package org.apache.rampart.builder;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.crypto.dsig.Reference;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.Options;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.SimpleTokenStore;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecSignatureConfirmation;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/open/rampart/rampart-core-1.6.2.jar:org/apache/rampart/builder/BindingBuilder.class */
public abstract class BindingBuilder {
    private static Log log = LogFactory.getLog(BindingBuilder.class);
    private Element insertionLocation;
    protected String mainSigId = null;
    protected ArrayList<String> encryptedTokensIdList = new ArrayList<>();
    protected Element timestampElement;
    protected Element mainRefListElement;

    /* JADX INFO: Access modifiers changed from: protected */
    public void addTimestamp(RampartMessageData rampartMessageData) {
        log.debug("Adding timestamp");
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp();
        wSSecTimestamp.setWsConfig(rampartMessageData.getConfig());
        wSSecTimestamp.setTimeToLive(RampartUtil.getTimeToLive(rampartMessageData));
        wSSecTimestamp.build(rampartMessageData.getDocument(), rampartMessageData.getSecHeader());
        if (log.isDebugEnabled()) {
            log.debug("Timestamp id: " + wSSecTimestamp.getId());
        }
        rampartMessageData.setTimestampId(wSSecTimestamp.getId());
        this.timestampElement = wSSecTimestamp.getElement();
        log.debug("Adding timestamp: DONE");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecUsernameToken addUsernameToken(RampartMessageData rampartMessageData, UsernameToken usernameToken) throws RampartException {
        log.debug("Adding a UsernameToken");
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Options options = rampartMessageData.getMsgContext().getOptions();
        String userName = options.getUserName();
        if ((userName == null || userName.length() == 0) && policyData.getRampartConfig() != null) {
            userName = policyData.getRampartConfig().getUser();
        }
        if (userName == null || "".equals(userName)) {
            log.debug("No user value specified in the configuration");
            throw new RampartException("userMissing");
        }
        if (log.isDebugEnabled()) {
            log.debug("User : " + userName);
        }
        if (usernameToken.isNoPassword()) {
            WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
            wSSecUsernameToken.setUserInfo(userName, null);
            wSSecUsernameToken.setPasswordType(null);
            if (rampartMessageData.getConfig() != null) {
                wSSecUsernameToken.setWsConfig(rampartMessageData.getConfig());
            }
            return wSSecUsernameToken;
        }
        String password = options.getPassword();
        if (password == null || password.length() == 0) {
            CallbackHandler passwordCB = RampartUtil.getPasswordCB(rampartMessageData);
            if (passwordCB == null) {
                throw new RampartException("cbHandlerMissing");
            }
            WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(userName, 2)};
            try {
                passwordCB.handle(wSPasswordCallbackArr);
                password = wSPasswordCallbackArr[0].getPassword();
            } catch (Exception e) {
                throw new RampartException("errorInGettingPasswordForUser", new String[]{userName}, e);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Password : " + password);
        }
        if (password == null || "".equals(password)) {
            throw new RampartException("noPasswordForUser", new String[]{userName});
        }
        WSSecUsernameToken wSSecUsernameToken2 = new WSSecUsernameToken();
        if (rampartMessageData.getConfig() != null) {
            wSSecUsernameToken2.setWsConfig(rampartMessageData.getConfig());
        }
        if (usernameToken.isHashPassword()) {
            wSSecUsernameToken2.setPasswordType(WSConstants.PASSWORD_DIGEST);
        } else {
            wSSecUsernameToken2.setPasswordType(WSConstants.PASSWORD_TEXT);
        }
        wSSecUsernameToken2.setUserInfo(userName, password);
        return wSSecUsernameToken2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rampartMessageData, Token token) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        try {
            RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecEncryptedKey, token);
            RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncryptedKey);
            wSSecEncryptedKey.setKeyEncAlgo(policyData.getAlgorithmSuite().getAsymmetricKeyWrap());
            wSSecEncryptedKey.setSymmetricEncAlgorithm(policyData.getAlgorithmSuite().getEncryption());
            wSSecEncryptedKey.prepare(document, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()));
            return wSSecEncryptedKey;
        } catch (WSSecurityException e) {
            throw new RampartException("errorCreatingEncryptedKey", e);
        }
    }

    @Deprecated
    protected WSSecSignature getSignatureBuider(RampartMessageData rampartMessageData, Token token) throws RampartException {
        return getSignatureBuilder(rampartMessageData, token, null);
    }

    @Deprecated
    protected WSSecSignature getSignatureBuider(RampartMessageData rampartMessageData, Token token, String str) throws RampartException {
        return getSignatureBuilder(rampartMessageData, token, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecSignature getSignatureBuilder(RampartMessageData rampartMessageData, Token token) throws RampartException {
        return getSignatureBuilder(rampartMessageData, token, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecSignature getSignatureBuilder(RampartMessageData rampartMessageData, Token token, String str) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        WSSecSignature wSSecSignature = new WSSecSignature();
        checkForX509PkiPath(wSSecSignature, token);
        wSSecSignature.setWsConfig(rampartMessageData.getConfig());
        if (log.isDebugEnabled()) {
            log.debug("Token inclusion: " + token.getInclusion());
        }
        RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecSignature, token);
        String str2 = null;
        if (str != null) {
            str2 = str;
        }
        if (str2 == null) {
            str2 = policyData.getRampartConfig().getUserCertAlias();
        }
        if (str2 == null) {
            str2 = policyData.getRampartConfig().getUser();
        }
        if (str2 == null || "".equals(str2)) {
            log.debug("No user value specified in the configuration");
            throw new RampartException("userMissing");
        }
        if (log.isDebugEnabled()) {
            log.debug("User : " + str2);
        }
        CallbackHandler passwordCB = RampartUtil.getPasswordCB(rampartMessageData);
        if (passwordCB == null) {
            throw new RampartException("cbHandlerMissing");
        }
        WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(str2, 3)};
        try {
            passwordCB.handle(wSPasswordCallbackArr);
            if (wSPasswordCallbackArr[0].getPassword() == null || "".equals(wSPasswordCallbackArr[0].getPassword())) {
                throw new RampartException("noPasswordForUser", new String[]{str2});
            }
            String password = wSPasswordCallbackArr[0].getPassword();
            if (log.isDebugEnabled()) {
                log.debug("Password : " + password);
            }
            wSSecSignature.setUserInfo(str2, password);
            wSSecSignature.setSignatureAlgorithm(policyData.getAlgorithmSuite().getAsymmetricSignature());
            wSSecSignature.setSigCanonicalization(policyData.getAlgorithmSuite().getInclusiveC14n());
            try {
                wSSecSignature.prepare(rampartMessageData.getDocument(), RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()), rampartMessageData.getSecHeader());
                return wSSecSignature;
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithX509Token", e);
            }
        } catch (IOException e2) {
            throw new RampartException("errorInGettingPasswordForUser", new String[]{str2}, e2);
        } catch (UnsupportedCallbackException e3) {
            throw new RampartException("errorInGettingPasswordForUser", new String[]{str2}, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HashMap handleSupportingTokens(RampartMessageData rampartMessageData, SupportingToken supportingToken) throws RampartException {
        HashMap hashMap = new HashMap();
        if (supportingToken != null && supportingToken.getTokens() != null && supportingToken.getTokens().size() > 0) {
            log.debug("Processing supporting tokens");
            Iterator it = supportingToken.getTokens().iterator();
            while (it.hasNext()) {
                Token token = (Token) it.next();
                if ((token instanceof IssuedToken) && rampartMessageData.isInitiator()) {
                    String issuedToken = RampartUtil.getIssuedToken(rampartMessageData, (IssuedToken) token);
                    try {
                        org.apache.rahas.Token token2 = rampartMessageData.getTokenStorage().getToken(issuedToken);
                        if (token2 == null) {
                            throw new RampartException("errorInRetrievingTokenId", new String[]{issuedToken});
                        }
                        setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), (Element) token2.getToken()));
                        if (supportingToken.isEncryptedToken()) {
                            this.encryptedTokensIdList.add(token2.getId());
                        }
                        hashMap.put(token, token2);
                    } catch (TrustException e) {
                        throw new RampartException("errorInRetrievingTokenId", new String[]{issuedToken}, e);
                    }
                } else if (token instanceof X509Token) {
                    WSSecSignature signatureBuilder = getSignatureBuilder(rampartMessageData, token);
                    Element binarySecurityTokenElement = signatureBuilder.getBinarySecurityTokenElement();
                    if (binarySecurityTokenElement != null) {
                        setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), binarySecurityTokenElement));
                        SupportingPolicyData supportingPolicyData = new SupportingPolicyData();
                        supportingPolicyData.build(supportingToken);
                        supportingPolicyData.setSignatureToken(token);
                        supportingPolicyData.setEncryptionToken(token);
                        rampartMessageData.getPolicyData().addSupportingPolicyData(supportingPolicyData);
                        if (supportingToken.isEncryptedToken()) {
                            this.encryptedTokensIdList.add(signatureBuilder.getBSTTokenId());
                        }
                    }
                    hashMap.put(token, signatureBuilder);
                } else if (token instanceof UsernameToken) {
                    WSSecUsernameToken addUsernameToken = addUsernameToken(rampartMessageData, (UsernameToken) token);
                    addUsernameToken.prepare(rampartMessageData.getDocument());
                    Element insertSiblingAfter = RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), addUsernameToken.getUsernameTokenElement());
                    this.encryptedTokensIdList.add(addUsernameToken.getId());
                    setInsertionLocation(insertSiblingAfter);
                    Date date = new Date();
                    try {
                        hashMap.put(token, new org.apache.rahas.Token(addUsernameToken.getId(), (OMElement) insertSiblingAfter, date, new Date(date.getTime() + 300000)));
                    } catch (TrustException e2) {
                        throw new RampartException("errorCreatingRahasToken", e2);
                    }
                } else {
                    continue;
                }
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<WSEncryptionPart> addSignatureParts(HashMap hashMap, List<WSEncryptionPart> list) throws RampartException {
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            Object value = ((Map.Entry) it.next()).getValue();
            WSEncryptionPart wSEncryptionPart = null;
            if (value instanceof org.apache.rahas.Token) {
                wSEncryptionPart = new WSEncryptionPart(((org.apache.rahas.Token) value).getId());
            } else {
                if (!(value instanceof WSSecSignature)) {
                    throw new RampartException("UnsupportedTokenInSupportingToken");
                }
                WSSecSignature wSSecSignature = (WSSecSignature) value;
                if (wSSecSignature.getBSTTokenId() != null) {
                    wSEncryptionPart = new WSEncryptionPart(wSSecSignature.getBSTTokenId());
                }
            }
            list.add(wSEncryptionPart);
        }
        return list;
    }

    public Element getInsertionLocation() {
        return this.insertionLocation;
    }

    public void setInsertionLocation(Element element) {
        this.insertionLocation = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<byte[]> doEndorsedSignatures(RampartMessageData rampartMessageData, HashMap hashMap) throws RampartException {
        Set<Token> keySet = hashMap.keySet();
        ArrayList arrayList = new ArrayList();
        for (Token token : keySet) {
            Object obj = hashMap.get(token);
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(new WSEncryptionPart(this.mainSigId));
            if (obj instanceof org.apache.rahas.Token) {
                org.apache.rahas.Token token2 = (org.apache.rahas.Token) obj;
                if (rampartMessageData.getPolicyData().isTokenProtection()) {
                    arrayList2.add(new WSEncryptionPart(token2.getId()));
                }
                doSymmSignature(rampartMessageData, token, (org.apache.rahas.Token) obj, arrayList2);
            } else if (obj instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) obj;
                if (rampartMessageData.getPolicyData().isTokenProtection() && wSSecSignature.getBSTTokenId() != null) {
                    arrayList2.add(new WSEncryptionPart(wSSecSignature.getBSTTokenId()));
                }
                try {
                    wSSecSignature.computeSignature(wSSecSignature.addReferencesToSign(arrayList2, rampartMessageData.getSecHeader()), false, getInsertionLocation());
                    setInsertionLocation(wSSecSignature.getSignatureElement());
                    arrayList.add(wSSecSignature.getSignatureValue());
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInSignatureWithX509Token", e);
                }
            } else {
                continue;
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] doSymmSignature(RampartMessageData rampartMessageData, Token token, org.apache.rahas.Token token2, List<WSEncryptionPart> list) throws RampartException {
        String id;
        Document document = rampartMessageData.getDocument();
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (!token.isDerivedKeys()) {
            try {
                WSSecSignature wSSecSignature = new WSSecSignature();
                wSSecSignature.setWsConfig(rampartMessageData.getConfig());
                if (token instanceof X509Token) {
                    if (rampartMessageData.isInitiator()) {
                        wSSecSignature.setCustomTokenValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                        wSSecSignature.setKeyIdentifierType(9);
                    } else {
                        wSSecSignature.setEncrKeySha1value(((EncryptedKeyToken) token2).getSHA1());
                        wSSecSignature.setKeyIdentifierType(10);
                    }
                } else if (token instanceof IssuedToken) {
                    wSSecSignature.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace());
                    wSSecSignature.setKeyIdentifierType(9);
                }
                if (token instanceof SecureConversationToken) {
                    wSSecSignature.setKeyIdentifierType(9);
                    OMElement attachedReference = token2.getAttachedReference();
                    if (attachedReference == null) {
                        attachedReference = token2.getUnattachedReference();
                    }
                    id = attachedReference != null ? SimpleTokenStore.getIdFromSTR(attachedReference) : token2.getId();
                } else {
                    id = token2.getId();
                }
                if (id.startsWith("#")) {
                    id = id.substring(1);
                }
                wSSecSignature.setCustomTokenId(id);
                wSSecSignature.setSecretKey(token2.getSecret());
                wSSecSignature.setSignatureAlgorithm(policyData.getAlgorithmSuite().getAsymmetricSignature());
                wSSecSignature.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
                wSSecSignature.prepare(rampartMessageData.getDocument(), RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()), rampartMessageData.getSecHeader());
                wSSecSignature.setParts(list);
                List<Reference> addReferencesToSign = wSSecSignature.addReferencesToSign(list, rampartMessageData.getSecHeader());
                if (!policyData.getProtectionOrder().equals("EncryptBeforeSigning") || this.mainRefListElement == null) {
                    wSSecSignature.computeSignature(addReferencesToSign, false, getInsertionLocation());
                    setInsertionLocation(wSSecSignature.getSignatureElement());
                } else {
                    wSSecSignature.computeSignature(addReferencesToSign, true, this.mainRefListElement);
                    setInsertionLocation(this.mainRefListElement);
                }
                return wSSecSignature.getSignatureValue();
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithACustomToken", e);
            }
        }
        try {
            WSSecDKSign wSSecDKSign = new WSSecDKSign();
            if (2 == token.getVersion()) {
                wSSecDKSign.setWscVersion(2);
            }
            boolean z = false;
            if (5 == token.getInclusion() || 2 == token.getInclusion() || (rampartMessageData.isInitiator() && 3 == token.getInclusion())) {
                z = true;
            }
            Object attachedReference2 = z ? token2.getAttachedReference() : token2.getUnattachedReference();
            if (attachedReference2 != null) {
                wSSecDKSign.setExternalKey(token2.getSecret(), (Element) document.importNode((Element) attachedReference2, true));
            } else if (rampartMessageData.isInitiator() || !token.isDerivedKeys()) {
                wSSecDKSign.setExternalKey(token2.getSecret(), token2.getId());
            } else {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                if (token2 instanceof EncryptedKeyToken) {
                    securityTokenReference.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken) token2).getSHA1());
                }
                wSSecDKSign.setExternalKey(token2.getSecret(), securityTokenReference.getElement());
                securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
            }
            wSSecDKSign.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
            wSSecDKSign.setDerivedKeyLength(policyData.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
            if (token2 instanceof EncryptedKeyToken) {
                wSSecDKSign.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
            }
            wSSecDKSign.prepare(document, rampartMessageData.getSecHeader());
            if (policyData.isTokenProtection()) {
                String id2 = token2.getId();
                if (id2.startsWith("#")) {
                    id2 = id2.substring(1);
                }
                list.add(new WSEncryptionPart(id2));
            }
            wSSecDKSign.setParts(list);
            List<Reference> addReferencesToSign2 = wSSecDKSign.addReferencesToSign(list, rampartMessageData.getSecHeader());
            if (!policyData.getProtectionOrder().equals("EncryptBeforeSigning") || this.mainRefListElement == null) {
                wSSecDKSign.appendDKElementToHeader(rampartMessageData.getSecHeader());
                setInsertionLocation(wSSecDKSign.getdktElement());
                wSSecDKSign.computeSignature(addReferencesToSign2, false, getInsertionLocation());
                setInsertionLocation(wSSecDKSign.getSignatureElement());
            } else {
                RampartUtil.insertSiblingBefore(rampartMessageData, this.mainRefListElement, wSSecDKSign.getdktElement());
                wSSecDKSign.computeSignature(addReferencesToSign2, true, wSSecDKSign.getdktElement());
                setInsertionLocation(this.mainRefListElement);
            }
            return wSSecDKSign.getSignatureValue();
        } catch (WSSecurityException e2) {
            throw new RampartException("errorInDerivedKeyTokenSignature", e2);
        } catch (ConversationException e3) {
            throw new RampartException("errorInDerivedKeyTokenSignature", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public org.apache.rahas.Token getToken(RampartMessageData rampartMessageData, String str) throws RampartException {
        try {
            org.apache.rahas.Token token = rampartMessageData.getTokenStorage().getToken(str);
            if (token == null) {
                throw new RampartException("errorInRetrievingTokenId", new String[]{str});
            }
            return token;
        } catch (TrustException e) {
            throw new RampartException("errorInRetrievingTokenId", new String[]{str}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSignatureConfirmation(RampartMessageData rampartMessageData, List<WSEncryptionPart> list) {
        if (rampartMessageData.getPolicyData().isSignatureConfirmation()) {
            Document document = rampartMessageData.getDocument();
            List<WSHandlerResult> list2 = (List) rampartMessageData.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
            ArrayList arrayList = new ArrayList();
            for (WSHandlerResult wSHandlerResult : list2) {
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 2, arrayList);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 16, arrayList);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 64, arrayList);
            }
            WSSecSignatureConfirmation wSSecSignatureConfirmation = new WSSecSignatureConfirmation();
            if (arrayList.size() <= 0) {
                wSSecSignatureConfirmation.prepare(document);
                RampartUtil.appendChildToSecHeader(rampartMessageData, wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (list != null) {
                    list.add(new WSEncryptionPart(wSSecSignatureConfirmation.getId()));
                    return;
                }
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Signature Confirmation: number of Signature results: " + arrayList.size());
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                wSSecSignatureConfirmation.setSignatureValue((byte[]) ((WSSecurityEngineResult) it.next()).get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE));
                wSSecSignatureConfirmation.prepare(document);
                RampartUtil.appendChildToSecHeader(rampartMessageData, wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (list != null) {
                    list.add(new WSEncryptionPart(wSSecSignatureConfirmation.getId()));
                }
            }
        }
    }

    private void checkForX509PkiPath(WSSecSignature wSSecSignature, Token token) {
        if (token instanceof X509Token) {
            X509Token x509Token = (X509Token) token;
            if (x509Token.getTokenVersionAndType().equals("WssX509PkiPathV1Token10") || x509Token.getTokenVersionAndType().equals("WssX509PkiPathV1Token11")) {
                wSSecSignature.setUseSingleCertificate(false);
            }
        }
    }
}
