package weblogic.wsee.security.wss.plan;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.security.policy.EncryptionTarget;
import weblogic.wsee.security.policy.SecurityToken;
import weblogic.wsee.security.saml.SAML2Constants;
import weblogic.wsee.security.saml.SAMLConstants;
import weblogic.wsee.security.saml.SAMLToken;
import weblogic.wsee.security.saml.SAMLUtils;
import weblogic.wsee.security.wss.SecurityPolicyException;
import weblogic.wsee.security.wss.plan.helper.SOAPSecurityHeaderHelper;
import weblogic.wsee.security.wss.plan.helper.TokenTypeHelper;
import weblogic.wsee.security.wss.policy.EncryptionPolicy;
import weblogic.wsee.security.wss.policy.GeneralPolicy;
import weblogic.wsee.security.wss.policy.IdentityPolicy;
import weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException;
import weblogic.wsee.security.wss.policy.SignaturePolicy;
import weblogic.wsee.security.wss.policy.TimestampPolicy;
import weblogic.wsee.security.wssc.v200502.WSCConstants;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.SignedInfo;
import weblogic.xml.crypto.dsig.api.XMLSignatureFactory;
import weblogic.xml.crypto.dsig.api.spec.DigestMethodParameterSpec;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.SecurityTokenHelper;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss11.internal.SecurityBuilder;
import weblogic.xml.crypto.wss11.internal.SecurityBuilderImpl;
import weblogic.xml.crypto.wss11.internal.SecurityImpl;
import weblogic.xml.crypto.wss11.internal.SignatureConfirmation;
import weblogic.xml.crypto.wss11.internal.WSS11Constants;
import weblogic.xml.crypto.wss11.internal.WSS11Context;
import weblogic.xml.crypto.wss11.internal.enckey.EncryptedKeyToken;
import weblogic.xml.security.wsse.internal.SigningPreprocessor;
import weblogic.xml.security.wsu.WSUConstants;

/* loaded from: input_file:weblogic/wsee/security/wss/plan/SecurityMessageArchitect.class */
public class SecurityMessageArchitect {
    private static final Logger LOGGER = Logger.getLogger(SecurityMessageArchitect.class.getName());
    private static final boolean debug = false;
    private static final String XMLNS_TRUST_13 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    private static final String XMLNS_TRUST_DEFAULT = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    private SecurityTokenContextHandler ctxHandler;
    private SecurityPolicyBlueprint blueprint;
    private SOAPMessageContext soapMessageCtx;
    private WSS11Context securityCtx;
    private SecurityBuilder secBuilder;

    public SecurityMessageArchitect(WSS11Context wSS11Context) {
        this.securityCtx = wSS11Context;
    }

    public SecurityMessageArchitect(SOAPMessageContext sOAPMessageContext, WSS11Context wSS11Context) {
        if (null == sOAPMessageContext || sOAPMessageContext.getMessage() == null) {
            throw new IllegalArgumentException("Null Soap message context");
        }
        this.soapMessageCtx = sOAPMessageContext;
        this.securityCtx = wSS11Context;
        this.ctxHandler = new SecurityTokenContextHandler(wSS11Context);
    }

    public void buildWssMessage(SOAPMessageContext sOAPMessageContext, SecurityPolicyBlueprint securityPolicyBlueprint) throws PolicyException, WSSecurityException, SecurityPolicyException, MarshalException, XMLEncryptionException {
        if (null == sOAPMessageContext || sOAPMessageContext.getMessage() == null) {
            throw new IllegalArgumentException("Null Soap message context");
        }
        this.soapMessageCtx = sOAPMessageContext;
        this.ctxHandler = new SecurityTokenContextHandler(this.securityCtx);
        buildWssMessage(securityPolicyBlueprint);
    }

    private void buildWssMessage(SecurityPolicyBlueprint securityPolicyBlueprint) throws PolicyException, WSSecurityException, SecurityPolicyException, MarshalException, XMLEncryptionException {
        this.blueprint = securityPolicyBlueprint;
        this.secBuilder = this.blueprint.getSecurityBuilder();
        init();
        constructMessage();
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "SOAP Security Message is constructed");
        }
    }

    private void constructMessage() throws PolicyException, WSSecurityException, SecurityPolicyException, MarshalException, XMLEncryptionException {
        boolean isRequest = this.blueprint.isRequest();
        boolean z = false;
        SignatureConfirmation[] signatureConfirmationArr = null;
        if (LOGGER.isLoggable(Level.FINE)) {
            if (this.blueprint.getPolicyAlternative() != null) {
                NormalizedExpression createEmptyExpression = NormalizedExpression.createEmptyExpression();
                createEmptyExpression.addAlternative(this.blueprint.getPolicyAlternative());
                if (null == createEmptyExpression) {
                    LOGGER.log(Level.FINE, "Policy NormalizedExpression is null");
                } else {
                    System.out.println(createEmptyExpression.toString());
                }
            } else {
                LOGGER.log(Level.FINE, "Policy Alternative is null");
            }
        }
        boolean equals = "LaxTimestampFirst".equals(this.blueprint.getGeneralPolicy().getLayout());
        if (doAction(2) && !equals) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Constructing message age (1)...");
            }
            processMessageAge(this.blueprint.getTimestampPolicy(), equals);
        }
        if (doAction(1)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Constructing message authentication identity ...");
            }
            processIdentity(this.blueprint.getIdentityPolicy());
        }
        if (doAction(128)) {
            if (!this.blueprint.getGeneralPolicy().isRequireSignatureConfirmation()) {
                throw new IllegalStateException("Check why");
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Constructing signature confirmation ...");
            }
            signatureConfirmationArr = processSignatureConfirmation(this.blueprint.getGeneralPolicy());
        }
        if (doAction(2) && equals) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Constructing message age (2)...");
            }
            processMessageAge(this.blueprint.getTimestampPolicy(), equals);
        }
        if (doAction(4)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Adding toekns to the message ...");
            }
            addEndorseToken(this.blueprint.getEndorsingPolicy(), this.blueprint.getSigningPolicy());
        }
        if (doAction(256)) {
            resolveSignatureList(signatureConfirmationArr);
            resolveEncryptionList(signatureConfirmationArr);
        }
        if (doAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_AND_ENCRYPT_SIGNATURE)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Constructing signature and encryption with Endorsing togther for the Encrypt Signature case ..., request =" + isRequest);
            }
            if (doAction(1024)) {
                resolveSignatureElementSignatureList(signatureConfirmationArr);
            }
            processIntegrityAndConfidentialityAndEndorsing(this.blueprint.getSigningPolicy(), this.blueprint.getEncryptionPolicy(), this.blueprint.getEndorsingPolicy(), this.blueprint.getBuildingPlan(), isRequest);
            return;
        }
        if (doAction(256)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Constructing signature and encryption ..., request =" + isRequest);
            }
            if (!isEncryptBeforeSigning() || (isEncryptBeforeSigning() && !(this.blueprint.getEncryptionPolicy().isEncryptionRequired() && this.blueprint.getSigningPolicy().isSignatureRequired()))) {
                processIntegrityAndConfidentiality(this.blueprint.getSigningPolicy(), this.blueprint.getEncryptionPolicy(), isRequest);
            } else {
                SecurityBuilderImpl.setEncryptBeforeSign(this.ctxHandler, true);
                processIntegrityAndConfidentiality(this.blueprint.getSigningPolicy(), this.blueprint.getEncryptionPolicy(), isRequest);
                SecurityBuilderImpl.setEncryptBeforeSign(this.ctxHandler, false);
            }
        } else if (isEncryptBeforeSigning()) {
            SecurityBuilderImpl.setEncryptBeforeSign(this.ctxHandler, true);
            if (doAction(8)) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Constructing encryption  (1)...");
                }
                resolveEncryptionList(signatureConfirmationArr);
                processConfidentiality(this.blueprint.getEncryptionPolicy(), isRequest);
            }
            if (doAction(16)) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Constructing signature (1)...");
                }
                resolveSignatureList(signatureConfirmationArr);
                if (this.blueprint.isX509AuthConditional()) {
                }
                processIntegrity(this.blueprint.getSigningPolicy(), isRequest);
            }
            SecurityBuilderImpl.setEncryptBeforeSign(this.ctxHandler, false);
        } else {
            if (doAction(16)) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Constructing signature (2) ...");
                }
                resolveSignatureList(signatureConfirmationArr);
                if (this.blueprint.isX509AuthConditional()) {
                }
                processIntegrity(this.blueprint.getSigningPolicy(), isRequest);
                if (doAction(1024)) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Endorsing support token (1) ...");
                    }
                    resolveSignatureElementSignatureList(signatureConfirmationArr);
                    this.ctxHandler.addContextElement(SecurityTokenContextHandler.NEED_TO_MOVE_TIMESTAMP, new Boolean(true));
                    processIntegrity(this.blueprint.getEndorsingPolicy(), isRequest);
                    z = true;
                }
            }
            if (doAction(8)) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Constructing encryption (2) ...");
                }
                resolveEncryptionList(signatureConfirmationArr);
                processConfidentiality(this.blueprint.getEncryptionPolicy(), isRequest);
            }
        }
        if (z || !doAction(1024)) {
            return;
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Endorsing support token (2) ...");
        }
        if (isEncryptBeforeSigning()) {
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.NEED_TO_MOVE_TIMESTAMP, new Boolean(true));
        }
        resolveSignatureElementSignatureList(signatureConfirmationArr);
        processIntegrity(this.blueprint.getEndorsingPolicy(), isRequest);
    }

    private boolean doAction(int i) {
        return (this.blueprint.getBuildingPlan() & i) == i;
    }

    private boolean isEncryptBeforeSigning() {
        return this.blueprint.getGeneralPolicy().isEncryptBeforeSigning();
    }

    private void init() throws SecurityPolicyArchitectureException {
        Map signingNodeMap;
        this.blueprint.verifyPolicy(this.soapMessageCtx);
        this.secBuilder.setLayout(this.blueprint.getGeneralPolicy().getLayout());
        if (this.blueprint.getGeneralPolicy().isWss11()) {
            this.secBuilder.setWSSVersion(WSS11Constants.XMLNS_WSS11);
        } else {
            this.secBuilder.setWSSVersion("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        }
        if (this.blueprint.getGeneralPolicy().isRequireSignatureConfirmation()) {
            this.blueprint.getGeneralPolicy().setSignatureValues(this.securityCtx.getPreviousMessageSignatureValues().get(0));
        }
        if (this.blueprint.getGeneralPolicy().hasTrustOptions()) {
            if (this.blueprint.getGeneralPolicy().getTrustOptions().isWst13()) {
                this.ctxHandler.addContextElement("weblogic.wsee.security.trust_version", "http://docs.oasis-open.org/ws-sx/ws-trust/200512");
            } else if (this.blueprint.getGeneralPolicy().getTrustOptions().isWst10()) {
                this.ctxHandler.addContextElement("weblogic.wsee.security.trust_version", "http://schemas.xmlsoap.org/ws/2005/02/trust");
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Unsupported Trust version found, set to default Trust version with NS=http://docs.oasis-open.org/ws-sx/ws-trust/200512");
                }
                this.ctxHandler.addContextElement("weblogic.wsee.security.trust_version", "http://docs.oasis-open.org/ws-sx/ws-trust/200512");
            }
        }
        if (!this.blueprint.encryptionPolicy.getNodeMap().containsKey("EncryptSignature") || null == this.blueprint.getEndorsingPolicy() || (signingNodeMap = this.blueprint.getEndorsingPolicy().getSigningNodeMap()) == null || !signingNodeMap.containsKey(SecurityPolicyPlan.ENDORSE_SIGNATURE)) {
            return;
        }
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.ENDORSE_SIGNATURE_ENCRYPT_SIGNATURE, new Boolean(true));
    }

    private void resolveSignatureList(SignatureConfirmation[] signatureConfirmationArr) throws SecurityPolicyException, WSSecurityException {
        resolveSignatureList(this.blueprint.getSigningPolicy(), signatureConfirmationArr);
    }

    private void resolveSignatureList(SignaturePolicy signaturePolicy, SignatureConfirmation[] signatureConfirmationArr) throws SecurityPolicyException, WSSecurityException {
        Node timestampElement;
        List nonSecurityElements;
        QName qName;
        Map map;
        Node node;
        Map map2;
        Map map3;
        Node node2;
        Map signingNodeMap = signaturePolicy.getSigningNodeMap();
        SOAPMessage message = this.soapMessageCtx.getMessage();
        try {
            SOAPSecurityHeaderHelper sOAPSecurityHeaderHelper = new SOAPSecurityHeaderHelper(this.soapMessageCtx);
            if (signingNodeMap.containsKey("Body")) {
                signaturePolicy.addSignatureNode("Body", message.getSOAPBody());
            }
            if (signingNodeMap.containsKey(SecurityPolicyPlan.USERNAME_TOKEN)) {
                Node usernameTokenElement = sOAPSecurityHeaderHelper.getUsernameTokenElement();
                if (usernameTokenElement != null) {
                    signaturePolicy.addSignatureNode(SecurityPolicyPlan.USERNAME_TOKEN, usernameTokenElement);
                } else if (SecurityImpl.isEncryptBeforeSign(this.ctxHandler) && null != (map3 = (Map) this.ctxHandler.getValue(SecurityTokenContextHandler.ENCRYPTED_ELEMENT_MAP)) && (node2 = (Element) map3.get(WSSConstants.UNT_QNAME)) != null) {
                    signaturePolicy.addSignatureNode(SecurityPolicyPlan.USERNAME_TOKEN, node2);
                }
            }
            if (signingNodeMap.containsKey("SamlToken")) {
                Element saml11Or20TokenElement = sOAPSecurityHeaderHelper.getSaml11Or20TokenElement();
                if (saml11Or20TokenElement != null) {
                    if (this.blueprint.getGeneralPolicy().isCompatMSFT()) {
                        signaturePolicy.addSignatureNode("SamlToken", saml11Or20TokenElement);
                    } else {
                        Reference createSTRReference = this.secBuilder.createSTRReference((SAMLToken) this.securityCtx.getToken(saml11Or20TokenElement), signaturePolicy.getDigestMethod(), null, true);
                        String uri = createSTRReference.getURI();
                        if (uri.startsWith(SigningPreprocessor.FRAGMENT_URI)) {
                            uri = uri.substring(1);
                        }
                        this.securityCtx.getSTR(uri).marshal((Element) saml11Or20TokenElement.getParentNode(), saml11Or20TokenElement.getNextSibling(), this.securityCtx.getNamespaces());
                        signaturePolicy.addSignatureReference("SamlToken", createSTRReference);
                    }
                } else if (SecurityImpl.isEncryptBeforeSign(this.ctxHandler) && null != (map2 = (Map) this.ctxHandler.getValue(SecurityTokenContextHandler.ENCRYPTED_ELEMENT_MAP))) {
                    Node node3 = (Element) map2.get(SAML2Constants.SAML2_ASST_QNAME);
                    if (node3 == null) {
                        node3 = (Element) map2.get(SAMLConstants.SAML_ASST_QNAME);
                    }
                    if (node3 != null) {
                        signaturePolicy.addSignatureNode("SamlToken", node3);
                    }
                }
            }
            if (signingNodeMap.containsKey(SecurityPolicyPlan.WSSC_TOKEN)) {
                Node scToken13Element = sOAPSecurityHeaderHelper.getScToken13Element();
                if (scToken13Element == null) {
                    scToken13Element = sOAPSecurityHeaderHelper.getScTokenElement();
                    qName = WSCConstants.SCT_QNAME;
                } else {
                    qName = weblogic.wsee.security.wssc.v13.WSCConstants.SCT_QNAME;
                }
                if (scToken13Element != null) {
                    signaturePolicy.addSignatureNode(SecurityPolicyPlan.WSSC_TOKEN, scToken13Element);
                } else if (SecurityImpl.isEncryptBeforeSign(this.ctxHandler) && null != (map = (Map) this.ctxHandler.getValue(SecurityTokenContextHandler.ENCRYPTED_ELEMENT_MAP)) && (node = (Element) map.get(qName)) != null) {
                    signaturePolicy.addSignatureNode(SecurityPolicyPlan.WSSC_TOKEN, node);
                }
            }
            if (signingNodeMap.containsKey("Header") && null == signingNodeMap.get("Header") && null != (nonSecurityElements = SOAPSecurityHeaderHelper.getNonSecurityElements(message, null)) && nonSecurityElements.size() > 0) {
                signaturePolicy.addSignatureNodeListToReference(nonSecurityElements);
            }
            if ((signaturePolicy.isSignatureRequired() || signingNodeMap.containsKey(SecurityPolicyPlan.TIME_STAMP)) && null != (timestampElement = sOAPSecurityHeaderHelper.getTimestampElement())) {
                signaturePolicy.addSignatureNode(SecurityPolicyPlan.TIME_STAMP, timestampElement);
            }
            if (signaturePolicy.isSignatureRequired() && signatureConfirmationArr != null && signatureConfirmationArr.length > 0) {
                for (int i = 0; i < signatureConfirmationArr.length; i++) {
                    signaturePolicy.addSignatureNode("Signature" + i, signatureConfirmationArr[i].getSignatureConfirmationNode());
                }
            }
            signaturePolicy.addSignatureNodeListToReference(this.soapMessageCtx);
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            LOGGER.log(Level.FINE, e.getMessage(), (Throwable) e);
            throw new WSSecurityException(e.getMessage(), (Exception) e);
        } catch (SOAPException e2) {
            LOGGER.log(Level.FINE, e2.getMessage(), (Throwable) e2);
            throw new WSSecurityException(e2.getMessage(), (Exception) e2);
        }
    }

    private void resolveEncryptionList(SignatureConfirmation[] signatureConfirmationArr) throws SecurityPolicyException, WSSecurityException {
        EncryptionPolicy encryptionPolicy = this.blueprint.getEncryptionPolicy();
        Map nodeMap = encryptionPolicy.getNodeMap();
        SOAPMessage message = this.soapMessageCtx.getMessage();
        try {
            SOAPSecurityHeaderHelper sOAPSecurityHeaderHelper = new SOAPSecurityHeaderHelper(this.soapMessageCtx);
            if (nodeMap.containsKey("Body")) {
                if (message.getSOAPBody().hasChildNodes()) {
                    encryptionPolicy.addNode("Body", message.getSOAPBody());
                } else if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "No body encryption due to body is empty");
                }
            }
            if (nodeMap.containsKey("EncryptSignature")) {
                if ((this.blueprint.getBuildingPlan() & SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_AND_ENCRYPT_SIGNATURE) != 8448) {
                    List<Element> signatrueElements = sOAPSecurityHeaderHelper.getSignatrueElements();
                    if (null == signatrueElements || signatrueElements.size() == 0) {
                        if (this.blueprint.isRequest()) {
                            throw new SecurityPolicyException("Missing signature element for encryption");
                        }
                        if (LOGGER.isLoggable(Level.FINE)) {
                            LOGGER.log(Level.FINE, "No no signature requirement on response, no encrypt signature ...");
                        }
                    } else {
                        for (int i = 0; i < signatrueElements.size(); i++) {
                            encryptionPolicy.addNode("EncryptSignature" + i, signatrueElements.get(i));
                        }
                    }
                }
                if (signatureConfirmationArr != null && signatureConfirmationArr.length > 0) {
                    for (int i2 = 0; i2 < signatureConfirmationArr.length; i2++) {
                        encryptionPolicy.addNode("Signature" + i2, (Element) signatureConfirmationArr[i2].getSignatureConfirmationNode());
                    }
                }
            }
            if (nodeMap.containsKey(SecurityPolicyPlan.USERNAME_TOKEN)) {
                encryptionPolicy.addNode(SecurityPolicyPlan.USERNAME_TOKEN, sOAPSecurityHeaderHelper.getUsernameTokenElement());
            }
            if (nodeMap.containsKey("SamlToken")) {
                Element saml11Or20TokenElement = sOAPSecurityHeaderHelper.getSaml11Or20TokenElement();
                if (null != saml11Or20TokenElement) {
                    encryptionPolicy.addNode("SamlToken", saml11Or20TokenElement);
                } else {
                    LOGGER.log(Level.FINE, "Unable to find SAML Token to Encrypt!");
                }
            }
            if (nodeMap.containsKey("Header")) {
            }
            encryptionPolicy.addEncryptionNodeList(this.soapMessageCtx);
        } catch (SOAPException e) {
            LOGGER.log(Level.FINE, e.getMessage(), (Throwable) e);
            throw new WSSecurityException(e.getMessage(), (Exception) e);
        }
    }

    private void resolveSignatureElementSignatureList(SignatureConfirmation[] signatureConfirmationArr) throws WSSecurityException, SecurityPolicyException {
        SignaturePolicy endorsingPolicy = this.blueprint.getEndorsingPolicy();
        if (this.blueprint.hasTransportSecuirity()) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Endorsing supporting token + transport security caes....");
            }
            resolveSignatureList(endorsingPolicy, signatureConfirmationArr);
        } else {
            try {
                if (endorsingPolicy.getSigningNodeMap().containsKey(SecurityPolicyPlan.ENDORSE_SIGNATURE)) {
                    SOAPSecurityHeaderHelper sOAPSecurityHeaderHelper = new SOAPSecurityHeaderHelper(this.soapMessageCtx);
                    Element signatrueElement = sOAPSecurityHeaderHelper.getSignatrueElement();
                    boolean z = false;
                    if (signatrueElement == null && isEndosingEncryptSignature()) {
                        signatrueElement = sOAPSecurityHeaderHelper.getDummyElement(SecurityTokenContextHandler.SIGNATURE_NODE);
                        DOMUtils.addAttribute(signatrueElement, new QName(WSUConstants.WSU_URI, "Id", "wsu"), SecurityTokenContextHandler.SIGNATURE_NODE);
                        z = true;
                    }
                    if (signatrueElement == null) {
                        throw new WSSecurityException("Missing signature element for Endorsing");
                    }
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(signatrueElement);
                    endorsingPolicy.setNewSignatureNodeListToReference(arrayList);
                    if (z) {
                        sOAPSecurityHeaderHelper.removeDummyElement(signatrueElement);
                    }
                }
            } catch (Exception e) {
                LOGGER.log(Level.FINE, e.getMessage(), (Throwable) e);
                if (!(e instanceof WSSecurityException)) {
                    throw new WSSecurityException(e.getMessage(), e);
                }
                throw ((WSSecurityException) e);
            }
        }
        endorsingPolicy.setIncludeSigningTokens(endorsingPolicy.signedSecurityTokens());
    }

    private void processMessageAge(TimestampPolicy timestampPolicy, boolean z) throws WSSecurityException, MarshalException {
        if (timestampPolicy.isIncludeTimestamp()) {
            doProcessMessageAge(timestampPolicy, z);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Timestamp is not required.");
        }
    }

    private void doProcessMessageAge(TimestampPolicy timestampPolicy, boolean z) throws WSSecurityException, MarshalException {
        short messageAgeSeconds = timestampPolicy.getMessageAgeSeconds();
        if (z) {
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.TIMESTAMP_FIRST, new Boolean(z).toString());
        }
        if (!this.secBuilder.addTimestamp(messageAgeSeconds, this.ctxHandler)) {
            throw new WSSecurityException("Unable to add a Timestamp to the message");
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Added timestamp(maxAgesSecs=" + ((int) messageAgeSeconds) + ")...");
        }
    }

    private void addEndorseToken(SignaturePolicy signaturePolicy, SignaturePolicy signaturePolicy2) throws WSSecurityException, MarshalException {
        if (signaturePolicy.isSignatureRequired()) {
            doAddEndorseToken(signaturePolicy, signaturePolicy2);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "No need to add support token reference.");
        }
    }

    private void doAddEndorseToken(SignaturePolicy signaturePolicy, SignaturePolicy signaturePolicy2) throws WSSecurityException, MarshalException {
        for (SecurityToken securityToken : signaturePolicy.getValidSignatureTokens()) {
            setTokenIssuer(securityToken);
            if (securityToken.getDerivedFromTokenType() != null) {
                addDerivedFromToken(securityToken, true);
            }
            Reference newSigningTokenReference = newSigningTokenReference(securityToken, this.ctxHandler, signaturePolicy2.getDigestMethod().getAlgorithm());
            if (null == newSigningTokenReference) {
                throw new WSSecurityException("Unable to add token " + securityToken.getTokenTypeUri() + " DK token type " + securityToken.getDerivedFromTokenType());
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(newSigningTokenReference);
            signaturePolicy2.addReferences(arrayList);
        }
    }

    private void processIdentity(IdentityPolicy identityPolicy) throws WSSecurityException, MarshalException {
        if (identityPolicy.isAuthenticationRequired()) {
            doProcessIdentity(identityPolicy);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Identity is not required.");
        }
    }

    private void doProcessIdentity(IdentityPolicy identityPolicy) throws WSSecurityException, MarshalException {
        String str = null;
        List validIdentityTokens = identityPolicy.getValidIdentityTokens();
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "There are " + validIdentityTokens.size() + " valid identity tokens");
        }
        boolean z = false;
        Iterator it = validIdentityTokens.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityToken securityToken = (SecurityToken) it.next();
            if (!securityToken.isOptional() || this.secBuilder.isCredentialAvailable(securityToken.getTokenTypeUri())) {
                setTokenIssuer(securityToken);
                addClaimsToContextHandler(securityToken.getClaims());
                str = securityToken.getTokenTypeUri();
                if ("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk".equals(str) || "http://schemas.xmlsoap.org/ws/2005/02/sc/dk".equals(str)) {
                    str = securityToken.getDerivedFromTokenType();
                }
                if (TokenTypeHelper.isSamlValueType(str) && isSamlAttributeOnly()) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Requesting a SAML Token with SAML Attributes only");
                    }
                    this.ctxHandler.addContextElement(WLStub.SAML_ATTRIBUTE_ONLY, "True");
                }
                if (this.secBuilder.addSecurityToken(str, securityToken.getIssuerName(), Purpose.IDENTITY, this.ctxHandler) == null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Failed to add token: " + securityToken + " TokenUri =" + str);
                    }
                    if (str.endsWith("/sc/sct")) {
                        str = str + " SCT for authentication is not supported";
                        break;
                    }
                } else {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Added " + securityToken + " for identity");
                    }
                    z = true;
                    this.blueprint.setPolicyIdToken(securityToken);
                }
            } else {
                LOGGER.log(Level.FINE, "Skip the optional token due to its availability, token = " + securityToken + " type =" + securityToken.getTokenTypeUri());
                z = true;
            }
        }
        if (!z) {
            throw new WSSecurityException("Unable to add security token for identity, token uri =" + str);
        }
    }

    private void processIntegrity(SignaturePolicy signaturePolicy, boolean z) throws WSSecurityException, MarshalException {
        if (signaturePolicy.isSignatureRequired()) {
            doProcessIntegrity(signaturePolicy, z);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Signature is not required.");
        }
    }

    private void doProcessIntegrity(SignaturePolicy signaturePolicy, boolean z) throws WSSecurityException, MarshalException {
        SignedInfo signedInfo = signaturePolicy.getSignedInfo();
        List validSignatureTokens = signaturePolicy.getValidSignatureTokens();
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "There are " + validSignatureTokens.size() + " signing tokens");
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "SignedInfo is: " + signedInfo);
        }
        Node node = null;
        boolean signedSecurityTokens = signaturePolicy.signedSecurityTokens();
        Iterator it = validSignatureTokens.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityToken securityToken = (SecurityToken) it.next();
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "SecurityToken: " + securityToken.toString());
            }
            setTokenIssuer(securityToken);
            addClaimsToContextHandler(securityToken.getClaims());
            addDerivedFromToken(securityToken, z);
            if (signedSecurityTokens) {
                Reference newSigningTokenReference = newSigningTokenReference(securityToken, this.ctxHandler, signaturePolicy.getDigestMethod().getAlgorithm());
                if (newSigningTokenReference != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Attempting signature on token");
                    }
                    node = this.secBuilder.addSignature(signaturePolicy.newSignedInfo(newSigningTokenReference), newSigningTokenReference, securityToken.getStrTypes(), this.ctxHandler);
                } else {
                    continue;
                }
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Attempting signature on message");
                }
                node = this.secBuilder.addSignature(signedInfo, securityToken.getTokenTypeUri(), securityToken.getStrTypes(), securityToken.getIssuerName(), securityToken.isIncludeInMessage(), this.ctxHandler);
            }
            if (node != null) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Added Signature using " + securityToken);
                }
            }
        }
        if (node == null) {
            throw new WSSecurityException("Failed to add Signature.");
        }
    }

    private Reference newSigningTokenReference(SecurityToken securityToken, ContextHandler contextHandler, String str) throws WSSecurityException {
        XMLSignatureFactory xMLSignatureFactory = this.secBuilder.getXMLSignatureFactory();
        try {
            setTokenIssuer(securityToken);
            return this.secBuilder.createReference(securityToken.getTokenTypeUri(), securityToken.getStrTypes(), securityToken.getIssuerName(), xMLSignatureFactory.newDigestMethod(str, (DigestMethodParameterSpec) null), new ArrayList(), securityToken.isIncludeInMessage(), contextHandler);
        } catch (InvalidAlgorithmParameterException e) {
            throw new WSSecurityException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new WSSecurityException(e2);
        }
    }

    private void processIntegrityAndConfidentiality(SignaturePolicy signaturePolicy, EncryptionPolicy encryptionPolicy, boolean z) throws WSSecurityException, MarshalException, XMLEncryptionException {
        if (!encryptionPolicy.isEncryptionRequired() && !signaturePolicy.isSignatureRequired() && LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Neither Encryption nor Signature is required.");
        }
        doProcessIntegrityAndConfidentiality(signaturePolicy, encryptionPolicy, z);
    }

    private void doProcessIntegrityAndConfidentiality(SignaturePolicy signaturePolicy, EncryptionPolicy encryptionPolicy, boolean z) throws WSSecurityException, MarshalException, XMLEncryptionException {
        ArrayList arrayList = null;
        EncryptionMethod keyWrapMethod = encryptionPolicy.getKeyWrapMethod();
        EncryptionMethod encryptionMethod = encryptionPolicy.getEncryptionMethod();
        encryptionPolicy.getEncryptionTargets();
        if (!encryptionPolicy.isEncryptionRequired()) {
            SignedInfo signedInfo = signaturePolicy.getSignedInfo();
            List validSignatureTokens = signaturePolicy.getValidSignatureTokens();
            if (!z) {
                this.secBuilder.addSignature(signedInfo, this.ctxHandler);
                return;
            }
            SecurityToken securityToken = (SecurityToken) validSignatureTokens.get(0);
            setTokenIssuer(securityToken);
            this.secBuilder.addSignature(signedInfo, keyWrapMethod, securityToken.getTokenTypeUri(), securityToken.getStrTypes(), securityToken.getIssuerName(), securityToken.isIncludeInMessage(), this.ctxHandler);
            return;
        }
        List<EncryptionTarget> encryptionTargets = encryptionPolicy.getEncryptionTargets();
        List validEncryptionTokens = encryptionPolicy.getValidEncryptionTokens();
        if (null != encryptionTargets) {
            arrayList = new ArrayList();
            Iterator<EncryptionTarget> it = encryptionTargets.iterator();
            while (it.hasNext()) {
                arrayList.addAll(it.next().getTBEs());
            }
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "There is no encryption target.");
        }
        if (!signaturePolicy.isSignatureRequired()) {
            if (!z) {
                this.secBuilder.addEncryption(arrayList, encryptionMethod, this.ctxHandler);
                return;
            }
            SecurityToken securityToken2 = (SecurityToken) validEncryptionTokens.get(0);
            setTokenIssuer(securityToken2);
            if (!this.secBuilder.addEncryption(arrayList, keyWrapMethod, encryptionMethod, securityToken2.getTokenTypeUri(), securityToken2.getStrTypes(), securityToken2.getIssuerName(), securityToken2.isIncludeInMessage(), this.ctxHandler)) {
                throw new WSSecurityException("Failed to add Encryption.");
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Encryption is done.");
                return;
            }
            return;
        }
        SignedInfo signedInfo2 = signaturePolicy.getSignedInfo();
        if (null == validEncryptionTokens) {
            validEncryptionTokens = signaturePolicy.getValidSignatureTokens();
        }
        if (z) {
            SecurityToken securityToken3 = (SecurityToken) validEncryptionTokens.get(0);
            setTokenIssuer(securityToken3);
            this.secBuilder.addSignatureAndEncryption(signedInfo2, arrayList, keyWrapMethod, encryptionMethod, securityToken3.getTokenTypeUri(), securityToken3.getStrTypes(), securityToken3.getIssuerName(), securityToken3.isIncludeInMessage(), this.ctxHandler);
        } else {
            this.secBuilder.addSignatureAndEncryption(signedInfo2, arrayList, encryptionMethod, this.ctxHandler);
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Signature and Encryption is done.");
        }
    }

    private void processConfidentiality(EncryptionPolicy encryptionPolicy, boolean z) throws WSSecurityException, MarshalException, XMLEncryptionException {
        if (encryptionPolicy.isEncryptionRequired()) {
            doProcessConfidentiality(encryptionPolicy, z);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Encryption is not required.");
        }
    }

    private void doProcessConfidentiality(EncryptionPolicy encryptionPolicy, boolean z) throws WSSecurityException, MarshalException, XMLEncryptionException {
        List validEncryptionTokens = encryptionPolicy.getValidEncryptionTokens();
        List<EncryptionTarget> encryptionTargets = encryptionPolicy.getEncryptionTargets();
        EncryptionMethod keyWrapMethod = encryptionPolicy.getKeyWrapMethod();
        for (EncryptionTarget encryptionTarget : encryptionTargets) {
            EncryptionMethod encryptionMethod = null != encryptionTarget.getEncryptionMethod() ? encryptionTarget.getEncryptionMethod() : encryptionPolicy.getEncryptionMethod();
            boolean z2 = false;
            Iterator it = validEncryptionTokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken securityToken = (SecurityToken) it.next();
                setTokenIssuer(securityToken);
                addClaimsToContextHandler(securityToken.getClaims());
                addDerivedFromToken(securityToken, z);
                z2 = this.secBuilder.addEncryption(encryptionTarget.getTBEs(), keyWrapMethod, encryptionMethod, securityToken.getTokenTypeUri(), securityToken.getStrTypes(), securityToken.getIssuerName(), securityToken.isIncludeInMessage(), this.ctxHandler);
                if (z2) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Encryption is done.");
                    }
                }
            }
            if (!z2) {
                throw new WSSecurityException("Failed to add Encryption.");
            }
        }
    }

    private SignatureConfirmation[] processSignatureConfirmation(GeneralPolicy generalPolicy) throws WSSecurityException, MarshalException {
        return doProcessSignatureConfirmation(generalPolicy);
    }

    private SignatureConfirmation[] doProcessSignatureConfirmation(GeneralPolicy generalPolicy) throws WSSecurityException, MarshalException {
        return this.secBuilder.addSignatureConfirmation(generalPolicy.getSignatureValues(), this.ctxHandler);
    }

    private void addClaimsToContextHandler(Node node) {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Adding claims map to context: " + (node == null ? null : node.getLocalName()));
        }
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.CLAIMS_MAP, node);
    }

    private void addDerivedFromToken(SecurityToken securityToken, boolean z) throws MarshalException, WSSecurityException {
        doAddDerivedFromToken(securityToken, z);
    }

    private void doAddDerivedFromToken(SecurityToken securityToken, boolean z) throws MarshalException, WSSecurityException {
        String derivedFromTokenType = securityToken.getDerivedFromTokenType();
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "TokenTypeUri is: " + securityToken.getTokenTypeUri());
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "DerivedFrom token type is: " + derivedFromTokenType);
        }
        setTokenIssuer(securityToken);
        setBootstrapPolicy(securityToken);
        if (derivedFromTokenType != null) {
            Object value = this.ctxHandler.getValue(SecurityTokenContextHandler.DERIVED_FROM_TOKEN);
            if (value != null) {
                if (!SAMLUtils.isSamlTokenType(derivedFromTokenType) && (value instanceof SAMLToken)) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Wrong DerivedFromToken for derivedFromTokenType =" + derivedFromTokenType + " reset the token");
                    }
                    value = null;
                } else if (SAMLUtils.isSamlTokenType(derivedFromTokenType) && (value instanceof EncryptedKeyToken) && z) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Building DerivedFromToken for derivedFromTokenType =" + derivedFromTokenType);
                    }
                    EncryptionMethod encryptionMethod = securityToken.getEncryptionMethod();
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "EncryptionMethod is: " + encryptionMethod);
                    }
                    if (encryptionMethod != null) {
                        this.ctxHandler.addContextElement(SecurityTokenContextHandler.EK_ENCRYPT_METHOD, encryptionMethod);
                    }
                    EncryptionMethod keyWrapMethod = securityToken.getKeyWrapMethod();
                    if (keyWrapMethod != null) {
                        this.ctxHandler.addContextElement(SecurityTokenContextHandler.EK_KEYWRAP_METHOD, keyWrapMethod);
                    }
                    weblogic.xml.crypto.wss.provider.SecurityToken dkBaseToken = getDkBaseToken(securityToken, derivedFromTokenType);
                    if (null == dkBaseToken) {
                        throw new WSSecurityException("Unable to create DK base token of type =" + derivedFromTokenType + " For Sign");
                    }
                    this.ctxHandler.addContextElement(SecurityTokenContextHandler.DERIVED_FROM_TOKEN, dkBaseToken);
                }
            }
            if (value == null) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "DerivedFromToken is: " + value);
                }
                EncryptionMethod encryptionMethod2 = securityToken.getEncryptionMethod();
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "EncryptionMethod is: " + encryptionMethod2);
                }
                if (encryptionMethod2 != null) {
                    if (!z) {
                        this.ctxHandler.addContextElement(SecurityTokenContextHandler.DERIVED_FROM_TOKEN, SecurityTokenHelper.findSecurityTokenInContext(this.ctxHandler, securityToken.getDerivedFromTokenType()));
                        this.ctxHandler.addContextElement(SecurityTokenContextHandler.DK_STR_REFERENCE_TYPE, WSSConstants.KEY_IDENTIFIER_QNAME);
                        return;
                    }
                    this.ctxHandler.addContextElement(SecurityTokenContextHandler.EK_ENCRYPT_METHOD, encryptionMethod2);
                }
                EncryptionMethod keyWrapMethod2 = securityToken.getKeyWrapMethod();
                if (keyWrapMethod2 != null) {
                    this.ctxHandler.addContextElement(SecurityTokenContextHandler.EK_KEYWRAP_METHOD, keyWrapMethod2);
                }
                weblogic.xml.crypto.wss.provider.SecurityToken dkBaseToken2 = getDkBaseToken(securityToken, derivedFromTokenType);
                if (null == dkBaseToken2) {
                    throw new WSSecurityException("Unable to create DK base token of type =" + derivedFromTokenType + " For Sign");
                }
                this.ctxHandler.addContextElement(SecurityTokenContextHandler.DERIVED_FROM_TOKEN, dkBaseToken2);
            }
        }
    }

    private weblogic.xml.crypto.wss.provider.SecurityToken getDkBaseToken(SecurityToken securityToken, String str) throws MarshalException, WSSecurityException {
        weblogic.xml.crypto.wss.provider.SecurityToken createSecurityToken;
        if (securityToken.isIncludeDerivedFromInMessage()) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "------ per Policy including Derived From SC Token in message  ----");
            }
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.SET_TO_FIRST_TOKEN, "true");
            if (securityToken.getStrTypesForDKBaseToken() != null && securityToken.getStrTypesForDKBaseToken().size() > 0) {
                this.ctxHandler.addContextElement(SecurityTokenContextHandler.DK_BASE_TOKEN_REFERENCE_TYPE, securityToken.getStrTypesForDKBaseToken().get(0));
            }
            createSecurityToken = this.secBuilder.addSecurityToken(str, null, Purpose.SIGN, this.ctxHandler);
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.DK_BASE_TOKEN_REFERENCE_TYPE, null);
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.SET_TO_FIRST_TOKEN, "false");
        } else {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "----- per Policy NOT including Derived From SC Token in message -----");
            }
            createSecurityToken = this.secBuilder.createSecurityToken(str, null, Purpose.SIGN, this.ctxHandler);
        }
        return createSecurityToken;
    }

    private void setBootstrapPolicy(SecurityToken securityToken) {
        NormalizedExpression bootstrapPolicy = securityToken.getBootstrapPolicy();
        if (bootstrapPolicy != null) {
            this.ctxHandler.addContextElement("weblogic.wsee.security.wst_bootstrap_policy", bootstrapPolicy);
        }
        HashSet hashSet = new HashSet();
        hashSet.add(this.blueprint.getPolicyAlternative());
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.WST_OUTER_POLICY, NormalizedExpression.createFromPolicyAlternatives(hashSet));
    }

    private void setTokenIssuer(SecurityToken securityToken) {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Setting token issuer for token " + securityToken.toString() + " to " + securityToken.getTokenIssuer());
        }
        if (securityToken.getTokenIssuer() == null) {
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.ISSUER_ENDPOINT_REF, null);
        } else {
            this.ctxHandler.addContextElement(SecurityTokenContextHandler.ISSUER_ENDPOINT_REF, securityToken.getTokenIssuer());
        }
    }

    private boolean isWssc13() {
        return this.blueprint.getGeneralPolicy().isWssc13();
    }

    private boolean isEndosingEncryptSignature() {
        Boolean bool = (Boolean) this.ctxHandler.getValue(SecurityTokenContextHandler.ENDORSE_SIGNATURE_ENCRYPT_SIGNATURE);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    private void processIntegrityAndConfidentialityAndEndorsing(SignaturePolicy signaturePolicy, EncryptionPolicy encryptionPolicy, SignaturePolicy signaturePolicy2, int i, boolean z) throws WSSecurityException, MarshalException, XMLEncryptionException {
        if (!encryptionPolicy.isEncryptionRequired() && !signaturePolicy.isSignatureRequired() && LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Neither Encryption nor Signature is required.");
        }
        doProcessIntegrityAndConfidentialityAndEndorsing(signaturePolicy, encryptionPolicy, signaturePolicy2, i, z);
    }

    private void doProcessIntegrityAndConfidentialityAndEndorsing(SignaturePolicy signaturePolicy, EncryptionPolicy encryptionPolicy, SignaturePolicy signaturePolicy2, int i, boolean z) throws WSSecurityException, MarshalException, XMLEncryptionException {
        boolean z2 = (i & 1024) == 1024;
        boolean z3 = (i & 512) == 512;
        boolean z4 = (i & 8192) == 8192;
        boolean z5 = (i & 4096) == 4096;
        if (z && z2 && (signaturePolicy2.getValidSignatureTokens() == null || signaturePolicy2.getValidSignatureTokens().size() == 0)) {
            throw new IllegalArgumentException("No endorsing token");
        }
        ArrayList arrayList = null;
        EncryptionMethod keyWrapMethod = encryptionPolicy.getKeyWrapMethod();
        EncryptionMethod encryptionMethod = encryptionPolicy.getEncryptionMethod();
        encryptionPolicy.getEncryptionTargets();
        if (!encryptionPolicy.isEncryptionRequired()) {
            SignedInfo signedInfo = signaturePolicy.getSignedInfo();
            List validSignatureTokens = signaturePolicy.getValidSignatureTokens();
            if (!z) {
                this.secBuilder.addSignature(signedInfo, this.ctxHandler);
                return;
            }
            SecurityToken securityToken = (SecurityToken) validSignatureTokens.get(0);
            setTokenIssuer(securityToken);
            this.secBuilder.addSignature(signedInfo, keyWrapMethod, securityToken.getTokenTypeUri(), securityToken.getStrTypes(), securityToken.getIssuerName(), securityToken.isIncludeInMessage(), this.ctxHandler);
            return;
        }
        List<EncryptionTarget> encryptionTargets = encryptionPolicy.getEncryptionTargets();
        List validEncryptionTokens = encryptionPolicy.getValidEncryptionTokens();
        if (null != encryptionTargets) {
            arrayList = new ArrayList();
            Iterator<EncryptionTarget> it = encryptionTargets.iterator();
            while (it.hasNext()) {
                arrayList.addAll(it.next().getTBEs());
            }
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "There is no encryption target.");
        }
        if (!signaturePolicy.isSignatureRequired()) {
            if (!z) {
                this.secBuilder.addEncryption(arrayList, encryptionMethod, this.ctxHandler);
                return;
            }
            SecurityToken securityToken2 = (SecurityToken) validEncryptionTokens.get(0);
            setTokenIssuer(securityToken2);
            if (!this.secBuilder.addEncryption(arrayList, keyWrapMethod, encryptionMethod, securityToken2.getTokenTypeUri(), securityToken2.getStrTypes(), securityToken2.getIssuerName(), securityToken2.isIncludeInMessage(), this.ctxHandler)) {
                throw new WSSecurityException("Failed to add Encryption.");
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Encryption is done.");
                return;
            }
            return;
        }
        SignedInfo signedInfo2 = signaturePolicy.getSignedInfo();
        if (null == validEncryptionTokens) {
            validEncryptionTokens = signaturePolicy.getValidSignatureTokens();
        }
        if (z) {
            SecurityToken securityToken3 = (SecurityToken) validEncryptionTokens.get(0);
            if (z3) {
                addClaimsToContextHandler(securityToken3.getClaims());
                addDerivedFromToken(securityToken3, z);
            }
            setTokenIssuer(securityToken3);
            if (z2) {
                SecurityToken securityToken4 = (SecurityToken) signaturePolicy2.getValidSignatureTokens().get(0);
                this.secBuilder.addSignatureAndEncryptionAndEndorsing(signedInfo2, arrayList, keyWrapMethod, encryptionMethod, securityToken3.getTokenTypeUri(), securityToken3.getStrTypes(), securityToken3.getIssuerName(), securityToken3.isIncludeInMessage(), i, signaturePolicy2.getSignedInfo(), securityToken4.getTokenTypeUri(), securityToken4.getStrTypes(), securityToken4.getIssuerName(), securityToken4.isIncludeInMessage(), this.ctxHandler);
            } else {
                this.secBuilder.addSignatureAndEncryptionAndEndorsing(signedInfo2, arrayList, keyWrapMethod, encryptionMethod, securityToken3.getTokenTypeUri(), securityToken3.getStrTypes(), securityToken3.getIssuerName(), securityToken3.isIncludeInMessage(), i, null, null, null, null, false, this.ctxHandler);
            }
        } else if (!z2 || signaturePolicy2.getValidSignatureTokens() == null || signaturePolicy2.getValidSignatureTokens().size() <= 0) {
            this.secBuilder.addSignatureAndEncryptionAndEndorsing(signedInfo2, arrayList, encryptionMethod, i, null, null, null, null, false, this.ctxHandler);
        } else {
            SecurityToken securityToken5 = (SecurityToken) signaturePolicy2.getValidSignatureTokens().get(0);
            this.secBuilder.addSignatureAndEncryptionAndEndorsing(signedInfo2, arrayList, encryptionMethod, i, signaturePolicy2.getSignedInfo(), securityToken5.getTokenTypeUri(), securityToken5.getStrTypes(), securityToken5.getIssuerName(), securityToken5.isIncludeInMessage(), this.ctxHandler);
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Signature and Encryption is done.");
        }
    }

    protected boolean isSamlAttributeOnly() {
        Object property = this.soapMessageCtx.getProperty(WLStub.SAML_ATTRIBUTE_ONLY);
        if (null == property) {
            return false;
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Property oracle.contextelement.saml2.AttributeOnly = " + property.toString());
        }
        if (property instanceof Boolean) {
            return ((Boolean) property).booleanValue();
        }
        if (property instanceof String) {
            return Boolean.parseBoolean((String) property);
        }
        return false;
    }
}
