package weblogic.wsee.security.wss.plan;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPBody;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.ws.WebServiceException;
import org.jvnet.staxex.StAxSOAPBody;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.wsee.security.configuration.MBeanConstants;
import weblogic.wsee.security.policy.SecurityToken;
import weblogic.wsee.security.saml.SAML2Constants;
import weblogic.wsee.security.saml.SAMLConstants;
import weblogic.wsee.security.saml.SAMLUtils;
import weblogic.wsee.security.wss.plan.helper.TokenReferenceTypeHelper;
import weblogic.wsee.security.wss.plan.helper.TokenTypeHelper;
import weblogic.wsee.security.wss.policy.EncryptionPolicy;
import weblogic.wsee.security.wss.policy.SecurityInspectionErrorCode;
import weblogic.wsee.security.wss.policy.SecurityPolicyInspectionException;
import weblogic.wsee.security.wss.policy.SignaturePolicy;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.dsig.SignedInfoImpl;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.keyinfo.KeyInfoImpl;
import weblogic.xml.crypto.dsig.keyinfo.KeyInfoObjectBase;
import weblogic.xml.crypto.encrypt.ReferenceList;
import weblogic.xml.crypto.encrypt.WLEncryptedKey;
import weblogic.xml.crypto.encrypt.api.DataReference;
import weblogic.xml.crypto.encrypt.api.ReferenceType;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.SecurityImpl;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.crypto.wss11.internal.WSS11Constants;
import weblogic.xml.dom.DOMStreamReader;

/* loaded from: input_file:weblogic/wsee/security/wss/plan/SecurityPolicyOutlineSketcher.class */
public class SecurityPolicyOutlineSketcher {
    private static final Logger LOGGER = Logger.getLogger(SecurityPolicyOutlineSketcher.class.getName());
    private static final boolean authWithoutSig = Boolean.getBoolean(WSSConstants.AUTH_WITHOUT_SIG);
    private SecurityPolicyPlan outline;
    private int duplicateFlag;
    public static final int ELM_TIMESTAMP = 1;
    public static final int ELM_USERNAME_TOKEN = 2;
    public static final int ELM_SAML_TOKEN = 4;
    public static final int ELM_ENCRYPTED_KEY = 8;
    public static final int ELM_ENCRYPTED_HEADER = 16;
    public static final int ELM_SIGNATURE = 32;
    public static final int ELM_SIGNATURE_CONFRIM = 64;
    public static final int ELM_REFERCE_LIST = 128;
    public static final int ELM_DERIVED_KEY_TOKEN = 256;
    public static final int ELM_DERIVED_KEY_TOKENS = 768;
    public static final int LAYOUT_TS_FIRST = 1024;
    public static final int LAYOUT_TS_LAST = 2048;
    public static final int LAYOUT_STRICT = 4096;
    public static final int ELM_ENCRYPTED_KEYS = 8200;
    public static final int ELM_NONCE = 16384;
    public static final int ELM_CREATED = 32768;
    private boolean isServiceProvider;
    private Map<String, Reference> signatureReference;
    private Map<String, Reference> endoseSignatureReference;
    private Map<String, DataReference> encryptionReference;
    private Map<String, ReferenceType> encryptionReferenceList;
    private Map<String, Element> bstReferenceList;
    private static final int THRESHOLD_TO_CHECK_DUPLICATED_SIGNATURE_REFERENCES = 15;

    public boolean isServiceProvider() {
        return this.isServiceProvider;
    }

    public void setServiceProvider(boolean z) {
        this.isServiceProvider = z;
    }

    private boolean isDuplicateElement(int i) {
        if ((this.duplicateFlag & i) == i) {
            return true;
        }
        this.duplicateFlag |= i;
        return false;
    }

    public SecurityPolicyOutlineSketcher() {
        this.duplicateFlag = 0;
        this.signatureReference = new HashMap();
        this.endoseSignatureReference = new HashMap();
        this.encryptionReference = new HashMap();
        this.encryptionReferenceList = new HashMap();
        this.bstReferenceList = new HashMap();
        this.outline = new SecurityPolicyOutline();
    }

    protected SecurityPolicyOutlineSketcher(SecurityPolicyPlan securityPolicyPlan) {
        this.duplicateFlag = 0;
        this.signatureReference = new HashMap();
        this.endoseSignatureReference = new HashMap();
        this.encryptionReference = new HashMap();
        this.encryptionReferenceList = new HashMap();
        this.bstReferenceList = new HashMap();
        this.outline = securityPolicyPlan;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityPolicyPlan getOutline() {
        return this.outline;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sketchSecurity(boolean z) {
        if (z && !this.outline.isRequest()) {
            this.outline.setBuildingPlan(27);
        }
        this.outline.setHasSecurity(z);
        this.outline.setHasMessageSecurity(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sketchOuline(Element element) throws SecurityPolicyInspectionException {
        if (null == element) {
            return;
        }
        QName qName = new QName(element.getNamespaceURI(), element.getLocalName());
        if (WSSConstants.UNT_QNAME.equals(qName)) {
            sketchUsernameToken(element);
            return;
        }
        if (WSSConstants.TIMESTAMP_QNAME.equals(qName)) {
            sketchTimestamp(element);
            return;
        }
        if (WSSConstants.BST_QNAME.equals(qName)) {
            sketchBinarySecurityToken(element);
            return;
        }
        if (SAML2Constants.SAML2_ASST_QNAME.equals(qName) || SAMLConstants.SAML_ASST_QNAME.equals(qName)) {
            sketchSamlToken(element);
            return;
        }
        if (WSS11Constants.SIG_CONF_QNAME.equals(qName)) {
            sketchSignatureConfirmation(element);
        } else if (WSS11Constants.ENC_HEADER_QNAME.equals(qName)) {
            sketchEncryptedHeader(element);
        } else if (SecurityImpl.REFERENCE_LIST_QNAME.equals(qName)) {
            sketchReferenceList(element);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sketchEncryptedKeyList(List<Element> list, List<Element> list2) throws SecurityPolicyInspectionException, MarshalException {
        if (null != list2 && list2.size() > 0) {
            for (int i = 0; i < list2.size(); i++) {
                sketchReferenceList(list2.get(i));
            }
        }
        if (null == list || list.size() == 0) {
            return;
        }
        for (int i2 = 0; i2 < list.size(); i2++) {
            sketchEncryptedKey(list.get(i2));
        }
    }

    public static boolean isSignatureElement(Element element) {
        String existingId = getExistingId(element);
        if (null == existingId || "".equals(existingId)) {
            return false;
        }
        try {
            List keyInfoList = getKeyInfoList(element);
            if (null == keyInfoList) {
                return true;
            }
            for (Object obj : keyInfoList) {
                if (obj instanceof SecurityTokenReference) {
                    SecurityTokenReference securityTokenReference = (SecurityTokenReference) obj;
                    if (securityTokenReference.getValueType() == null || WSS11Constants.ENC_KEY_TOKEN_TYPE.equals(securityTokenReference.getValueType()) || WSS11Constants.ENC_KEY_VALUE_TYPE.equals(securityTokenReference.getValueType()) || "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk".equals(securityTokenReference.getValueType()) || "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct".equals(securityTokenReference.getValueType()) || "http://schemas.xmlsoap.org/ws/2005/02/sc/dk".equals(securityTokenReference.getValueType())) {
                        return true;
                    }
                    return "http://schemas.xmlsoap.org/ws/2005/02/sc/sct".equals(securityTokenReference.getValueType());
                }
            }
            return true;
        } catch (MarshalException e) {
            LOGGER.log(Level.FINE, "Error on parsing Signature's key info element, while checking it is endorse signature or not", (Throwable) e);
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sketchEndorseElement(Element element) throws SecurityPolicyInspectionException, MarshalException {
        SignaturePolicy endorsingPolicy = this.outline.getEndorsingPolicy();
        sketchOneEndorseItem(SecurityPolicyPlan.ENDORSE_SIGNATURE);
        sketchSignatureElement(element, endorsingPolicy, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sketchSignatureElelment(Element element) throws SecurityPolicyInspectionException, MarshalException {
        sketchSignatureElement(element, this.outline.getSigningPolicy(), false);
    }

    private void sketchSignatureElement(Element element, SignaturePolicy signaturePolicy, boolean z) throws SecurityPolicyInspectionException, MarshalException {
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_SIGNATURE);
        }
        if (DOMUtils.is(firstElement, SecurityImpl.ENCRYPTED_DATA_QNAME)) {
            if (!isElementInEncryptedDataReferenceList(firstElement)) {
                if (!isElementInReferenceList(firstElement)) {
                    throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_BODY_ENCRYPTION);
                }
                this.outline.getEncryptionPolicy().addEncryptionToken(new SecurityToken(null, null, "http://schemas.xmlsoap.org/ws/2005/02/sc/dk", true));
            }
            sketchOneEncryptionItem("EncryptSignature");
            return;
        }
        Element firstElement2 = weblogic.xml.dom.DOMUtils.getFirstElement(element, new QName("http://www.w3.org/2000/09/xmldsig#", "SignedInfo"));
        if (firstElement2 == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_SIGNATURE);
        }
        SignedInfoImpl signedInfoImpl = new SignedInfoImpl();
        signedInfoImpl.read(getXMLStreamReader(firstElement2));
        signaturePolicy.setSignatureMethod(signedInfoImpl.getSignatureMethod());
        signaturePolicy.setCanonicalizationMethod(signedInfoImpl.getCanonicalizationMethod());
        List<Reference> references = signedInfoImpl.getReferences();
        checkingDuplicatedReference(references);
        for (Reference reference : references) {
            String uri = reference.getURI();
            if (null != uri && uri.length() >= 2) {
                String substring = uri.substring(1);
                if (z) {
                    this.endoseSignatureReference.put(substring, reference);
                } else {
                    this.signatureReference.put(substring, reference);
                }
            }
        }
        List keyInfoList = getKeyInfoList(element);
        if (null == keyInfoList) {
            return;
        }
        Iterator it = keyInfoList.iterator();
        if (it.hasNext()) {
            Object next = it.next();
            if (!(next instanceof SecurityTokenReference)) {
                throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.UNKNOWN_SIGNATURE_KEYINFO);
            }
            SecurityTokenReference securityTokenReference = (SecurityTokenReference) next;
            String id = securityTokenReference.getId();
            signaturePolicy.setIncludeSigningTokens(true);
            if (this.signatureReference.get(id) != null) {
                if (z) {
                    sketchOneSignatureItem("X509Token");
                } else {
                    signaturePolicy.setIncludeSigningTokens(true);
                }
                this.signatureReference.remove(id);
            }
            if (securityTokenReference.getValueType() == null) {
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, "http://schemas.xmlsoap.org/ws/2005/02/sc/sct", true));
            } else if (securityTokenReference.getValueType().indexOf(MBeanConstants.X509_TYPE) != -1) {
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, securityTokenReference.getValueType(), true));
            } else if (SAML2Constants.SAML20_TOKEN_TYPE.equals(securityTokenReference.getValueType()) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getValueType())) {
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, securityTokenReference.getValueType(), true));
            } else if (WSS11Constants.ENC_KEY_TOKEN_TYPE.equals(securityTokenReference.getValueType()) || WSS11Constants.ENC_KEY_VALUE_TYPE.equals(securityTokenReference.getValueType())) {
                sketchEncyptedKeyAction();
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, securityTokenReference.getValueType(), true));
            } else if (WSS11Constants.THUMBPRINT_URI.equals(securityTokenReference.getValueType())) {
                SecurityToken securityToken = new SecurityToken(null, null, WSSConstants.VALUE_TYPE_X509V3, true);
                securityToken.setStrTypes(TokenReferenceTypeHelper.getSTRTypeList(securityToken.getTokenTypeUri(), 1));
                signaturePolicy.addSignatureToken(securityToken);
            } else if ("http://schemas.xmlsoap.org/ws/2005/02/sc/dk".equals(securityTokenReference.getValueType())) {
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, "http://schemas.xmlsoap.org/ws/2005/02/sc/dk", true));
            } else if ("http://schemas.xmlsoap.org/ws/2005/02/sc/sct".equals(securityTokenReference.getValueType())) {
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, "http://schemas.xmlsoap.org/ws/2005/02/sc/sct", true));
            } else if ("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk".equals(securityTokenReference.getValueType())) {
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk", true));
            } else {
                if (!"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct".equals(securityTokenReference.getValueType())) {
                    throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.UNKNOWN_SIGNATURE_TOKEN, "Value Type = " + securityTokenReference.getValueType() + " is not supported, ");
                }
                signaturePolicy.addSignatureToken(new SecurityToken(null, null, "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct", true));
            }
            signaturePolicy.setSigningNodeMap(this.signatureReference);
        }
    }

    private void checkingDuplicatedReference(List list) throws SecurityPolicyInspectionException {
        if (list == null || list.size() < 15) {
            return;
        }
        HashSet hashSet = new HashSet(list.size() / 2);
        try {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String uri = ((Reference) it.next()).getURI();
                if (null != uri && uri.length() >= 2) {
                    String substring = uri.substring(1);
                    if (hashSet.contains(substring)) {
                        throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.DUPLICATED_SIGNATURE_REFERENCES);
                    }
                    hashSet.add(substring);
                }
            }
        } finally {
        }
    }

    private static List getKeyInfoList(Element element) throws MarshalException {
        Element firstElement = weblogic.xml.dom.DOMUtils.getFirstElement(element, new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"));
        if (firstElement == null) {
            return null;
        }
        KeyInfoImpl keyInfoImpl = new KeyInfoImpl();
        keyInfoImpl.read(getXMLStreamReader(firstElement));
        if (null == keyInfoImpl) {
            return null;
        }
        return keyInfoImpl.getContent();
    }

    protected void sketchEncryptedKey(Element element) throws SecurityPolicyInspectionException, MarshalException {
        if (DOMUtils.getFirstElement(element) == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_ENCRYPTER_KEY);
        }
        WLEncryptedKey wLEncryptedKey = (WLEncryptedKey) KeyInfoObjectBase.readKeyInfoObject(getXMLStreamReader(element));
        EncryptionPolicy encryptionPolicy = this.outline.getEncryptionPolicy();
        encryptionPolicy.setKeyWrapMethod(wLEncryptedKey.getEncryptionMethod());
        List referenceList = wLEncryptedKey.getReferenceList();
        if (null != referenceList) {
            for (int i = 0; i < referenceList.size(); i++) {
                DataReference dataReference = (DataReference) referenceList.get(i);
                String uri = dataReference.getURI();
                if (null != uri && uri.length() > 1) {
                    sketchOneEncryptionItem(uri.substring(1));
                    this.encryptionReference.put(uri.substring(1), dataReference);
                }
            }
        }
        List keyInfoList = getKeyInfoList(element);
        if (null == keyInfoList) {
            return;
        }
        Iterator it = keyInfoList.iterator();
        if (it.hasNext()) {
            Object next = it.next();
            if (!(next instanceof SecurityTokenReference)) {
                throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.UNKNOWN_ENCRYPTION_KEYINFO);
            }
            SecurityTokenReference securityTokenReference = (SecurityTokenReference) next;
            if (securityTokenReference.getValueType() == null) {
                if (null != securityTokenReference.getReferenceURI()) {
                    String substring = securityTokenReference.getReferenceURI().substring(1);
                    if (this.bstReferenceList.get(substring) != null) {
                        encryptionPolicy.addEncryptionToken(new SecurityToken(null, null, WSSConstants.VALUE_TYPE_X509V3, true));
                        return;
                    } else {
                        this.bstReferenceList.put(substring, element);
                        return;
                    }
                }
                return;
            }
            if (securityTokenReference.getValueType().indexOf(MBeanConstants.X509_TYPE) != -1) {
                encryptionPolicy.addEncryptionToken(new SecurityToken(null, null, securityTokenReference.getValueType(), true));
                return;
            }
            if (WSS11Constants.THUMBPRINT_URI.equals(securityTokenReference.getValueType())) {
                SecurityToken securityToken = new SecurityToken(null, null, WSSConstants.VALUE_TYPE_X509V3, true);
                securityToken.setStrTypes(TokenReferenceTypeHelper.getSTRTypeList(securityToken.getTokenTypeUri(), 1));
                encryptionPolicy.addEncryptionToken(securityToken);
            } else {
                if (!TokenTypeHelper.isSamlValueType(securityTokenReference.getValueType())) {
                    throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.UNKNOWN_ENCRYPTION_TOKEN);
                }
                encryptionPolicy.addEncryptionToken(new SecurityToken(null, null, securityTokenReference.getValueType(), true));
            }
        }
    }

    protected void sketchUsernameToken(Element element) throws SecurityPolicyInspectionException {
        if (isDuplicateElement(2)) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.TOO_MANY_USERNAME_TOKEN);
        }
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_USERNAME_TOKEN);
        }
        this.outline.getIdentityPolicy().addIdentityToken(new SecurityToken(null, null, WSSConstants.VALUE_TYPE_UNT, true));
        if ("EncryptedData".equals(firstElement.getLocalName())) {
            sketchOneEncryptionItem(SecurityPolicyPlan.USERNAME_TOKEN);
        }
        if (isElementInSignatureReferenceList(element)) {
            sketchOneSignatureItem(SecurityPolicyPlan.USERNAME_TOKEN);
        }
    }

    protected void sketchSamlToken(Element element) throws SecurityPolicyInspectionException {
        if (isDuplicateElement(4)) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.TOO_MANY_SAML_TOKEN);
        }
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_SAML_TOKEN);
        }
        this.outline.getIdentityPolicy().addIdentityToken(new SecurityToken(null, null, SAMLUtils.getTokenTypeFromAssertionElement(element), true));
        if ("EncryptedData".equals(firstElement.getLocalName())) {
            sketchOneEncryptionItem("SamlToken");
        }
        if (isElementInSignatureReferenceList(element)) {
            sketchOneSignatureItem("SamlToken");
        }
    }

    protected void sketchTimestamp(Element element) throws SecurityPolicyInspectionException {
        if (isDuplicateElement(1)) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.TOO_MANY_TIMESTAMP);
        }
        if (DOMUtils.getFirstElement(element) == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_TIME_STAMP);
        }
        this.outline.getTimestampPolicy().setIncludeTimestamp(true);
    }

    protected void sketchSignatureConfirmation(Element element) throws SecurityPolicyInspectionException {
        if (isDuplicateElement(64) && LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Multiple SignatureConfirmation elements found.");
        }
        if (DOMUtils.getFirstElement(element) != null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_SIGNATURE_CONFIRMATION);
        }
        this.outline.getGeneralPolicy().setWss11On();
        this.outline.getGeneralPolicy().setRequireSignatureConfirmation(true);
        addBlueprintAction(128);
    }

    protected void sketchEncryptedHeader(Element element) throws SecurityPolicyInspectionException {
        if (DOMUtils.getFirstElement(element) == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_HEADER_ENCRYPTION);
        }
        this.outline.getGeneralPolicy().setWss11On();
        sketchOneEncryptionItem("Header");
        if (isElementInSignatureReferenceList(element)) {
            sketchOneSignatureItem("Header");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sketchSoapBody(SOAPBody sOAPBody) throws SecurityPolicyInspectionException {
        try {
            QName payloadName = getPayloadName(sOAPBody);
            if (null == payloadName) {
                String attributeValue = sOAPBody.getAttributeValue(WSSConstants.WSU_ID_QNAME);
                if (attributeValue != null && this.signatureReference.get(attributeValue) != null) {
                    this.outline.getSigningPolicy().addSignatureNode("Body", sOAPBody);
                }
                ((SecurityPolicyOutline) this.outline).setBodyEmpty(true);
                return;
            }
            if (SecurityImpl.ENCRYPTED_DATA_QNAME.equals(payloadName)) {
                Element firstElement = DOMUtils.getFirstElement(sOAPBody);
                if (!isElementInEncryptedDataReferenceList(firstElement)) {
                    if (!isElementInReferenceList(firstElement)) {
                        throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_BODY_ENCRYPTION);
                    }
                    this.outline.getEncryptionPolicy().addEncryptionToken(new SecurityToken(null, null, "http://schemas.xmlsoap.org/ws/2005/02/sc/dk", true));
                }
                sketchOneEncryptionItem("Body");
            }
            if (isElementInSignatureReferenceList(sOAPBody)) {
                this.outline.getSigningPolicy().addSignatureNode("Body", sOAPBody);
            }
        } catch (Exception e) {
            throw new SecurityPolicyInspectionException(200, e);
        }
    }

    private QName getPayloadName(SOAPBody sOAPBody) {
        if (sOAPBody instanceof StAxSOAPBody) {
            try {
                StAxSOAPBody.Payload payload = ((StAxSOAPBody) sOAPBody).getPayload();
                if (payload != null) {
                    return payload.getPayloadQName();
                }
            } catch (Exception e) {
                throw new WebServiceException(e);
            }
        }
        Element firstElement = DOMUtils.getFirstElement(sOAPBody);
        if (firstElement == null) {
            return null;
        }
        return DOMUtils.getQName(firstElement);
    }

    protected void sketchReferenceList(Element element) throws SecurityPolicyInspectionException {
        if (DOMUtils.getFirstElement(element) == null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_REFERENCE_LIST);
        }
        if (DOMUtils.is(element.getParentNode(), SecurityImpl.ENCRYPTED_KEY_QNAME)) {
            return;
        }
        try {
            List<ReferenceType> unmarshalReferenceList = unmarshalReferenceList(element);
            if (null == unmarshalReferenceList || unmarshalReferenceList.size() == 0) {
                LOGGER.log(Level.FINE, "Empyty refernce list found in the header");
            } else {
                this.outline.getGeneralPolicy().setWss11On();
                if (this.isServiceProvider) {
                    addBlueprintAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_REQUEST);
                } else {
                    addBlueprintAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_RESPONSE);
                }
                for (ReferenceType referenceType : unmarshalReferenceList) {
                    String uri = referenceType.getURI();
                    if (uri != null && uri.length() > 1) {
                        sketchOneEncryptionItem(uri.substring(1));
                        this.encryptionReferenceList.put(uri.substring(1), referenceType);
                    }
                }
            }
        } catch (MarshalException e) {
            LOGGER.log(Level.FINE, "Unknow refernce list found in the header");
        }
    }

    private List unmarshalReferenceList(Node node) throws MarshalException {
        try {
            return ReferenceList.read(new DOMStreamReader(node), false);
        } catch (XMLStreamException e) {
            throw new MarshalException((Throwable) e);
        }
    }

    protected void sketchBinarySecurityToken(Element element) throws SecurityPolicyInspectionException {
        if (DOMUtils.getFirstElement(element) != null) {
            throw new SecurityPolicyInspectionException(SecurityInspectionErrorCode.BAD_BST_TOKEN);
        }
        String existingId = DOMUtils.getExistingId(element, WSSConstants.BUILTIN_ID_QNAMES);
        if (this.bstReferenceList.get(existingId) != null) {
            this.outline.getEncryptionPolicy().addEncryptionToken(new SecurityToken(null, null, WSSConstants.VALUE_TYPE_X509V3, true));
        }
        this.bstReferenceList.put(existingId, element);
        if (isElementInSignatureReferenceList(element)) {
            sketchOneSignatureItem("X509Token");
        } else if (authWithoutSig) {
            this.outline.getIdentityPolicy().addIdentityToken(new SecurityToken(null, null, WSSConstants.VALUE_TYPE_X509V3, true));
        }
    }

    private boolean isElementInSignatureReferenceList(Element element) {
        return this.signatureReference.get(DOMUtils.getExistingId(element, WSSConstants.BUILTIN_ID_QNAMES)) != null;
    }

    private boolean isElementInEncryptedDataReferenceList(Element element) {
        return this.encryptionReference.get(getExistingId(element)) != null;
    }

    private boolean isElementInReferenceList(Element element) {
        return this.encryptionReferenceList.get(getExistingId(element)) != null;
    }

    private static String getExistingId(Element element) {
        String attribute = element.getAttribute("Id");
        return (attribute == null || attribute.length() <= 0) ? DOMUtils.getExistingId(element, WSSConstants.BUILTIN_ID_QNAMES) : attribute;
    }

    protected void addBlueprintAction(int i) {
        this.outline.addActionToBuildingPlan(i);
    }

    protected void sketchEncyptedKeyAction() {
        this.outline.setEncryptedKeyRequired(true);
        if (this.outline.isRequest()) {
            addBlueprintAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_REQUEST);
        } else {
            addBlueprintAction(SecurityPolicyPlan.ACTION_SIGN_AND_ENCRYPT_RESPONSE);
        }
    }

    protected void sketchOneSignatureItem(String str) {
        this.outline.getSigningPolicy().addSignatureNode(str, null);
    }

    protected void sketchOneEndorseItem(String str) {
        this.outline.getEndorsingPolicy().addSignatureNode(str, null);
    }

    protected void sketchSignatureProtection() {
        sketchOneEncryptionItem("EncryptSignature");
    }

    protected void sketchOneEncryptionItem(String str) {
        this.outline.getEncryptionPolicy().addNode(str, null);
    }

    private static XMLStreamReader getXMLStreamReader(Node node) throws MarshalException {
        if (null == node) {
            return null;
        }
        try {
            return new DOMStreamReader(node);
        } catch (XMLStreamException e) {
            throw new MarshalException("Failed to create XMLStreamReader from " + node.getNodeName(), e);
        }
    }
}
