package org.apache.rampart.builder;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.KerberosToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/rampart-core_1.6.1.wso2v12.jar:org/apache/rampart/builder/AsymmetricBindingBuilder.class */
public class AsymmetricBindingBuilder extends BindingBuilder {
    private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
    private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
    private Token sigToken;
    private WSSecSignature sig;
    private WSSecEncryptedKey encrKey;
    private String encryptedKeyId;
    private byte[] encryptedKeyValue;
    private Element encrTokenElement;
    private Element sigDKTElement;
    private Element encrDKTElement;
    private Element signatureElement;
    private Vector signatureValues = new Vector();
    private Vector sigParts = new Vector();

    public void build(RampartMessageData rampartMessageData) throws RampartException {
        log.debug("AsymmetricBindingBuilder build invoked");
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (policyData.isIncludeTimestamp()) {
            addTimestamp(rampartMessageData);
        }
        if (rampartMessageData.isInitiator()) {
            initializeTokens(rampartMessageData);
        }
        if ("EncryptBeforeSigning".equals(policyData.getProtectionOrder())) {
            doEncryptBeforeSig(rampartMessageData);
        } else {
            doSignBeforeEncrypt(rampartMessageData);
        }
        log.debug("AsymmetricBindingBuilder build invoked : DONE");
    }

    private void doEncryptBeforeSig(RampartMessageData rampartMessageData) throws RampartException {
        Element encryptForExternalRef;
        long currentTimeMillis = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        RampartConfig rampartConfig = policyData.getRampartConfig();
        Element element = null;
        WSSecEncrypt wSSecEncrypt = null;
        WSSecDKEncrypt wSSecDKEncrypt = null;
        Token recipientToken = rampartMessageData.isInitiator() ? policyData.getRecipientToken() : policyData.getInitiatorToken();
        Vector encryptedParts = RampartUtil.getEncryptedParts(rampartMessageData);
        this.sigParts = RampartUtil.getSignedParts(rampartMessageData);
        if (recipientToken == null && encryptedParts.size() > 0) {
            throw new RampartException("encryptionTokenMissing");
        }
        if (recipientToken == null || encryptedParts.size() <= 0) {
            return;
        }
        if (policyData.getRampartConfig() == null) {
            throw new RampartException("rampartConigMissing");
        }
        if (recipientToken.isDerivedKeys()) {
            try {
                setupEncryptedKey(rampartMessageData, recipientToken);
                wSSecDKEncrypt = new WSSecDKEncrypt();
                wSSecDKEncrypt.setParts(encryptedParts);
                wSSecDKEncrypt.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
                wSSecDKEncrypt.setDerivedKeyLength(policyData.getAlgorithmSuite().getEncryptionDerivedKeyLength() / 8);
                wSSecDKEncrypt.prepare(document);
                this.encrDKTElement = wSSecDKEncrypt.getdktElement();
                element = RampartUtil.appendChildToSecHeader(rampartMessageData, this.encrDKTElement);
                encryptForExternalRef = wSSecDKEncrypt.encryptForExternalRef((Element) null, encryptedParts);
            } catch (WSSecurityException e) {
                throw new RampartException("errorCreatingEncryptedKey", (Throwable) e);
            } catch (ConversationException e2) {
                throw new RampartException("errorInDKEncr", (Throwable) e2);
            }
        } else {
            try {
                wSSecEncrypt = new WSSecEncrypt();
                wSSecEncrypt.setParts(encryptedParts);
                wSSecEncrypt.setWsConfig(rampartMessageData.getConfig());
                wSSecEncrypt.setDocument(document);
                RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncrypt);
                wSSecEncrypt.setSymmetricEncAlgorithm(policyData.getAlgorithmSuite().getEncryption());
                RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecEncrypt, recipientToken);
                wSSecEncrypt.setKeyEncAlgo(policyData.getAlgorithmSuite().getAsymmetricKeyWrap());
                wSSecEncrypt.prepare(document, RampartUtil.getEncryptionCrypto(rampartConfig, rampartMessageData.getCustomClassLoader()));
                Element binarySecurityTokenElement = wSSecEncrypt.getBinarySecurityTokenElement();
                if (binarySecurityTokenElement != null) {
                    RampartUtil.appendChildToSecHeader(rampartMessageData, binarySecurityTokenElement);
                }
                this.encrTokenElement = wSSecEncrypt.getEncryptedKeyElement();
                this.encrTokenElement = RampartUtil.appendChildToSecHeader(rampartMessageData, this.encrTokenElement);
                encryptForExternalRef = wSSecEncrypt.encryptForExternalRef((Element) null, encryptedParts);
            } catch (WSSecurityException e3) {
                throw new RampartException("errorInEncryption", (Throwable) e3);
            }
        }
        RampartUtil.appendChildToSecHeader(rampartMessageData, encryptForExternalRef);
        long currentTimeMillis2 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        setInsertionLocation(this.encrTokenElement);
        RampartUtil.handleEncryptedSignedHeaders(encryptedParts, this.sigParts, document);
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        HashMap hashMap3 = null;
        HashMap hashMap4 = null;
        if (this.timestampElement != null) {
            this.sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.timestampElement)));
        }
        if (rampartMessageData.isInitiator()) {
            HashMap handleSupportingTokens = handleSupportingTokens(rampartMessageData, policyData.getSignedSupportingTokens());
            hashMap = handleSupportingTokens(rampartMessageData, policyData.getEndorsingSupportingTokens());
            hashMap2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingSupportingTokens());
            HashMap handleSupportingTokens2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEncryptedSupportingTokens());
            hashMap3 = handleSupportingTokens(rampartMessageData, policyData.getEndorsingEncryptedSupportingTokens());
            hashMap4 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingEncryptedSupportingTokens());
            Vector supportingTokensList = policyData.getSupportingTokensList();
            for (int i = 0; i < supportingTokensList.size(); i++) {
                handleSupportingTokens(rampartMessageData, (SupportingToken) supportingTokensList.get(i));
            }
            handleSupportingTokens(rampartMessageData, policyData.getEncryptedSupportingTokens());
            this.sigParts = addSignatureParts(handleSupportingTokens, this.sigParts);
            this.sigParts = addSignatureParts(handleSupportingTokens2, this.sigParts);
            this.sigParts = addSignatureParts(hashMap2, this.sigParts);
            this.sigParts = addSignatureParts(hashMap4, this.sigParts);
        } else {
            addSignatureConfirmation(rampartMessageData, this.sigParts);
        }
        if ((this.sigParts.size() > 0 && rampartMessageData.isInitiator() && policyData.getInitiatorToken() != null) || (!rampartMessageData.isInitiator() && policyData.getRecipientToken() != null)) {
            if (policyData.getInitiatorToken() instanceof IssuedToken) {
                String issuedSignatureTokenId = rampartMessageData.getIssuedSignatureTokenId();
                org.apache.rahas.Token token = null;
                Element element2 = null;
                this.sigToken = policyData.getInitiatorToken();
                if (!(this.sigToken instanceof KerberosToken)) {
                    token = getToken(rampartMessageData, issuedSignatureTokenId);
                    if (5 == this.sigToken.getInclusion() || 2 == this.sigToken.getInclusion() || (rampartMessageData.isInitiator() && 3 == this.sigToken.getInclusion())) {
                        element2 = RampartUtil.appendChildToSecHeader(rampartMessageData, token.getToken());
                    } else if ((rampartMessageData.isInitiator() && (this.sigToken instanceof X509Token)) || (this.sigToken instanceof SecureConversationToken)) {
                        element2 = RampartUtil.appendChildToSecHeader(rampartMessageData, token.getToken());
                    }
                }
                if (element2 != null) {
                    setInsertionLocation(element2);
                }
                doSymmSignature(rampartMessageData, policyData.getInitiatorToken(), token, this.sigParts);
            } else {
                doSignature(rampartMessageData);
            }
        }
        if (rampartMessageData.isInitiator()) {
            hashMap.putAll(hashMap3);
            Iterator it = doEndorsedSignatures(rampartMessageData, hashMap).iterator();
            while (it.hasNext()) {
                this.signatureValues.add(it.next());
            }
            hashMap2.putAll(hashMap4);
            Iterator it2 = doEndorsedSignatures(rampartMessageData, hashMap2).iterator();
            while (it2.hasNext()) {
                this.signatureValues.add(it2.next());
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Encryption took :" + (currentTimeMillis2 - currentTimeMillis) + ", Signature tool :" + (System.currentTimeMillis() - currentTimeMillis2));
        }
        if (!policyData.isSignatureProtection() || this.mainSigId == null) {
            return;
        }
        long currentTimeMillis3 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        Vector vector = new Vector();
        vector.add(new WSEncryptionPart(this.mainSigId, "Element"));
        if (rampartMessageData.isInitiator()) {
            for (int i2 = 0; i2 < this.encryptedTokensIdList.size(); i2++) {
                vector.add(new WSEncryptionPart((String) this.encryptedTokensIdList.get(i2), "Element"));
            }
        }
        if (recipientToken.isDerivedKeys()) {
            try {
                RampartUtil.insertSiblingAfter(rampartMessageData, element, wSSecDKEncrypt.encryptForExternalRef((Element) null, vector));
            } catch (WSSecurityException e4) {
                throw new RampartException("errorCreatingEncryptedKey", (Throwable) e4);
            }
        } else {
            try {
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, this.encrTokenElement, wSSecEncrypt.encryptForExternalRef((Element) null, vector)));
            } catch (WSSecurityException e5) {
                throw new RampartException("errorInEncryption", (Throwable) e5);
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Signature protection took :" + (System.currentTimeMillis() - currentTimeMillis3));
        }
    }

    private void doSignBeforeEncrypt(RampartMessageData rampartMessageData) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        HashMap hashMap = null;
        HashMap hashMap2 = null;
        HashMap hashMap3 = null;
        HashMap hashMap4 = null;
        this.sigParts = RampartUtil.getSignedParts(rampartMessageData);
        if (this.timestampElement != null) {
            this.sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.timestampElement)));
        } else {
            setInsertionLocation(null);
        }
        long currentTimeMillis = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        if (rampartMessageData.isInitiator()) {
            HashMap handleSupportingTokens = handleSupportingTokens(rampartMessageData, policyData.getSignedSupportingTokens());
            hashMap = handleSupportingTokens(rampartMessageData, policyData.getEndorsingSupportingTokens());
            hashMap2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingSupportingTokens());
            HashMap handleSupportingTokens2 = handleSupportingTokens(rampartMessageData, policyData.getSignedEncryptedSupportingTokens());
            hashMap3 = handleSupportingTokens(rampartMessageData, policyData.getEndorsingEncryptedSupportingTokens());
            hashMap4 = handleSupportingTokens(rampartMessageData, policyData.getSignedEndorsingEncryptedSupportingTokens());
            Vector supportingTokensList = policyData.getSupportingTokensList();
            for (int i = 0; i < supportingTokensList.size(); i++) {
                handleSupportingTokens(rampartMessageData, (SupportingToken) supportingTokensList.get(i));
            }
            handleSupportingTokens(rampartMessageData, policyData.getEncryptedSupportingTokens());
            this.sigParts = addSignatureParts(handleSupportingTokens, this.sigParts);
            this.sigParts = addSignatureParts(handleSupportingTokens2, this.sigParts);
            this.sigParts = addSignatureParts(hashMap2, this.sigParts);
            this.sigParts = addSignatureParts(hashMap4, this.sigParts);
        } else {
            addSignatureConfirmation(rampartMessageData, this.sigParts);
        }
        if (this.sigParts.size() > 0 && ((rampartMessageData.isInitiator() && policyData.getInitiatorToken() != null) || (!rampartMessageData.isInitiator() && policyData.getRecipientToken() != null))) {
            if ((policyData.getInitiatorToken() instanceof IssuedToken) && rampartMessageData.isInitiator()) {
                String issuedSignatureTokenId = rampartMessageData.getIssuedSignatureTokenId();
                org.apache.rahas.Token token = null;
                Element element = null;
                this.sigToken = policyData.getInitiatorToken();
                if (!(this.sigToken instanceof KerberosToken)) {
                    token = getToken(rampartMessageData, issuedSignatureTokenId);
                    if (5 == this.sigToken.getInclusion() || 2 == this.sigToken.getInclusion() || (rampartMessageData.isInitiator() && 3 == this.sigToken.getInclusion())) {
                        element = RampartUtil.appendChildToSecHeader(rampartMessageData, token.getToken());
                    } else if ((rampartMessageData.isInitiator() && (this.sigToken instanceof X509Token)) || (this.sigToken instanceof SecureConversationToken)) {
                        element = RampartUtil.appendChildToSecHeader(rampartMessageData, token.getToken());
                    }
                }
                if (element != null) {
                    setInsertionLocation(element);
                }
                doSymmSignature(rampartMessageData, policyData.getInitiatorToken(), token, this.sigParts);
            } else {
                doSignature(rampartMessageData);
            }
        }
        Vector supportingPolicyData = policyData.getSupportingPolicyData();
        for (int i2 = 0; i2 < supportingPolicyData.size(); i2++) {
            if (supportingPolicyData.get(i2) != null) {
                SupportingPolicyData supportingPolicyData2 = (SupportingPolicyData) supportingPolicyData.get(i2);
                Vector supportingSignedParts = RampartUtil.getSupportingSignedParts(rampartMessageData, supportingPolicyData2);
                if (supportingSignedParts.size() > 0 && ((rampartMessageData.isInitiator() && policyData.getInitiatorToken() != null) || (!rampartMessageData.isInitiator() && policyData.getRecipientToken() != null))) {
                    doSupportingSignature(rampartMessageData, supportingSignedParts, supportingPolicyData2);
                }
            }
        }
        if (rampartMessageData.isInitiator()) {
            hashMap.putAll(hashMap3);
            Iterator it = doEndorsedSignatures(rampartMessageData, hashMap).iterator();
            while (it.hasNext()) {
                this.signatureValues.add(it.next());
            }
            hashMap2.putAll(hashMap4);
            Iterator it2 = doEndorsedSignatures(rampartMessageData, hashMap2).iterator();
            while (it2.hasNext()) {
                this.signatureValues.add(it2.next());
            }
        }
        long currentTimeMillis2 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        Vector encryptedParts = RampartUtil.getEncryptedParts(rampartMessageData);
        if (policyData.isSignatureProtection() && this.mainSigId != null) {
            encryptedParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement) this.signatureElement), "Element"));
        }
        if (rampartMessageData.isInitiator()) {
            for (int i3 = 0; i3 < this.encryptedTokensIdList.size(); i3++) {
                encryptedParts.add(new WSEncryptionPart((String) this.encryptedTokensIdList.get(i3), "Element"));
            }
        }
        Token recipientToken = rampartMessageData.isInitiator() ? policyData.getRecipientToken() : policyData.getInitiatorToken();
        if (recipientToken != null && encryptedParts.size() > 0) {
            AlgorithmSuite algorithmSuite = policyData.getAlgorithmSuite();
            if (recipientToken.isDerivedKeys()) {
                try {
                    WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
                    if (this.encrKey == null) {
                        setupEncryptedKey(rampartMessageData, recipientToken);
                    }
                    wSSecDKEncrypt.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
                    wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    wSSecDKEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                    wSSecDKEncrypt.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength() / 8);
                    wSSecDKEncrypt.prepare(document);
                    if (this.encrTokenElement != null) {
                        this.encrDKTElement = RampartUtil.insertSiblingAfter(rampartMessageData, this.encrTokenElement, wSSecDKEncrypt.getdktElement());
                    } else {
                        this.encrDKTElement = RampartUtil.insertSiblingBefore(rampartMessageData, this.sigDKTElement, wSSecDKEncrypt.getdktElement());
                    }
                    RampartUtil.insertSiblingAfter(rampartMessageData, this.encrDKTElement, wSSecDKEncrypt.encryptForExternalRef((Element) null, encryptedParts));
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInDKEncr", (Throwable) e);
                } catch (ConversationException e2) {
                    throw new RampartException("errorInDKEncr", (Throwable) e2);
                }
            } else {
                try {
                    WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
                    RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecEncrypt, recipientToken);
                    wSSecEncrypt.setWsConfig(rampartMessageData.getConfig());
                    wSSecEncrypt.setDocument(document);
                    RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncrypt);
                    wSSecEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                    wSSecEncrypt.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
                    wSSecEncrypt.prepare(document, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()));
                    if (this.timestampElement != null) {
                        setInsertionLocation(this.timestampElement);
                    } else {
                        setInsertionLocation(null);
                    }
                    if (wSSecEncrypt.getBSTTokenId() != null) {
                        setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rampartMessageData, getInsertionLocation(), wSSecEncrypt.getBinarySecurityTokenElement()));
                    }
                    Element encryptedKeyElement = wSSecEncrypt.getEncryptedKeyElement();
                    encryptedKeyElement.appendChild(wSSecEncrypt.encryptForInternalRef((Element) null, encryptedParts));
                    setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rampartMessageData, getInsertionLocation(), encryptedKeyElement));
                } catch (WSSecurityException e3) {
                    throw new RampartException("errorInEncryption", (Throwable) e3);
                }
            }
        }
        Vector supportingPolicyData3 = policyData.getSupportingPolicyData();
        for (int i4 = 0; i4 < supportingPolicyData3.size(); i4++) {
            if (supportingPolicyData3.get(i4) != null) {
                SupportingPolicyData supportingPolicyData4 = (SupportingPolicyData) supportingPolicyData3.get(i4);
                Token encryptionToken = supportingPolicyData4.getEncryptionToken();
                Vector supportingEncryptedParts = RampartUtil.getSupportingEncryptedParts(rampartMessageData, supportingPolicyData4);
                if (encryptionToken != null && supportingEncryptedParts.size() > 0) {
                    doEncryptionWithSupportingToken(policyData, rampartMessageData, encryptionToken, document, supportingEncryptedParts);
                }
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Signature took :" + (currentTimeMillis2 - currentTimeMillis) + ", Encryption took :" + (System.currentTimeMillis() - currentTimeMillis2));
        }
    }

    private void doSupportingSignature(RampartMessageData rampartMessageData, Vector vector, SupportingPolicyData supportingPolicyData) throws RampartException {
        long j = 0;
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        Token signatureToken = supportingPolicyData.getSignatureToken();
        if (signatureToken instanceof X509Token) {
            WSSecSignature signatureBuilder = getSignatureBuilder(rampartMessageData, signatureToken, ((X509Token) signatureToken).getUserCertAlias());
            Element binarySecurityTokenElement = signatureBuilder.getBinarySecurityTokenElement();
            if (binarySecurityTokenElement != null) {
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), binarySecurityTokenElement));
            }
            if (rampartMessageData.getPolicyData().isTokenProtection() && signatureBuilder.getBSTTokenId() != null) {
                vector.add(new WSEncryptionPart(signatureBuilder.getBSTTokenId()));
            }
            try {
                signatureBuilder.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                signatureBuilder.computeSignature();
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), signatureBuilder.getSignatureElement()));
                this.signatureValues.add(signatureBuilder.getSignatureValue());
                if (tlog.isDebugEnabled()) {
                    tlog.debug("Signature took :" + (System.currentTimeMillis() - j));
                }
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithX509Token", (Throwable) e);
            }
        }
    }

    private void doSignature(RampartMessageData rampartMessageData) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        long j = 0;
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        if (rampartMessageData.isInitiator()) {
            this.sigToken = policyData.getInitiatorToken();
        } else {
            this.sigToken = policyData.getRecipientToken();
        }
        if (this.sigToken.isDerivedKeys()) {
            if (this.encrKey == null) {
                setupEncryptedKey(rampartMessageData, this.sigToken);
            }
            WSSecDKSign wSSecDKSign = new WSSecDKSign();
            wSSecDKSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
            wSSecDKSign.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
            wSSecDKSign.setDerivedKeyLength(policyData.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
            wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            try {
                wSSecDKSign.prepare(document, rampartMessageData.getSecHeader());
                if (policyData.isTokenProtection()) {
                    this.sigParts.add(new WSEncryptionPart(this.encrKey.getId()));
                }
                wSSecDKSign.setParts(this.sigParts);
                wSSecDKSign.addReferencesToSign(this.sigParts, rampartMessageData.getSecHeader());
                wSSecDKSign.computeSignature();
                this.sigDKTElement = RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecDKSign.getdktElement());
                setInsertionLocation(this.sigDKTElement);
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecDKSign.getSignatureElement()));
                this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) wSSecDKSign.getSignatureElement());
                this.signatureValues.add(wSSecDKSign.getSignatureValue());
                this.signatureElement = wSSecDKSign.getSignatureElement();
            } catch (ConversationException e) {
                throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e);
            } catch (WSSecurityException e2) {
                throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e2);
            }
        } else {
            this.sig = getSignatureBuilder(rampartMessageData, this.sigToken);
            Element binarySecurityTokenElement = this.sig.getBinarySecurityTokenElement();
            if (binarySecurityTokenElement != null) {
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), binarySecurityTokenElement));
            }
            if (rampartMessageData.getPolicyData().isTokenProtection() && this.sig.getBSTTokenId() != null) {
                this.sigParts.add(new WSEncryptionPart(this.sig.getBSTTokenId()));
            }
            try {
                this.sig.addReferencesToSign(this.sigParts, rampartMessageData.getSecHeader());
                this.sig.computeSignature();
                this.signatureElement = this.sig.getSignatureElement();
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), this.signatureElement));
                this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) this.signatureElement);
                this.signatureValues.add(this.sig.getSignatureValue());
            } catch (WSSecurityException e3) {
                throw new RampartException("errorInSignatureWithX509Token", (Throwable) e3);
            }
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Signature took :" + (System.currentTimeMillis() - j));
        }
    }

    private void doEncryptionWithSupportingToken(RampartPolicyData rampartPolicyData, RampartMessageData rampartMessageData, Token token, Document document, Vector vector) throws RampartException {
        try {
            if (token instanceof X509Token) {
                WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
                RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecEncrypt, token);
                wSSecEncrypt.setWsConfig(rampartMessageData.getConfig());
                wSSecEncrypt.setDocument(document);
                RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncrypt, ((X509Token) token).getEncryptionUser());
                wSSecEncrypt.setSymmetricEncAlgorithm(rampartPolicyData.getAlgorithmSuite().getEncryption());
                wSSecEncrypt.setKeyEncAlgo(rampartPolicyData.getAlgorithmSuite().getAsymmetricKeyWrap());
                wSSecEncrypt.prepare(document, RampartUtil.getEncryptionCrypto(rampartPolicyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()));
                if (this.timestampElement != null) {
                    setInsertionLocation(this.timestampElement);
                } else {
                    setInsertionLocation(null);
                }
                if (wSSecEncrypt.getBSTTokenId() != null) {
                    setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rampartMessageData, getInsertionLocation(), wSSecEncrypt.getBinarySecurityTokenElement()));
                }
                Element encryptedKeyElement = wSSecEncrypt.getEncryptedKeyElement();
                encryptedKeyElement.appendChild(wSSecEncrypt.encryptForInternalRef((Element) null, vector));
                setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rampartMessageData, getInsertionLocation(), encryptedKeyElement));
            }
        } catch (WSSecurityException e) {
            throw new RampartException("errorInEncryption", (Throwable) e);
        }
    }

    private void setupEncryptedKey(RampartMessageData rampartMessageData, Token token) throws RampartException {
        if (rampartMessageData.isInitiator() || !token.isDerivedKeys()) {
            createEncryptedKey(rampartMessageData, token);
            return;
        }
        if (this.encryptedKeyId == null || this.encryptedKeyValue == null) {
            Object property = rampartMessageData.getMsgContext().getProperty("RECV_RESULTS");
            if (property == null) {
                throw new RampartException("noSecurityResults");
            }
            this.encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector) property);
            this.encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector) property);
            if (this.encryptedKeyId == null && this.encryptedKeyValue == null) {
                createEncryptedKey(rampartMessageData, token);
            }
        }
    }

    private void createEncryptedKey(RampartMessageData rampartMessageData, Token token) throws RampartException {
        this.encrKey = getEncryptedKeyBuilder(rampartMessageData, token);
        Element binarySecurityTokenElement = this.encrKey.getBinarySecurityTokenElement();
        if (binarySecurityTokenElement != null) {
            RampartUtil.appendChildToSecHeader(rampartMessageData, binarySecurityTokenElement);
        }
        this.encrTokenElement = this.encrKey.getEncryptedKeyElement();
        this.encrTokenElement = RampartUtil.appendChildToSecHeader(rampartMessageData, this.encrTokenElement);
        this.encryptedKeyValue = this.encrKey.getEphemeralKey();
        this.encryptedKeyId = this.encrKey.getId();
        try {
            org.apache.rahas.Token token2 = new org.apache.rahas.Token(this.encryptedKeyId, (OMElement) this.encrTokenElement, null, null);
            token2.setSecret(this.encryptedKeyValue);
            rampartMessageData.getTokenStorage().add(token2);
        } catch (TrustException e) {
            throw new RampartException("errorInAddingTokenIntoStore", e);
        }
    }
}
