
        } else if (signatureToken instanceof IssuedToken) {
            str = rampartMessageData.getIssuedSignatureTokenId();
        } else if (signatureToken instanceof X509Token) {
            str = rampartMessageData.isInitiator() ? setupEncryptedKey(rampartMessageData, signatureToken) : getEncryptedKey(rampartMessageData);
        }
        if (str == null || str.length() == 0) {
            throw new RampartException("noSecurityToken");
        }
        org.apache.rahas.Token token2 = getToken(rampartMessageData, str);
        if (5 == signatureToken.getInclusion() || 2 == signatureToken.getInclusion() || (rampartMessageData.isInitiator() && 3 == signatureToken.getInclusion())) {
            element = RampartUtil.appendChildToSecHeader(rampartMessageData, token2.getToken());
            setInsertionLocation(element);
        } else if ((rampartMessageData.isInitiator() && (signatureToken instanceof X509Token)) || (signatureToken instanceof SecureConversationToken)) {
            element = RampartUtil.appendChildToSecHeader(rampartMessageData, token2.getToken());
            setInsertionLocation(element);
        }
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        HashMap hashMap3 = null;
        HashMap hashMap4 = null;
        List<WSEncryptionPart> signedParts = RampartUtil.getSignedParts(rampartMessageData);
        if (this.timestampElement != null) {
            signedParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.timestampElement)));
        }
        if (rampartMessageData.isInitiator()) {
            HashMap handleSupportingTokens = handleSupportingTokens(rampartMessageData, policyData.getSignedSupportingTokens());
            hashMap = handleSupportingTokens(rampartMessageData, policyData.getEndorsingSupportingTokens());
            hashMap2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingSupportingTokens());
            HashMap handleSupportingTokens2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEncryptedSupportingTokens());
            hashMap3 = handleSupportingTokens(rampartMessageData, policyData.getEndorsingEncryptedSupportingTokens());
            hashMap4 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingEncryptedSupportingTokens());
            Iterator<SupportingToken> it = policyData.getSupportingTokensList().iterator();
            while (it.hasNext()) {
                handleSupportingTokens(rampartMessageData, it.next());
            }
            handleSupportingTokens(rampartMessageData, policyData.getEncryptedSupportingTokens());
            signedParts = addSignatureParts(hashMap4, addSignatureParts(hashMap2, addSignatureParts(handleSupportingTokens2, addSignatureParts(handleSupportingTokens, signedParts))));
        } else {
            addSignatureConfirmation(rampartMessageData, signedParts);
        }
        if (signedParts.size() > 0) {
            arrayList.add(doSymmSignature(rampartMessageData, signatureToken, token2, signedParts));
            this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) getInsertionLocation());
        }
        if (rampartMessageData.isInitiator()) {
            hashMap.putAll(hashMap3);
            Iterator<byte[]> it2 = doEndorsedSignatures(rampartMessageData, hashMap).iterator();
            while (it2.hasNext()) {
                arrayList.add(it2.next());
            }
            hashMap2.putAll(hashMap4);
            Iterator<byte[]> it3 = doEndorsedSignatures(rampartMessageData, hashMap2).iterator();
            while (it3.hasNext()) {
                arrayList.add(it3.next());
            }
        }
        if (tlog.isDebugEnabled()) {
            j2 = System.currentTimeMillis();
        }
        Token encryptionToken = policyData.getEncryptionToken();
        Element element2 = null;
        if (signatureToken.equals(encryptionToken)) {
            issuedEncryptionTokenId = str;
            token = token2;
            element2 = element;
        } else {
            issuedEncryptionTokenId = rampartMessageData.getIssuedEncryptionTokenId();
            token = getToken(rampartMessageData, issuedEncryptionTokenId);
            if (5 == encryptionToken.getInclusion() || 2 == encryptionToken.getInclusion() || (rampartMessageData.isInitiator() && 3 == encryptionToken.getInclusion())) {
                element2 = (Element) token.getToken();
                RampartUtil.insertSiblingBefore(rampartMessageData, element, element2);
            }
        }
        List<WSEncryptionPart> encryptedParts = RampartUtil.getEncryptedParts(rampartMessageData);
        if (policyData.isSignatureProtection() && this.mainSigId != null) {
            encryptedParts.add(new WSEncryptionPart(this.mainSigId, RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
        }
        if (rampartMessageData.isInitiator()) {
            Iterator<String> it4 = this.encryptedTokensIdList.iterator();
            while (it4.hasNext()) {
                encryptedParts.add(new WSEncryptionPart(it4.next(), RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
            }
        }
        if (encryptedParts.size() > 0) {
            if (encryptionToken.isDerivedKeys()) {
                try {
                    WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
                    if (2 == encryptionToken.getVersion()) {
                        wSSecDKEncrypt.setWscVersion(2);
                    }
                    if (element2 != null && token.getAttachedReference() != null) {
                        wSSecDKEncrypt.setExternalKey(token.getSecret(), (Element) document.importNode((Element) token.getAttachedReference(), true));
                    } else if (token.getUnattachedReference() != null) {
                        wSSecDKEncrypt.setExternalKey(token.getSecret(), (Element) document.importNode((Element) token.getUnattachedReference(), true));
                    } else if (rampartMessageData.isInitiator() || !encryptionToken.isDerivedKeys()) {
                        wSSecDKEncrypt.setExternalKey(token.getSecret(), token.getId());
                    } else {
                        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                        if (token instanceof EncryptedKeyToken) {
                            securityTokenReference.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken) token).getSHA1());
                        }
                        wSSecDKEncrypt.setExternalKey(token.getSecret(), securityTokenReference.getElement());
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    }
                    if (token instanceof EncryptedKeyToken) {
                        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    }
                    wSSecDKEncrypt.setSymmetricEncAlgorithm(policyData.getAlgorithmSuite().getEncryption());
                    wSSecDKEncrypt.setDerivedKeyLength(policyData.getAlgorithmSuite().getEncryptionDerivedKeyLength() / 8);
                    wSSecDKEncrypt.prepare(document);
                    Element element3 = wSSecDKEncrypt.getdktElement();
                    if (element2 != null) {
                        RampartUtil.insertSiblingAfter(rampartMessageData, element2, element3);
                    } else if (this.timestampElement != null) {
                        RampartUtil.insertSiblingAfter(rampartMessageData, this.timestampElement, element3);
                    } else {
                        RampartUtil.insertSiblingBefore(rampartMessageData, getInsertionLocation(), element3);
                    }
                    RampartUtil.insertSiblingAfter(rampartMessageData, element3, wSSecDKEncrypt.encryptForExternalRef(null, encryptedParts));
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInDKEncr");
                } catch (ConversationException e2) {
                    throw new RampartException("errorInDKEncr");
                }
            } else {
                try {
                    WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
                    wSSecEncrypt.setWsConfig(rampartMessageData.getConfig());
                    if (issuedEncryptionTokenId.startsWith("#")) {
                        issuedEncryptionTokenId = issuedEncryptionTokenId.substring(1);
                    }
                    wSSecEncrypt.setEncKeyId(issuedEncryptionTokenId);
                    wSSecEncrypt.setEphemeralKey(token.getSecret());
                    RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncrypt);
                    wSSecEncrypt.setDocument(document);
                    wSSecEncrypt.setEncryptSymmKey(false);
                    wSSecEncrypt.setSymmetricEncAlgorithm(policyData.getAlgorithmSuite().getEncryption());
                    if (!rampartMessageData.isInitiator() && (token instanceof EncryptedKeyToken)) {
                        wSSecEncrypt.setEncKeyIdDirectId(true);
                        wSSecEncrypt.setCustomReferenceValue(((EncryptedKeyToken) token).getSHA1());
                        wSSecEncrypt.setKeyIdentifierType(10);
                    }
                    wSSecEncrypt.prepare(document, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()));
                    Element encryptForExternalRef = wSSecEncrypt.encryptForExternalRef(null, encryptedParts);
                    if (element2 != null) {
                        RampartUtil.insertSiblingAfter(rampartMessageData, element2, encryptForExternalRef);
                    } else {
                        RampartUtil.insertSiblingBeforeOrPrepend(rampartMessageData, getInsertionLocation(), encryptForExternalRef);
                    }
                } catch (WSSecurityException e3) {
                    throw new RampartException("errorInEncryption", e3);
                }
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Signature took :" + (j2 - j) + ", Encryption took :" + (System.currentTimeMillis() - j2));
        }
    }

    private String setupEncryptedKey(RampartMessageData rampartMessageData, Token token) throws RampartException {
        try {
            WSSecEncryptedKey encryptedKeyBuilder = getEncryptedKeyBuilder(rampartMessageData, token);
            String id = encryptedKeyBuilder.getId();
            byte[] ephemeralKey = encryptedKeyBuilder.getEphemeralKey();
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(System.currentTimeMillis() + 300000);
            EncryptedKeyToken encryptedKeyToken = new EncryptedKeyToken(id, (OMElement) encryptedKeyBuilder.getEncryptedKeyElement(), date, date2);
            encryptedKeyToken.setSecret(ephemeralKey);
            encryptedKeyToken.setSHA1(getSHA1(encryptedKeyBuilder.getEncryptedEphemeralKey()));
            rampartMessageData.getTokenStorage().add(encryptedKeyToken);
            String bSTTokenId = encryptedKeyBuilder.getBSTTokenId();
            if (bSTTokenId != null && bSTTokenId.length() > 0) {
                RampartUtil.appendChildToSecHeader(rampartMessageData, encryptedKeyBuilder.getBinarySecurityTokenElement());
            }
            return id;
        } catch (TrustException e) {
            throw new RampartException("errorInAddingTokenIntoStore");
        }
    }

    private String getSHA1(byte[] bArr) throws RampartException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new RampartException("noSHA1availabe", e);
        }
    }

    private String getEncryptedKey(RampartMessageData rampartMessageData) throws RampartException {
        Iterator it = ((List) rampartMessageData.getMsgContext().getProperty("RECV_RESULTS")).iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : ((WSHandlerResult) it.next()).getResults()) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 4 && wSSecurityEngineResult.get("id") != null && ((String) wSSecurityEngineResult.get("id")).length() != 0) {
                    try {
                        String str = (String) wSSecurityEngineResult.get("id");
                        Date date = new Date();
                        Date date2 = new Date();
                        date2.setTime(System.currentTimeMillis() + 300000);
                        EncryptedKeyToken encryptedKeyToken = new EncryptedKeyToken(str, date, date2);
                        encryptedKeyToken.setSecret((byte[]) wSSecurityEngineResult.get("secret"));
                        encryptedKeyToken.setSHA1(getSHA1((byte[]) wSSecurityEngineResult.get("encrypted-ephemeral-key-bytes")));
                        rampartMessageData.getTokenStorage().add(encryptedKeyToken);
                        return str;
                    } catch (TrustException e) {
                        throw new RampartException("errorInAddingTokenIntoStore");
                    }
                }
            }
        }
        return null;
    }

    private void initializeTokens(RampartMessageData rampartMessageData) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        MessageContext msgContext = rampartMessageData.getMsgContext();
        if (!policyData.isSymmetricBinding() || msgContext.isServerSide()) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Processing symmetric binding: Setting up encryption token and signature token");
        }
        Token signatureToken = policyData.getSignatureToken();
        Token encryptionToken = policyData.getEncryptionToken();
        if (signatureToken instanceof IssuedToken) {
            log.debug("SignatureToken is an IssuedToken");
            if (rampartMessageData.getIssuedSignatureTokenId() == null) {
                log.debug("No Issuedtoken found, requesting a new token");
                rampartMessageData.setIssuedSignatureTokenId(RampartUtil.getIssuedToken(rampartMessageData, (IssuedToken) signatureToken));
            }
        } else if (signatureToken instanceof SecureConversationToken) {
            log.debug("SignatureToken is a SecureConversationToken");
            String secConvTokenId = rampartMessageData.getSecConvTokenId();
            String action = msgContext.getOptions().getAction();
            boolean z = action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel") || action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel") || action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel") || action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel");
            if (secConvTokenId != null && z) {
                try {
                    rampartMessageData.getTokenStorage().getToken(secConvTokenId).setState(3);
                    msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                    RampartUtil.getContextMap(msgContext).remove(RampartUtil.getContextIdentifierKey(msgContext));
                } catch (TrustException e) {
                    throw new RampartException("errorExtractingToken");
                }
            }
            if (secConvTokenId == null || (secConvTokenId != null && !RampartUtil.isTokenValid(rampartMessageData, secConvTokenId) && !z)) {
                log.debug("No SecureConversationToken found, requesting a new token");
                try {
                    rampartMessageData.setSecConvTokenId(RampartUtil.getSecConvToken(rampartMessageData, (SecureConversationToken) signatureToken));
                } catch (TrustException e2) {
                    throw new RampartException("errorInObtainingSct", e2);
                }
            }
        }
        if (signatureToken.equals(encryptionToken) && (signatureToken instanceof IssuedToken)) {
            log.debug("Symmetric binding uses a ProtectionToken, both SignatureToken and EncryptionToken are the same");
            rampartMessageData.setIssuedEncryptionTokenId(rampartMessageData.getIssuedEncryptionTokenId());
            return;
        }
        log.debug("Obtaining the Encryption Token");
        if (rampartMessageData.getIssuedEncryptionTokenId() != null) {
            log.debug("EncrytionToken not alredy set");
            rampartMessageData.setIssuedEncryptionTokenId(RampartUtil.getIssuedToken(rampartMessageData, (IssuedToken) encryptionToken));
        }
    }
}
